firebase-ios-sdk
firebase-ios-sdk copied to clipboard
firebase
iOS app crash on FBLPromise observeOnQueue:fulfill:reject:
Description
We observe over 4700 crashes of this type in our Firebase Crashlytics. iOS environment: 71% iOS 17 23% iOS 16 5% iOS 15
Stack trace examples and keys are below.
Example 1:
Crashed: com.google.perf.FPREventsQueue 0 libsystem_kernel.dylib 0xa974 __pthread_kill + 8 1 libsystem_pthread.dylib 0x60ec pthread_kill + 268 2 libsystem_c.dylib 0x75b80 abort + 180 3 libsystem_malloc.dylib 0x2bc68 malloc_vreport + 896 4 libsystem_malloc.dylib 0x2bf10 malloc_zone_error + 104 5 libsystem_malloc.dylib 0x21a44 nanov2_guard_corruption_detected + 44 6 libsystem_malloc.dylib 0x7f84 nanov2_find_block_and_allocate + 402 7 libobjc.A.dylib 0x2ab7c class_createInstance + 72 8 CoreFoundation 0x2129c __CFAllocateObject + 20 9 CoreFoundation 0x21180 __NSArrayM_new + 60 10 CSOB 0x45e5520 -[FBLPromise observeOnQueue:fulfill:reject:] + 4375663904 11 CSOB 0x45e5a24 -[FBLPromise chainOnQueue:chainedFulfill:chainedReject:] + 4375665188 12 CSOB 0x45e78f0 -[FBLPromise(CatchAdditions) onQueue:catch:] + 4375673072 13 CSOB 0x45e7850 -[FBLPromise(CatchAdditions) catch:] + 4375672912 14 CSOB 0x460ed9c -[FIRInstallationsSingleOperationPromiseCache getExistingPendingOrCreateNewPromise] + 4375834012 15 CSOB 0x460aa00 -[FIRInstallationsIDController getInstallationItem] + 4375816704 16 CSOB 0x46069b0 -[FIRInstallations installationIDWithCompletion:] + 4375800240 17 CSOB 0x4740b84 -[FPRClient processAndLogEvent:] + 4377086852 18 CSOB 0x47407ec __29-[FPRClient logNetworkTrace:]_block_invoke + 4377085932 19 libdispatch.dylib 0x213c _dispatch_call_block_and_release + 32 20 libdispatch.dylib 0x3dd4 _dispatch_client_callout + 20 21 libdispatch.dylib 0xb4d0 _dispatch_lane_serial_drain + 956 22 libdispatch.dylib 0xbf30 _dispatch_lane_invoke + 380 23 libdispatch.dylib 0x16cb4 _dispatch_root_queue_drain_deferred_wlh + 288 24 libdispatch.dylib 0x16528 _dispatch_workloop_worker_thread + 404 25 libsystem_pthread.dylib 0x1f20 _pthread_wqthread + 288 26 libsystem_pthread.dylib 0x1fc0 start_wqthread + 8
crash_info_entry_0 | abort() called
crash_info_entry_1 | CSOB(37744,0x16b78b000) malloc: Heap corruption detected, free list is damaged at 0x301a240f0 *** Incorrect guard value: 8595524472
Example 2:
Crashed: com.google.iid-token-operations (QOS: UTILITY) 0 libsystem_kernel.dylib 0xa974 __pthread_kill + 8 1 libsystem_pthread.dylib 0x60ec pthread_kill + 268 2 libsystem_c.dylib 0x75b80 abort + 180 3 libsystem_malloc.dylib 0x2bc68 malloc_vreport + 896 4 libsystem_malloc.dylib 0x2bf10 malloc_zone_error + 104 5 libsystem_malloc.dylib 0x21a44 nanov2_guard_corruption_detected + 44 6 libsystem_malloc.dylib 0x7f84 nanov2_find_block_and_allocate + 402 7 libobjc.A.dylib 0x2ab7c class_createInstance + 72 8 CoreFoundation 0x2129c __CFAllocateObject + 20 9 CoreFoundation 0x21180 __NSArrayM_new + 60 10 CSOB 0x45e5520 -[FBLPromise observeOnQueue:fulfill:reject:] + 4384904480 11 CSOB 0x45e5a24 -[FBLPromise chainOnQueue:chainedFulfill:chainedReject:] + 4384905764 12 CSOB 0x45e91b4 -[FBLPromise(ThenAdditions) then:] + 4384919988 13 CSOB 0x460f210 -[FIRInstallationsStore installationForAppID:appName:] + 4385075728 14 CSOB 0x460ac10 -[FIRInstallationsIDController getStoredInstallation] + 4385057808 15 CSOB 0x460aa9c -[FIRInstallationsIDController createGetInstallationItemPromise] + 4385057436 16 CSOB 0x460a8f4 __131-[FIRInstallationsIDController initWithGoogleAppID:appName:installationsStore:APIService:IIDStore:IIDTokenStore:backoffController:]_block_invoke + 4385057012 17 CSOB 0x460eccc -[FIRInstallationsSingleOperationPromiseCache getExistingPendingOrCreateNewPromise] + 4385074380 18 CSOB 0x460aa00 -[FIRInstallationsIDController getInstallationItem] + 4385057280 19 CSOB 0x460b984 -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:] + 4385061252 20 CSOB 0x460a938 __131-[FIRInstallationsIDController initWithGoogleAppID:appName:installationsStore:APIService:IIDStore:IIDTokenStore:backoffController:]_block_invoke.11 + 4385057080 21 CSOB 0x460eccc -[FIRInstallationsSingleOperationPromiseCache getExistingPendingOrCreateNewPromise] + 4385074380 22 CSOB 0x460b8c0 -[FIRInstallationsIDController getAuthTokenForcingRefresh:] + 4385061056 23 CSOB 0x4606bd8 -[FIRInstallations authTokenForcingRefresh:completion:] + 4385041368 24 CSOB 0x47344a4 -[FIRMessagingTokenOperation start] + 4386276516 25 Foundation 0x7119c NSOPERATIONQUEUE_IS_STARTING_AN_OPERATION + 16 26 Foundation 0x70f08 __NSOQSchedule_f + 172 27 libdispatch.dylib 0x213c _dispatch_call_block_and_release + 32 28 libdispatch.dylib 0x3dd4 _dispatch_client_callout + 20 29 libdispatch.dylib 0x72d8 _dispatch_continuation_pop + 600 30 libdispatch.dylib 0x68f4 _dispatch_async_redirect_invoke + 584 31 libdispatch.dylib 0x15894 _dispatch_root_queue_drain + 392 32 libdispatch.dylib 0x1609c _dispatch_worker_thread2 + 156 33 libsystem_pthread.dylib 0x1ee4 _pthread_wqthread + 228 34 libsystem_pthread.dylib 0x1fc0 start_wqthread + 8
crash_info_entry_0 | abort() called
crash_info_entry_1 | CSOB(437,0x16b887000) malloc: Heap corruption detected, free list is damaged at 0x303a2dd40 *** Incorrect guard value: 8489729152
state | SBCSOB:app_start:splashscreen
Reproducing the issue
Happens during a launching an app.
Firebase SDK Version
10.23.0
Xcode Version
15.3
Installation Method
Zip
Firebase Product(s)
Analytics, Crashlytics, Performance
Targeted Platforms
iOS
Relevant Log Output
No response
If using Swift Package Manager, the project's Package.resolved
Expand Package.resolved snippet
Replace this line with the contents of your Package.resolved.
If using CocoaPods, the project's Podfile.lock
Expand Podfile.lock snippet
Replace this line with the contents of your Podfile.lock!
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
Since this issue, along with #12987 and #12988, are relating to heap corruptions, there may be something in the app corrupting the heap.
Does running with Instruments help to isolate the cause?
We are also facing a similar issue that is only happening on Release and Testflight. We were not able to catch it when debugging.
Versions we tried: 10.26.0 10.24.0 10.23.0
Reason: +[NSData %s]: unrecognized selector sent to class 0x1ecba4cd0
Crash:
Triggered by Thread: 5
Last Exception Backtrace:
0 CoreFoundation 0x197abab28 __exceptionPreprocess + 164 (NSException.m:249)
1 libobjc.A.dylib 0x18f936f78 objc_exception_throw + 60 (objc-exception.mm:356)
2 CoreFoundation 0x197b4bd94 +[NSObject(NSObject) doesNotRecognizeSelector:] + 344 (NSObject.m:151)
3 CoreFoundation 0x197a00300 ___forwarding___ + 1572 (NSForwarding.m:3612)
4 CoreFoundation 0x197b41760 _CF_forwarding_prep_0 + 96 (:-1)
5 AppCore 0x10302de34 Data.zipped() + 112
6 AppCore 0x10302d730 Data.zipped() + 40
7 AppCore 0x10302d3b8 HeartbeatsPayload.headerValue() + 288
8 AppCore 0x103030ffc @objc _ObjC_HeartbeatsPayload.headerValue() + 52
9 AppCore 0x10301fc74 FIRHeaderValueFromHeartbeatsPayload + 44
10 AppCore 0x10305eec4 __96-[FIRInstallationsAPIService requestWithURL:HTTPMethod:bodyDict:refreshToken:additionalHeaders:]_block_invoke + 380
11 AppCore 0x102fe4efc __38+[FBLPromise(DoAdditions) onQueue:do:]_block_invoke + 40
12 libdispatch.dylib 0x19f8c913c _dispatch_call_block_and_release + 32 (init.c:1530)
13 libdispatch.dylib 0x19f8cadd4 _dispatch_client_callout + 20 (object.m:576)
14 libdispatch.dylib 0x19f8dcaf4 _dispatch_root_queue_drain + 1000 (queue.c:7136)
15 libdispatch.dylib 0x19f8dd09c _dispatch_worker_thread2 + 156 (queue.c:7204)
16 libsystem_pthread.dylib 0x1f39b8ee4 _pthread_wqthread + 228 (pthread.c:2678)
17 libsystem_pthread.dylib 0x1f39b8fc0 start_wqthread + 8 (:-1)
