Endpoint Security Extension Crash from ENDPOINTSECURITY Namespace

Privacy & Security General
mdolan OP
Created Aug ’21
Replies 1
Boosts 0
Views 2.0k
Participants 2

Just got a crash log from our QA testing on Monterey. The basic crash info is here, but I don't know what the termination reason means or how to look it up.

Exception Type:        EXC_CRASH (SIGKILL)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace ENDPOINTSECURITY, Code 2

The backtrace showed the crashing thread in a _pthread_cond_wait waiting for a signal that there is data to process. (This is for notify events, we queue them up for processing). We do retain the message, so I'm wondering if the queue is backing up (shouldn't be since the pthread_cond_wait only happens on an empty queue) and not releasing the messages quickly enough. But I don't know what Code 2 means to see if this idea is valid.

Can someone point me to where I can look that up?

Thanks

Replies  1
Boosts  0
Views  2.0k
Participants  2
DTS Engineer OP
Apple
Aug ’21

The ENDPOINTSECURITY translates to OS_REASON_ENDPOINTSECURITY. This isn’t in the macOS SDK but you can find it in the Darwin xnu source.

The codes are not publicly documented but the ones you should expect to see are:

  • 1 — The process did not run because it was blocked by an ES client.

  • 2 — The process is an ES client and it was killed because it took too long to respond to a request.

IMPORTANT These details are not considered API. I’m discussing them here because it’s useful for debugging. Do not encode information about them in a shipping product.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Endpoint Security Extension Crash from ENDPOINTSECURITY Namespace
First post date Last post date
 
 
Q