EXC_BAD_INSTRUCTION (SIGILL) crash after few days running an OS X app

Question

My OS X application is crashing randomly after few days of use with precise logs about autorelease corruption, but I can't understand the reason:

Crashed Thread:  4

Exception Type:  EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000

Application Specific Information:
objc[35716]: autorelease pool page 0x1009d2000 corrupted
  magic 0xa1a1a1a1 0x4f545541 0x454c4552 0x21455341
  pthread 0x107b92000

and in the thread:

Thread 4 Crashed:
0   libobjc.A.dylib                 0x00007fff9461575b _objc_trap() + 0
1   libobjc.A.dylib                 0x00007fff9461589b _objc_fatal + 195
2   libobjc.A.dylib                 0x00007fff946255d2 (anonymous namespace)::AutoreleasePoolPage::check(bool) + 134
3   libobjc.A.dylib                 0x00007fff9461153c (anonymous namespace)::AutoreleasePoolPage::autoreleaseSlow(objc_object*) + 252
4   libobjc.A.dylib                 0x00007fff94624781 _objc_rootAutorelease2(objc_object*) + 75
5   com.mybiz.myapp             0x0000000100001f86 -[IpAddress to_dotted_char:] + 27 (IpAddress.m:130)

The concerned method is the following, line 130 on inet_ntop

- (void) to_dotted_char: (char*)buf {

    inet_ntop(AF_INET, (struct in_addr*)[self.networkOrder bytes], buf, INET_ADDRSTRLEN);
}

- (NSString*) to_dotted_string {

    char buf[INET_ADDRSTRLEN];
    [self to_dotted_char:buf];

    NSString* dotted_string = [NSString stringWithUTF8String:buf];
    return dotted_string;
}

I use this method 20-30 times per minute, and it crashes after few days, sometimes after waking the Mac up from sleep.

Can this method leak? Causing autorelease problems on the long term?

Answer 1

The problem is that the runtime has discovered that the autorelease pool data structure is corrupt.

This is probably a memory error somewhere. It is not necessarily a bug in the code in the stack trace, though it may be a bug in the code nearby, or a bug in the code running simultaneously on other threads.

In your case magic is correct (it should be 0xa1a1a1a1 "AUTORELEASE!"), which means pthread is wrong. Either a memory error mangled that value, or an autorelease pool is being used on the wrong thread somehow.