New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 698911 link

Starred by 1 user
Status: Fixed
Owner:
miguelg@chromium.org
Last visit > 30 days ago
Closed: Mar 2017
Cc:
rsesek@chromium.org
peter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

AlertNotificationService hidden crash (SIGILL or Code Signature Invalid) in Canary

Project Member Reported by tapted@chromium.org, Mar 7 2017 
Chrome Version       : since 59.0.3030.0
OS Version: OS X 10.12.3

What steps will reproduce the problem?
1. Run Chrome. Poke around in Console.app.

What is the expected result?

No crashes.


What happens instead of that?

New crashes started appearing for AlertNoticationService since 59.0.3030.0. Possibly related to  Issue 696493 .

Reports attached.

e.g.

Process:               AlertNotificationService [5159]
Path:                  /Applications/Google Chrome Canary.app/Contents/Versions/59.0.3030.0/Google Chrome Framework.framework/Versions/A/XPCServices/AlertNotificationService.xpc/Contents/MacOS/AlertNotificationService
Identifier:            AlertNotificationService
Version:               1.0 (1)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           Google Chrome Canary [25045]
User ID:               175663

Date/Time:             2017-03-06 16:41:21.714 +1100
OS Version:            Mac OS X 10.12.3 (16D32)
Report Version:        12
Anonymous UUID:        5313859F-D86B-7AB0-1EE5-41584053948F


Time Awake Since Boot: 1600000 seconds

System Integrity Protection: enabled

Crashed Thread:        1  Dispatch queue: com.apple.NSXPCConnection.user.25045

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [0]

Application Specific Information:
XPC API Misuse: Underflow of transaction count.

Application Specific Signatures:
API Misuse

-----
Process:               AlertNotificationService [12965]
Path:                  /Applications/Google Chrome Canary.app/Contents/Versions/59.0.3032.0/Google Chrome Framework.framework/Versions/A/XPCServices/AlertNotificationService.xpc/Contents/MacOS/AlertNotificationService
Identifier:            AlertNotificationService
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
User ID:               175663

Date/Time:             2017-03-07 10:37:06.382 +1100
OS Version:            Mac OS X 10.12.3 (16D32)
Report Version:        12
Anonymous UUID:        5313859F-D86B-7AB0-1EE5-41584053948F


Time Awake Since Boot: 62000 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Killed: 9
Termination Reason:    Namespace SIGNAL, Code 0x9
Terminating Process:   launchd [1]


UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3026.3 Safari/537.36
AlertNotificationService_2017-03-07-103710_tapted-macpro2.crash
3.2 KB Download
AlertNotificationService_2017-03-06-164122_tapted-macpro2.crash
40.6 KB Download

Comment 1 by miguelg@chromium.org, Mar 7 2017 

This is "just" the XPC crashing. It still should not happen and I will look into it but it should cause no user visible impact.

Comment 2 by miguelg@chromium.org, Mar 7 2017

Labels: M-59
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a69a95ffd08ee6447a804526e1bf8c228f7a6952

commit a69a95ffd08ee6447a804526e1bf8c228f7a6952
Author: miguelg <miguelg@chromium.org>
Date: Tue Mar 07 23:00:59 2017

Check that a transaction is opened before closing it

The introduction of "Close All" provided a situation where we can close
a transaction that has not been opened which crashes the XPC service

BUG= 698911 

Review-Url: https://codereview.chromium.org/2735093004
Cr-Commit-Position: refs/heads/master@{#455273}

[modify] https://crrev.com/a69a95ffd08ee6447a804526e1bf8c228f7a6952/chrome/browser/ui/cocoa/notifications/xpc_transaction_handler.mm

Comment 4 by miguelg@chromium.org, Mar 7 2017

Labels: -M-59 Merge-Request-58 M-58
Project Member

Comment 5 by sheriffbot@chromium.org, Mar 8 2017

Labels: -Merge-Request-58 Hotlist-Merge-Approved Merge-Approved-58
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), bhthompson@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 6 by bugdroid1@chromium.org, Mar 9 2017

Labels: -merge-approved-58 merge-merged-3029
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8552222d2d23eb37b11a8af041f493185f549990

commit 8552222d2d23eb37b11a8af041f493185f549990
Author: Miguel Garcia <miguelg@chromium.org>
Date: Thu Mar 09 15:14:06 2017

Check that a transaction is opened before closing it

The introduction of "Close All" provided a situation where we can close
a transaction that has not been opened which crashes the XPC service

BUG= 698911 

Review-Url: https://codereview.chromium.org/2735093004
Cr-Commit-Position: refs/heads/master@{#455273}
(cherry picked from commit a69a95ffd08ee6447a804526e1bf8c228f7a6952)

Review-Url: https://codereview.chromium.org/2737373004 .
Cr-Commit-Position: refs/branch-heads/3029@{#82}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}

[modify] https://crrev.com/8552222d2d23eb37b11a8af041f493185f549990/chrome/browser/ui/cocoa/notifications/xpc_transaction_handler.mm

Comment 7 by miguelg@chromium.org, Mar 9 2017

Status: Fixed (was: Assigned)

Sign in to add a comment