Opaque crashes in PacketTunnelProvider

App & System Services Networking
keeshux OP
Created May ’18
Replies 5
Boosts 0
Views 1.6k
Participants 2

I confess I'm having quite a hard time getting to the bottom of these two crashes, as they don't offer helpful hints and Google couldn't help either. Context is a NetworkExtension's PacketTunnelProvider, probably in the socket/flow handler blocks, but I don't know for sure. I'm posting them together but I don't even know if they're related. Crash reports not coming from my device, so far unable to reproduce whatsoever. I wish I could peek into the Apple code.


Here they are:


https://imgur.com/a/nKh2aTm


Not really much to add unfortunately.


Thank you in advance

Replies  5
Boosts  0
Views  1.6k
Participants  2
DTS Engineer OP
Apple
May ’18

Here they are:

Please post an Apple crash report for the crash.

ps You can either post a URL (I’ll take care of the moderation) or post it inline. If you do the latter, use a code block (via the 

<>
) icon take make it easier to read.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
keeshux OP
May ’18

Sure, only I have to tread lightly as to how much I can disclose. I think these are the relevant bits, if not just let me know. All looks to me like the invocation of a released block.. somewhere. Even though I might have spotted a point of failure, it'd be helpful to have more insight first.


First one:


Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001847a1630
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [0]
Triggered by Thread:  5

...

Thread 5 name:
Thread 5 Crashed:
0   libdispatch.dylib               0x00000001847a1630 _dispatch_queue_xref_dispose$VARIANT$mp + 72 (queue.c:1583)
1   libdispatch.dylib               0x000000018479ce18 -[OS_dispatch_source _xref_dispose] + 24 (object.m:337)
2   NetworkExtension                0x0000000191f8fda8 __NEVirtualInterfaceCreateReadSource_block_invoke + 24 (NEVirtualInterface.c:1848)
3   libdispatch.dylib               0x000000018479caa0 _dispatch_call_block_and_release + 24 (init.c:994)
4   libdispatch.dylib               0x000000018479ca60 _dispatch_client_callout + 16 (object.m:507)
5   libdispatch.dylib               0x00000001847a4e94 _dispatch_continuation_pop$VARIANT$mp + 424 (inline_internal.h:2500)
6   libdispatch.dylib               0x00000001847ae62c _dispatch_source_invoke$VARIANT$mp + 1020 (source.c:858)
7   libdispatch.dylib               0x00000001847a686c _dispatch_queue_serial_drain$VARIANT$mp + 280 (inline_internal.h:2539)
8   libdispatch.dylib               0x00000001847a72fc _dispatch_queue_invoke$VARIANT$mp + 336 (queue.c:5290)
9   libdispatch.dylib               0x00000001847a7cc8 _dispatch_root_queue_drain_deferred_wlh$VARIANT$mp + 340 (queue.c:5908)
10  libdispatch.dylib               0x00000001847b0098 _dispatch_workloop_worker_thread$VARIANT$mp + 668 (source.c:2529)
11  libsystem_pthread.dylib         0x0000000184acfe70 _pthread_wqthread + 860 (pthread.c:2218)
12  libsystem_pthread.dylib         0x0000000184acfb08 start_wqthread + 4


Second one:


Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000038
VM Region Info: 0x38 is not in any region.  Bytes before following region: 4310450120
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->
      __TEXT                 0000000100ec4000-0000000100ec8000 [   16K] r-x/r-x SM=COW  ...

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread:  7

...

Thread 7 name:
Thread 7 Crashed:
0   libsystem_platform.dylib        0x0000000184d9ea90 os_unfair_lock_lock$VARIANT$mp + 12 (lock.c:613)
1   libnetwork.dylib                0x000000018611c674 nw_connection_endpoint_report_dry_run + 100 (connection.m:664)
2   libnetwork.dylib                0x00000001860b72f0 nw_endpoint_handler_report + 168 (endpoint_handler.m:0)
3   libnetwork.dylib                0x00000001860b81fc nw_endpoint_handler_path_change + 1680 (endpoint_handler.m:276)
4   libnetwork.dylib                0x00000001860b7b58 __nw_endpoint_handler_start_block_invoke + 116 (endpoint_handler.m:748)
5   libsystem_network.dylib         0x0000000184d35254 nw_path_necp_update_evaluator + 1368 (path_evaluation.m:562)
6   libsystem_network.dylib         0x0000000184d34b90 nw_path_necp_check_for_updates + 880 (path_evaluation.m:628)
7   libdispatch.dylib               0x0000000184a70a60 _dispatch_client_callout + 16 (object.m:507)
8   libdispatch.dylib               0x0000000184a78e94 _dispatch_continuation_pop$VARIANT$mp + 424 (inline_internal.h:2500)
9   libdispatch.dylib               0x0000000184a82784 _dispatch_source_invoke$VARIANT$mp + 1364 (source.c:531)
10  libdispatch.dylib               0x0000000184a7a86c _dispatch_queue_serial_drain$VARIANT$mp + 280 (inline_internal.h:2539)
11  libdispatch.dylib               0x0000000184a7b2fc _dispatch_queue_invoke$VARIANT$mp + 336 (queue.c:5290)
12  libdispatch.dylib               0x0000000184a7bcc8 _dispatch_root_queue_drain_deferred_wlh$VARIANT$mp + 340 (queue.c:5908)
13  libdispatch.dylib               0x0000000184a84098 _dispatch_workloop_worker_thread$VARIANT$mp + 668 (source.c:2529)
14  libsystem_pthread.dylib         0x0000000184da3e70 _pthread_wqthread + 860 (pthread.c:2218)
15  libsystem_pthread.dylib         0x0000000184da3b08 start_wqthread + 4


EDIT: it's worth remarking that the other threads are either completely idle or doing whatever other stuff. So I would exclude race conditions on shared data. You're never sure but I believe the cause is right there in the thread stack trace.


Thank you!

0
DTS Engineer OP
Apple
May ’18

only I have to tread lightly as to how much I can disclose.

In that case I think we might be better off transitioning to a DTS tech support incident, where we can discuss things in private.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"


WWDC runs Mon, 4 Jun through to Fri, 8 Jun. During that time all of DTS will be at the conference, helping folks out face-to-face.
0
keeshux OP
May ’18

I see. While I review my code further, I posted two bug reports with a few crash logs:


- 40559929

- 40560298


Thanks for now

0
DTS Engineer OP
Apple
May ’18

I posted two bug reports with a few crash log

Thanks. Looking at these crash reports I suspect you have a memory management problem. Do you use 

NWTCPConnection
inside your provider? If so, it’s very likely that one of your problems (r. 40560298) is caused by an over release of that object. And the other problem is (r. 40559929) is also quite likely related to memory management.

My recommendation is that you poke at your provider with the standard memory debugging tools to see if they shake anything loose.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"


WWDC runs Mon, 4 Jun through to Fri, 8 Jun. During that time all of DTS will be at the conference, helping folks out face-to-face.
0
Opaque crashes in PacketTunnelProvider
First post date Last post date
 
 
Q