Crash in libquic.dylib | quic_recovery_pto | iOS 26.1

App & System Services Networking
Zhokha OP
Created 18h
Replies 1
Boosts 0
Views 24
Participants 2

Hello,

I am investigating a recurring crash that appears to be originating within the system's network stack.

OS Version:          iPhone OS 26.1 (23B85)
Role:                Foreground
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000

Triggered by Thread:  19

Description: The crash is triggered by Thread 19 and occurs deep within libquic.dylib during a QUIC recovery timer event. Based on the backtrace, the failure happens in quic_recovery_pto. The issue seems to occur when a protocol instance schedules a wakeup, leading to a null pointer dereference in the system library.

Crashed Thread Backtrace snippet:Thread 19 Crashed:

Thread 19 Crashed:
0   libquic.dylib                 	0x00000001a00a38cc quic_recovery_pto + 72 (quic_recovery.c:1259)
1   libquic.dylib                 	0x00000001a00a3390 quic_recovery_timer_fired + 132 (quic_recovery.c:1460)
2   libquic.dylib                 	0x00000001a00a1f8c quic_timer_run + 248 (quic_timer.c:210)
3   Network                       	0x000000018ec76cbc __nw_protocol_instance_schedule_wakeup_block_invoke + 76 (protocol_implementation.cpp:5847)
4   Network                       	0x000000018eba34e0 __nw_context_reset_timer_block_with_time_block_invoke + 268 (context.cpp:2224)
5   libdispatch.dylib             	0x00000001c84727ec _dispatch_client_callout + 16 (client_callout.mm:85)
6   libdispatch.dylib             	0x00000001c845d664 _dispatch_continuation_pop + 596 (queue.c:349)
7   libdispatch.dylib             	0x00000001c8470528 _dispatch_source_latch_and_call + 396 (source.c:601)
8   libdispatch.dylib             	0x00000001c846f1fc _dispatch_source_invoke + 844 (source.c:966)
9   libdispatch.dylib             	0x00000001c8463288 _dispatch_workloop_invoke + 1612 (queue.c:4761)
10  libdispatch.dylib             	0x00000001c846c3ec _dispatch_root_queue_drain_deferred_wlh + 292 (queue.c:7265)
11  libdispatch.dylib             	0x00000001c846bce4 _dispatch_workloop_worker_thread + 692 (queue.c:6859)
12  libsystem_pthread.dylib       	0x00000001ec0623b8 _pthread_wqthread + 292 (pthread.c:2696)
13  libsystem_pthread.dylib       	0x00000001ec0618c0 start_wqthread + 8 (:-1)

Can anyone provide insights into what might be causing libquic to access an invalid address in this context? Any help or suggestions for further diagnostics would be greatly appreciated.

Replies  1
Boosts  0
Views  24
Participants  2
DTS Engineer OP
Apple
16h

Thanks for the post, I would recommend to post the crash file with as much information of the code causing the issue. so developers can take a look and try to reproduce as well.

Kindly submit a comprehensive crash report, adhering to the guidelines outlined in Posting a Crash Report.

https://developer.apple.com/forums/thread/688669

Hope this helps.

Albert
  Worldwide Developer Relations.

1
Crash in libquic.dylib | quic_recovery_pto | iOS 26.1
First post date Last post date
 
 
Q