Crash EXC_BAD_ACCESS KERN_INVALID_ADDRESS [FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]

[mvandervelden]

[READ] Step 1: Are you in the right place?

Yes

[REQUIRED] Step 2: Describe your environment

• Xcode version: 10.1
• Firebase SDK version: 5.19.0
• Firebase Component: FirebaseInstanceID
• Component version: 3.8.0

[REQUIRED] Step 3: Describe the problem

stack trace:

Crashed: com.apple.main-thread
0  libobjc.A.dylib                0x1bc9d8d7c objc_msgSend + 28
1  CoreFoundation                 0x1bd6dd6d0 +[__NSDictionaryI __new::::::] + 376
2  CoreFoundation                 0x1bd6e03b4 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3  Catawiki                       0x1012754cc __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:416)
4  libdispatch.dylib              0x1bd2296c8 _dispatch_call_block_and_release + 24
5  libdispatch.dylib              0x1bd22a484 _dispatch_client_callout + 16
6  libdispatch.dylib              0x1bd1d69a4 _dispatch_main_queue_callback_4CF$VARIANT$mp + 1068
7  CoreFoundation                 0x1bd781ce4 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
8  CoreFoundation                 0x1bd77cbac __CFRunLoopRun + 1964
9  CoreFoundation                 0x1bd77c0e0 CFRunLoopRunSpecific + 436
10 GraphicsServices               0x1bf9f5584 GSEventRunModal + 100
11 UIKitCore                      0x1ea708c00 UIApplicationMain + 212
12 Catawiki                       0x100e78b20 main (main.swift:6)
13 libdyld.dylib                  0x1bd23abb4 start + 4

Also I've seen a lot of crash and error reports in Firebase Crashlytics that are missing data in the "logs" tab.

Steps to reproduce:

Haven't been able to reproduce locally, but this started happening on quite large scale in production in our latest version (+700 users affected). In this release we updated from Firebase 5.10 (FirebaseInstanceID 3.2.2), and at the same time adding custom screen tagging (see code below).

Looking at the relevant code in FIRInstanceIDKeyPairStore line 416, it looks like an issue handling backwards compatibility?

Relevant Code:

func setScreenName(_ screenName: String?, screenClass: String?) {
        Firebase.Analytics.setScreenName(screenName, screenClass: screenClass)
}

Not sure the latter is related to the crash..

--EDIT--
Couple of days later, it seems that the occurrence of the crash is slowing down rapidly (no change on the client side), which seems likely to me if the issue was indeed backwards compatibility/migration:

[paulb777]

Tagging Analytics as well as InstanceID since it may be related to Analytics.setScreenName

[mvandervelden]

Edited the description with some new data about the crash that might be helpful pinning down the cause:

Couple of days later, it seems that the occurrence of the crash is slowing down rapidly (no change on the client side), which seems likely to me if the issue was indeed backwards compatibility/ migration.

[ennioma]

Yesterday I submitted my app and I got exactly the same problem:

1. Using Firebase/Core and Firebase/Performance, 5.18.0
2. Haven't been able to reproduce locally
3. 200+ users affected
4. 1st time in production, we moved from Fabric (previous version) to Firebase (this version)
5. Crash located in FIRInstanceIDKeyPairStore line 416

EDIT:
13/04 --> from this morning users affected are doubled from 200 to 400 :(
14/04 --> users affected are 800
15/04 --> +1500 users

[PSSDeveloper]

I meet this problem too.use the firebase/core sdk version 5.20.1

[georgbachmann]

Same issue... Version 5.20.2

[charlotteliang]

@georgbachmann Can you share the stack trace since you have the latest version? That helps us identify the issue.

[georgbachmann]

There's not much to see though... But here you go:

0  libobjc.A.dylib                0x183ae9430 objc_retain + 16
1  CoreFoundation                 0x1847ed6d0 +[__NSDictionaryI __new::::::] + 376
2  CoreFoundation                 0x1847f03b4 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3  <my-app-name>                  0x102857b94 __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:420)
4  libdispatch.dylib              0x1843396c8 _dispatch_call_block_and_release + 24
5  libdispatch.dylib              0x18433a484 _dispatch_client_callout + 16
6  libdispatch.dylib              0x1842e69a4 _dispatch_main_queue_callback_4CF$VARIANT$mp + 1068
7  CoreFoundation                 0x184891ce4 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
8  CoreFoundation                 0x18488cbac __CFRunLoopRun + 1964
9  CoreFoundation                 0x18488c0e0 CFRunLoopRunSpecific + 436
10 GraphicsServices               0x186b05584 GSEventRunModal + 100
11 UIKitCore                      0x1b1becc00 UIApplicationMain + 212
12 <my-app-name>                  0x102582bec main (main.m:16)
13 libdyld.dylib                  0x18434abb4 start + 4```

[ennioma]

Same here

OS Version: 12.1.4 (16D57)

Device: iPhone 7

#0. Crashed: com.apple.main-thread
0 libobjc.A.dylib 0x22da4d430 objc_retain + 16
1 CoreFoundation 0x22e7516d0 +[__NSDictionaryI __new::::::] + 376
2 CoreFoundation 0x22e7543b4 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3 --- 0x104c6648c __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:420)
4 libdispatch.dylib 0x22e29d6c8 _dispatch_call_block_and_release + 24
5 libdispatch.dylib 0x22e29e484 _dispatch_client_callout + 16
6 libdispatch.dylib 0x22e24a9a4 _dispatch_main_queue_callback_4CF$VARIANT$mp + 1068
7 CoreFoundation 0x22e7f5ce4 CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE + 12
8 CoreFoundation 0x22e7f0bac __CFRunLoopRun + 1964
9 CoreFoundation 0x22e7f00e0 CFRunLoopRunSpecific + 436
10 GraphicsServices 0x230a69584 GSEventRunModal + 100
11 UIKitCore 0x25bb50c00 UIApplicationMain + 212
12 --- 0x10464a800 main (main.swift:6)
13 libdyld.dylib 0x22e2aebb4 start + 4

--

#0. Crashed: com.apple.main-thread
0 libobjc.A.dylib 0x22da4d430 objc_retain + 16
1 CoreFoundation 0x22e7516d0 +[__NSDictionaryI __new::::::] + 376
2 CoreFoundation 0x22e7543b4 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3 --- 0x104c6648c __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:420)
4 libdispatch.dylib 0x22e29d6c8 _dispatch_call_block_and_release + 24
5 libdispatch.dylib 0x22e29e484 _dispatch_client_callout + 16
6 libdispatch.dylib 0x22e24a9a4 _dispatch_main_queue_callback_4CF$VARIANT$mp + 1068
7 CoreFoundation 0x22e7f5ce4 CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE + 12
8 CoreFoundation 0x22e7f0bac __CFRunLoopRun + 1964
9 CoreFoundation 0x22e7f00e0 CFRunLoopRunSpecific + 436
10 GraphicsServices 0x230a69584 GSEventRunModal + 100
11 UIKitCore 0x25bb50c00 UIApplicationMain + 212
12 mrp 0x10464a800 main (main.swift:6)
13 libdyld.dylib 0x22e2aebb4 start + 4

#1. Thread
0 libsystem_pthread.dylib 0x22e483ce8 start_wqthread + 190

#2. Thread
0 libsystem_kernel.dylib 0x22e3fbb9c __workq_kernreturn + 8
1 libsystem_pthread.dylib 0x22e481100 _pthread_wqthread + 348
2 libsystem_pthread.dylib 0x22e483cec start_wqthread + 4

#3. Thread
0 libsystem_kernel.dylib 0x22e3fbb9c __workq_kernreturn + 8
1 libsystem_pthread.dylib 0x22e481100 _pthread_wqthread + 348
2 libsystem_pthread.dylib 0x22e483cec start_wqthread + 4

#4. com.apple.uikit.eventfetch-thread
0 libsystem_kernel.dylib 0x22e3efea4 mach_msg_trap + 8
1 libsystem_kernel.dylib 0x22e3ef37c mach_msg + 72
2 CoreFoundation 0x22e7f5ad8 __CFRunLoopServiceMachPort + 236
3 CoreFoundation 0x22e7f0974 __CFRunLoopRun + 1396
4 CoreFoundation 0x22e7f00e0 CFRunLoopRunSpecific + 436
5 Foundation 0x22f1e6494 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 300
6 Foundation 0x22f1e6304 -[NSRunLoop(NSRunLoop) runUntilDate:] + 88
7 UIKitCore 0x25bc410c4 -[UIEventFetcher threadMain] + 136
8 Foundation 0x22f31923c NSThread__start + 1040
9 libsystem_pthread.dylib 0x22e48025c _pthread_body + 128
10 libsystem_pthread.dylib 0x22e4801bc _pthread_start + 48
11 libsystem_pthread.dylib 0x22e483cf4 thread_start + 4

#5. Thread
0 libsystem_kernel.dylib 0x22e3fbb9c __workq_kernreturn + 8
1 libsystem_pthread.dylib 0x22e4811c0 _pthread_wqthread + 540
2 libsystem_pthread.dylib 0x22e483cec start_wqthread + 4

#6. Thread
0 libsystem_kernel.dylib 0x22e3fbb9c __workq_kernreturn + 8
1 libsystem_pthread.dylib 0x22e481100 _pthread_wqthread + 348
2 libsystem_pthread.dylib 0x22e483cec start_wqthread + 4

#7. Thread
0 libsystem_kernel.dylib 0x22e3fbb9c __workq_kernreturn + 8
1 libsystem_pthread.dylib 0x22e481100 _pthread_wqthread + 348
2 libsystem_pthread.dylib 0x22e483cec start_wqthread + 4

[charlotteliang]

@maksymmalyhin Would you mind taking a look at? If you don't have time, you can assign back to me.

[surajthomask]

@maksymmalyhin @chliangGoogle This issue is still happening in my app with following logs

# Platform: ios
# Date: 2019-05-23T23:16:00Z
# OS Version: 12.2.0 (16E227)
# Device: iPhone 8 Plus
# RAM Free: 5.3%
# Disk Free: 82.7%

#0. Crashed: com.apple.main-thread
0  libobjc.A.dylib                0x22d95bbf0 objc_retain + 16
1  CoreFoundation                 0x22e658080 +[__NSDictionaryI __new::::::] + 376
2  CoreFoundation                 0x22e65ad44 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3  APPNAME                        0x1049c3ab4 __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:420)
4  libdispatch.dylib              0x22e1a8a38 _dispatch_call_block_and_release + 24
5  libdispatch.dylib              0x22e1a97d4 _dispatch_client_callout + 16
6  libdispatch.dylib              0x22e1899e4 _dispatch_main_queue_callback_4CF$VARIANT$armv81 + 1008
7  CoreFoundation                 0x22e6f9ec0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
8  CoreFoundation                 0x22e6f4df8 __CFRunLoopRun + 1924
9  CoreFoundation                 0x22e6f4354 CFRunLoopRunSpecific + 436
10 GraphicsServices               0x2308f479c GSEventRunModal + 104
11 UIKitCore                      0x25acdfb68 UIApplicationMain + 212
12 APPNAME                        0x1043dcc7c main (AppDelegate.swift:20)
13 libdyld.dylib                  0x22e1ba8e0 start + 4

--

#0. Crashed: com.apple.main-thread
0  libobjc.A.dylib                0x22d95bbf0 objc_retain + 16
1  CoreFoundation                 0x22e658080 +[__NSDictionaryI __new::::::] + 376
2  CoreFoundation                 0x22e65ad44 +[NSDictionary dictionaryWithObjects:forKeys:count:] + 64
3  APPNAME                        0x1049c3ab4 __58-[FIRInstanceIDKeyPairStore updateKeyRef:withTag:handler:]_block_invoke (FIRInstanceIDKeyPairStore.m:420)
4  libdispatch.dylib              0x22e1a8a38 _dispatch_call_block_and_release + 24
5  libdispatch.dylib              0x22e1a97d4 _dispatch_client_callout + 16
6  libdispatch.dylib              0x22e1899e4 _dispatch_main_queue_callback_4CF$VARIANT$armv81 + 1008
7  CoreFoundation                 0x22e6f9ec0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
8  CoreFoundation                 0x22e6f4df8 __CFRunLoopRun + 1924
9  CoreFoundation                 0x22e6f4354 CFRunLoopRunSpecific + 436
10 GraphicsServices               0x2308f479c GSEventRunModal + 104
11 UIKitCore                      0x25acdfb68 UIApplicationMain + 212
12 APPNAME                        0x1043dcc7c main (AppDelegate.swift:20)
13 libdyld.dylib                  0x22e1ba8e0 start + 4

Following is part of podfile.lock file we used on latest file.

  - Firebase/Core (6.0.0):
    - Firebase/CoreOnly
    - FirebaseAnalytics (= 6.0.0)
  - Firebase/CoreOnly (6.0.0):
    - FirebaseCore (= 6.0.0)
  - Firebase/InAppMessagingDisplay (6.0.0):
    - Firebase/CoreOnly
    - FirebaseInAppMessagingDisplay (~> 0.14.0)
  - Firebase/Messaging (6.0.0):
    - Firebase/CoreOnly
    - FirebaseMessaging (~> 4.0.0)
  - Firebase/Performance (6.0.0):
    - Firebase/CoreOnly
    - FirebasePerformance (~> 3.0.0)
  - Firebase/RemoteConfig (6.0.0):
    - Firebase/CoreOnly
    - FirebaseRemoteConfig (~> 4.0.0)
  - FirebaseABTesting (3.0.0):
    - FirebaseCore (~> 6.0)
    - Protobuf (~> 3.5)
  - FirebaseAnalytics (6.0.0):
    - FirebaseCore (~> 6.0)
    - FirebaseInstanceID (~> 4.0)
    - GoogleAppMeasurement (= 6.0.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 6.0)
    - GoogleUtilities/MethodSwizzler (~> 6.0)
    - GoogleUtilities/Network (~> 6.0)
    - "GoogleUtilities/NSData+zlib (~> 6.0)"
    - nanopb (~> 0.3)
  - FirebaseAnalyticsInterop (1.2.0)
  - FirebaseCore (6.0.0):
    - GoogleUtilities/Environment (~> 6.0)
    - GoogleUtilities/Logger (~> 6.0)
  - FirebaseDynamicLinks (4.0.0):
    - FirebaseAnalyticsInterop (~> 1.0)
    - FirebaseCore (~> 6.0)
  - FirebaseInAppMessaging (0.14.0):
    - FirebaseAnalyticsInterop (~> 1.2)
    - FirebaseCore (~> 6.0)
    - FirebaseInstanceID (~> 4.0)
  - FirebaseInAppMessagingDisplay (0.14.0):
    - FirebaseCore (~> 6.0)
    - FirebaseInAppMessaging (>= 0.14.0)
  - FirebaseInstanceID (4.0.0):
    - FirebaseCore (~> 6.0)
    - GoogleUtilities/Environment (~> 6.0)
    - GoogleUtilities/UserDefaults (~> 6.0)
  - FirebaseMessaging (4.0.0):
    - FirebaseAnalyticsInterop (~> 1.1)
    - FirebaseCore (~> 6.0)
    - FirebaseInstanceID (~> 4.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 6.0)
    - GoogleUtilities/Environment (~> 6.0)
    - GoogleUtilities/Reachability (~> 6.0)
    - GoogleUtilities/UserDefaults (~> 6.0)
    - Protobuf (~> 3.1)
  - FirebasePerformance (3.0.0):
    - FirebaseCore (~> 6.0)
    - FirebaseInstanceID (~> 4.0)
    - FirebaseRemoteConfig (~> 4.0)
    - GoogleToolboxForMac/Logger (~> 2.1)
    - "GoogleToolboxForMac/NSData+zlib (~> 2.1)"
    - GoogleUtilities/Environment (~> 6.0)
    - GoogleUtilities/ISASwizzler (~> 6.0)
    - GoogleUtilities/MethodSwizzler (~> 6.0)
    - GTMSessionFetcher/Core (~> 1.1)
    - Protobuf (~> 3.5)
  - FirebaseRemoteConfig (4.0.0):
    - FirebaseABTesting (~> 3.0)
    - FirebaseCore (~> 6.0)
    - FirebaseInstanceID (~> 4.0)
    - GoogleUtilities/Environment (~> 6.0)
    - "GoogleUtilities/NSData+zlib (~> 6.0)"
    - Protobuf (~> 3.5)
  - GoogleAnalytics (3.17.0)
  - GoogleAppMeasurement (6.0.0):
    - GoogleUtilities/AppDelegateSwizzler (~> 6.0)
    - GoogleUtilities/MethodSwizzler (~> 6.0)
    - GoogleUtilities/Network (~> 6.0)
    - "GoogleUtilities/NSData+zlib (~> 6.0)"
    - nanopb (~> 0.3)
  - GoogleMaps (3.1.0):
    - GoogleMaps/Maps (= 3.1.0)
  - GoogleMaps/Base (3.1.0)
  - GoogleMaps/Maps (3.1.0):
    - GoogleMaps/Base
  - GooglePlaces (3.1.0):
    - GoogleMaps/Base (= 3.1.0)
  - GoogleSymbolUtilities (1.1.2)
  - GoogleTagManager (7.1.2):
    - FirebaseAnalytics (~> 6.0)
    - GoogleAnalytics (~> 3.17)
    - GoogleUtilitiesLegacy (~> 1.3)
  - GoogleToolboxForMac/Defines (2.2.1)
  - GoogleToolboxForMac/Logger (2.2.1):
    - GoogleToolboxForMac/Defines (= 2.2.1)
  - "GoogleToolboxForMac/NSData+zlib (2.2.1)":
    - GoogleToolboxForMac/Defines (= 2.2.1)
  - GoogleUtilities/AppDelegateSwizzler (6.1.0):
    - GoogleUtilities/Environment
    - GoogleUtilities/Logger
    - GoogleUtilities/Network
  - GoogleUtilities/Environment (6.1.0)
  - GoogleUtilities/ISASwizzler (6.1.0)
  - GoogleUtilities/Logger (6.1.0):
    - GoogleUtilities/Environment
  - GoogleUtilities/MethodSwizzler (6.1.0):
    - GoogleUtilities/Logger
  - GoogleUtilities/Network (6.1.0):
    - GoogleUtilities/Logger
    - "GoogleUtilities/NSData+zlib"
    - GoogleUtilities/Reachability
  - "GoogleUtilities/NSData+zlib (6.1.0)"
  - GoogleUtilities/Reachability (6.1.0):
    - GoogleUtilities/Logger
  - GoogleUtilities/UserDefaults (6.1.0):
    - GoogleUtilities/Logger
  - GoogleUtilitiesLegacy (1.3.2):
    - GoogleSymbolUtilities (~> 1.1)
  - GTMSessionFetcher/Core (1.2.2)
  - nanopb (0.3.901):
    - nanopb/decode (= 0.3.901)
    - nanopb/encode (= 0.3.901)
  - nanopb/decode (0.3.901)
  - nanopb/encode (0.3.901)
  - Protobuf (3.7.0)

Please note that we started getting these crashes after enabling Firebase Performance SDK in the app, and our crash rate has taken a huge hit because of this crash :-(

[maksymmalyhin]

@surajthomask we released a fix for the crash in Firebase 6.1.0 (FirebaseInstanceID 4.1.0). Would it be possible for you to update Firebase SDK?

[surajthomask]

@maksymmalyhin I updated all dependencies through cocoapods 5 days back (on May 19th) after reading that a fix has been merged before 17 days (on May 7th). Apparently it got released 3 days back only as part of M48.

Was not exactly familiar with the milestone concept in here. So, will update the dependencies in the app again.

I do really appreciate the quick response. Thank you :-)