Reproducible crash within libobjc.A.dylib objc_msgSend +16 while application authentication delegation

Hello,


Our UEM Client has a crash where it is crashing when it is set as an auth delegate for another application (Let call the other app "Work"). When the device has Air Plane mode turned on, and the user clicks on the "Work" application it will launch the UEM client to authenticate the Work Application. When this happens the UEM client may crash. We have a few different symbolized call-stacks showing the same type of behavior:



1.

Hardware Model:      iPad4,1
Code Type:           ARM-64 (Native)
Role:                Non UI
Parent Process:      launchd [1]

OS Version:          iPhone OS 12.2 (16E227)
Baseband Version:    n/a
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010
VM Region Info: 0x10 is not in any region.  Bytes before following region: 4307369968
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                 0000000100bd4000-0000000102314000 [ 23.2M] r-x/r-x SM=COW  ...pp/UEM Client

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [457]
Triggered by Thread:  1

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0:
0   CoreFoundation                0x00000002239837d8 generationCountFromListOfSources + 96
1   CoreFoundation                0x0000000223983894 generationCountFromListOfSources + 284
2   CoreFoundation                0x00000002239009f0 -[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:] + 52
3   CoreFoundation                0x0000000223983c48 -[CFPrefsSearchListSource alreadylocked_getDictionary:] + 404
4   CoreFoundation                0x00000002238f571c -[CFPrefsSearchListSource alreadylocked_copyValueForKey:] + 152
5   CoreFoundation                0x00000002238f5660 -[CFPrefsSource copyValueForKey:] + 60
6   CoreFoundation                0x0000000223a40e88 __76-[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:]_block_invoke + 40
7   CoreFoundation                0x0000000223984ff4 __108-[_CFXPreferences+ 614388 (SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke + 272
8   CoreFoundation                0x0000000223984a38 normalizeQuintuplet + 340
9   CoreFoundation                0x00000002238f3634 -[_CFXPreferences+ 17972 (SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] + 108
10  CoreFoundation                0x00000002238f3ec0 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] + 148
11  CoreFoundation                0x0000000223a432d0 _CFPreferencesCopyAppValueWithContainerAndConfiguration + 124
12  Foundation                    0x000000022435ff6c -[NSUserDefaults+ 28524 (NSUserDefaults) objectForKey:] + 52
13  UEM Client                    0x0000000101042f60 -[BUDSSettingsStore stringForKey:withEncryption:] + 4648800 (BUDSSettingsStore.m:130)
14  UEM Client                    0x0000000101043a80 -[BUDSSettingsStore stringForKey:] + 4651648 (BUDSSettingsStore.m:151)
15  UEM Client                    0x0000000100d8774c -[v3cgAlgP b2IKoj1w] + 1783628 (BBEMAClientSettings.m:201)
16  UEM Client                    0x0000000100d561d8 -[BUDSRESTServiceProxy ASIHTTPRequestFromRoute:usingMethod:] + 1581528 (BUDSRESTServiceProxy.m:222)
17  UEM Client                    0x0000000100d6f944 -[BUDSRESTServiceProxy senddata:method:binaryPayload:extraHeaders:successBlock:failureBlock:] + 1685828 (BUDSRESTServiceProxy.m:740)
18  UEM Client                    0x0000000100d6eed8 -[BUDSRESTServiceProxy senddata:method:payload:extraHeaders:successBlock:failureBlock:] + 1683160 (BUDSRESTServiceProxy.m:720)
19  UEM Client                    0x0000000100d7f890 -[BUDSRESTServiceProxy senddata:method:payload:successBlock:failureBlock:] + 1751184 (BUDSRESTServiceProxy.m:846)
20  UEM Client                    0x0000000100d69d14 -[BUDSRESTServiceProxy put:payload:successBlock:failureBlock:] + 1662228 (BUDSRESTServiceProxy.m:669)
21  UEM Client                    0x000000010114a580 -[BBEMAServer registerForPushNotificationsWithDeviceToken:successBlock:failureBlock:] + 5727616 (BBEMAServer.m:592)
22  UEM Client                    0x00000001012167d4 -[BUDSPushNotificationController didRegisterForRemoteNotificationsWithDeviceToken:] + 6563796 (BUDSPushNotificationController.m:147)
23  UEM Client                    0x00000001014f14a8 -[BUDSAppDelegate application:didRegisterForRemoteNotificationsWithDeviceToken:] + 9557160 (BUDSAppDelegate.m:550)
24  UEM Client                    0x00000001016ace18 -[NSObject+ 11374104 (UIApplicationDelegate) gdApplication:didRegisterForRemoteNotificationsWithDeviceToken:] + 92
25  libdispatch.dylib              0x0000000223447a38 _dispatch_call_block_and_release + 24
26  libdispatch.dylib              0x00000002234487d4 _dispatch_client_callout + 16
27  libdispatch.dylib              0x00000002233f6004 _dispatch_main_queue_callback_4CF$VARIANT$mp + 1068
28  CoreFoundation                0x0000000223998ec0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
29  CoreFoundation                0x0000000223993df8 __CFRunLoopRun + 1924
30  CoreFoundation                0x0000000223993354 CFRunLoopRunSpecific + 436
31  GraphicsServices              0x0000000225b9379c GSEventRunModal + 104
32  UIKitCore                      0x000000024f779b68 UIApplicationMain + 212
33  UEM Client                    0x0000000101528f8c main + 9785228 (main.m:19)
34  libdyld.dylib                  0x00000002234598e0 start + 4

Thread 1 name:  Dispatch queue: com.apple.root.user-initiated-qos
Thread 1 Crashed:
0   libobjc.A.dylib                0x0000000222bfa530 objc_msgSend + 16
1   Foundation                    0x000000022437bc18 -[_NSXPCConnectionClassCache dealloc] + 60
2   Foundation                    0x000000022437b8f4 -[NSXPCConnection dealloc] + 288
3   Foundation                    0x00000002243799fc -[_NSXPCDistantObject dealloc] + 132
4   libobjc.A.dylib                0x0000000222bfcb9c (anonymous namespace)::AutoreleasePoolPage::pop+ 129948 (void*) + 672
5   libdispatch.dylib              0x00000002234487b4 _dispatch_last_resort_autorelease_pool_pop + 40
6   libdispatch.dylib              0x00000002233f9324 _dispatch_root_queue_drain + 1132
7   libdispatch.dylib              0x00000002233f98d0 _dispatch_worker_thread2 + 128
8   libsystem_pthread.dylib        0x00000002236281b4 _pthread_wqthread + 464
9   libsystem_pthread.dylib        0x000000022362acd4 start_wqthread + 4



2.

Hardware Model:      iPad7,3
AppStoreTools:       10B63
AppVariant:          1:iPad7,3:12
Code Type:           ARM-64 (Native)
Role:                Non UI
Parent Process:      launchd [1]

OS Version:          iPhone OS 12.1.4 (16D57)
Baseband Version:    n/a
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010
VM Region Info: 0x10 is not in any region.  Bytes before following region: 4297883632
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                 00000001002c8000-00000001002cc000 [   16K] r-x/r-x SM=COW  ...pp/UEM Client

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [416]
Triggered by Thread:  3

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0:
0   libobjc.A.dylib                0x00000001a0774d8c objc_msgSend + 44
1   CoreData                      0x00000001a41c11ec -[NSEntityDescription+ 1159660 (_NSInternalMethods) _createCachesAndOptimizeState] + 1148
2   CoreData                      0x00000001a41f9a30 -[NSManagedObjectModel+ 1391152 (_NSInternalMethods) _createCachesAndOptimizeState] + 756
3   CoreData                      0x00000001a41fa5f4 -[NSManagedObjectModel+ 1394164 (_NSInternalMethods) _setIsEditable:optimizationStyle:] + 384
4   CoreData                      0x00000001a415853c -[NSPersistentStoreCoordinator initWithManagedObjectModel:] + 280
5   UEM Client                    0x00000001004e37c8 -[BBEMAStorage initializeCoreData:] + 2209736 (BBEMAStorage.m:30)
6   UEM Client                    0x00000001004e3690 -[BBEMAStorage init] + 2209424 (BBEMAStorage.m:21)
7   UEM Client                    0x0000000100526bb4 -[BUDSAppDelegate application:didFinishLaunchingWithOptions:] + 2485172 (BUDSAppDelegate.m:250)
8   UEM Client                    0x00000001006925f0 -[NSObject+ 3974640 (UIApplicationDelegate) gdApplication:didFinishLaunchingWithOptions:] + 280
9   UIKitCore                      0x00000001ce33bca0 -[UIApplication _handleDelegateCallbacksWithOptions:isSuspended:restoreState:] + 412
10  UIKitCore                      0x00000001ce33d408 -[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 3340
11  UIKitCore                      0x00000001ce342e54 -[UIApplication _runWithMainScene:transitionContext:completion:] + 1552
12  UIKitCore                      0x00000001cdbde93c __111-[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:]_block_invoke + 784
13  UIKitCore                      0x00000001cdbe75bc +[_UICanvas _enqueuePostSettingUpdateTransactionBlock:] + 160
14  UIKitCore                      0x00000001cdbde5b8 -[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:] + 240
15  UIKitCore                      0x00000001cdbdef58 -[__UICanvasLifecycleMonitor_Compatability activateEventsOnly:withContext:completion:] + 1076
16  UIKitCore                      0x00000001cdbdd058 __82-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:]_block_invoke + 772
17  UIKitCore                      0x00000001cdbdcd04 -[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:] + 432
18  UIKitCore                      0x00000001cdbe1ec4 __125-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:]_block_invoke + 220
19  UIKitCore                      0x00000001cdbe2e24 _performActionsWithDelayForTransitionContext + 112
20  UIKitCore                      0x00000001cdbe1d7c -[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:] + 248
21  UIKitCore                      0x00000001cdbe6c68 -[_UICanvas scene:didUpdateWithDiff:transitionContext:completion:] + 368
22  UIKitCore                      0x00000001ce34134c -[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 540
23  UIKitCore                      0x00000001cdf2c244 -[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 364
24  FrontBoardServices            0x00000001a3fc49d4 -[FBSSceneImpl _didCreateWithTransitionContext:completion:] + 444
25  FrontBoardServices            0x00000001a3fcf79c __56-[FBSWorkspace client:handleCreateScene:withCompletion:]_block_invoke_2 + 260
26  FrontBoardServices            0x00000001a3fcee94 __40-[FBSWorkspace _performDelegateCallOut:]_block_invoke + 64
27  libdispatch.dylib              0x00000001a0fc6484 _dispatch_client_callout + 16
28  libdispatch.dylib              0x00000001a0f69e10 _dispatch_block_invoke_direct$VARIANT$mp + 224
29  FrontBoardServices            0x00000001a4003a9c __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 40
30  FrontBoardServices            0x00000001a4003728 -[FBSSerialQueue _performNext] + 416
31  FrontBoardServices            0x00000001a4003d44 -[FBSSerialQueue _performNextFromRunLoopSource] + 56
32  CoreFoundation                0x00000001a151e0e0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
33  CoreFoundation                0x00000001a151e060 __CFRunLoopDoSource0 + 88
34  CoreFoundation                0x00000001a151d944 __CFRunLoopDoSources0 + 176
35  CoreFoundation                0x00000001a1518810 __CFRunLoopRun + 1040
36  CoreFoundation                0x00000001a15180e0 CFRunLoopRunSpecific + 436
37  GraphicsServices              0x00000001a3791584 GSEventRunModal + 100
38  UIKitCore                      0x00000001ce344c00 UIApplicationMain + 212
39  UEM Client                    0x00000001005303ec main + 2524140 (main.m:19)
40  libdyld.dylib                  0x00000001a0fd6bb4 start + 4

Thread 1:
0   libsystem_pthread.dylib        0x00000001a11abce8 start_wqthread + 0

Thread 2:
0   libsystem_pthread.dylib        0x00000001a11abce8 start_wqthread + 0

Thread 3 name:  Dispatch queue: com.apple.NSXPCConnection.m-user.com.apple.usernotifications.usernotificationservice
Thread 3 Crashed:
0   libobjc.A.dylib                0x00000001a0774d70 objc_msgSend + 16
1   Foundation                    0x00000001a1f1bc08 -[_NSXPCConnectionClassCache containsClass:] + 72
2   Foundation                    0x00000001a1f1b98c -[NSXPCDecoder _validateAllowedClass:forKey:allowingInvocations:] + 380
3   Foundation                    0x00000001a2153f74 _decodeObject + 924
4   Foundation                    0x00000001a1f1b7ac -[NSXPCDecoder _decodeObjectOfClasses:atObject:] + 132
5   Foundation                    0x00000001a217cedc _NSXPCSerializationDecodeTypedObjCValuesFromArray + 1716
6   Foundation                    0x00000001a217d760 _NSXPCSerializationDecodeInvocationArgumentArray + 548
7   Foundation                    0x00000001a1f727cc -[NSXPCDecoder __decodeXPCObject:allowingSimpleMessageSend:outInvocation:outArguments:outArgumentsMaxCount:outMethodSignature:outSelector:isReply:replySelector:interface:] + 1500
8   Foundation                    0x00000001a1f1b490 -[NSXPCDecoder _decodeReplyFromXPCObject:forSelector:interface:] + 64
9   Foundation                    0x00000001a1f1aee4 -[NSXPCConnection _decodeAndInvokeReplyBlockWithEvent:sequence:replyInfo:] + 220
10  Foundation                    0x00000001a2152834 __88-[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:]_block_invoke.351 + 564
11  libxpc.dylib                  0x00000001a11ed514 _xpc_connection_reply_callout + 60
12  libxpc.dylib                  0x00000001a11e0b28 _xpc_connection_call_reply_async + 88
13  libdispatch.dylib              0x00000001a0fc6504 _dispatch_client_callout3 + 16
14  libdispatch.dylib              0x00000001a0f7e898 _dispatch_mach_msg_async_reply_invoke$VARIANT$mp + 320
15  libdispatch.dylib              0x00000001a0f6da9c _dispatch_lane_serial_drain$VARIANT$mp + 284
16  libdispatch.dylib              0x00000001a0f6e74c _dispatch_lane_invoke$VARIANT$mp + 484
17  libdispatch.dylib              0x00000001a0f76eb8 _dispatch_workloop_worker_thread + 600
18  libsystem_pthread.dylib        0x00000001a11a90dc _pthread_wqthread + 312
19  libsystem_pthread.dylib        0x00000001a11abcec start_wqthread + 4



If anyone has any idea what might be going on that would be helpful. It could be related to not making the call on the main thread, but it works for everyone else so I don't suspect that.


Thanks,


Justin

Up vote post of JEdwards Down vote post of JEdwards
4.3k views
Posted by
JEdwards
Reply
Add a Comment

Replies

Our UEM Client

What’s “UEM”?

The crashes you’re seeing all seems like memory management problems. Both crash reports show that the affecting code is related to 

NSXPCConnection
, but there’s no guarantee that this is a problem in 
NSXPCConnection
itself. It’s not uncommon for a memory management bug in one part of your app to cause a crash in some other, unrelated part of your app.

My recommendation is that your run your app with the standard memory debugging tools. These can help trigger the problem earlier, which makes it easier to track down the responsible code.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment