iOS 17 crash on quic_recovery_declare_packets_lost
Originator: | dennycd | ||
Number: | rdar://FB9999998 | Date Originated: | |
Status: | Open | Resolved: | |
Product: | iOS SDK | Product Version: | iOS 17 Beta 4 ~ Beta 8 |
Classification: | Crash | Reproducible: |
We recently observed a crash spike on iOS 17 since July 26, including the most recent beta 8 releases. This appears to be crashing from iOS's internal "com.apple.network.connections" queue from within Network.framework's QUIC/Http3 implementation stack (libquic). We believe this crash happens in a relatively high-loss networking environment, and iOS client is expecting to receive data via URLSession (with Http3/Quic), and libquic's loss detection implementation decided to declare packet loss and crashed. Full stack trace pasted below for your reference. Our app is currently built with Xcode 14.2 toolchain. Similar issue appears to have been reported in https://developer.apple.com/forums/thread/735080 and https://github.com/firebase/firebase-ios-sdk/issues/11655 from multiple people. Full Stack Trace EXC_BAD_ACCESS _quic_recovery_declare_packets_lost Attempted to dereference null pointer. Aug 30th 2023, 13:08:45 PDT STACKTRACE CrashReporter Key: d8eb75b9794bf1f2f7372e8e60de4ff343b9b3ff Hardware Model: iPhone15,2 Process: XXX Identifier: XXX Version: 11.31 Role: Foreground OS Version: iOS 17.0 Exception Type: EXC_BAD_ACCESS Exception Subtype: KERN_INVALID_ADDRESS EXC_BAD_ACCESS: Attempted to dereference null pointer. 0 libquic.dylib +0x20a98 _quic_recovery_declare_packets_lost 1 libquic.dylib +0x1ffa4 _quic_recovery_find_lost_packet_inner 2 libquic.dylib +0x1dd58 _quic_recovery_find_lost_packets 3 libquic.dylib +0x11354 _quic_recovery_received_ack 4 libquic.dylib +0x51e64 _quic_frame_process_ACK 5 libquic.dylib +0xb3a38 _quic_conn_process_frame 6 libquic.dylib +0xb01e4 _quic_conn_process_inbound 7 Network +0x323e6c _nw_protocol_data_access_buffer 8 libquic.dylib +0xb69cc ___quic_conn_handle_inbound_block_invoke 9 libquic.dylib +0xb6790 _quic_conn_handle_inbound 10 Network +0x3104d8 ___nw_protocol_implementation_get_input_internal_block_invoke 11 Network +0x30fb00 _nw_protocol_implementation_read 12 Network +0x30f354 _nw_protocol_implementation_input_available 13 Network +0x1edc4 nw_channel_update_input_source(nw_channel*, nw_protocol*, bool) 14 Network +0x91a54c ____ZL17nw_channel_createP10nw_contextPhjPvjbbPb_block_invoke.43 15 libdispatch.dylib +0x42fc __dispatch_client_callout 16 libdispatch.dylib +0x77b4 __dispatch_continuation_pop 17 libdispatch.dylib +0x1b5bc __dispatch_source_latch_and_call 18 libdispatch.dylib +0x1a18c __dispatch_source_invoke 19 libdispatch.dylib +0xd6a4 __dispatch_workloop_invoke 20 libdispatch.dylib +0x17000 __dispatch_root_queue_drain_deferred_wlh 21 libdispatch.dylib +0x16874 __dispatch_workloop_worker_thread 22 libsystem_pthread.dylib +0x1960 __pthread_wqthread THREADS Thread 0 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 GraphicsServices +0x35e8 _GSEventRunModal 8 UIKitCore +0x22f2fc -[UIApplication _run] 9 UIKitCore +0x22e938 _UIApplicationMain 10 XXX +0x3fe9c main (main.m:15:16) 11 dyld +0x5d40 start Thread 1 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 2 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 3 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 4 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 5 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 6 - (TH_STATE_WAITING) 0 libquic.dylib +0x20a98 _quic_recovery_declare_packets_lost 1 libquic.dylib +0x1ffa4 _quic_recovery_find_lost_packet_inner 2 libquic.dylib +0x1dd58 _quic_recovery_find_lost_packets 3 libquic.dylib +0x11354 _quic_recovery_received_ack 4 libquic.dylib +0x51e64 _quic_frame_process_ACK 5 libquic.dylib +0xb3a38 _quic_conn_process_frame 6 libquic.dylib +0xb01e4 _quic_conn_process_inbound 7 Network +0x323e6c _nw_protocol_data_access_buffer 8 libquic.dylib +0xb69cc ___quic_conn_handle_inbound_block_invoke 9 libquic.dylib +0xb6790 _quic_conn_handle_inbound 10 Network +0x3104d8 ___nw_protocol_implementation_get_input_internal_block_invoke 11 Network +0x30fb00 _nw_protocol_implementation_read 12 Network +0x30f354 _nw_protocol_implementation_input_available 13 Network +0x1edc4 nw_channel_update_input_source(nw_channel*, nw_protocol*, bool) 14 Network +0x91a54c ____ZL17nw_channel_createP10nw_contextPhjPvjbbPb_block_invoke.43 15 libdispatch.dylib +0x42fc __dispatch_client_callout 16 libdispatch.dylib +0x77b4 __dispatch_continuation_pop 17 libdispatch.dylib +0x1b5bc __dispatch_source_latch_and_call 18 libdispatch.dylib +0x1a18c __dispatch_source_invoke 19 libdispatch.dylib +0xd6a4 __dispatch_workloop_invoke 20 libdispatch.dylib +0x17000 __dispatch_root_queue_drain_deferred_wlh 21 libdispatch.dylib +0x16874 __dispatch_workloop_worker_thread 22 libsystem_pthread.dylib +0x1960 __pthread_wqthread Thread 7 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 Foundation +0x2c828 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 8 Foundation +0x5b5e0 -[NSRunLoop(NSRunLoop) runUntilDate:] 9 UIKitCore +0x1910cc -[UIEventFetcher threadMain] 10 Foundation +0xb2520 ___NSThread__start__ 11 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 8 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 9 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 Foundation +0x2c828 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 8 Networking +0x10fbb0 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 9 Networking +0x10e398 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 10 Networking +0xc43f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) 11 Networking +0x8fe6c base::RunLoop::Run(base::Location const&) 12 Networking +0xe831c base::Thread::Run(base::RunLoop*) 13 Networking +0xd245c base::internal::ServiceThread::Run(base::RunLoop*) 14 Networking +0xe8444 base::Thread::ThreadMain() 15 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 16 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 10 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 Networking +0x111c98 base::WaitableEvent::TimedWaitImpl(base::TimeDelta) 5 Networking +0xaa678 base::WaitableEvent::TimedWait(base::TimeDelta) 6 Networking +0xdb980 base::internal::WorkerThread::Delegate::WaitForWork(base::WaitableEvent*) 7 Networking +0xdc544 base::internal::WorkerThread::RunWorker() 8 Networking +0xdc1b8 base::internal::WorkerThread::RunPooledWorker() 9 Networking +0xdc0ac base::internal::WorkerThread::ThreadMain() 10 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 11 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 11 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 Networking +0x111c98 base::WaitableEvent::TimedWaitImpl(base::TimeDelta) 5 Networking +0xaa678 base::WaitableEvent::TimedWait(base::TimeDelta) 6 Networking +0xdb980 base::internal::WorkerThread::Delegate::WaitForWork(base::WaitableEvent*) 7 Networking +0xdc340 base::internal::WorkerThread::RunWorker() 8 Networking +0xdc134 base::internal::WorkerThread::RunBackgroundPooledWorker() 9 Networking +0xdc0dc base::internal::WorkerThread::ThreadMain() 10 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 11 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 12 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 Foundation +0x2c828 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 8 Networking +0x10fbb0 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 9 Networking +0x10e398 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 10 Networking +0xc43f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) 11 Networking +0x8fe6c base::RunLoop::Run(base::Location const&) 12 Networking +0xe831c base::Thread::Run(base::RunLoop*) 13 Networking +0xe8444 base::Thread::ThreadMain() 14 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 15 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 13 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 Foundation +0x2c828 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 8 Networking +0x10fbb0 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 9 Networking +0x10e398 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 10 Networking +0xc43f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) 11 Networking +0x8fe6c base::RunLoop::Run(base::Location const&) 12 Networking +0xe831c base::Thread::Run(base::RunLoop*) 13 Networking +0xe8444 base::Thread::ThreadMain() 14 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 15 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 14 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 Foundation +0x2c828 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 8 Networking +0x10fbb0 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 9 Networking +0x10e398 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 10 Networking +0xc43f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) 11 Networking +0x8fe6c base::RunLoop::Run(base::Location const&) 12 Networking +0xe831c base::Thread::Run(base::RunLoop*) 13 Networking +0xe8444 base::Thread::ThreadMain() 14 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 15 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 15 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 16 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 CFNetwork +0x258794 0x189000794 (0x189000618 + 380) 8 Foundation +0xb2520 ___NSThread__start__ 9 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 17 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 Networking +0x111c98 base::WaitableEvent::TimedWaitImpl(base::TimeDelta) 5 Networking +0xaa678 base::WaitableEvent::TimedWait(base::TimeDelta) 6 Networking +0xdb980 base::internal::WorkerThread::Delegate::WaitForWork(base::WaitableEvent*) 7 Networking +0xdc544 base::internal::WorkerThread::RunWorker() 8 Networking +0xdc1b8 base::internal::WorkerThread::RunPooledWorker() 9 Networking +0xdc0ac base::internal::WorkerThread::ThreadMain() 10 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 11 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 18 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 Bugsnag +0x2d188 ksmachexc_i_handleExceptions (BSG_KSCrashSentry_MachException.c:229:36) 5 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 19 - KSCrash Exception Handler (Primary) - (TH_STATE_RUNNING) 0 unknown file -0x4 unknown method Thread 20 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x1150 _semaphore_wait_trap 1 libdispatch.dylib +0x4898 __dispatch_sema4_wait 2 libdispatch.dylib +0x4f48 __dispatch_semaphore_wait_slow 3 Bugsnag +0x30a3c -[BSGAppHangDetector detectAppHangs] (BSGAppHangDetector.m:125:13) 4 Bugsnag +0x309c8 DetectAppHangs (BSGAppHangDetector.m:214:5) 5 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 21 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x972c ___workq_kernreturn 1 libsystem_pthread.dylib +0x19ac __pthread_wqthread Thread 22 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 Networking +0x111c98 base::WaitableEvent::TimedWaitImpl(base::TimeDelta) 5 Networking +0xaa678 base::WaitableEvent::TimedWait(base::TimeDelta) 6 Networking +0xdb980 base::internal::WorkerThread::Delegate::WaitForWork(base::WaitableEvent*) 7 Networking +0xdc340 base::internal::WorkerThread::RunWorker() 8 Networking +0xdc1b8 base::internal::WorkerThread::RunPooledWorker() 9 Networking +0xdc0ac base::internal::WorkerThread::ThreadMain() 10 Networking +0x1089b8 base::(anonymous namespace)::ThreadFunc(void*) 11 libsystem_pthread.dylib +0x24d0 __pthread_start Thread 23 - (TH_STATE_WAITING) 0 libsystem_kernel.dylib +0x11d4 _mach_msg2_trap 1 libsystem_kernel.dylib +0xf6c _mach_msg2_internal 2 libsystem_kernel.dylib +0xe84 _mach_msg_overwrite 3 libsystem_kernel.dylib +0xcc4 _mach_msg 4 CoreFoundation +0x364b8 ___CFRunLoopServiceMachPort 5 CoreFoundation +0x343b0 ___CFRunLoopRun 6 CoreFoundation +0x33e14 _CFRunLoopRunSpecific 7 CFNetwork +0x258794 0x189000794 (0x189000618 + 380) 8 Foundation +0xb2520 ___NSThread__start__ 9 libsystem_pthread.dylib +0x24d0 __pthread_start
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!