search

xamarin / xamarin-macios

.NET for iOS, Mac Catalyst, macOS, and tvOS provide open-source bindings of the Apple SDKs for use with .NET managed languages such as C#
Other
2.44k stars 508 forks source link

UIView/GC: accessing Superview inside WillMoveToSuperview crashes app #10562

Open yaliashkevich opened 3 years ago

yaliashkevich commented 3 years ago

Steps to Reproduce

  1. Run sample app attached sample.zip
  2. Click "Next" button
  3. Keep clicking "Next" till app crashed

It looks like dealloc of UIView calls RemoveFromSupeview() for every child (to release them) while being called by the system.

So if you access Superview inside WillMoveToSuperview you can meet a situation when managed part of superview is disposed already, that causes creation of new managed object representation for a native object being deallocated. Finally you get SIGSEV

public override void WillMoveToSuperview(UIView newsuper)
{
    base.WillMoveToSuperview(newsuper);
    Console.WriteLine($"Old superview: {Superview}. New superview: {newsuper}");
}
=================================================================
    Native Crash Reporting
=================================================================
Got a segv while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

=================================================================
    Native stacktrace:
=================================================================
    0x10c52d175 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_dump_native_crash_info
    0x10c521cbe - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_handle_native_crash
    0x10c533a6b - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_sigsegv_signal_handler_debug
    0x7fff60c83d7d - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/libsystem_platform.dylib : _sigtramp
    0x7fd7f7037fa0 - Unknown
    0x7fff201858a7 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/usr/lib/libobjc.A.dylib : class_getInstanceMethod
    0x10c74135e - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : _ZL12is_user_typeP11objc_object
    0x10c740297 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : xamarin_release_managed_ref
    0x1126b9b34 - Unknown
    0x1126b98c9 - Unknown
    0x10c536e31 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_jit_runtime_invoke
    0x10c65134f - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_runtime_try_invoke
    0x10c652f2f - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_runtime_invoke
    0x10c4635b9 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : _ZL32native_to_managed_trampoline_138P11objc_objectP13objc_selectorPP11_MonoMethodS0_j
    0x10c463445 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : +[__NSObject_Disposer drain:]
    0x7fff208582ba - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation : __NSThreadPerformPerform
    0x7fff2038f38a - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation : __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
    0x7fff2038f282 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation : __CFRunLoopDoSource0
    0x7fff2038e764 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation : __CFRunLoopDoSources0
    0x7fff20388f2f - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation : __CFRunLoopRun
    0x7fff203886d6 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation : CFRunLoopRunSpecific
    0x7fff2bededb3 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices : GSEventRunModal
    0x7fff24690e0b - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore : -[UIApplication _run]
    0x7fff24695cbc - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore : UIApplicationMain
    0x1121a1e25 - Unknown
    0x1121a1b73 - Unknown
    0x112197563 - Unknown
    0x10c536e31 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_jit_runtime_invoke
    0x10c64fa28 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_runtime_invoke_checked
    0x10c654ea5 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_runtime_exec_main_checked
    0x10c4a2cec - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : mono_jit_exec
    0x10c74fd5d - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : xamarin_main
    0x10c47a467 - /Users/Yauheni_Aliashkevich/Library/Developer/CoreSimulator/Devices/0CB8AA0E-0C85-45F4-8CCA-083F98990191/data/Containers/Bundle/Application/4BF943CA-3166-411C-8B0E-DE296FE531F1/sample.app/sample : main
    0x7fff202593e9 - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/libdyld.dylib : start

=================================================================
    Basic Fault Address Reporting
=================================================================
Memory around native instruction pointer (0x7fff2018591b):0x7fff2018590b  89 75 c8 49 89 fc 48 bb f8 ff ff ff ff 7f 00 00  .u.I..H.........
0x7fff2018591b  48 8b 02 48 8d 48 ff 48 83 f9 0f 72 0e 49 8b 4f  H..H.H.H...r.I.O
0x7fff2018592b  20 48 21 d9 f6 01 01 49 0f 45 c7 48 8b 40 20 48   H!....I.E.H.@ H
0x7fff2018593b  21 d8 44 8b 28 48 8d 3d f5 b9 bc 66 be 00 00 05  !.D.(H.=...f....

=================================================================
    Managed Stacktrace:
=================================================================
      at <unknown> <0xffffffff>
      at Foundation.NSObject:xamarin_release_managed_ref <0x000c3>
      at Foundation.NSObject:ReleaseManagedRef <0x0007a>
      at NSObject_Disposer:Drain <0x00392>
      at <Module>:runtime_invoke_void_object <0x000e8>
      at <unknown> <0xffffffff>
      at UIKit.UIApplication:UIApplicationMain <0x00254>
      at UIKit.UIApplication:Main <0x000b2>
      at UIKit.UIApplication:Main <0x00132>
      at sample.Application:Main <0x00092>
      at <Module>:runtime_invoke_void_object <0x00198>
=================================================================
2021-02-02 13:49:34.094259+0300 sample[37874:682299] [ServicesDaemonManager] interruptionHandler is called. -[FontServicesDaemonManager connection]_block_invoke

So following is happening:

  1. Managed part of superview is garbage collected
  2. Native superview object is being deallocated and calls removeFromSuperView for every child view
  3. Every child receives WillMoveToSuperView(null) call
  4. New managed instance for superview is created
  5. Native superview is deallocated
  6. Instance from step 4 is garbaged collected finally and crashes app (being linked to deallocated native object?)
rolfbjarne commented 3 years ago

I can reproduce the crash.

It looks like it's a variation of this old issue: https://xamarin.github.io/bugzilla-archives/13/13430/bug.html

Unfortunately I don't really know how to fix it (or even if we can 😒)