SIGSEGV crash in getaddrinfo system call

The following call to getaddrinfo makes ‘PacketTunnelProvider’ system extension SIGSEGV:

if (hostname != NULL) {
int ret = getaddrinfo(hostname, port, &hints, results);
if (ret != 0) {
   printf(“Failed to resolve host : %s by getaddrinfo, err : %d", hostname, ret);
   return false;
}
}

Most of the time getaddrinfo() is working fine. Can someone please help in understanding what could be causing this crash.

Can this caused due to stack corruption due to C++/C code switched to objective C?

Below is the crash details:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               com.mycompany.client.product-Client.ui.pkttunnel [29951]
Path:                  /Library/SystemExtensions/*/com.mycompany.client.product-Client.ui.pkttunnel
Identifier:            com.mycompany.client.product-Client.ui.pkttunnel
Version:               1.0 (1)
Code Type:             X86-64 (Native)
Parent Process:        launchd [1]
User ID:               0

Date/Time:             2023-08-18 20:04:43.6346 +0530
OS Version:            macOS 13.5 (22G74)
Report Version:        12
Bridge OS Version:     7.6 (20P6072)
Anonymous UUID:        F235BB2F-C030-0A58-E5C1-C3FE9796F29C

Sleep/Wake UUID:       C73181BF-B3A9-4DED-9556-897ED8C2E0A1

Time Awake Since Boot: 65000 seconds
Time Since Wake:       37781 seconds

System Integrity Protection: enabled

Crashed Thread:        2

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000001e13dfa50
Exception Codes:       0x0000000000000001, 0x00000001e13dfa50

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [29951]

VM Region Info: 0x1e13dfa50 is not in any region.  Bytes after previous region: 3477011025  Bytes before following region: 105545042363824
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      shared memory               111fef000-111ff0000    [    4K] rw-/rw- SM=SHM  
--->  GAP OF 0x5ffeee010000 BYTES
      MALLOC_NANO              600000000000-600008000000 [128.0M] rw-/rwx SM=PRV  

Thread 0:
0   libsystem_kernel.dylib        	    0x7ff80ee222b2 __sigsuspend_nocancel + 10
1   libdispatch.dylib             	    0x7ff80eccbd2f _dispatch_sigsuspend + 36
2   libdispatch.dylib             	    0x7ff80eccbd0b _dispatch_sig_thread + 49

Thread 1:
********************
********************
********************
********************

Thread 2 Crashed:
0   libobjc.A.dylib               	    0x7ff80eac64a9 objc_msgSend + 41
1   libobjc.A.dylib               	    0x7ff80eae6582 objc_object::sidetable_release(bool, bool) + 270
2   Network                       	    0x7ff81553fa04 -[NWConcrete_nw_endpoint .cxx_destruct] + 52
3   libobjc.A.dylib               	    0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83
4   libobjc.A.dylib               	    0x7ff80eac8e31 objc_destructInstance + 99
5   libobjc.A.dylib               	    0x7ff80eac8dbf _objc_rootDealloc + 62
6   Network                       	    0x7ff81553e05a -[NWConcrete_nw_endpoint dealloc] + 778
7   Network                       	    0x7ff815c30f1a -[NWOSAddressEndpoint dealloc] + 74
8   Network                       	    0x7ff815a175bf nw_array_dispose + 383
9   Network                       	    0x7ff815718ab1 -[OS_nw_array dealloc] + 17
10  Network                       	    0x7ff815bd2b3d -[NWConcrete_nw_path .cxx_destruct] + 93
11  libobjc.A.dylib               	    0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83
12  libobjc.A.dylib               	    0x7ff80eac8e31 objc_destructInstance + 99
13  libobjc.A.dylib               	    0x7ff80eac8dbf _objc_rootDealloc + 62
14  Network                       	    0x7ff815bd29af -[NWConcrete_nw_path dealloc] + 127
15  Network                       	    0x7ff815bd045a -[NWConcrete_nw_path_evaluator .cxx_destruct] + 58
16  libobjc.A.dylib               	    0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83
17  libobjc.A.dylib               	    0x7ff80eac8e31 objc_destructInstance + 99
18  libobjc.A.dylib               	    0x7ff80eac8dbf _objc_rootDealloc + 62
19  Network                       	    0x7ff815bd0377 -[NWConcrete_nw_path_evaluator dealloc] + 967
20  Network                       	    0x7ff815a606ca nw_nat64_get_interface_state_internal + 2634
21  Network                       	    0x7ff815a5f905 nw_nat64_copy_prefixes_internal + 101
22  Network                       	    0x7ff815a5f482 nw_nat64_copy_prefixes + 210
23  Network                       	    0x7ff815a62537 nw_nat64_synthesize + 215
24  libsystem_info.dylib          	    0x7ff80ee9447e _gai_nat64_synthesis + 309
25  libsystem_info.dylib          	    0x7ff80ee940c2 si_addrinfo + 886
26  libsystem_info.dylib          	    0x7ff80ee93caf getaddrinfo + 176
27  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3c2bb4 ******::resolvehostname(char const*, char const*, addrinfo, addrinfo**) + 32
28  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3c4e57 ******::udp_connect() + 323
29  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3c48c7 ******::ssl_create() + 129
30  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3c9014 ******::ssl_initiate_connect(fd_set&, fd_set&, int&) + 288
31  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3c3b3c ******::ssl_connect_thread(int) + 228
32  com.mycompany.client.product-Client.ui.pkttunnel	       0x10f3cc691 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(int), int>>(void*) + 39
33  libsystem_pthread.dylib       	    0x7ff80ee5b1d3 _pthread_start + 125
34  libsystem_pthread.dylib       	    0x7ff80ee56bd3 thread_start + 15
Up vote post of macnd Down vote post of macnd
851 views
Posted by
macnd
Reply
Add a Comment

Replies

Can someone please help in understanding what could be causing this crash. Can this caused due to stack corruption due to C++/C code switched to objective C?

There's no concrete way to determine what happened here other than nw_path_evaluator was deallocated out from under (which may be normal behavior) you when using getaddrinfo. Do you happen to have any logs associated with this?

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Matt wrote:

Do you happen to have any logs associated with this?

Specifically, can you post a full Apple crash report? See Posting a Crash Report for advice on how to do that.

You wrote:

Can this caused due to stack corruption due to C++/C code switched to Objective-C?

Well, anything’s possible but, in general, switching between Objective-C and other C-based languages is pretty seamless, so that’s not the first explanation I’d reach for.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks Matt and Eskimo for looking into this. I am attaching the full crash report. Please advice if you find anything usual in the report. Thanks.

Please change the file extension from '.log' to '.ips'. ie: com.mycompanyclient.MyCompany-Client.productui.Productpkttunnel-2023-08-18-200444_2 copy.log -> com.mycompanyclient.MyCompany-Client.productui.Productpkttunnel-2023-08-18-200444_2 copy.ips

com.mycompanyclient.MyCompany-Client.productui.Productpkttunnel-2023-08-18-200444_2 copy.log
Posted by
macnd
Up vote reply of macnd Down vote reply of macnd
Add a Comment

Thank you for posting the crash log. I dug in a bit further and it's still unclear the exact place where this is going wrong. When this happens, do you see any extra logs that appear in the system log from com.apple.network? For example an error or fault log? Also, does this happen on with v6 addresses or does it also happen with v4 addresses too?

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Hi @meaton,

I was able to to capture below system log from one of the system where this crash was observed. But the same logs were not coming on other setups. Can you please check if you can conculde anything from this?


2023-09-08 15:53:45.945148+0530 0x5c2c55   Fault       0x803806             74546  14   com.mycompany.client.mycompany-Client.productui.productpkttunnel: (Network) [com.apple.network:] nw_hash_table_release_all_objects called with invalid hash table
2023-09-08 15:53:45.945152+0530 0x5c2c55   Activity    0x803806             74546  0    com.mycompany.client.mycompany-Client.productui.productpkttunnel: (libsystem_trace.dylib) Activity for state dumps
2023-09-08 15:53:45.952315+0530 0xe99      Error       0x0                  410    0    com.apple.ifdreader: [com.apple.CryptoTokenKit:ccid] Failed to find AppleUSBAlternateServiceRegistryID.
2023-09-08 15:53:45.953383+0530 0xe99      Error       0x0                  410    0    com.apple.ifdreader: [com.apple.CryptoTokenKit:ccid] Failed to find AppleUSBAlternateServiceRegistryID.
2023-09-08 15:53:45.954154+0530 0x5cd11f   Default     0x0                  0      0    kernel: arm64e_plugin_host: running binary "bash" in keys-off mode due to identity: com.apple.bash
2023-09-08 15:53:45.960683+0530 0x5c2c55   Error       0x0                  74546  0    com.mycompany.client.mycompany-Client.productui.productpkttunnel: (Network) [com.apple.network:] nw_hash_table_release_all_objects called with invalid hash table, dumping backtrace:
        [arm64] libnetcore-3100.140.3
    0   Network                             0x00000001a2a83564 __nw_create_backtrace_string + 192
    1   Network                             0x00000001a2c78b84 nw_hash_table_release_all_objects + 1164
    2   Network                             0x00000001a261f8a0 -[NWConcrete_nw_endpoint dealloc] + 500
    3   Network                             0x00000001a2d546e4 -[NWOSAddressEndpoint dealloc] + 76
    4   Network                             0x00000001a2b22688 nw_array_dispose + 440
    5   Network                             0x00000001a280d12c -[OS_nw_array dealloc] + 28
    6   Network                             0x00000001a2ceeb7c -[NWConcrete_nw_path .cxx_destruct] + 92
    7   libobjc.A.dylib                     0x000000019bcc840c _ZL27object_cxxDestructFromClassP11objc_objectP10objc_class + 116
    8   libobjc.A.dylib                     0x000000019bcbfe88 objc_destructInstance + 80
    9   libobjc.A.dylib         <…>

full log

Thanks Vishal

Posted by
macnd
Up vote reply of macnd Down vote reply of macnd
Add a Comment