EXC_BAD_ACCESS if Address or Thread Sanitizer is enabled

Question

Created Apr ’25

Replies 8

Boosts 1

Participants 3

I'm getting EXC_BAD_ACCESS (code=2, address=0x7ff8a6e2fcce) when launching my app on the simulator with Address or Thread Sanitizer enabled. I'm running Xcode 16.3 (16E140) on macOS Sequoia 15.4.1 (24E263). The call stack looks like the following.

On the device, there is no crash, but this message is printed to the console: malloc: nano zone abandoned due to inability to reserve vm space. (Not sure if it's related.)

Does anybody know what is causing the crash?

Thread 1
#0	0x0000000103361f5b in __sanitizer::MemoryMappingLayout::Next ()
#1	0x000000010336034b in __sanitizer::MemoryRangeIsAvailable ()
#2	0x000000010334db77 in __asan::InitializeShadowMemory ()
#3	0x0000000103395069 in __asan::AsanInitInternal() (.cold.1) ()
#4	0x000000010334d352 in __asan::AsanInitInternal ()
#5	0x0000000103394f65 in __asan_init.cold.1 ()
#6	0x000000010334d325 in __asan::AsanInitFromRtl ()
#7	0x0000000103343289 in wrap_malloc_default_zone ()
#8	0x00007ff801b15f86 in __malloc_init ()
#9	0x00007ffa160080be in libSystem_initializer ()
#10	0x000000010306eb11 in invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const ()
#11	0x000000010308f364 in invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const ()
#12	0x00000001030aad7c in invocation function for block in mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const ()
#13	0x00000001030a83c9 in mach_o::Header::forEachLoadCommand ()
#14	0x00000001030a98c8 in mach_o::Header::forEachSection ()
#15	0x000000010308ef62 in dyld3::MachOAnalyzer::forEachInitializer ()
#16	0x000000010306e9ac in dyld4::Loader::findAndRunAllInitializers ()
#17	0x0000000103074da1 in dyld4::JustInTimeLoader::runInitializers ()
#18	0x00000001030807c5 in dyld4::APIs::runAllInitializersForMain ()
#19	0x000000010305efac in dyld4::prepare ()
#20	0x000000010305e36e in _dyld_sim_prepare ()
#21	0x000000010993b2a0 in dyld4::prepareSim ()
#22	0x0000000109939963 in dyld4::prepare ()
#23	0x000000010993981f in dyld4::start(dyld4::KernelArgs*, void*, void*)::$_0::operator()() const ()
#24	0x00000001099394da in start ()

Answered by rickj in 841047022

Bingo. Xcode Version 16.3 (16E140) New iOS App project, iOS 18.4, edit Scheme, switch on:

address sanitizer, 
  detect use of stack after return, 
undefined behavior sanitizer, 

main thread checker
thread performance checker

malloc scribble
zombie objects

api validation

And you get (iPhone 13 iOS 18.4 simulator):

`libclang_rt.asan_iossim_dynamic.dylib`__sanitizer::MemoryMappingLayout::Next:
    0x1100d9e50 <+0>:   cmpl   $-0x1, 0x8(%rdi)
    0x1100d9e54 <+4>:   jl     0x1100d9e7b               ; <+43>
    0x1100d9e56 <+6>:   pushq  %rbp
    0x1100d9e57 <+7>:   movq   %rsp, %rbp
    0x1100d9e5a <+10>:  pushq  %r15
    0x1100d9e5c <+12>:  pushq  %r14
...
 0x1100d9f54 <+260>: movl   0x4(%r13), %eax
    0x1100d9f58 <+264>: addq   %rax, %r13
->  0x1100d9f5b <+267>: movl   (%r13), %eax
    0x1100d9f5f <+271>: cmpl   $0xc, %eax
    0x1100d9f62 <+274>: jne    0x1100d9f50               ; <+256>

`

If you modify the App to run on iOS 18.0 (minimum deployment), add a simulator for iOS 18.0, you will find it runs fine on 18.0, with all those sanitizers on.

Will attach project to bug, eh feedback report FB17723761

Boost

Answer 1

rickj OP

3w

Same here, started with iOS 18.4 I think. The crash happens before main.m is even entered, breakpoint in main.m is not reached. Before 18.4 it did. Did you find a solution?

0

Answer 2

DTS Engineer OP

Apple

3w

Have you tried reproducing this with a small test project?

I just tried this here in my office and didn’t have a problem. Specifically:

Using Xcode 16.3 on macOS 15.4, I created a new app from the iOS > App template.
I ran it on the iPhone 16 simulator, simulating iOS 18.4. It launched successfully.
In the scheme editor I enabled Address Sanitizer.
I ran it again. It launched successfully.
In the scheme editor I disabled Address Sanitizer and enable Thread Sanitizer. It launched successfully.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

rickj OP

3w

Thanks Quinn,

I'm sure a new and clean empty project runs, but this is a (big) existing project, objective-c, no storyboard but XIBs, that has run fine before 18.4, for years. As the crash happens before my code is even entered I don't even know where to start!

Does this Sanitizer message mean anything to you? What is the problem with MemoryMappingLayout?

libclang_rt.asan_iossim_dynamic.dylib__sanitizer::MemoryMappingLayout::Next: 0x10f2dae50 <+0>: cmpl $-0x1, 0x8(%rdi)`

With the sanitizers switched off in the Run Scheme the app runs fine in the Simulator, but I have a user that experiences an actual crash on device. That crash is different from what I experience: the app crashes on simulator before entering my code, after displaying the splash screen, while the user has an app that does startup, and can be used for a few seconds, but crashes on a certain input.

As is, I cannot even establish if these crashes are related.

In the App Analytics in AppstoreConnect I see no increase in the number of crashes for this app, 375k sessions/month, 98 crashes, so 0.25 promille.

1

Answer 4

rickj OP

3w

(In the App Analytics in AppstoreConnect I see no increase in the number of crashes for this app, 375k sessions/month, 98 crashes, so 0.25 promille.)

0

Answer 5

rickj OP

3w

Going to file a bug report, I think it is a bug in Xcode.

0

Answer 6

DTS Engineer OP

Apple

3w

I'm sure a new and clean empty project runs

IME it’s best to actually verify such expectations, because:

If your small test project fails, that suggests that you’re main project is fine and it’s likely that this is related to your environment.
If it works, as you and I both expect, that gives you a known data point for some differential debugging.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 7

rickj OP

3w

Recommended

Bingo. Xcode Version 16.3 (16E140) New iOS App project, iOS 18.4, edit Scheme, switch on:

address sanitizer, 
  detect use of stack after return, 
undefined behavior sanitizer, 

main thread checker
thread performance checker

malloc scribble
zombie objects

api validation

And you get (iPhone 13 iOS 18.4 simulator):

`libclang_rt.asan_iossim_dynamic.dylib`__sanitizer::MemoryMappingLayout::Next:
    0x1100d9e50 <+0>:   cmpl   $-0x1, 0x8(%rdi)
    0x1100d9e54 <+4>:   jl     0x1100d9e7b               ; <+43>
    0x1100d9e56 <+6>:   pushq  %rbp
    0x1100d9e57 <+7>:   movq   %rsp, %rbp
    0x1100d9e5a <+10>:  pushq  %r15
    0x1100d9e5c <+12>:  pushq  %r14
...
 0x1100d9f54 <+260>: movl   0x4(%r13), %eax
    0x1100d9f58 <+264>: addq   %rax, %r13
->  0x1100d9f5b <+267>: movl   (%r13), %eax
    0x1100d9f5f <+271>: cmpl   $0xc, %eax
    0x1100d9f62 <+274>: jne    0x1100d9f50               ; <+256>

`

If you modify the App to run on iOS 18.0 (minimum deployment), add a simulator for iOS 18.0, you will find it runs fine on 18.0, with all those sanitizers on.

Will attach project to bug, eh feedback report FB17723761

0

Answer 8

rickj OP

2w

This seems fixed with xcode Version 16.4 (16F6)

0