Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SentryTransactionContext getThreadInfo] causes EXC_BAD_ACCESS - getThreadInfo attempted to dereference null pointer #3354

Closed
jozefizso opened this issue Oct 19, 2023 · 27 comments · Fixed by #3364

Comments

@jozefizso
Copy link

jozefizso commented Oct 19, 2023

Platform

macOS

Operating system: macOS 11.7.8(20G1351)
Model: MacBookPro11,3 (Intel)

Installed

Swift Package Manager

Version

8.9.4

Steps to Reproduce

  1. Use SentrySDK v8.9.4 in macOS application
  2. Initialise SentrySDK
  3. Call SentrySDK.startTransaction() (on main thread)
  4. The application may crash with EXC_BAD_ACCESS - getThreadInfo > attempted to dereference null pointer
SentrySDK.startTransaction(
    name: "InstallFlow",
    operation: #function,
    bindToScope: true
)

Expected Result

Application should not crash.

Actual Result

sentry::profiling::ThreadHandle::current() (in Acme) (SentryThreadHandle.cpp:49)
-[SentryTransactionContext getThreadInfo] (in Acme) (SentryTransactionContext.mm:127)
-[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Acme) (SentryTransactionContext.mm:147)
-[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Acme) (SentryTransactionContext.mm:64)
-[SentryHub startTransactionWithName:operation:bindToScope:] (in Acme) (SentryHub.m:323)
+[SentrySDK startTransactionWithName:operation:bindToScope:] (in Acme) (SentrySDK.m:200)
InstallFlow.start() (in Acme) (InstallFlow.swift:22)

Are you willing to submit a PR?

No response

@jozefizso
Copy link
Author

Across 65 devices we saw this crash only on single Intel based MacBook.

@jozefizso
Copy link
Author

More information from the crash log:

System Integrity Protection: enabled

Notes:                 Translocated Process

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [26547]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   ???                           	000000000000000000 0 + 0
1   com.acme.AcmeApp            	0x000000010fbd3f65 0x10faf3000 + 921445  // sentry::profiling::ThreadHandle::current() (in Acme) (SentryThreadHandle.cpp:49)
2   com.acme.AcmeApp            	0x000000010fbdc149 0x10faf3000 + 954697  // -[SentryTransactionContext getThreadInfo] (in Acme) (SentryTransactionContext.mm:127)
3   com.acme.AcmeApp            	0x000000010fbdc2ac 0x10faf3000 + 955052  // -[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Acme) (SentryTransactionContext.mm:147)
4   com.acme.AcmeApp            	0x000000010fbdbce9 0x10faf3000 + 953577  // -[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Acme) (SentryTransactionContext.mm:64)
5   com.acme.AcmeApp            	0x000000010fba626d 0x10faf3000 + 733805  // -[SentryHub startTransactionWithName:operation:bindToScope:] (in Acme) (SentryHub.m:323)
6   com.acme.AcmeApp            	0x000000010fbc4710 0x10faf3000 + 857872  // +[SentrySDK startTransactionWithName:operation:bindToScope:] (in Acme) (SentrySDK.m:200)
7   com.acme.AcmeApp            	0x000000010fb03295 0x10faf3000 + 66197   // InstallFlow.start() (in Acme) (InstallFlow.swift:22)
8   libswift_Concurrency.dylib    	0x000000010ff01286 swift::runJobInEstablishedExecutorContext(swift::Job*) + 70
9   libswift_Concurrency.dylib    	0x000000010ff01c7d swift_job_runImpl(swift::Job*, swift::ExecutorRef) + 77
10  libdispatch.dylib             	0x00007fff2076d806 _dispatch_client_callout + 8
11  libdispatch.dylib             	0x00007fff20779b4f _dispatch_main_queue_callback_4CF + 940
12  com.apple.CoreFoundation      	0x00007fff20a4c8d8 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9
13  com.apple.CoreFoundation      	0x00007fff20a0eb32 __CFRunLoopRun + 2755
14  com.apple.CoreFoundation      	0x00007fff20a0d9ac CFRunLoopRunSpecific + 563
15  com.apple.HIToolbox           	0x00007fff28c591f3 RunCurrentEventLoopInMode + 292
16  com.apple.HIToolbox           	0x00007fff28c58f55 ReceiveNextEventCommon + 587
17  com.apple.HIToolbox           	0x00007fff28c58cf3 _BlockUntilNextEventMatchingListInModeWithFilter + 70
18  com.apple.AppKit              	0x00007fff23217ad2 _DPSNextEvent + 864
19  com.apple.AppKit              	0x00007fff232162a5 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1364
20  com.apple.AppKit              	0x00007fff232085c9 -[NSApplication run] + 586
21  com.apple.AppKit              	0x00007fff231dc7cc NSApplicationMain + 816
22  com.acme.AcmeApp            	0x000000010fb171bc 0x10faf3000 + 147900
23  libdyld.dylib                 	0x00007fff20932f3d start + 1


Thread 7:: SentryCrash Exception Handler (Secondary)
0   libsystem_kernel.dylib        	0x00007fff208e229a mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff208e260c mach_msg + 60
2   com.acme.AcmeApp              	0x000000010fbe1386 0x10faf3000 + 975750
3   libsystem_pthread.dylib       	0x00007fff209178fc _pthread_start + 224
4   libsystem_pthread.dylib       	0x00007fff20913443 thread_start + 15


Thread 8:: com.apple.NSURLConnectionLoader
0   libsystem_kernel.dylib        	0x00007fff208e229a mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff208e260c mach_msg + 60
2   com.apple.CoreFoundation      	0x00007fff20a0febf __CFRunLoopServiceMachPort + 316
3   com.apple.CoreFoundation      	0x00007fff20a0e59f __CFRunLoopRun + 1328
4   com.apple.CoreFoundation      	0x00007fff20a0d9ac CFRunLoopRunSpecific + 563
5   com.apple.CFNetwork           	0x00007fff24eb9130 0x7fff24c78000 + 2363696
6   com.apple.Foundation          	0x00007fff21799487 __NSThread__start__ + 1068
7   libsystem_pthread.dylib       	0x00007fff209178fc _pthread_start + 224
8   libsystem_pthread.dylib       	0x00007fff20913443 thread_start + 15

Thread 9:: io.sentry.app-hang-tracker
0   libsystem_kernel.dylib        	0x00007fff208e4b92 __semwait_signal + 10
1   libsystem_c.dylib             	0x00007fff20864c1a nanosleep + 196
2   com.apple.Foundation          	0x00007fff2182cbc8 +[NSThread sleepForTimeInterval:] + 170
3   com.acme.AcmeApp              	0x000000010fb7b541 0x10faf3000 + 558401
4   com.apple.Foundation          	0x00007fff21799487 __NSThread__start__ + 1068
5   libsystem_pthread.dylib       	0x00007fff209178fc _pthread_start + 224
6   libsystem_pthread.dylib       	0x00007fff20913443 thread_start + 15


Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x00007ffee010b0a8  rcx: 0x00007fff208e220a  rdx: 0x0000000000000000
  rdi: 0x0000000000000010  rsi: 0x0000000000000103  rbp: 0x00007ffee010b090  rsp: 0x00007ffee010b068
   r8: 0x0000000000000000   r9: 0x00000000000000a0  r10: 0x00007fff208e2276  r11: 0x0000000000000206
  r12: 0x00007ffee010b0a8  r13: 0x00006000028779c0  r14: 0x0000000000000103  r15: 0x0000000000000000
  rip: 0x0000000000000000  rfl: 0x0000000000010246  cr2: 0x0000000000000000
  
Logical CPU:     4
Error Code:      0x00000014 (no mapping for user instruction read)
Trap Number:     14

Thread 0 instruction stream not available.

Thread 0 last branch register state not available.

@kahest kahest moved this from Needs Discussion to Needs Investigation in Mobile & Cross Platform SDK Oct 19, 2023
@armcknight armcknight self-assigned this Oct 19, 2023
@armcknight
Copy link
Member

Thanks for reporting @jozefizso, we'll investigate. (Internal reference.)

@armcknight
Copy link
Member

@jozefizso Are these macs that are under your control and could be used to test a patch? We have a potential workaround in #3364.

@armcknight armcknight moved this from Todo to Needs Review in Mobile & Cross Platform SDK Oct 28, 2023
@jozefizso
Copy link
Author

@armcknight We can contact the customer from our private beta program and try to have UX call to test it out.

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Oct 28, 2023
@jozefizso
Copy link
Author

This happened to our private beta customer. We will try to contact them to test the fix.

@armcknight
Copy link
Member

We've merged the PR, I'll ping back here when we generate the next release with the patch.

@jozefizso
Copy link
Author

Thanks a lot @armcknight. 🎆

@kahest
Copy link
Member

kahest commented Nov 8, 2023

The fix was released with 8.15.0.

@jozefizso
Copy link
Author

jozefizso commented Nov 8, 2023

We had a UX call with a customer who had crash with Sentry v8.9.4.

System info:

macOS 11.3.1 (20E241)
Apple M1 (proc 8:4:4 processors)
8 GB

Stacktrace:

-[SentryTransactionContext getThreadInfo] (in Acme) (SentryTransactionContext.mm:127)
-[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Acme) (SentryTransactionContext.mm:147)
-[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Acme) (SentryTransactionContext.mm:64)
-[SentryHub startTransactionWithName:operation:bindToScope:] (in Acme) (SentryHub.m:323)
+[SentrySDK startTransactionWithName:operation:bindToScope:] (in Acme) (SentrySDK.m:200)
InstallFlow.start() (in Acme) (InstallFlow.swift:22)

Crashlog info:

System Integrity Protection: enabled
 
Notes:                 Translocated Process
 
Crashed Thread:        0  Dispatch queue: com.apple.main-thread
 
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY
 
Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [15739]
 
VM Regions Near 0:
-->
    __TEXT                      1041a4000-104468000    [ 2832K] r-x/r-x SM=COW  /var/folders/*/Acme.app/Contents/MacOS/Acme

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   ???                                000000000000000000 0 + 0
1   com.acme.AcmeApp                   0x000000010426e40c 0x1041a4000 + 828428  // -[SentryTransactionContext getThreadInfo] (in Acme) (SentryTransactionContext.mm:127)
2   com.acme.AcmeApp                   0x000000010426e544 0x1041a4000 + 828740  // -[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Acme) (SentryTransactionContext.mm:147)
3   com.acme.AcmeApp                   0x000000010426df58 0x1041a4000 + 827224  // -[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Acme) (SentryTransactionContext.mm:64)
4   com.acme.AcmeApp                   0x0000000104241584 0x1041a4000 + 644484  // -[SentryHub startTransactionWithName:operation:bindToScope:] (in Acme) (SentryHub.m:323)
5   com.acme.AcmeApp                   0x000000010425a690 0x1041a4000 + 747152  // +[SentrySDK startTransactionWithName:operation:bindToScope:] (in Acme) (SentrySDK.m:200)
6   com.acme.AcmeApp                   0x00000001041b3808 0x1041a4000 + 63496   // InstallFlow.start() (in Acme) (InstallFlow.swift:22)
7   libswift_Concurrency.dylib    0x000000010458a4cc swift::runJobInEstablishedExecutorContext(swift::Job*) + 156
8   libswift_Concurrency.dylib    0x000000010458ae04 swift_job_runImpl(swift::Job*, swift::ExecutorRef) + 80
9   libdispatch.dylib                        0x000000019fe23e90 _dispatch_client_callout + 20
10  libdispatch.dylib                       0x000000019fe322e4 _dispatch_main_queue_callback_4CF + 884
11  com.apple.CoreFoundation                  0x00000001a0111e74 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16
12  com.apple.CoreFoundation                  0x00000001a00d0888 __CFRunLoopRun + 2524
13  com.apple.CoreFoundation                  0x00000001a00cf734 CFRunLoopRunSpecific + 600
14  com.apple.HIToolbox             0x00000001a7fcdb84 RunCurrentEventLoopInMode + 292
15  com.apple.HIToolbox             0x00000001a7fcd810 ReceiveNextEventCommon + 320
16  com.apple.HIToolbox             0x00000001a7fcd6b8 _BlockUntilNextEventMatchingListInModeWithFilter + 72
17  com.apple.AppKit                    0x00000001a28b94ec _DPSNextEvent + 836
18  com.apple.AppKit                    0x00000001a28b7e8c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1292
19  com.apple.AppKit                    0x00000001a28a9d18 -[NSApplication run] + 596
20  com.apple.AppKit                    0x00000001a287b728 NSApplicationMain + 1064
21  com.acme.AcmeApp                 0x00000001041c5ad0 0x1041a4000 + 137936
22  libdyld.dylib                               0x000000019fff0420 start + 4

@philipphofmann
Copy link
Member

@jozefizso, as pointed out above, this should be fixed with 8.15.0.

@armcknight
Copy link
Member

@jozefizso are you able to validate the branch in the linked pull request (#3443)?

@jozefizso
Copy link
Author

Hi @armcknight, we have another test MacBook available where our app crashes with the 8.15.2.

I compiled our app with the #3443 as SPM reference and still got the crash:

-[SentryTransactionContext getThreadInfo] (in AcmeApp) (SentryTransactionContext.mm:130)
sentry::profiling::ThreadHandle::current() (in AcmeApp) (SentryThreadHandle.cpp:51)
-[SentryTransactionContext commonInitWithName:source:parentSampled:] (in AcmeApp) (SentryTransactionContext.mm:155)
-[SentryTransactionContext initWithName:nameSource:operation:origin:] (in AcmeApp) (SentryTransactionContext.mm:64)
-[SentryHub startTransactionWithName:operation:bindToScope:] (in AcmeApp) (SentryHub.m:329)
+[SentrySDK startTransactionWithName:operation:bindToScope:] (in AcmeApp) (SentrySDK.m:216)
PreInstallFlow.start() (in AcmeApp) (PreInstallFlow.swift:16)

https://github.com/getsentry/sentry-cocoa/blob/armcknight/fix/3354-nilcheck/Sources/Sentry/SentryTransactionContext.mm#L130
https://github.com/getsentry/sentry-cocoa/blob/armcknight/fix/3354-nilcheck/Sources/Sentry/SentryThreadHandle.cpp#L51

Model: MacBookPro16,1, BootROM 2020.0.1.0.0 (iBridge: 21.16.365.0.0,0), 6 processors, 6-Core Intel Core i7, 2,6 GHz, 16 GB, SMC
Graphics: kHW_IntelUHDGraphics630Item, Intel UHD Graphics 630, spdisplays_builtin

Crash info:


Date/Time:             2023-11-23 06:07:44.786 -0800
OS Version:            macOS 11.7.10 (20G1427)
Report Version:        12
Bridge OS Version:     8.0 (21P365)
Anonymous UUID:        A576B358-0167-42B4-A18B-8A72AC8E16A0

Sleep/Wake UUID:       2F2CADF0-6E56-42CB-9E54-F41F1D0DC8BE

Time Awake Since Boot: 3200 seconds
Time Since Wake:       740 seconds

System Integrity Protection: enabled

Notes:                 Translocated Process

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [2800]

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Nov 23, 2023
@jozefizso
Copy link
Author

I tried it on the same system but on macOS 12 partition and sentry works there.

@getsantry getsantry bot removed the status in GitHub Issues with 👀 Nov 27, 2023
@kahest kahest moved this from Done to Needs Investigation in Mobile & Cross Platform SDK Nov 27, 2023
@armcknight
Copy link
Member

Thanks for responding @jozefizso , we're investigating further.

@jozefizso
Copy link
Author

Hi, is there an update about this issue? Our app is currently unusable on macOS 11 because of this.

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Dec 14, 2023
@armcknight
Copy link
Member

We don't currently have another lead on this, we're planning to take another look at it next week. Sorry for the delay!

Are you able to describe what's going on in your repro case at the time this crashes, if there's something reliably reproducing it? Are you using other threads, or creating/destroying many? Are you starting/stopping a manual transaction from main/other thread, or is this from automatic instrumentation?

@jozefizso
Copy link
Author

When I compile the app and sentry-cocoa with disabled optimizations, I get this stack trace:

std::__1::__unique_if<sentry::profiling::ThreadHandle>::__unique_single std::__1::make_unique[abi:v160006]<sentry::profiling::ThreadHandle, unsigned int const&>(unsigned int const&) (in Slido) (unique_ptr.h:686)
sentry::profiling::ThreadHandle::current() (in Slido) (SentryThreadHandle.cpp:51)
-[SentryTransactionContext getThreadInfo] (in Slido) (SentryTransactionContext.mm:130)
-[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Slido) (SentryTransactionContext.mm:153)
-[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Slido) (SentryTransactionContext.mm:61)
-[SentryHub startTransactionWithName:operation:bindToScope:] (in Slido) (SentryHub.m:329)
+[SentrySDK startTransactionWithName:operation:bindToScope:] (in Slido) (SentrySDK.m:217)
PreInstallFlow.start() (in Slido) (PreInstallFlow.swift:16)

The app will call SentrySDK.start() in the NSApplicationDelegate.applicationDidFinishLaunching() method.

We will create content view and show it in a new NSWindow. App will determine the flow (eg. installation, uninstallation, normal run of the app) and each flow will start transaction using SentrySDK.startTransaction().

Roughly:

@main
final class AppDelegate: NSObject, NSApplicationDelegate {
    func applicationDidFinishLaunching(_ aNotification: Notification) {
        SentrySDK.start { options in options.dsn = "DSN" }
    
        // create content view and NSWindow...

        self.appFlow = PreInstallFlow(
            appState: self.appState,
            buildInfo: buildInfo
        )
        Task { @MainActor in
            await self.appFlow?.start()
        }
    }
}

struct PreInstallFlow: AppFlow {
    func start() async {
        SentrySDK.startTransaction(
            name: "PreInstallFlow",
            operation: #function,
            bindToScope: true
        )
    }
}

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Dec 15, 2023
@jozefizso
Copy link
Author

jozefizso commented Dec 15, 2023

When I changed the code and put the SentrySDK.startTransaction() directly to the applicationDidFinishLaunching() I got the crash too:

std::__1::__unique_if<sentry::profiling::ThreadHandle>::__unique_single std::__1::make_unique[abi:v160006]<sentry::profiling::ThreadHandle, unsigned int const&>(unsigned int const&) (in Slido) (unique_ptr.h:686)
sentry::profiling::ThreadHandle::current() (in Slido) (SentryThreadHandle.cpp:51)
-[SentryTransactionContext getThreadInfo] (in Slido) (SentryTransactionContext.mm:130)
-[SentryTransactionContext commonInitWithName:source:parentSampled:] (in Slido) (SentryTransactionContext.mm:153)
-[SentryTransactionContext initWithName:nameSource:operation:origin:] (in Slido) (SentryTransactionContext.mm:61)
-[SentryHub startTransactionWithName:operation:] (in Slido) (SentryHub.m:318)
+[SentrySDK startTransactionWithName:operation:] (in Slido) (SentrySDK.m:210)
AppDelegate.applicationDidFinishLaunching(_:) (in Slido) (AppDelegate.swift:115)
@objc AppDelegate.applicationDidFinishLaunching(_:) (in Slido) (<compiler-generated>:0)

@armcknight
Copy link
Member

Thanks for the additional information @jozefizso . I'm not sure it's actually because of async/await and actors, but good to know more ways to look at this.

@kahest
Copy link
Member

kahest commented Dec 13, 2024

@armcknight I can't find instances of this in our internal monitoring (last 90 days) anymore, but I see the PR has never been merged. Do you suggest we get it merged?
@jozefizso do you know if this is still an issue?

@jozefizso
Copy link
Author

@kahest Our user base on macOS 11 dropped and we stopped supporting this OS. We have customers which run our product and do not report crashes - yet we would advise them to upgrade OS first if they had issues.

@kahest
Copy link
Member

kahest commented Dec 16, 2024

thank you @jozefizso for the speedy reply! I'll close this, but feel free to comment here with reports if it pops up again

@kahest kahest closed this as not planned Won't fix, can't repro, duplicate, stale Dec 16, 2024
@github-project-automation github-project-automation bot moved this from Needs Investigation to Done in Mobile & Cross Platform SDK Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Archived in project
Development

Successfully merging a pull request may close this issue.

4 participants