27
votes

What's the difference between KERN_INVALID_ADDRESS and KERN_PROTECTION_FAILURE on iPhone OS?

I have two crash reports from an ad-hoc beta tester that are 5 minutes apart and the main difference between them (other than the "Binary Images:" section) is this section:

Report A:

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000008

Report B:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x67696c69

For what it's worth, both have this trace:

Thread 0 Crashed:
0   libobjc.A.dylib                 0x30011940 objc_msgSend + 20
1   UIKit                           0x30940174 -[UIWindow _shouldAutorotateToInterfaceOrientation:] + 60
2   UIKit                           0x30a223d8 -[UIWindow _updateToInterfaceOrientation:duration:force:] + 36
3   UIKit                           0x30958638 -[UIWindow _updateInterfaceOrientationFromDeviceOrientation] + 112
4   UIKit                           0x30942514 -[UIWindow _handleDeviceOrientationChange:] + 72
5   Foundation                      0x3054dc7a _nsnote_callback + 178
6   CoreFoundation                  0x3024ea52 _CFXNotificationPostNotification + 298
7   Foundation                      0x3054b854 -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
8   UIKit                           0x309414a4 -[UIDevice setOrientation:] + 124
9   UIKit                           0x30938330 -[UIApplication handleEvent:withNewEvent:] + 5232
10  UIKit                           0x30936ce8 -[UIApplication sendEvent:] + 60
11  UIKit                           0x30936874 _UIApplicationHandleEvent + 4336
12  GraphicsServices                0x32046964 PurpleEventCallback + 1028
13  CoreFoundation                  0x30254a70 CFRunLoopRunSpecific + 2296
14  CoreFoundation                  0x30254164 CFRunLoopRunInMode + 44
15  GraphicsServices                0x3204529c GSEventRunModal + 188
16  UIKit                           0x308f0374 -[UIApplication _run] + 552
17  UIKit                           0x308eea8c UIApplicationMain + 960
18  MyApp                           0x00015e24 0x1000 + 85540
19  MyApp                           0x0000f138 0x1000 + 57656

Also, I do not implement the "shouldAutorotateToInterfaceOrientation:" method anywhere in my code.

1
Did you find out what was causing this particular problem? I'm trying to debug a crash with a near-identical backtrace to this, and your solution might point me in the right direction.Nathan de Vries
Nathan, I'm not 100% sure this was the fix for this issue, but I was prematurely releasing a UIViewController instantiated from Interface Builder. I also made several other changes, including rewriting code that animates the interface away before playing a movie via MPMoviePlayerController. Since this batch of fixes, my testers haven't reported the issue. Good luck... this one can be difficult to track down.davidcann
OK, thanks for the heads up David. I'm yet to solve the problem, but I found two resources you might be interested in: sealiesoftware.com/blog/archive/2008/09/22/… sealiesoftware.com/blog/archive/2009/06/08/…Nathan de Vries
@davidcann - How did you solve the problem ?Durai Amuthan.H

1 Answers

45
votes

EXC_BAD_ACCESS (SIGBUS) KERN_PROTECTION_FAILURE means that the virtual address is obviously wrong: most CPUs must access memory on a certain byte boundary. Because your data access here is aligned for a 64-bit value (8), it must be trying to execute an instruction that fetches a 128-bit value (such as compare and exchange instruction CMPXCHG16B). In any case, you can see from the example here that it's 0x00000008, which probably means you're accessing a structure element that's offset 8 bytes from the beginning, but your structure pointer is NULL.

EXC_BAD_ACCESS (SIGSEGV) KERN_INVALID_ADDRESS means that the virtual address you're refererencing is not in the page tables or you don't have access. It's a virtual address that you're not allowed to access. For your example address address 0x67696c69 it's likely that this is something that is not a pointer that was treated like a pointer; or your data structure that contains the pointer was free'd and overwritten with other data.

For your KERN_INVALID_ADDRESS example, the pointer data spells out ASCII 'ilig' (because it's little endian). Therefore the memory where your pointer was stored was likely overwritten with some sort of string.

In both cases, it's likely that something overwrote the data structures in your UIWindow.