Search code examples
iosnetworkextension

Strange crash in Network Extension IPC

Sometimes I'm getting strange crash inside my Packet Tunnel (Network Extension) when I send IPC message from GUI:

Hardware Model:      iPad5,4
Process:             PacketTunnel [7893]
Code Type:           ARM-64 (Native)
Parent Process:      launchd [1]

Date/Time:           2016-05-04 17:57:58.58 +0300
Launch Time:         2016-05-04 17:55:55.55 +0300
OS Version:          iOS 9.0.2 (13A452)
Report Version:      105

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000000000c0
Triggered by Thread:  0

Filtered syslog:
None found

Global Trace Buffer (reverse chronological seconds):
19.714507    libextension.dylib        0x00000001965c0dc8 tearing down context in extension due to invalidation



Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   libobjc.A.dylib               0x0000000196d87890 lookUpImpOrForward + 80
1   libobjc.A.dylib               0x0000000196d91db8 _objc_msgSend_uncached_impcache + 56
2   libobjc.A.dylib               0x0000000196d91db8 _objc_msgSend_uncached_impcache + 56
3   NetworkExtension              0x0000000185552988 __70-[NEExtensionTunnelProviderContext establishIPCWithCompletionHandler:]_block_invoke + 104
4   NetworkExtension              0x000000018546b3ac -[NEIPC handleMessage:withHandler:] + 444
5   NetworkExtension              0x000000018546b68c __39-[NEIPC setupMessageHandlingWithQueue:]_block_invoke + 172
6   libxpc.dylib                  0x00000001977c130c _xpc_connection_call_event_handler + 68
7   libxpc.dylib                  0x00000001977bf0b4 _xpc_connection_mach_event + 2132
8   libdispatch.dylib             0x000000019756d86c _dispatch_client_callout4 + 16
9   libdispatch.dylib             0x0000000197571b58 _dispatch_mach_msg_invoke + 656
10  libdispatch.dylib             0x0000000197579930 _dispatch_queue_drain + 1332
11  libdispatch.dylib             0x0000000197570c6c _dispatch_mach_invoke + 600
12  libdispatch.dylib             0x00000001975728d8 _dispatch_main_queue_callback_4CF + 492
13  CoreFoundation                0x0000000182164258 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
14  CoreFoundation                0x00000001821620c0 __CFRunLoopRun + 1628
15  CoreFoundation                0x0000000182090dc0 CFRunLoopRunSpecific + 384
16  Foundation                    0x00000001830047ec -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 308
17  Foundation                    0x0000000183059e14 -[NSRunLoop(NSRunLoop) run] + 88
18  libxpc.dylib                  0x00000001977ccd3c _xpc_objc_main + 660
19  libxpc.dylib                  0x00000001977cea70 xpc_main + 200
20  Foundation                    0x00000001831d6494 service_connection_handler + 0
21  PlugInKit                     0x000000019003acd8 -[PKService run] + 544
22  PlugInKit                     0x000000019003a96c +[PKService main] + 56
23  PlugInKit                     0x000000019003acfc +[PKService _defaultRun:arguments:] + 20
24  libextension.dylib            0x00000001965d2058 NSExtensionMain + 64
25  libdyld.dylib                 0x000000019759e8b8 start + 4

Looks like it tries to send message to already deallocated object. I understand that answer requires knowledge of Network Extension internals or source code but maybe Apple engineer reading SO...

Solution

  • I talked with DTS and we decided that it was a bug in iOS 9.0.2 and it was fixed in iOS 9.3.x. There is no workaround for 9.0.2 except of upgrading to 9.3.x.