1 Reply
      Latest reply on Apr 10, 2019 1:35 AM by eskimo
      wisestorm@gmail.com Level 1 Level 1 (0 points)

        On Mac(ver10.14.4), I'm experiencing an intermittent crash problem when sending a request to webserver and receiving a response over NSURLSession. The crash occurs at HTTPProtocol::shouldAttemptOriginLoad() function when attempting to read value which is a part of a result of URLRequest::Class().

        At that point, the related NSURLSession object has already been invalidated by the InvalidateAndCancel method of NSURLSession.

         

        From the backtrace, I'm suspecting  that

        - There is no condition check in HTTPProtocol::shouldAttemptOriginLoadwhether whether URLRequest object is valid before using it.

        - Or function calling sequences starting form nw_socket_update_input_source function is not properly cancelled when the related session becomes invalidated. (Please refer to spliced back traces below)

        But, as these processing is done in network framework in OSX and there is no further information on how to get around the problem, so I would like to know if there is anything that I should check to prevent the problem or how I can get around this problem.

         

         

        The below shows assembly code of shouldAttemptOriginLoad function where the exception causing the crash arises.

        CFNetwork`HTTPProtocol::shouldAttemptOriginLoad:
            0x7fff33873426 <+0>:   pushq %rbp
            0x7fff33873427 <+1>:   movq %rsp, %rbp
            0x7fff3387342a <+4>:   pushq %r15
            0x7fff3387342c <+6>:   pushq %r14
            0x7fff3387342e <+8>:   pushq %rbx
            0x7fff3387342f <+9>:   pushq %rax
            0x7fff33873430 <+10>:  callq 0x7fff338717aa            ; URLProtocol::getRequest() const
            0x7fff33873435 <+15>:  movq %rax, %rbx
            0x7fff33873438 <+18>:  callq 0x7fff3385c9cc            ; URLRequest::Class()
            0x7fff3387343d <+23>:  leaq 0x10(%rbx), %rax
            0x7fff33873441 <+27>:  testq %rbx, %rbx
            0x7fff33873444 <+30>:  cmoveq %rbx, %rax
        ->  0x7fff33873448 <+34>:  movq 0x48(%rax), %rdi //EXC_BAD_ACCESS(code=1, address=0x48)
            0x7fff3387344c <+38>:  movb $0x1, %bl
            0x7fff3387344e <+40>:  testq %rdi, %rdi
            0x7fff33873451 <+43>:  je 0x7fff3387348b            ; <+101>
            0x7fff33873453 <+45>:  movl $0x3603583a, %esi         ; imm = 0x3603583A
            0x7fff33873458 <+50>:  callq 0x7fff3387349a            ; HTTPMessage::copyHeaderFieldValue(CFNetworkCanonicalStringConstant)
            0x7fff3387345d <+55>:  testq %rax, %rax
            0x7fff33873460 <+58>:  je 0x7fff3387348b            ; <+101>
            0x7fff33873462 <+60>:  movq %rax, %r15
            0x7fff33873465 <+63>:  movq 0x58be971c(%rip), %rsi    ; kCFHTTPHeaderValueOnlyIfCached
            0x7fff3387346c <+70>:  movl $0x1, %edx
            0x7fff33873471 <+75>:  movq %rax, %rdi
            0x7fff33873474 <+78>:  callq 0x7fff33ac3d78            ; symbol stub for: CFStringFind
            0x7fff33873479 <+83>:  movq %rax, %r14
            0x7fff3387347c <+86>:  movq %r15, %rdi
            0x7fff3387347f <+89>:  callq 0x7fff33ac3b86            ; symbol stub for: CFRelease
            0x7fff33873484 <+94>:  cmpq $-0x1, %r14
            0x7fff33873488 <+98>:  sete %bl
            0x7fff3387348b <+101>: movzbl %bl, %eax
            0x7fff3387348e <+104>: addq   $0x8, %rsp
            0x7fff33873492 <+108>: popq   %rbx
            0x7fff33873493 <+109>: popq   %r14
            0x7fff33873495 <+111>: popq   %r15
            0x7fff33873497 <+113>: popq   %rbp
            0x7fff33873498 <+114>: retq  
            0x7fff33873499 <+115>: nop   

         

        Also, here is a spliced back traces view provided by Xcode when the exception arises.

         

        Thread 7 Queue : com.apple.CFNetwork.LoaderQ (serial)       
        #0        0x00007fff41b6f448 in HTTPProtocol::shouldAttemptOriginLoad() ()
        #1        0x00007fff41b6e63e in HTTPProtocol::_protocolInterface_startLoad(_CFCachedURLResponse const*) ()
        #2        0x00007fff41c0170b in ___ZN19URLConnectionLoader27_private_ScheduleOriginLoadEPK12NSURLRequestPK20_CFCachedURLResponse_block_invoke_2 ()
        #3        0x00007fff41b6e3c3 in ___ZNK19URLConnectionLoader25withExistingProtocolAsyncEU13block_pointerFvP11URLProtocolE_block_invoke ()
        #4        0x00007fff41c123b9 in ___ZNK18QCoreSchedulingSet12performAsyncEU13block_pointerFvvE_block_invoke ()
        #5        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #6        0x0000000107ddff1b in _dispatch_client_callout ()
        #7        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #8        0x0000000107de8f4e in _dispatch_lane_invoke ()
        #9        0x0000000107deaa60 in _dispatch_workloop_invoke ()
        #10        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #11        0x0000000107e59015 in _pthread_wqthread ()
        #12        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.CFNetwork.LoaderQ (Thread 7) Queue : com.apple.CFNetwork.LoaderQ (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b6e0f1 in QCoreSchedulingSet::performAsync(void () block_pointer) const ()
        #2        0x00007fff41b6e05d in URLConnectionLoader::withExistingProtocolAsync(void (URLProtocol*) block_pointer) const ()
        #3        0x00007fff41b6c038 in URLConnectionLoader::_private_ScheduleOriginLoad(NSURLRequest const*, _CFCachedURLResponse const*) ()
        #4        0x00007fff41b6be92 in URLConnectionLoader::loadWithWhatToDo(NSURLRequest const*, _CFCachedURLResponse const*, long, URLConnectionLoader::WhatToDo) ()
        #5        0x00007fff41d1bc4c in ___ZN19URLConnectionLoader29continueWithCacheLookupResultEPK12NSURLRequestPK20_CFCachedURLResponse23CFURLRequestCachePolicy_block_invoke ()
        #6        0x00007fff41b6e3c3 in ___ZNK19URLConnectionLoader25withExistingProtocolAsyncEU13block_pointerFvP11URLProtocolE_block_invoke ()
        #7        0x00007fff41c123b9 in ___ZNK18QCoreSchedulingSet12performAsyncEU13block_pointerFvvE_block_invoke ()
        #8        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #9        0x0000000107ddff1b in _dispatch_client_callout ()
        #10        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #11        0x0000000107de8f4e in _dispatch_lane_invoke ()
        #12        0x0000000107deaa60 in _dispatch_workloop_invoke ()
        #13        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #14        0x0000000107e59015 in _pthread_wqthread ()
        #15        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b6e0f1 in QCoreSchedulingSet::performAsync(void () block_pointer) const ()
        #2        0x00007fff41b6e05d in URLConnectionLoader::withExistingProtocolAsync(void (URLProtocol*) block_pointer) const ()
        #3        0x00007fff41bc1151 in URLConnectionLoader::continueWithCacheLookupResult(NSURLRequest const*, _CFCachedURLResponse const*, CFURLRequestCachePolicy) ()
        #4        0x00007fff41d1bb2b in ___ZN19URLConnectionLoader19initiateCacheLookupEPK12NSURLRequestPK9XURLCache23CFURLRequestCachePolicy_block_invoke_3 ()
        #5        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #6        0x0000000107ddff1b in _dispatch_client_callout ()
        #7        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #8        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #9        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #10        0x0000000107e59015 in _pthread_wqthread ()
        #11        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41d1ba95 in ___ZN19URLConnectionLoader19initiateCacheLookupEPK12NSURLRequestPK9XURLCache23CFURLRequestCachePolicy_block_invoke_2 ()
        #2        0x00007fff41bc0021 in __CFURLCache::CopyResponseForRequestWithCompletionHandler(_CFURLRequest const*, bool, NSURLSession const*, void (_CFCachedURLResponse const*) block_pointer) ()
        #3        0x00007fff41bbfdeb in CFXURLCache::getResponseForTask(NSURLSessionTask const*, unsigned char, void (_CFCachedURLResponse const*) block_pointer) const ()
        #4        0x00007fff41bbfd88 in URLConnectionLoader::initiateCacheLookup(NSURLRequest const*, XURLCache const*, CFURLRequestCachePolicy) ()
        #5        0x00007fff41b698bf in -[__NSURLSessionLocal _withXURLCache:] ()
        #6        0x00007fff41b6a74a in URLConnectionLoader::_loaderEvent_StartLoad(NSURLSessionTask const*) ()
        #7        0x00007fff41c363aa in ___ZN19URLConnectionLoader26_private_followRedirectionEPK12NSURLRequest_block_invoke ()
        #8        0x00007fff41d1d0bf in ___ZNK23CoreSchedulingSetOneOff29performAsyncWithTrailingBlockEU13block_pointerFvvE_block_invoke ()
        #9        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #10        0x0000000107ddff1b in _dispatch_client_callout ()
        #11        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #12        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #13        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #14        0x0000000107e59015 in _pthread_wqthread ()
        #15        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41bc2c54 in URLConnectionLoader::_loaderEvent_CancelLoad(std::__1::shared_ptr) ()
        #2        0x00007fff41bdd083 in URLConnectionLoader::_private_followRedirection(NSURLRequest const*) ()
        #3        0x00007fff41d19ecc in ___ZN19URLConnectionLoader27protocolWasRedirected_finalEPK12NSURLRequest_block_invoke ()
        #4        0x00007fff41bffd6c in ___ZNK25URLConnectionInstanceData18withWorkQueueAsyncEU13block_pointerFvvE_block_invoke ()
        #5        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #6        0x0000000107ddff1b in _dispatch_client_callout ()
        #7        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #8        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #9        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #10        0x0000000107e59015 in _pthread_wqthread ()
        #11        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b76411 in URLConnectionInstanceData::withWorkQueueAsync(void () block_pointer) const ()
        #2        0x00007fff41d19dcd in URLConnectionLoader::protocolWasRedirected_final(NSURLRequest const*) ()
        #3        0x00007fff41d1a340 in ___ZN19URLConnectionLoader21protocolWasRedirectedEPK12NSURLRequestP14_CFURLResponse_block_invoke_4 ()
        #4        0x00007fff41b8f07f in __57-[__NSCFURLLocalSessionConnection afterDelegateWithTick:]_block_invoke ()
        #5        0x0000000107def042 in _dispatch_block_async_invoke2 ()
        #6        0x0000000107ddff1b in _dispatch_client_callout ()
        #7        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #8        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #9        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #10        0x0000000107e59015 in _pthread_wqthread ()
        #11        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b69d00 in -[__NSCFURLSessionConnection withWorkQueueAsync:] ()
        #2        0x00007fff41b8f055 in -[__NSCFURLLocalSessionConnection afterDelegateWithTick:] ()
        #3        0x00007fff41ca9e46 in __80-[__NSCFURLLocalSessionConnection _redirectRequest:redirectResponse:completion:]_block_invoke_3 ()
        #4        0x00007fff41c545e9 in -[__NSCFLocalSessionTask connection:wasRedirected:newRequest:responseCallback:] ()
        #5        0x00007fff41bdf169 in __80-[__NSCFURLLocalSessionConnection _redirectRequest:redirectResponse:completion:]_block_invoke ()
        #6        0x00007fff41ca9da2 in -[__NSCFURLLocalSessionConnection _redirectRequest:redirectResponse:completion:] ()
        #7        0x00007fff41caaa7b in SessionConnectionLoadable::_loaderClientEvent_WillSendRequestForRedirection(NSURLRequest const*, _CFURLResponse*, void (NSURLRequest const*) block_pointer) ()
        #8        0x00007fff41d1a307 in ___ZN19URLConnectionLoader21protocolWasRedirectedEPK12NSURLRequestP14_CFURLResponse_block_invoke_3 ()
        #9        0x00007fff41b73b7b in ___ZN25SessionConnectionLoadable21withLoaderClientAsyncEU13block_pointerFvP21LoaderClientInterfaceE_block_invoke ()
        #10        0x0000000107def042 in _dispatch_block_async_invoke2 ()
        #11        0x0000000107ddff1b in _dispatch_client_callout ()
        #12        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #13        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #14        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #15        0x0000000107e59015 in _pthread_wqthread ()
        #16        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.NSURLSession-work (Thread 2) Queue : com.apple.NSURLSession-work (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b69d00 in -[__NSCFURLSessionConnection withWorkQueueAsync:] ()
        #2        0x00007fff41b73b37 in SessionConnectionLoadable::withLoaderClientAsync(void (LoaderClientInterface*) block_pointer) ()
        #3        0x00007fff41d1a1c4 in URLConnectionLoader::protocolWasRedirected(NSURLRequest const*, _CFURLResponse*) ()
        #4        0x00007fff41d1c091 in ___ZN27URLConnectionLoader_Classic21protocolWasRedirectedEPK12NSURLRequestP14_CFURLResponse_block_invoke ()
        #5        0x00007fff41bffd6c in ___ZNK25URLConnectionInstanceData18withWorkQueueAsyncEU13block_pointerFvvE_block_invoke ()
        #6        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #7        0x0000000107ddff1b in _dispatch_client_callout ()
        #8        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #9        0x0000000107de8f1b in _dispatch_lane_invoke ()
        #10        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #11        0x0000000107e59015 in _pthread_wqthread ()
        #12        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.CFNetwork.Connection (Thread 7) Queue : com.apple.CFNetwork.Connection (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41b76411 in URLConnectionInstanceData::withWorkQueueAsync(void () block_pointer) const ()
        #2        0x00007fff41d1c06c in URLConnectionLoader_Classic::protocolWasRedirected(NSURLRequest const*, _CFURLResponse*) ()
        #3        0x00007fff41ce9867 in HTTPProtocol::attemptRedirection(__CFHTTPMessage*) ()
        #4        0x00007fff41ba7e61 in HTTPProtocol::performHeaderRead(__CFHTTPMessage*) ()
        #5        0x00007fff41ba77da in HTTPProtocol::handleStreamEvent(__CFHTTPMessage*, dispatch_data_s*, CFStreamError const*) ()
        #6        0x00007fff41b9a371 in HTTPTransaction::_onqueue_invokeHandler() ()
        #7        0x00007fff41ba70b4 in HTTPConnection::_onqueue_responseDataArrived(dispatch_data_s*, CFStreamError, bool) ()
        #8        0x00007fff41ba6dd3 in HTTPEngine::_deliverBodyBytes(dispatch_data_s*, CFStreamError, bool) ()
        #9        0x00007fff41d8c3af in ___ZN10HTTPEngine21_getBodyIntelligentlyEU13block_pointerFvP15dispatch_data_s13CFStreamErrorbE_block_invoke ()
        #10        0x0000000107ddee7c in _dispatch_call_block_and_release ()
        #11        0x0000000107ddff1b in _dispatch_client_callout ()
        #12        0x0000000107de8067 in _dispatch_lane_serial_drain ()
        #13        0x0000000107de8f4e in _dispatch_lane_invoke ()
        #14        0x0000000107deaa60 in _dispatch_workloop_invoke ()
        #15        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #16        0x0000000107e59015 in _pthread_wqthread ()
        #17        0x0000000107e58e01 in start_wqthread ()
        Enqueued from com.apple.network.connections (Thread 7) Queue : com.apple.network.connections (serial)       
        #0        0x0000000107de5190 in dispatch_async ()
        #1        0x00007fff41ba6c32 in HTTPEngine::_getBodyIntelligently(void (dispatch_data_s*, CFStreamError, bool) block_pointer) ()
        #2        0x00007fff41ba6640 in HTTPEngine::_readBodyStartNextRead() ()
        #3        0x00007fff41ba562f in HTTPEngine::_readHeadersFinish(CFStreamError) ()
        #4        0x00007fff41ba4760 in HTTPEngine::_readHeadersDoParse(CFStreamError) ()
        #5        0x00007fff41ba402a in TCPIOConnection::readCompleted(unsigned long, unsigned long, dispatch_data_s*, int, void (dispatch_data_s*, CFStreamError) block_pointer) ()
        #6        0x00007fff41b9eced in ConnectionProtocolReadInner(nw_protocol*, unsigned int, unsigned int, bool, long long, void (dispatch_data_s*, CFStreamError) block_pointer, void (nw_frame_array_s*, CFStreamError) block_pointer) ()
        #7        0x00007fff41d97575 in ___ZL36ConnectionProtocolEnqueueReadRequestP11nw_protocoljjbxU13block_pointerFvP15dispatch_data_s13CFStreamErrorEU13block_pointerFvP16nw_frame_array_sS3_E_block_invoke ()
        #8        0x00007fff41b8877b in ConnectionProtocolServiceReads(nw_protocol*) ()
        #9        0x00007fff41ba3d61 in ConnectionProtocolInputAvailable(nw_protocol*, nw_protocol*) ()
        #10        0x00007fff6d51df08 in nw_socket_update_input_source ()
        #11        0x0000000107ddff1b in _dispatch_client_callout ()
        #12        0x0000000107de32be in _dispatch_continuation_pop ()
        #13        0x0000000107df7a87 in _dispatch_source_invoke ()
        #14        0x0000000107deaa60 in _dispatch_workloop_invoke ()
        #15        0x0000000107df44db in _dispatch_workloop_worker_thread ()
        #16        0x0000000107e59015 in _pthread_wqthread ()