A server with the specified hostname could not be found exception

Hi, I have been working on the app that implements DNS Proxy Extension for a while now, and after a couple builds to TestFlight I noticed that I got a couple crashes that seem to be triggered by EXC_BREAKPOINT (SIGTRAP)

After some investigation, it was found that crashes are connected to CFNetwork framework. So, I decided to additionally look into memory issues, but I found the app has no obvious memory leaks, no memory regression (within recommended 25%, actual value is at 20% as of right now), but the app still uses 11mb of memory footprint and most of it (6.5 mb is Swift metadata).

At this point, not sure what's triggering those crashes, but I noticed that sometimes app will return message like this to the console (this example is for PostHog api that I use in the app):

Task <0ABDCF4A-9653-4583-9150-EC11D852CA9E>.<1> finished with error [18 446 744 073 709 550 613] Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={_kCFStreamErrorCodeKey=8, NSUnderlyingError=0x1072df0f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "(null)" UserInfo={_kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, _NSURLErrorNWResolutionReportKey=Resolved 0 endpoints in 2ms using unknown from cache, _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalUploadTask <0ABDCF4A-9653-4583-9150-EC11D852CA9E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalUploadTask <0ABDCF4A-9653-4583-9150-EC11D852CA9E>.<1>"
), NSLocalizedDescription=A server with the specified hostname could not be found., NSErrorFailingURLStringKey=https://us.i.posthog.com/batch, NSErrorFailingURLKey=https://us.i.posthog.com/batch, _kCFStreamErrorDomainKey=12}

If DNS Proxy Provider uses custom DoH server for resolving packets, could the cache policy for URLSession be a reason?

I had a couple other ideas (HTTP3 failure, CFNetwork core issues like described here) but not sure if they are valid

Would be grateful if someone could give me a hint of what I should look at

Answered by DTS Engineer in 806531022
Written by AndriiSulimenko in 806222022
In my case, Filter Control Provider writes data received from MDM configuration profile, then Filter Data Provider reads this data to use it for flow filtering.

OK. That should be possible by putting the data into an app group. The control provider will have read/write access to that app group; the data provider will only be able to read it.

And, yes, you will need some sort of concurrency control there (-:

Written by AndriiSulimenko in 806222022
But my Filter Data Provider also writes some data about intercepted flow, that is later used for resolving them.

As long as this only needs to be read back by the data provider, you’re all good. Just put the data into the data provider’s container.

You still might need concurrency control though, although it’s only intra-process concurrency control. That is, multiple threads within the data provider might be accessing this data and you have to make sure they don’t stomp on each other.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Written by AndriiSulimenko in 764538021
after a couple builds to TestFlight I noticed that I got a couple crashes that seem to be triggered by EXC_BREAKPOINT (SIGTRAP)

This usually means you’ve hit a trap. It’s common to see this in Swift code — for example, if you access an array out of bounds or force unwrap an optional that’s nil — but it can also be triggered by non-Swift code, including system frameworks.

Written by AndriiSulimenko in 764538021
After some investigation, it was found that crashes are connected to CFNetwork framework. So, I decided to additionally look into memory issues …

Why did you decide to do that? Did you have specific evidence that your CFNetwork issue was memory related?

Can you post a crash report showing this trap exception? See Posting a Crash Report for advice on how to do that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, thank you for your response.

Here are two examples of the crash reports for EXC_BREAKPOINT (SIGTRAP)

Incident Identifier: 31A0C2B3-E206-40BC-A974-C90AF8F038E9
Distributor ID:      com.apple.TestFlight
Hardware Model:      iPhone11,8
Process:             DNS Proxy Extension [893]
Path:                /private/var/containers/Bundle/Application/3D73D6AD-F204-4DEF-A311-0B2BF75C8387/xxxxx.xxxxxx.xxxxxxxxxxxx
Identifier:          xxxxx.xxxxxx.xxxxxxxxxxxx
Version:             1.0 (13)
AppVariant:          1:iPhone11,8:17.4
Beta:                YES
Code Type:           ARM-64 (Native)
Role:                Unspecified
Parent Process:      launchd [1]
Coalition:           xxxxx.xxxxxx.xxxxxxxxxxxx [424]

Date/Time:           2024-09-22 08:41:58.8989 -0700
Launch Time:         2024-09-22 08:41:24.0401 -0700
OS Version:          iPhone OS 18.0 (22A3354)
Release Type:        User
Baseband Version:    7.00.00
Report Version:      104

Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x000000019e639b38
Termination Reason: SIGNAL 5 Trace/BPT trap: 5
Terminating Process: exc handler [893]

Triggered by Thread:  4


Thread 0 name:
Thread 0:
0   libsystem_kernel.dylib        	0x00000001ee4c8728 mach_msg2_trap + 8 (:-1)
1   libsystem_kernel.dylib        	0x00000001ee4cbe38 mach_msg2_internal + 80 (mach_msg.c:201)
2   libsystem_kernel.dylib        	0x00000001ee4cbd50 mach_msg_overwrite + 424 (mach_msg.c:0)
3   libsystem_kernel.dylib        	0x00000001ee4cbb9c mach_msg + 24 (mach_msg.c:323)
4   CoreFoundation                	0x000000019e6857cc __CFRunLoopServiceMachPort + 160 (CFRunLoop.c:2617)
5   CoreFoundation                	0x000000019e684e78 __CFRunLoopRun + 1212 (CFRunLoop.c:3001)
6   CoreFoundation                	0x000000019e6845b8 CFRunLoopRunSpecific + 572 (CFRunLoop.c:3414)
7   Foundation                    	0x000000019d31af00 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 (NSRunLoop.m:373)
8   Foundation                    	0x000000019d31add4 -[NSRunLoop(NSRunLoop) run] + 64 (NSRunLoop.m:398)
9   libxpc.dylib                  	0x0000000225a55ee4 _xpc_objc_main + 336 (main.m:267)
10  libxpc.dylib                  	0x0000000225a58450 _xpc_main + 64 (init.c:1291)
11  libxpc.dylib                  	0x0000000225a58630 xpc_main + 64 (init.c:1374)
12  Foundation                    	0x000000019d3bba64 -[NSXPCListener resume] + 308 (NSXPCListener.m:471)
13  PlugInKit                     	0x00000001ce5bc51c -[PKService runUsingServiceListener:] + 364 (PKService.m:219)
14  PlugInKit                     	0x00000001ce5bc3a8 -[PKService run] + 20 (PKService.m:185)
15  PlugInKit                     	0x00000001ce5bc064 +[PKService main] + 524 (PKService.m:126)
16  PlugInKit                     	0x00000001ce5bc878 +[PKService _defaultRun:arguments:] + 16 (PKService.m:265)
17  ExtensionFoundation           	0x00000001ad6e7714 EXExtensionMain + 288 (EXExtensionMain.m:0)
18  Foundation                    	0x000000019d424af4 NSExtensionMain + 204 (NSExtensionMain.m:21)
19  dyld                          	0x00000001c3e57d34 start + 2724 (dyldMain.cpp:1334)

Thread 1:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 2:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 3:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 4 name:
Thread 4 Crashed:
0   CoreFoundation                	0x000000019e639b38 __CFCheckCFInfoPACSignature + 44 (CFRuntime.c:548)
1   CoreFoundation                	0x000000019e639048 _CFRelease + 224 (CFRuntime.c:2155)
2   CoreFoundation                	0x000000019e68ec30 -[__NSSingleObjectArrayI dealloc] + 64 (NSSingleObjectArray.m:97)
3   CFNetwork                     	0x000000019fbe2b6c __CFCachedURLResponse::~__CFCachedURLResponse() + 76 (CFURLCache.mm:1378)
4   CFNetwork                     	0x000000019fbe2af8 __CFCachedURLResponse::~__CFCachedURLResponse() + 16 (CFURLCache.mm:1372)
5   CoreFoundation                	0x000000019e63908c _CFRelease + 292 (CFRuntime.c:2165)
6   CFNetwork                     	0x000000019fb665d0 __CFURLCacheNode::~__CFURLCacheNode() + 64 (CFURLCache.mm:3058)
7   CFNetwork                     	0x000000019fb66568 __CFURLCacheNode::~__CFURLCacheNode() + 16 (CFURLCache.mm:3055)
8   CFNetwork                     	0x000000019fb65bc8 __CFURLCache::RemoveResponseFromCacheContainers(__CFURLCacheNode*, _CFCachedURLResponse const*, __CFString const*, bool) + 268 (CFURLCache.mm:2895)
9   CFNetwork                     	0x000000019fb64fd0 __CFURLCache::AddCacheTask(std::__1::unique_ptr<__CFURLCacheNode, std::__1::default_delete<__CFURLCacheNode>>&) + 1476 (CFURLCache.mm:201)
10  CFNetwork                     	0x000000019fb66990 __CFURLCacheAddCachedResponseForRequestWithSession(_CFURLCache const*, NSURLSession*, _CFCachedURLResponse const*, _CFURLRequest const*, void const*) + 824 (CFURLCache.mm:777)
11  CFNetwork                     	0x000000019fb4f9dc CFXURLCache::addCachedResponseForTask(_CFCachedURLResponse const*, NSURLSessionTask*) const + 76 (XURLCache.mm:35)
12  CFNetwork                     	0x000000019fb493a8 -[NSURLSessionTask _withXURLCache:] + 136 (SessionTask.mm:1972)
13  CFNetwork                     	0x000000019fb478b0 -[__NSCFURLSessionConnection _storeCachedResponse:] + 132 (SessionConnection.mm:511)
14  CFNetwork                     	0x000000019fbc6e60 __57-[__NSCFURLLocalSessionConnection afterDelegateWithTick:]_block_invoke + 64 (SessionConnection.mm:634)
15  libdispatch.dylib             	0x00000001a633d2e8 _dispatch_block_async_invoke2 + 148 (queue.c:574)
16  libdispatch.dylib             	0x00000001a632e0d0 _dispatch_client_callout + 20 (object.m:576)
17  libdispatch.dylib             	0x00000001a63356d8 _dispatch_lane_serial_drain + 744 (queue.c:3934)
18  libdispatch.dylib             	0x00000001a6336214 _dispatch_lane_invoke + 432 (queue.c:4025)
19  libdispatch.dylib             	0x00000001a6341258 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:7193)
20  libdispatch.dylib             	0x00000001a6340aa4 _dispatch_workloop_worker_thread + 540 (queue.c:6787)
21  libsystem_pthread.dylib       	0x00000002259f3c7c _pthread_wqthread + 288 (pthread.c:2696)
22  libsystem_pthread.dylib       	0x00000002259f0488 start_wqthread + 8 (:-1)

Thread 5:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 6:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 7:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 8:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)

Thread 9:
0   libsystem_pthread.dylib       	0x00000002259f0480 start_wqthread + 0 (:-1)


Thread 4 crashed with ARM Thread State (64-bit):
    x0: 0x0000000103ff87e0   x1: 0x000000020caf5b60   x2: 0x0000000201b8a5e0   x3: 0x0000000103f1b280
    x4: 0x0000000000000000   x5: 0x0000000000000000   x6: 0x00000000000007fd   x7: 0x00000000000a3348
    x8: 0x0001000200b01484   x9: 0x0001e8cc63001484  x10: 0x000000000000082c  x11: 0x000000000000000f
   x12: 0x00000000004df700  x13: 0x0000000103dff000  x14: 0x0100000201b8a5e1  x15: 0x0000000201b8a5e0
   x16: 0x0000000201b8a5e0  x17: 0x000000019e68fc48  x18: 0x0000000000000000  x19: 0x0000000103ff87e0
   x20: 0x0000000000000014  x21: 0x0000000000000000  x22: 0x00000002036318d8  x23: 0x0001e8cc63001484
   x24: 0x000000020295a000  x25: 0xffff000000000000  x26: 0x00000001031889a0  x27: 0x0000000103188948
   x28: 0x0000000103f19188   fp: 0x000000016d226340   lr: 0x000000019e639048
    sp: 0x000000016d2261f0   pc: 0x000000019e639b38        cpsr: 0x0
   esr: 0xf200c470 (Breakpoint) pointer authentication trap IA


Binary Images:
        0x102e04000 -         0x102e7ffff DNS Proxy Extension arm64   /private/var/containers/Bundle/Application/3D73D6AD-F204-4DEF-A311-0B2BF75C8387/xxxxx.xxxxxx.xxxxxxxxxxxx
        0x102eac000 -         0x102eb3fff NetworkStateUtilities arm64   /private/var/containers/Bundle/Application/3D73D6AD-F204-4DEF-A311-0B2BF75C8387/xxxxx.xxxxxx.xxxxxxxxxxxx/Frameworks/NetworkStateUtilities.framework/NetworkStateUtilities
        0x19d264000 -         0x19df82fff Foundation arm64e  <12e17a7ab65f35ee82d7cbc31004e223> /System/Library/Frameworks/Foundation.framework/Foundation
        0x19e631000 -         0x19eb76fff CoreFoundation arm64e  <47427277ee153c17ad686886b0380b5e> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
        0x19faff000 -         0x19fec1fff CFNetwork arm64e   /System/Library/Frameworks/CFNetwork.framework/CFNetwork
        0x1a632a000 -         0x1a636ffff libdispatch.dylib arm64e   /usr/lib/system/libdispatch.dylib
        0x1a6370000 -         0x1a63efff3 libsystem_c.dylib arm64e  <1ad666a001a831c188b9808915fb97b4> /usr/lib/system/libsystem_c.dylib
        0x1ad6dd000 -         0x1ad79bfff ExtensionFoundation arm64e   /System/Library/Frameworks/ExtensionFoundation.framework/ExtensionFoundation
        0x1c3e24000 -         0x1c3ea7693 dyld arm64e  <77c1eed22ed7396aba34e770120d81d4> /usr/lib/dyld
        0x1ce5a3000 -         0x1ce5dcfff PlugInKit arm64e  <2af01e14ddd6397c920293effb6b5f50> /System/Library/PrivateFrameworks/PlugInKit.framework/PlugInKit
        0x1ee4c7000 -         0x1ee500ffb libsystem_kernel.dylib arm64e  <8d929b3bd4d639bfadbbbe59e928b332> /usr/lib/system/libsystem_kernel.dylib
        0x2259ef000 -         0x2259fbff3 libsystem_pthread.dylib arm64e   /usr/lib/system/libsystem_pthread.dylib
        0x225a3a000 -         0x225a81fff libxpc.dylib arm64e  <6e0a4093fa26301f800d35bff83e79a0> /usr/lib/system/libxpc.dylib

EOF

Incident Identifier: 2027B1F9-CFE2-4635-BD92-586D8468AAB3
Distributor ID:      com.apple.TestFlight
Hardware Model:      iPhone14,5
Process:             DNS Proxy Extension [766]
Path:                /private/var/containers/Bundle/Application/E3287AB2-C361-438C-A216-AAB4B449E82C/xxxxx.xxxxxxx.xxxxxxxxxx/PlugIns/DNS Proxy Extension.appex/DNS Proxy Extension
Identifier:          xxxxx.xxxxxxx.xxxxxxxxxx.DNS-Proxy-Extension
Version:             1.0 (13)
AppVariant:          1:iPhone14,5:17.4
Beta:                YES
Code Type:           ARM-64 (Native)
Role:                Unspecified
Parent Process:      launchd [1]
Coalition:           xxxxx.xxxxxxx.xxxxxxxxxx.DNS-Proxy-Extension [793]

Date/Time:           2024-09-23 13:17:46.0973 -0700
Launch Time:         2024-09-23 13:17:13.9944 -0700
OS Version:          iPhone OS 17.5.1 (21F90)
Release Type:        User
Baseband Version:    3.50.04
Report Version:      104

Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001ab4af918
Termination Reason: SIGNAL 5 Trace/BPT trap: 5
Terminating Process: exc handler [766]

Triggered by Thread:  4


Thread 0 name:
Thread 0:
0   libsystem_kernel.dylib        	0x00000001e43c8808 mach_msg2_trap + 8 (:-1)
1   libsystem_kernel.dylib        	0x00000001e43cc008 mach_msg2_internal + 80 (mach_msg.c:201)
2   libsystem_kernel.dylib        	0x00000001e43cbf20 mach_msg_overwrite + 436 (mach_msg.c:0)
3   libsystem_kernel.dylib        	0x00000001e43cbd60 mach_msg + 24 (mach_msg.c:323)
4   CoreFoundation                	0x000000019b2e8f5c __CFRunLoopServiceMachPort + 160 (CFRunLoop.c:2624)
5   CoreFoundation                	0x000000019b2e8600 __CFRunLoopRun + 1208 (CFRunLoop.c:3007)
6   CoreFoundation                	0x000000019b2e7cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   Foundation                    	0x000000019a208e4c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 (NSRunLoop.m:373)
8   Foundation                    	0x000000019a208d20 -[NSRunLoop(NSRunLoop) run] + 64 (NSRunLoop.m:398)
9   libxpc.dylib                  	0x00000001f81cb1a4 _xpc_objc_main + 336 (main.m:267)
10  libxpc.dylib                  	0x00000001f81cd71c _xpc_main + 64 (init.c:1294)
11  libxpc.dylib                  	0x00000001f81cd8fc xpc_main + 64 (init.c:1377)
12  Foundation                    	0x000000019a2c240c -[NSXPCListener resume] + 312 (NSXPCListener.m:471)
13  PlugInKit                     	0x00000001c7615e68 -[PKService runUsingServiceListener:] + 364 (PKService.m:219)
14  PlugInKit                     	0x00000001c7615cf4 -[PKService run] + 20 (PKService.m:185)
15  PlugInKit                     	0x00000001c76159b0 +[PKService main] + 524 (PKService.m:126)
16  PlugInKit                     	0x00000001c76161c4 +[PKService _defaultRun:arguments:] + 16 (PKService.m:265)
17  ExtensionFoundation           	0x00000001aa349bf0 EXExtensionMain + 288 (EXExtensionMain.m:0)
18  Foundation                    	0x000000019a34e80c NSExtensionMain + 204 (NSExtensionMain.m:21)
19  dyld                          	0x00000001be999e4c start + 2240 (dyldMain.cpp:1298)

Thread 1:
0   libsystem_pthread.dylib       	0x00000001f816c0c4 start_wqthread + 0 (:-1)

Thread 2:
0   libsystem_pthread.dylib       	0x00000001f816c0c4 start_wqthread + 0 (:-1)

Thread 3:
0   libsystem_pthread.dylib       	0x00000001f816c0c4 start_wqthread + 0 (:-1)

Thread 4 name:
Thread 4 Crashed:
0   libsystem_malloc.dylib        	0x00000001ab4af918 _xzm_xzone_malloc_tiny_outlined + 1140 (xzone_malloc.c:1012)
1   CFNetwork                     	0x000000019c4a65a0 -[__NSCFURLLocalSessionConnection initWithTask:delegate:delegateQueue:] + 512 (SessionConnection.mm:548)
2   CFNetwork                     	0x000000019c4a6110 __66-[__NSURLSessionLocal _onqueue_configureAndCreateConnection:task:]_block_invoke + 144 (LocalSession.mm:678)
3   CFNetwork                     	0x000000019c4a5f78 -[__NSCFURLSessionDelegateWrapper task:_willUseEffectiveConfiguration:completionHandler:] + 556 (SessionDelegateWrapper.mm:575)
4   CFNetwork                     	0x000000019c4a5e18 -[__NSCFURLSessionDelegateWrapper task:_willUseEffectiveConfiguration:completionHandler:] + 204 (SessionDelegateWrapper.mm:573)
5   CFNetwork                     	0x000000019c4a5d34 -[__NSCFLocalSessionTask _onqueue_setupNextEffectiveConfigurationWithCompletionHandler:] + 140 (LocalSessionTask.mm:666)
6   CFNetwork                     	0x000000019c4a5c90 -[__NSURLSessionLocal _onqueue_configureAndCreateConnection:task:] + 156 (LocalSession.mm:671)
7   CFNetwork                     	0x000000019c45b288 -[__NSCFLocalSessionTask _onqueue_completeInitialization] + 96 (LocalSessionTask.mm:1039)
8   CFNetwork                     	0x000000019c45b1f4 __26-[NSURLSessionTask resume]_block_invoke + 64 (SessionTask.mm:859)
9   libdispatch.dylib             	0x00000001a31bc13c _dispatch_call_block_and_release + 32 (init.c:1530)
10  libdispatch.dylib             	0x00000001a31bddd4 _dispatch_client_callout + 20 (object.m:576)
11  libdispatch.dylib             	0x00000001a31c5400 _dispatch_lane_serial_drain + 748 (queue.c:3900)
12  libdispatch.dylib             	0x00000001a31c5f64 _dispatch_lane_invoke + 432 (queue.c:3991)
13  libdispatch.dylib             	0x00000001a31d0cb4 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:6998)
14  libdispatch.dylib             	0x00000001a31d0528 _dispatch_workloop_worker_thread + 404 (queue.c:6592)
15  libsystem_pthread.dylib       	0x00000001f816f934 _pthread_wqthread + 288 (pthread.c:2696)
16  libsystem_pthread.dylib       	0x00000001f816c0cc start_wqthread + 8 (:-1)


Thread 4 crashed with ARM Thread State (64-bit):
    x0: 0x0000000104db8000   x1: 0x0000000104db8da0   x2: 0x0000000000000000   x3: 0x0000000104dbb430
    x4: 0x0000000105d300e0   x5: 0x0000000000000000   x6: 0x00000000000007fd   x7: 0x000000040003a09a
    x8: 0x0000000105d300e0   x9: 0x0000000000000000  x10: 0x0000000104dbaed0  x11: 0x000000000000002b
   x12: 0x0000000000000000  x13: 0x0000000105a81678  x14: 0x000000000003a09a  x15: 0x03b01d400041600e
   x16: 0x00000002a4deaee0  x17: 0x000000007503a09a  x18: 0x0000000000000000  x19: 0x0000000105d3e4c0
   x20: 0x0000000105c73640  x21: 0x0000000000000048  x22: 0x0000000105d440e0  x23: 0x000000016b38b0e0
   x24: 0x0000000105c71200  x25: 0x0000000000000000  x26: 0x0000000000000000  x27: 0x0000000106200840
   x28: 0x0000000106300a00   fp: 0x000000016b38a540   lr: 0x1979eb019c4a65a0
    sp: 0x000000016b38a4d0   pc: 0x00000001ab4af918 cpsr: 0x20001000
   esr: 0xf2000001 (Breakpoint) brk 1


Binary Images:
        0x104ca0000 -         0x104d1bfff DNS Proxy Extension arm64   /private/var/containers/Bundle/Application/E3287AB2-C361-438C-A216-AAB4B449E82C/xxxxx.xxxxxxx.xxxxxxxxxx/PlugIns/DNS Proxy Extension.appex/DNS Proxy Extension
        0x104d90000 -         0x104d97fff NetworkStateUtilities arm64   /private/var/containers/Bundle/Application/E3287AB2-C361-438C-A216-AAB4B449E82C/xxxxx.xxxxxxx.xxxxxxxxxx/Frameworks/NetworkStateUtilities.framework/NetworkStateUtilities
        0x19a141000 -         0x19acb6fff Foundation arm64e  <3d3a12e3f5e9361fb00a4a5e8861aa55> /System/Library/Frameworks/Foundation.framework/Foundation
        0x19b295000 -         0x19b7c2fff CoreFoundation arm64e  <00e76a98210c3cb5930bf236807ff24c> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
        0x19c3cb000 -         0x19c7a7fff CFNetwork arm64e   /System/Library/Frameworks/CFNetwork.framework/CFNetwork
        0x1a31ba000 -         0x1a3200fff libdispatch.dylib arm64e  <81d355df266a3010bab8113b76a206c1> /usr/lib/system/libdispatch.dylib
        0x1a3201000 -         0x1a327eff3 libsystem_c.dylib arm64e   /usr/lib/system/libsystem_c.dylib
        0x1aa33f000 -         0x1aa3fdfff ExtensionFoundation arm64e  <930d774071bf33eaaa0ea20b793720d3> /System/Library/Frameworks/ExtensionFoundation.framework/ExtensionFoundation
        0x1ab4ab000 -         0x1ab4e0fff libsystem_malloc.dylib arm64e  <770b91e3056b3e7eb731234fe649d088> /usr/lib/system/libsystem_malloc.dylib
        0x1be95d000 -         0x1be9e9ef7 dyld arm64e  <71846eacee653697bf7d790b6a07dcdb> /usr/lib/dyld
        0x1c75fc000 -         0x1c7635fff PlugInKit arm64e  <8132a6a776ae3801ba7b7c76b30d33dd> /System/Library/PrivateFrameworks/PlugInKit.framework/PlugInKit
        0x1e43c7000 -         0x1e4400fef libsystem_kernel.dylib arm64e  <13b5134e819c3baab3004856112114cb> /usr/lib/system/libsystem_kernel.dylib
        0x1f816b000 -         0x1f8177ff3 libsystem_pthread.dylib arm64e  <1196b6c3333d3450818ff3663484b8eb> /usr/lib/system/libsystem_pthread.dylib
        0x1f81af000 -         0x1f81f7fff libxpc.dylib arm64e  <3614a74feda238438092cedb505020f0> /usr/lib/system/libxpc.dylib

EOF
Written by DTS Engineer in 805639022
Why did you decide to do that? Did you have specific evidence that your CFNetwork issue was memory related?

No, I didn't have specific evidence, however earlier I had crashes with EXC_BAD_ACCESS (SIGKILL) errors referencing to PAC. So I thought it'd a good idea to investigate possible memory issues. Additionally, some of the crashes were resolved by rewriting part of the networking module for DNS Proxy with async/await instead of completion handlers with Result.

Thanks for the crash reports.

Both of those indicate memory corruption, not memory exhaustion. Specifically:

  • In the first you’re trapping in __CFCheckCFInfoPACSignature, indicating a pointer authentication check failed.

  • In the second you’re trapping in _xzm_xzone_malloc_tiny_outlined, which is because it’s detected borkage the malloc data structures.

In short, I think you have a memory management bug in your code, and I recommend that your apply the standard memory debugging tools.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I see now. Quick question, could it be related to overuse of UserDefaults?

The reason I am asking is because some of the temporary data is stored in UserDefaults for my app.

I will give you an example. Because my app uses Content Filter (Filter Data Provider has sandbox restrictions), I wasn't able to use FileManager or CoreData for storing some information from Filter Data Provider because access was denied. So I had to use UserDefaults.

  • can't share the whole idea, but in a nutshell I needed to store resolved ips from flows

Additionally, I use UserDefaults for some data that is accessed from MDM config profile and shared to UI components via KVO

Tried to add Address Sanitizer but received the same runtime issue as here

upd: fixed by disabling other diagnostics tools 🥲

Not sure if this is right, please correct me if I am wrong here. One of the possible causes for my issue could also be concurrent access to one memory address?

Ideally would probably be to rewrite some code with FileManager under AppGroup for large data?

Written by AndriiSulimenko in 805994022
One of the possible causes for my issue could also be concurrent access to one memory address?

Yes. Concurrency bugs can manifest as memory corruption.

Written by AndriiSulimenko in 805948022
could it be related to overuse of UserDefaults?

That’s unlikely. The UserDefaults API is not a common source of memory corruption issues.

Written by AndriiSulimenko in 805994022
I wasn't able to use FileManager or CoreData for storing some information from Filter Data Provider because access was denied. So I had to use UserDefaults.

Which provider is writing this data? And which provider is reading it?

A filter data provider should have read/write access to its own container. So, if you want to persist data within your filter data provider, any file system API should work for that.

OTOH, if you want to write data in one provider and read it in another, things get more complex.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Written by DTS Engineer in 806159022
Which provider is writing this data? And which provider is reading it?

In my case, Filter Control Provider writes data received from MDM configuration profile, then Filter Data Provider reads this data to use it for flow filtering. But my Filter Data Provider also writes some data about intercepted flow, that is later used for resolving them.

Written by DTS Engineer in 806159022
OTOH, if you want to write data in one provider and read it in another, things get more complex.

I think that's a great explanation for the problem I had with Core Data. Because my Content Filter is not limited by just two providers, I think target membership for custom controllers that add more logic to flow filtering could have granted access to these components for main target. Then, it makes sense why I was received errors for sandbox restrictions.

I guess my next steps would be ensuring that concurrent access is handled properly and maybe bringing back Core Data for Filter Data Provider

Thank you!

Accepted Answer
Written by AndriiSulimenko in 806222022
In my case, Filter Control Provider writes data received from MDM configuration profile, then Filter Data Provider reads this data to use it for flow filtering.

OK. That should be possible by putting the data into an app group. The control provider will have read/write access to that app group; the data provider will only be able to read it.

And, yes, you will need some sort of concurrency control there (-:

Written by AndriiSulimenko in 806222022
But my Filter Data Provider also writes some data about intercepted flow, that is later used for resolving them.

As long as this only needs to be read back by the data provider, you’re all good. Just put the data into the data provider’s container.

You still might need concurrency control though, although it’s only intra-process concurrency control. That is, multiple threads within the data provider might be accessing this data and you have to make sure they don’t stomp on each other.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Written by DTS Engineer in 806531022
OK. That should be possible by putting the data into an app group. The control provider will have read/write access to that app group; the data provider will only be able to read it. And, yes, you will need some sort of concurrency control there (-:

Yep, that's exactly how I did it. My concurrency control for now is a shared container KVO with serial queue for read and async write for observed property within Content Filter scope.

And thank you for your previous response, it seems like the number of crashes decreased a lot for the new build, since I added some concurrency control for DNS Proxy Extension. It still requires some investigation but overall stability looks better

Hi, it's been a while but I just wanted to give a quick update on the app and ask a couple questions.

Ever since I changed the shared container access and data sharing mechanism between the targets, app doesn't seem to crash anymore with EXC_BREAKPOINT (SIGTRAP). However, issue with the app not being able to find a server still persists.

Connection 4: received failure notification
Connection 4: failed to connect 12:8, reason 18 446 744 073 709 551 615
Connection 4: encountered error(12:8)
Task <01313C44-8C0D-4B29-8924-AB530B062FB7>.<3> HTTP load failed, 0/0 bytes (error code: 18 446 744 073 709 550 613 [12:8])

Task <01313C44-8C0D-4B29-8924-AB530B062FB7>.<3> finished with error [18 446 744 073 709 550 613] Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={_kCFStreamErrorCodeKey=8, NSUnderlyingError=0x10c64cc50 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "(null)" UserInfo={_kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, _NSURLErrorNWResolutionReportKey=Resolved 0 endpoints in 5ms using unknown from cache, _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <01313C44-8C0D-4B29-8924-AB530B062FB7>.<3>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <01313C44-8C0D-4B29-8924-AB530B062FB7>.<3>"
), NSLocalizedDescription=A server with the specified hostname could not be found., NSErrorFailingURLStringKey=https://api_url, NSErrorFailingURLKey=https://api_url, _kCFStreamErrorDomainKey=12}

While investigating the issue, I found a couple articles for Network Extension guides from Apple. I took some advices from those articles regarding networking within the app with added Network Extensions:

  • have separate URL session configurations for each target
  • use timeouts for outgoing requests, etc.

But it didn't really change anything

Interesting thing is that before the issue with failed task occurs it prints out session protocols as ["-"], I guess it means that session failed to establish protocols for outgoing request.

Here are examples of URLSession configurations that I use for DNS Proxy Provider and my Main target

/// DNSProxy network service
public final class DNSProxyNetworkService: NSObject, Requestable, URLSessionTaskDelegate {
    static let shared = DNSProxyNetworkService()
    
    lazy var session: URLSession = {
        let config = URLSessionConfiguration.ephemeral

        return URLSession(
            configuration: config,
            delegate: self,
            delegateQueue: nil
        )
    }()    
}

extension DNSProxyNetworkService {
    public func urlSession(_ session: URLSession, task: URLSessionTask, didFinishCollecting metrics: URLSessionTaskMetrics) {
        let protocols = metrics.transactionMetrics.map { $0.networkProtocolName ?? "-" }
        Logger.statistics.debug("[DNSProxyNetworkService] – session protocols: \(protocols, privacy: .public)")
    }
}
/// MainTarget network service
public final class MainTargetNetworkService: NSObject, Requestable, URLSessionTaskDelegate {
    static let shared = MainTargetNetworkService()
    
    lazy var session: URLSession = {
        let config = URLSessionConfiguration.default

        return URLSession(
            configuration: config,
            delegate: self,
            delegateQueue: nil
        )
    }()
}

extension MainTargetNetworkService {
    public func urlSession(_ session: URLSession, task: URLSessionTask, didFinishCollecting metrics: URLSessionTaskMetrics) {
        let protocols = metrics.transactionMetrics.map { $0.networkProtocolName ?? "-" }
        Logger.statistics.debug("[MainTargetNetworkService] – session protocols: \(protocols, privacy: .public)")
    }
}

Note: this issue mostly occurs if the build is initiated from Xcode when the device already has app installed or during initial launch for the first build on the device

Would be grateful to hear any advices or suggestions for further investigation of this issue, thank you!

URLSession should work in a DNS proxy provider. The only specific gotcha I’m aware of is the App Sandbox, but that only applies to macOS. I’m presuming you’re on iOS, based on the crash reports you posted earlier. Let me know if that’s wrong.

Let’s drop down a layer. If you open a connection to the server over TCP using NWConnection, does that work?

Here’s a snippet of how you can try this:

class MyClass {

    var connectionQ: NWConnection? = nil
    
    func start() -> NWConnection {
        print("connection will start")
        let connection = NWConnection(to: .hostPort(host: "example.com", port: 80), using: .tcp)
        connection.stateUpdateHandler = { newState in
            print("connection did change state, new: \(newState)")
        }
        connection.start(queue: .main)
        return connection
    }
    
    func stop(connection: NWConnection) {
        print("connection will stop")
        connection.stateUpdateHandler = nil
        connection.cancel()
    }
    
    func startStop() {
        if let connection = self.connectionQ {
            self.connectionQ = nil
            self.stop(connection: connection)
        } else {
            self.connectionQ = self.start()
        }
    }
}

Replace example.com with the name of the server you’re trying to connection to. If the server only supports HTTPS, replace 80 with 443 and .tcp with .tls.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Yes, it seems to work fine with NWConnection

The app is designed to have optional resolver (system resolver/custom DoH server). If system resolver is in use, I use NWConnection, for DoH resolver it's HTTPS request with HTTP3 enabled (server only listens to HTTP3).

private func handleNewFlow(_ flow: NEAppProxyUDPFlow) -> Bool {
        Task(priority: .high) { [weak self] in
            await self?.handleNewFlow(flow)
        }
        return true
    }
    
    private func handleNewFlow(_ flow: NEAppProxyUDPFlow) async {
        do {
            try await flow.open(withLocalEndpoint: flow.localEndpoint as? NWHostEndpoint)
            
            let datagrams = try await flow.readDatagrams()

            let results = await datagrams.parallelMap { [weak self] in
                let connection = DatagramConnection($0)
                
                let connectionType = self?.connectionType
                let resolverType = self?.resolverType
                let serverStatus = self?.serverStatus
                          
                return await connection.transferData(
                    status: serverStatus,
                    resolverType: resolverType,
                    connectionType: connectionType
                )
            }
                    
            try await flow.writeDatagrams(results)
                                    
            flow.closeReadWithError(nil)
            flow.closeWriteWithError(nil)
        } catch {           
            flow.closeReadWithError(error)
            flow.closeWriteWithError(error)
        }
    }

In transferData there is a conditional call for

private func resolveDatagramWithSystem(datagram: Datagram) async -> Data?

or

private func resolveDatagramWithDoH(
        question: DNSQuestion,
        packet: DNSRR,
        resolver: ProxyResolverType?,
        server: ServerType?
    ) async -> Data?

Here is how my resolveDatagramWithSystem looks like

private func resolveDatagramWithSystem(datagram: Datagram) async -> Data? {
        do {
            var connection: NWConnection
            
            switch datagram.endpoint {
            case let .host(hostEndpoint):
                guard let port = Network.NWEndpoint.Port(hostEndpoint.port) else {
                    throw NSError.unknown(thrownBy: Self.self)
                }
                let host = Network.NWEndpoint.Host(hostEndpoint.hostname)
                connection = NWConnection(host: host, port: port, using: .udp)
            case .bonjour:
                throw NSError.unknown(thrownBy: Self.self)
            }
            try await connection.establish(on: .datagramConnection)
            try await connection.send(content: datagram.packet)
            let message = try await connection.receiveMessage()
            let messageData = message.completeContent
            
            return messageData
        } catch {
            Logger.statistics.error("[DatagramConnection] - Failed to handle connection: \(error, privacy: .public)")
        }
        
        return nil
    }
Written by AndriiSulimenko in 810472022
Yes, it seems to work fine with NWConnection

Right, but I was asking about connecting to your HTTP server with NWConnection. And it’s hard to tell whether that’s working because the server is HTTP/3 only, and hence won’t accept TCP+TLS connections on port 443.

When URLSession fails, how reproducible in that? For all requests? Or just in specific circumstances?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

A server with the specified hostname could not be found exception
 
 
Q