SIGSEGV crash in drain_gray_stack on .NET 9 iOS

[verthal]

Description

Hi,
since we migrated from .Net 8 to .Net 9 for iOS, we are have crashes in our app. So .Net 9 is currently not usable for us.
It seems to be a problem with the garbage collector while doing a collection.
Fact: If the debugger is attached, the app is not crashing. But when i start the app without debugger, it crashes. Also in release mode.

I was able create a sample project to reconstruct the problem. I used .Net 9 SDK: 9.0.301.
Is just managed code with no references to native calls.
In our app, we don't call GC.Collect() directy. It just for demo purpose. It also crashes, if the GC is called by runtime in background.

So you just need to press the button in the sample application. I always tested with a physical device.

CrashMaui.zip

crash.txt

Here the native stack trace:

Incident Identifier: 9D8D0CE8-6980-4D63-A429-08F53CBBA5A6
CrashReporter Key: a32fb410834b6356813fd12a4f471da4087f4166
Hardware Model: iPhone13,4
Process: CrashMaui [1565]
Path: /private/var/containers/Bundle/Application/1EA31242-6A15-4C8B-B2AB-7876C97341E4/CrashMaui.app/CrashMaui
Identifier: com.companyname.crashmaui
Version: 1.0 (1)
Code Type: ARM-64 (Native)
Role: Foreground
Parent Process: launchd [1]
Coalition: com.companyname.crashmaui [1545]

Date/Time: 2025-06-12 14:36:41.4905 +0200
Launch Time: 2025-06-12 14:33:36.6882 +0200
OS Version: iPhone OS 18.5 (22F76)
Release Type: User
Baseband Version: 5.51.03
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x3f80000000000001 -> 0xffffff8000000001 (possible pointer authentication failure)
Exception Codes: 0x0000000000000001, 0x3f80000000000001
VM Region Info: 0xffffff8000000001 is not in any region.
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
UNUSED SPACE AT END
Triggered by Thread: 0

Thread 0 name: tid_103 Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 CrashMaui 0x102cff18c drain_gray_stack + 1424
1 CrashMaui 0x102cf24a4 finish_gray_stack + 116
2 CrashMaui 0x102cf2fb4 major_finish_collection + 208
3 CrashMaui 0x102cf1d58 major_do_collection + 160
4 CrashMaui 0x102cedaa8 sgen_perform_collection + 904
5 CrashMaui 0x102ceeb14 sgen_gc_collect + 60
6 CrashMaui 0x102dd2274 mono_gc_collect + 48
7 CrashMaui 0x102e262a8 do_icall + 124
8 CrashMaui 0x102e24970 do_icall_wrapper + 404
9 CrashMaui 0x102e17e6c mono_interp_exec_method + 2580
10 CrashMaui 0x102e15220 interp_entry_from_trampoline + 656
11 CrashMaui 0x102bc9970 native_to_interp_trampoline + 112
12 CrashMaui 0x102ee84c8 -[UIKit_UIControlEventProxy BridgeSelector] + 96
13 UIKitCore 0x18fc3d08c -[UIApplication sendAction:to:from:forEvent:] + 99
14 UIKitCore 0x1902779a0 -[UIControl sendAction:to:forEvent:] + 111
15 UIKitCore 0x18fbe32c4 -[UIControl _sendActionsForEvents:withEvent:] + 323
16 UIKitCore 0x1902758cc -[UIButton _sendActionsForEvents:withEvent:] + 123
17 UIKitCore 0x190276f04 -[UIControl touchesEnded:withEvent:] + 399
18 UIKitCore 0x18f6ead40 -[UIGestureDelayedEventComponentDispatcher sendDelayedTouches] + 2183
19 UIKitCore 0x18f6ea32c _UIGestureEnvironmentUpdate + 3659
20 UIKitCore 0x18f73727c -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:] + 335
21 UIKitCore 0x18f737104 -[UIGestureEnvironment _updateForEvent:window:] + 187
22 UIKitCore 0x18f736c18 -[UIWindow sendEvent:] + 2931
23 UIKitCore 0x18f743508 -[UIApplication sendEvent:] + 375
24 UIKitCore 0x18f6f49a0 __dispatchPreprocessedEventFromEventQueue + 1051
25 UIKitCore 0x18f6f3be4 __processEventQueue + 4811
26 UIKitCore 0x18f6ed4e4 updateCycleEntry + 159
27 UIKitCore 0x18f6ed404 _UIUpdateSequenceRun + 83
28 UIKitCore 0x18f6ecab4 schedulerStepScheduledMainSection + 207
29 UIKitCore 0x18f6e81e4 runloopSourceCallback + 91
30 CoreFoundation 0x18ce04a8c CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 27
31 CoreFoundation 0x18ce048a4 __CFRunLoopDoSource0 + 171
32 CoreFoundation 0x18ce04700 __CFRunLoopDoSources0 + 231
33 CoreFoundation 0x18ce05080 __CFRunLoopRun + 839
34 CoreFoundation 0x18ce06c3c CFRunLoopRunSpecific + 571
35 GraphicsServices 0x1d9fe5454 GSEventRunModal + 167
36 UIKitCore 0x18f819274 -[UIApplication _run] + 815
37 UIKitCore 0x18f7e4a28 UIApplicationMain + 335
38 CrashMaui 0x102be05a4 xamarin_UIApplicationMain + 60
39 CrashMaui 0x102e26368 do_icall + 316
40 CrashMaui 0x102e24938 do_icall_wrapper + 348
41 CrashMaui 0x102e17e6c mono_interp_exec_method + 2580
42 CrashMaui 0x102e15a24 interp_runtime_invoke + 236
43 CrashMaui 0x102de4220 mono_jit_runtime_invoke + 1244
44 CrashMaui 0x102d8ba8c mono_runtime_invoke_checked + 148
45 CrashMaui 0x102d91990 mono_runtime_exec_main_checked + 116
46 CrashMaui 0x102deac5c mono_jit_exec + 356
47 CrashMaui 0x102c11bf4 xamarin_main + 2028
48 CrashMaui 0x102e570b8 main + 64
49 dyld 0x1b3cdbf08 start + 6039

Thread 1:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 2 name: SGen worker
Thread 2:
0 libsystem_kernel.dylib 0x1de019438 __psynch_cvwait + 8
1 libsystem_pthread.dylib 0x217505e50 _pthread_cond_wait + 983
2 CrashMaui 0x102d2204c thread_func + 412
3 libsystem_pthread.dylib 0x217507344 _pthread_start + 135
4 libsystem_pthread.dylib 0x217504ab8 thread_start + 7

Thread 3 name: Finalizer
Thread 3:
0 libsystem_kernel.dylib 0x1de013c60 semaphore_wait_trap + 8
1 CrashMaui 0x102dc2f74 finalizer_thread + 328
2 CrashMaui 0x102da04d8 start_wrapper + 352
3 libsystem_pthread.dylib 0x217507344 _pthread_start + 135
4 libsystem_pthread.dylib 0x217504ab8 thread_start + 7

Thread 4 name: .NET TP Worker
Thread 4:
0 libsystem_kernel.dylib 0x1de019438 __psynch_cvwait + 8
1 libsystem_pthread.dylib 0x217505e50 _pthread_cond_wait + 983
2 CrashMaui 0x102cd6b10 mono_os_cond_timedwait + 168
3 CrashMaui 0x102cdacb8 mono_lifo_semaphore_timed_wait + 252
4 CrashMaui 0x102e262dc do_icall + 176
5 CrashMaui 0x102e24970 do_icall_wrapper + 404
6 CrashMaui 0x102e17e6c mono_interp_exec_method + 2580
7 CrashMaui 0x102e15a24 interp_runtime_invoke + 236
8 CrashMaui 0x102de4220 mono_jit_runtime_invoke + 1244
9 CrashMaui 0x102d8ba8c mono_runtime_invoke_checked + 148
10 CrashMaui 0x102da05d0 start_wrapper + 600
11 libsystem_pthread.dylib 0x217507344 _pthread_start + 135
12 libsystem_pthread.dylib 0x217504ab8 thread_start + 7

Thread 5 name: .NET TP Gate
Thread 5:
0 libsystem_kernel.dylib 0x1de019438 __psynch_cvwait + 8
1 libsystem_pthread.dylib 0x217505e50 _pthread_cond_wait + 983
2 CrashMaui 0x102e262a8 do_icall + 124
3 CrashMaui 0x102e24938 do_icall_wrapper + 348
4 CrashMaui 0x102e17e6c mono_interp_exec_method + 2580
5 CrashMaui 0x102e15a24 interp_runtime_invoke + 236
6 CrashMaui 0x102de4220 mono_jit_runtime_invoke + 1244
7 CrashMaui 0x102d8ba8c mono_runtime_invoke_checked + 148
8 CrashMaui 0x102da05d0 start_wrapper + 600
9 libsystem_pthread.dylib 0x217507344 _pthread_start + 135
10 libsystem_pthread.dylib 0x217504ab8 thread_start + 7

Thread 6:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 7:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 8:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 9:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 10:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 11:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 12 name: com.apple.uikit.eventfetch-thread
Thread 12:
0 libsystem_kernel.dylib 0x1de013ce4 mach_msg2_trap + 8
1 libsystem_kernel.dylib 0x1de01739c mach_msg2_internal + 75
2 libsystem_kernel.dylib 0x1de0172b8 mach_msg_overwrite + 427
3 libsystem_kernel.dylib 0x1de017100 mach_msg + 23
4 CoreFoundation 0x18ce06900 __CFRunLoopServiceMachPort + 159
5 CoreFoundation 0x18ce051f0 __CFRunLoopRun + 1207
6 CoreFoundation 0x18ce06c3c CFRunLoopRunSpecific + 571
7 Foundation 0x18ba7e79c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 211
8 Foundation 0x18ba84020 -[NSRunLoop(NSRunLoop) runUntilDate:] + 63
9 UIKitCore 0x18f80356c -[UIEventFetcher threadMain] + 423
10 Foundation 0x18bae4804 NSThread__start + 731
11 libsystem_pthread.dylib 0x217507344 _pthread_start + 135
12 libsystem_pthread.dylib 0x217504ab8 thread_start + 7

Thread 13:
0 libsystem_pthread.dylib 0x217504aa4 start_wqthread + 0

Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000000000016 x1: 0x00000001041f0130 x2: 0x000000000000010a x3: 0x0000000111e39e48
x4: 0xfffffffff23096f8 x5: 0x0000000000000018 x6: 0x0000000104143538 x7: 0x0000000000000000
x8: 0xfffffffffff80000 x9: 0x3f80000000000000 x10: 0x0000000000000040 x11: 0x0000000104100000
x12: 0x0000000111e39e40 x13: 0x00000001031c4818 x14: 0x00000000407f0001 x15: 0x0000000000000001
x16: 0x0000000217459ab0 x17: 0x0000000040000000 x18: 0x0000000000000000 x19: 0x0000000000000010
x20: 0x0000000000000004 x21: 0x0000000111e39e78 x22: 0x3f80000000000001 x23: 0x000000000000000f
x24: 0x0000000111e1c298 x25: 0xffffffffffffffff x26: 0x0000000000000000 x27: 0x00000001031c4840
x28: 0x0000000111e1c298 fp: 0x000000016d249ed0 lr: 0x0000000102cff1ec
sp: 0x000000016d249e20 pc: 0x0000000102cff18c cpsr: 0x00001000
far: 0x0000000000000000 esr: 0x56000080 Address size fault

Binary Images:
0x102bb0000 - 0x1030f3fff CrashMaui arm64 <8404f0b6391a31ceb926db47973ae6ea> /var/containers/Bundle/Application/1EA31242-6A15-4C8B-B2AB-7876C97341E4/CrashMaui.app/CrashMaui
0x10b3a8000 - 0x10b3b3fff libobjc-trampolines.dylib arm64e <9136d8ba22ff3f129caddfc4c6dc51de> /private/preboot/Cryptexes/OS/usr/lib/libobjc-trampolines.dylib
0x18f6e4000 - 0x191625b5f UIKitCore arm64e <96636f64106f30c8a78082dcebb0f443> /System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore
0x18cdf5000 - 0x18d371fff CoreFoundation arm64e <7821f73c378b3a10be90ef526b7dba93> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
0x1d9fe4000 - 0x1d9fecc7f GraphicsServices arm64e <5ba62c226d3731999dfd0e0f7abebfa9> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
0x1b3c9d000 - 0x1b3d37857 dyld arm64e <86d5253d4fd136f3b4ab25982c90cbf4> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? unknown-arch <00000000000000000000000000000000> ???
0x217459000 - 0x21746060f libsystem_platform.dylib arm64e <2fef24de67233799a5c59e3df1cd2600> /usr/lib/system/libsystem_platform.dylib
0x217504000 - 0x2175103f3 libsystem_pthread.dylib arm64e /usr/lib/system/libsystem_pthread.dylib
0x1de013000 - 0x1de04cebf libsystem_kernel.dylib arm64e <9e195be11733345ea9bf50d0d7059647> /usr/lib/system/libsystem_kernel.dylib
0x18ba6f000 - 0x18c6e2ddf Foundation arm64e <34de055d8683380a9198c3347211d13d> /System/Library/Frameworks/Foundation.framework/Foundation

EOF

Reproduction Steps

• compile sample project.
• deploy it to a physical device
• start without debugger.
• Press the button.

Expected behavior

app should not crash, if you hit the button.

Actual behavior

app crashes.

Regression?

in .net 8 the code worked.

Known Workarounds

No response

Configuration

Version of .net: 9.0.6
OS: ios 18.4
Architecture: ARM

Other information

No response

[srxqds]

hope fix it.

[verthal]

some further analysis: it don't crash, if you remove the array "float[] dashingStyle" in the constructor of class TestClassCrashStyle2.

TestClassCrashStyle2(string styleName, Quaternion defaultLocalRotation, Vector3 defaultLocalScale, int polylineStyle, float[] dashingStyle)

[DavidV1603]

The same issue is also appearing in my app when I try to upgrade to .NET9. This is a huge issue, since I really need the new changes and bugfixes of MAUI 9, but this prevents me from upgrading.

[sstobinski]

We are also being held back from updating to .Net 9 for exactly the same reason. I have tested the example project linked here, which is a great way to reproduce the problem. Thanks to the creator.

[srxqds]

@BrzVlad could you take a look at this issue?

[BrzVlad]

I wasn't able to reproduce this issue locally. There is a fix for a GC regression from .net8 to .net9 that will be available in 9.0.8 in august release and I think there is a good chance that it could fix this issue as well.

[DavidV1603]

After the latest comments I've tried the sample project locally, and on my device the application crashes with the reported SIGSEGV error on button click.

I'm using the latest .NET MAUI extension for VS Code on a iPhone 15 Pro Max.
.NET version 9.0.51/9.0.100 from SDK 9.0.300