So our app has been experiencing crashes for a while in SocketRocket. We get about 20 crashes a day from it, with the following stack trace:
Crashed: com.apple.root.default-overcommit-priority
EXC_BAD_ACCESS KERN_INVALID_ADDRESS at 0x0000000c
Thread : Crashed: com.apple.root.default-overcommit-priority
0 libsystem_platform.dylib 0x3b8ff816 spin_lock$VARIANT$mp + 1
1 CoreFoundation 0x30e2d593 CFSocketEnableCallBacks + 54
2 CFNetwork 0x30a926f9 SocketStream::securityBufferedRead_NoLock() + 212
3 CFNetwork 0x30a925f5 SocketStream::socketCallbackReadLocked(SocketStreamSignalHolder*) + 76
4 CFNetwork 0x30a90d8f SocketStream::socketCallback(__CFSocket*, unsigned long, __CFData const*, void const*) + 102
5 CFNetwork 0x30a90cf3 SocketStream::_SocketCallBack_stream(__CFSocket*, unsigned long, __CFData const*, void const*, void*) + 58
6 CoreFoundation 0x30e6a337 __CFSocketPerformV0 + 578
7 CoreFoundation 0x30e68183 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 14
8 CoreFoundation 0x30e67653 __CFRunLoopDoSources0 + 206
9 CoreFoundation 0x30e65e47 __CFRunLoopRun + 622
10 CoreFoundation 0x30dd0c27 CFRunLoopRunSpecific + 522
11 CoreFoundation 0x30dd0a0b CFRunLoopRunInMode + 106
12 Foundation 0x317be3db -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 254
13 Piazza 0x00110b7b -[_SRRunLoopThread main]
14 Foundation 0x31880c87 __NSThread__main__ + 1062
15 libsystem_pthread.dylib 0x3b904c1d _pthread_body + 140
16 libsystem_pthread.dylib 0x3b904b8f _pthread_start + 102
I've been trying to nail it down for over 20 hours. It's pretty sporadic - the best way I have of reproducing it is to log out, so the connections all fail, and then try to incite some connections, and/or wait for several minutes. Works about 1/4 of the time, after a few minutes. However, there are logs of people experiencing this crash while still logged in.
As far as the code, I can't tell what is causing the EXC_BAD_ACCESS, since all the entries above 13 have no available source, and looking at the assembly code hasn't really enlightened me much - all I've discovered is that ecx gets set to 0xc in the course of things, and then spin_lock$VARIANT$mp tries to swap some register for stuff located at ($ecx), and it crashes. [_SRRunLoopThread main]
, the only part of the stack trace I have source for, is as follows:
- (void)main;
{
@autoreleasepool {
_runLoop = [NSRunLoop currentRunLoop];
dispatch_group_leave(_waitGroup);
NSTimer *timer = [[NSTimer alloc] initWithFireDate:[NSDate distantFuture] interval:0.0 target:nil selector:nil userInfo:nil repeats:NO];
[_runLoop addTimer:timer forMode:NSDefaultRunLoopMode];
int i = 0;
while ([_runLoop runMode:NSDefaultRunLoopMode beforeDate:[NSDate distantFuture]]) {
}
assert(NO);
}
}
It crashes on the while
line. I suspect that something, somewhere, is getting deallocated before it's supposed to, but I'm not sure if it's an SRWebSocket
or somehow a block that was added to the run loop or what. I'm not totally familiar with run loops.
I'm running out of productive things to do to figure this out, and I've made barely any progress. Any help is appreciated.
I had a similar issue. Its probably because the object is deallocated before the call back happens.
So it might be a good idea to close the stream in the dealloc method.
I'm seeing the same problem in MixPanel, which looks to be based off that source. Assuming I'm understanding the ABI correctly, the CFSocketRef value that is being passed to CFSocketEnableCallbacks is NULL, so enabling it for read callbacks (1) fails. I can't tell you why CFSocketEnableCallbacks is getting called with a NULL socket, but that's what it looks like is happening. Maybe it is a zeroing weak reference issue somewhere. I'll update this when I know more.
User contributions licensed under CC BY-SA 3.0