Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXC_BAD_ACCESS OSInAppMessageViewController (bottomAnchor > centerXAnchor ... Attempted to dereference garbage pointer 0x38.) #1304

Closed
mlisik opened this issue Oct 20, 2021 · 6 comments
Closed

EXC_BAD_ACCESS OSInAppMessageViewController (bottomAnchor > centerXAnchor ... Attempted to dereference garbage pointer 0x38.) #1304

mlisik opened this issue Oct 20, 2021 · 6 comments
Labels
Help Wanted Need More Information

Comments

@mlisik
Copy link

mlisik commented Oct 20, 2021

Description:

The crash happens on first app launch if an inapp message is scheduled to appear on launch (such as the predefined App Store Rating message). It is reproducible with react-native-onesignal but not when integrating just the native iOS SDK. In our production app, this often happens on every launch. In an empty project we setup for testing the issue, it happens once on first launch, then almost never on subsequent launches. This does not happen when debugging, only in release builds.

Environment

// test app:
"react-native": "0.66.1",
"react-native-onesignal": "^4.3.1"

// production app:
"react-native": "0.64.1",
"react-native-onesignal": "^4.3.1",

Testing on iOS 15, iOS 14.6

Steps to Reproduce Issue:

  1. Install react-native-onesignal using yarn into your project
  2. Setup together with app extension following the documentation
  3. Schedule the predefined App Store Rating inapp message
  4. Build an ad-hoc version of your app (we're using command line builds), install on physical device, then launch

Anything else:

OS Version: iOS 14.6 (18F72)
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x0000000000000038
Crashed Thread: 0

Application Specific Information:
bottomAnchor > centerXAnchor > constraintEqualToAnchor:constant: > height > messageView > position > release > reshTimestampValid] > setActive: > topAnchor > useHeightMargin > view >
Attempted to dereference garbage pointer 0x38.

Thread 0 Crashed:
0   CoreGraphics                    0x3288f7f4c         CGAffineTransformMakeScale
1   OneSignal                       0x105220098         finishProcessingNotification
2   OneSignal                       0x10521e7f4         finishProcessingNotification
3   OneSignal                       0x10521e9f4         finishProcessingNotification
4   Foundation                      0x327dc7d38         __NSFireDelayedPerform
5   CoreFoundation                  0x32560a228         __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
6   CoreFoundation                  0x325609e24         __CFRunLoopDoTimer
7   CoreFoundation                  0x325609274         __CFRunLoopDoTimers
8   CoreFoundation                  0x325603028         __CFRunLoopRun
9   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
10  GraphicsServices                0x354317730         GSEventRunModal
11  UIKitCore                       0x329fca580         -[UIApplication _run]
12  UIKitCore                       0x329fcfdf0         UIApplicationMain
13  Invest                          0x2046ab4bc         <redacted>
14  libdyld.dylib                   0x325015cf4         start

Thread 0 Crashed:
0   CoreGraphics                    0x3288f7f4c         CGAffineTransformMakeScale
1   OneSignal                       0x105220098         finishProcessingNotification
2   OneSignal                       0x10521e7f4         finishProcessingNotification
3   OneSignal                       0x10521e9f4         finishProcessingNotification
4   Foundation                      0x327dc7d38         __NSFireDelayedPerform
5   CoreFoundation                  0x32560a228         __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
6   CoreFoundation                  0x325609e24         __CFRunLoopDoTimer
7   CoreFoundation                  0x325609274         __CFRunLoopDoTimers
8   CoreFoundation                  0x325603028         __CFRunLoopRun
9   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
10  GraphicsServices                0x354317730         GSEventRunModal
11  UIKitCore                       0x329fca580         -[UIApplication _run]
12  UIKitCore                       0x329fcfdf0         UIApplicationMain
13  Invest                          0x2046ab4bc         <redacted>
14  libdyld.dylib                   0x325015cf4         start

Thread 1
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 2
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 3
0   libsystem_pthread.dylib         0x3bd0b4744         start_wqthread

Thread 4
0   libsystem_pthread.dylib         0x3bd0b4744         start_wqthread

Thread 5 name: com.apple.uikit.eventfetch-thread
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   CoreFoundation                  0x325608eac         __CFRunLoopServiceMachPort
3   CoreFoundation                  0x325602d4c         __CFRunLoopRun
4   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
5   Foundation                      0x327c71fd8         -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
6   Foundation                      0x327c71ea4         -[NSRunLoop(NSRunLoop) runUntilDate:]
7   UIKitCore                       0x32a07f128         -[UIEventFetcher threadMain]
8   Foundation                      0x327de3328         __NSThread__start__
9   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 6
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 7
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 8
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 9
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 10
0   libsystem_kernel.dylib          0x381bf20a4         __workq_kernreturn
1   libsystem_pthread.dylib         0x3bd0ad7ec         _pthread_wqthread

Thread 11 name: com.google.firebase.crashlytics.MachExceptionServer
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   Invest                          0x204820518         <redacted>
3   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 13 name: com.facebook.react.JavaScript
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   CoreFoundation                  0x325608eac         __CFRunLoopServiceMachPort
3   CoreFoundation                  0x325602d4c         __CFRunLoopRun
4   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
5   Invest                          0x20497ce70         facebook::react::JSIExecutor::defaultTimeoutInvoker
6   Foundation                      0x327de3328         __NSThread__start__
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 14 name: JavaScriptCore bmalloc scavenger
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   libc++.1.dylib                  0x34ee33f94         std::__1::condition_variable::__do_timed_wait
3   JavaScriptCore                  0x338f931d8         bmalloc::Scavenger::threadRunLoop
4   JavaScriptCore                  0x338f92c8c         bmalloc::Scavenger::threadEntryPoint
5   JavaScriptCore                  0x338f941a0         std::__1::__thread_proxy<T>
6   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 15 name: Heap Helper Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 16 name: Heap Helper Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 17 name: Heap Helper Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 18 name: Heap Helper Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 19 name: Heap Helper Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 20 name: com.apple.CoreMotion.MotionThread
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   CoreFoundation                  0x325608eac         __CFRunLoopServiceMachPort
3   CoreFoundation                  0x325602d4c         __CFRunLoopRun
4   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
5   CoreFoundation                  0x325603448         CFRunLoopRun
6   CoreMotion                      0x33b84ac74         CLClientCreateIso6709Notation
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 21 name: com.apple.NSURLConnectionLoader
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   CoreFoundation                  0x325608eac         __CFRunLoopServiceMachPort
3   CoreFoundation                  0x325602d4c         __CFRunLoopRun
4   CoreFoundation                  0x32560235c         CFRunLoopRunSpecific
5   CFNetwork                       0x32660db34         _CFURLStorageSessionCopyCache
6   Foundation                      0x327de3328         __NSThread__start__
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 22 name: JSC Heap Collector Thread
0   libsystem_kernel.dylib          0x381bf10cc         __psynch_cvwait
1   libsystem_pthread.dylib         0x3bd0af430         _pthread_cond_wait
2   JavaScriptCore                  0x338f19a34         WTF::ParkingLot::parkConditionallyImpl
3   JavaScriptCore                  0x338754fd8         WTF::Condition::waitUntil<T>
4   JavaScriptCore                  0x338ee6334         WTF::Detail::CallableWrapper<T>::call
5   JavaScriptCore                  0x338f3d908         WTF::Thread::entryPoint
6   JavaScriptCore                  0x338f400c8         WTF::wtfThreadEntryPoint
7   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 23
0   libsystem_kernel.dylib          0x381bf1734         __semwait_signal
1   libsystem_c.dylib               0x337e9aa30         nanosleep
2   libsystem_c.dylib               0x337e9a814         sleep
3   Invest                          0x204a69748         facebook::react::JSIExecutor::defaultTimeoutInvoker
4   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start

Thread 24 name: SentryCrash Exception Handler (Secondary)
0   libsystem_kernel.dylib          0x381bcc4fc         mach_msg_trap
1   libsystem_kernel.dylib          0x381bcb880         mach_msg
2   Invest                          0x204a75b20         __cxa_throw
3   libsystem_pthread.dylib         0x3bd0abbf8         _pthread_start



EOF

Reviewed two similar issues where the crash also relates to constraints and occurs in OSInappMessageViewController. However, messaging is not the same and it appears these issues have already been fixed:
@mlisik mlisik changed the title EXC_BAD_ACCESS OSInAppMessageViewController / finishProcessingNotification (bottomAnchor > centerXAnchor > constraintEqualToAnchor:constant: > height > messageView > position > release > reshTimestampValid] > setActive: > topAnchor > useHeightMargin > view > Attempted to dereference garbage pointer 0x38.) EXC_BAD_ACCESS OSInAppMessageViewController (bottomAnchor > centerXAnchor ... Attempted to dereference garbage pointer 0x38.) Oct 20, 2021
@Ricool06
Copy link

I am also getting this error. It happens when receiving any in-app message to iOS via OneSignal.
The crash is immediate, and no in-app message is shown before the crash happens.

I am using react-native-onesignal with the expo managed workflow, set up using onesignal-expo-plugin, built using expo's EAS service.

Date/Time:           2021-11-24 09:57:34.6086 +0000
Launch Time:         2021-11-24 09:57:32.6907 +0000
OS Version:          iPhone OS 14.8 (18H17)
Release Type:        User
Baseband Version:    3.05.00
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000038
VM Region Info: 0x38 is not in any region.  Bytes before following region: 4364484552
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   10424c000-104b68000 [ 9328K] r-x/r-x SM=COW  ...ndBusinessApp

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [785]
Triggered by Thread:  0

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   CoreGraphics                  	0x000000018a261dbc 0x18a238000 + 171452
1   OneSignal                     	0x0000000104f7c098 0x104f30000 + 311448
...

Android in-app messages work absolutely fine.

@rgomezp
Copy link
Contributor

rgomezp commented Dec 16, 2021

Howdy,
Thanks for your patience.

It's hard to debug segmentation faults. Clearly, this is a lower level native issue that if anything would be caused by a bug on the native SDK side.

What seems to be happening is a variable has gone out of memory and is trying to be accessed.

However, it's quite possible this is unrelated to OneSignal at all. It's possible for another process to overwrite a bit of memory OneSignal is using (heap corruption).

Question: can this be consistently reproduced and how widespread is the impact if in production (crashlytics or similar reporting info would be helpful)?

@kierandesmond
Copy link

I have the same issue. It happens consistently when opening the app and the In-App Message is launched. When I mute the In-App Message the error does not happen / issue. I have error logs in Sentry if that's of any use.

@jfishman1
Copy link

@kierandesmond If you can share the logs with support@onesignal.com we would be happy to take a look.

@rgomezp
Copy link
Contributor

rgomezp commented Jan 19, 2022

Anyone have a reply to my comment above?

@rgomezp
Copy link
Contributor

rgomezp commented Mar 10, 2022

Closing due to inactivity

@rgomezp rgomezp closed this as completed Mar 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help Wanted Need More Information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mlisik @rgomezp @Ricool06 @jfishman1 @kierandesmond