Unexpected EXC_BAD_ACCESS in UINib internals

Originator:artu.antonov
Number:rdar://28550243 Date Originated:29.09.2016
Status:Open Resolved:
Product:iOS Product Version:
Classification:Crash Reproducible:YES
 
Summary:
App always crashes with strange EXC_BAD_ACCESS on real devices.

Here what is 'bt' in lldb print:

* thread #1: tid = 0x191e16, 0x0000000180da9bd0 libobjc.A.dylib`objc_msgSend + 16, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x100030010)
    frame #0: 0x0000000180da9bd0 libobjc.A.dylib`objc_msgSend + 16
    frame #1: 0x0000000186a0a654 UIKit`-[UINibStringIDTable lookupKey:identifier:] + 132
    frame #2: 0x0000000186a0614c UIKit`-[UINibDecoder containsValueForKey:] + 48
    frame #3: 0x00000001868b88f8 UIKit`-[UITableViewCell initWithCoder:] + 812
    frame #4: 0x0000000186a0667c UIKit`UINibDecoderDecodeObjectForValue + 672
    frame #5: 0x0000000186a063c4 UIKit`-[UINibDecoder decodeObjectForKey:] + 336
    frame #6: 0x0000000186b35d98 UIKit`-[UITableViewRow initWithCoder:] + 100
    frame #7: 0x0000000186a0667c UIKit`UINibDecoderDecodeObjectForValue + 672
    frame #8: 0x0000000186a067f4 UIKit`UINibDecoderDecodeObjectForValue + 1048
    frame #9: 0x0000000186a063c4 UIKit`-[UINibDecoder decodeObjectForKey:] + 336
    frame #10: 0x0000000186b36218 UIKit`-[UITableViewSection initWithCoder:] + 312
    frame #11: 0x0000000186a0667c UIKit`UINibDecoderDecodeObjectForValue + 672
    frame #12: 0x0000000186a067f4 UIKit`UINibDecoderDecodeObjectForValue + 1048
    frame #13: 0x0000000186a063c4 UIKit`-[UINibDecoder decodeObjectForKey:] + 336
    frame #14: 0x0000000186b36580 UIKit`-[UITableViewDataSource initWithCoder:] + 96
    frame #15: 0x0000000186a0667c UIKit`UINibDecoderDecodeObjectForValue + 672
    frame #16: 0x0000000186a063c4 UIKit`-[UINibDecoder decodeObjectForKey:] + 336
    frame #17: 0x00000001868e615c UIKit`-[UIRuntimeConnection initWithCoder:] + 188
    frame #18: 0x0000000186a0667c UIKit`UINibDecoderDecodeObjectForValue + 672
    frame #19: 0x0000000186a067f4 UIKit`UINibDecoderDecodeObjectForValue + 1048
    frame #20: 0x0000000186a063c4 UIKit`-[UINibDecoder decodeObjectForKey:] + 336
    frame #21: 0x00000001868e5490 UIKit`-[UINib instantiateWithOwner:options:] + 1220
    frame #22: 0x000000018678f33c UIKit`-[UIViewController _loadViewFromNibNamed:bundle:] + 376
    frame #23: 0x0000000186558250 UIKit`-[UIViewController loadView] + 176
    frame #24: 0x00000001865276ec UIKit`-[UITableViewController loadView] + 92
    frame #25: 0x000000018641bd6c UIKit`-[UIViewController loadViewIfRequired] + 144
    frame #26: 0x00000001864dbda8 UIKit`-[UINavigationController _layoutViewController:] + 72
    frame #27: 0x00000001864dbc80 UIKit`-[UINavigationController _updateScrollViewFromViewController:toViewController:] + 416
    frame #28: 0x00000001864daec8 UIKit`-[UINavigationController _startTransition:fromViewController:toViewController:] + 144
    frame #29: 0x00000001864daa6c UIKit`-[UINavigationController _startDeferredTransitionIfNeeded:] + 868
    frame #30: 0x00000001864da694 UIKit`-[UINavigationController __viewWillLayoutSubviews] + 60
    frame #31: 0x00000001864da5fc UIKit`-[UILayoutContainerView layoutSubviews] + 208
    frame #32: 0x0000000186417778 UIKit`-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 656
    frame #33: 0x0000000183e26b2c QuartzCore`-[CALayer layoutSublayers] + 148
    frame #34: 0x0000000183e21738 QuartzCore`CA::Layer::layout_if_needed(CA::Transaction*) + 292
    frame #35: 0x0000000183e215f8 QuartzCore`CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 32
    frame #36: 0x0000000183e20c94 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 252
    frame #37: 0x0000000183e209dc QuartzCore`CA::Transaction::commit() + 512
    frame #38: 0x000000018640dc78 UIKit`_afterCACommitHandler + 180
    frame #39: 0x00000001816e0588 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 32
    frame #40: 0x00000001816de32c CoreFoundation`__CFRunLoopDoObservers + 372
    frame #41: 0x00000001816de75c CoreFoundation`__CFRunLoopRun + 928
    frame #42: 0x000000018160d680 CoreFoundation`CFRunLoopRunSpecific + 384
    frame #43: 0x0000000182b1c088 GraphicsServices`GSEventRunModal + 180
    frame #44: 0x0000000186484d90 UIKit`UIApplicationMain + 204
  * frame #45: 0x000000010003c30c UserSample`main + 140 at AppDelegate.swift:12
    frame #46: 0x00000001811ae8b8 libdyld.dylib`start + 4

Steps to Reproduce:
1. Open attached project
2. Run project on actual device, not simulator
3. Select users in tableView and go back, repeat until app crashes
4. Go to storyboard and in User scene find uplButton in avatar section, remove its image
5. Now everything works normally

Expected Results:
App should work properly

Actual Results:
App crashed after certain period of time with EXC_BAD_ACCESS(code=1, address=0x...)

Version:
iPhone: iOS 9.2.1 (13D15), iPad: iOS 8.4.1 (12H321), Xcode: 8.0(8A218a)

Notes:
If you set NSZombieEnabled to YES everything works as expected, also there are no problems on simulator (iOS 10)

Configuration:
iPhone 6s 64GB, iPad Air 16GB Cellural

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!