State Restoration crash after _saveApplicationPreservationStateIfSupported in keyed archiving EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x000000010bff0000

Originator:steipete
Number:rdar://45453895 Date Originated:22-Oct-2018 05:34 PM
Status:Open Resolved:
Product:iOS + SDK Product Version:12.0
Classification:Crash/Hang/Data Loss Reproducible:Sometimes
 
Summary:
We see a crash in state restoration, deep inside keyed archiving.

Crashed: com.apple.main-thread
0  libsystem_platform.dylib       0x1e66e2d88 _platform_memmove + 40
1  Foundation                     0x1e7466ce4 -[NSConcreteMutableData appendBytes:length:] + 532
2  CoreFoundation                 0x1e6a1316c writeBytes + 164
3  CoreFoundation                 0x1e6a108b0 _appendObject + 972
4  CoreFoundation                 0x1e6a0fea0 __CFBinaryPlistWriteOrPresize + 472
5  Foundation                     0x1e7466a30 -[NSKeyedArchiver finishEncoding] + 588
6  UIKitCore                      0x2131012dc -[UIApplication(StateRestoration) _saveApplicationPreservationState:viewController:sessionIdentifier:beginHandler:completionHandler:] + 3652
7  UIKitCore                      0x2130ffdbc -[UIApplication(StateRestoration) _saveApplicationPreservationStateIfSupported] + 508
8  UIKitCore                      0x2130e2c0c -[UIApplication _applicationDidEnterBackground] + 112
9  UIKitCore                      0x2139023a4 -[__UICanvasLifecycleMonitor_Compatability deactivateEventsOnly:withContext:forceExit:completion:] + 1848
10 UIKitCore                      0x2138c064c __82-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:]_block_invoke + 852
11 UIKitCore                      0x2138c02a8 -[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:] + 432
12 UIKitCore                      0x213903844 __125-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:]_block_invoke + 220
13 UIKitCore                      0x213904334 _performActionsWithDelayForTransitionContext + 112
14 UIKitCore                      0x2139036fc -[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:] + 248
15 UIKitCore                      0x2138fca10 -[_UICanvas scene:didUpdateWithDiff:transitionContext:completion:] + 368
16 UIKitCore                      0x213109940 -[UIApplicationSceneClientAgent scene:handleEvent:withCompletion:] + 468
17 FrontBoardServices             0x1e95085a0 __80-[FBSSceneImpl updater:didUpdateSettings:withDiff:transitionContext:completion:]_block_invoke.359 + 228
18 libdispatch.dylib              0x1e6510484 _dispatch_client_callout + 16
19 libdispatch.dylib              0x1e64b3e58 _dispatch_block_invoke_direct$VARIANT$mp + 224
20 FrontBoardServices             0x1e9546640 __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 40
21 FrontBoardServices             0x1e95462cc -[FBSSerialQueue _performNext] + 416
22 FrontBoardServices             0x1e95468e8 -[FBSSerialQueue _performNextFromRunLoopSource] + 56
23 CoreFoundation                 0x1e6a665b8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
24 CoreFoundation                 0x1e6a66538 __CFRunLoopDoSource0 + 88
25 CoreFoundation                 0x1e6a65e1c __CFRunLoopDoSources0 + 176
26 CoreFoundation                 0x1e6a60ce8 __CFRunLoopRun + 1040
27 CoreFoundation                 0x1e6a605b8 CFRunLoopRunSpecific + 436
28 GraphicsServices               0x1e8cd4584 GSEventRunModal + 100
29 UIKitCore                      0x2130db558 UIApplicationMain + 212
30 Viewer                         0x1025cb294 main (main.swift:12)
31 libdyld.dylib                  0x1e6520b94 start + 4

I have no way to trigger this locally, but it is happening many months now, both iOS 11 and 12, and affecting many customers on PDF Viewer Pro.

Steps to Reproduce:
Use http://pdfviewer.io. Background app. Observe rare crashes. They are hard to notice because the app just restarts afterwards, losing state. We believe this is a corruption issue in UIKit itself - I cannot imagine how we could trigger a crash on exactly this position, over thousands of users.

Expected Results:
No crash :)

Actual Results:
crash.

Version:
12.0

Notes:
Sorry for not being able to offer more infos - if you have ideas what would be useful to add, let me know.

Specific device here was 

Device
Model: iPad 6
Orientation: Face Up
RAM free: 173.38 MB
Disk free: 3.02 GB
Operating System
Version: 12.0.0 (16A366)
Orientation: Portrait
Jailbroken: No
Crash
Date: Oct 22, 2018, 4:57:00 PM
App version: 3.1.0 (6993)

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!