Issue metadata
Sign in to add a comment
|
Chrome_Mac: Crash Report - mojo::`anonymous namespace'::SendInvitation |
||||||||||||||||||||
Issue descriptionreporter:kkaluri@google.com Magic Signature: mojo::`anonymous namespace'::SendInvitation Crash link: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Mac%27+AND+product.version%3D%2773.0.3639.1%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27dev%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27app_shim%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27mojo%3A%3A%60anonymous+namespace%5C%27%3A%3ASendInvitation%27&stbtiq=&reportid=&index=0 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome_Mac Magic Signature : mojo::`anonymous namespace'::SendInvitation Product Version: 73.0.3639.1 Process type: app_shim Report ID: 328c289654dd3077 Report Url: https://crash.corp.google.com/328c289654dd3077 Report Time: 2018-12-17T10:21:07-08:00 Upload Time: 2018-12-17T10:21:08.149-08:00 Uptime: 5000 ms OS Name: Mac OS X OS Version: 10.14.1 18B75 CPU Architecture: amd64 CPU Info: family 6 model 61 stepping 4 ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 84%. Thread id: 25990. ------------------------------------------------------------------------------- 0x000000010c12df04 (Google Chrome Framework - invitation.cc: 36) mojo::(anonymous namespace)::SendInvitation(mojo::ScopedHandleBase<mojo::InvitationHandle>, int, mojo::PlatformHandle, unsigned int, unsigned int, base::RepeatingCallback<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)> const&, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >) 0x000000010c12e03c (Google Chrome Framework - invitation.cc: 180) mojo::OutgoingInvitation::SendIsolated(mojo::PlatformChannelEndpoint, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >) 0x000000010c12e442 (Google Chrome Framework - isolated_connection.cc: 31) mojo::IsolatedConnection::Connect(mojo::PlatformChannelEndpoint) 0x000000010ae4ec88 (Google Chrome Framework - app_shim_controller.mm: 90) AppShimController::CreateChannelAndSendLaunchApp(base::FilePath const&) 0x000000010ae4eba1 (Google Chrome Framework - app_shim_controller.mm: 83) AppShimController::InitBootstrapPipe() 0x000000010c01cd74 (Google Chrome Framework - callback.h: 99) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010c03837e (Google Chrome Framework - message_loop_impl.cc: 374) base::MessageLoopImpl::RunTask(base::PendingTask*) 0x000000010c038892 (Google Chrome Framework - message_loop_impl.cc: 385) base::MessageLoopImpl::DoWork() 0x000000010c03a4d2 (Google Chrome Framework - message_pump_mac.mm: 487) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010c02cd19 (Google Chrome Framework + 0x0281fd19) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010c039e2e (Google Chrome Framework - message_pump_mac.mm: 461) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff3a96e154 (CoreFoundation + 0x00058154) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff3a96e0fa (CoreFoundation + 0x000580fa) __CFRunLoopDoSource0 0x00007fff3a951b94 (CoreFoundation + 0x0003bb94) __CFRunLoopDoSources0 0x00007fff3a95113d (CoreFoundation + 0x0003b13d) __CFRunLoopRun 0x00007fff3a950a27 (CoreFoundation + 0x0003aa27) CFRunLoopRunSpecific 0x00007fff39be9b34 (HIToolbox + 0x0000ab34) RunCurrentEventLoopInMode 0x00007fff39be986a (HIToolbox + 0x0000a86a) ReceiveNextEventCommon 0x00007fff39be95e7 (HIToolbox + 0x0000a5e7) _BlockUntilNextEventMatchingListInModeWithFilter 0x00007fff37ea5eb6 (AppKit + 0x0001aeb6) _DPSNextEvent 0x00007fff37ea4c55 (AppKit + 0x00019c55) -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 0x00007fff37e9ecb8 (AppKit + 0x00013cb8) -[NSApplication run] 0x000000010c03ae3b (Google Chrome Framework - message_pump_mac.mm: 847) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x000000010c0397fe (Google Chrome Framework - message_pump_mac.mm: 185) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010c05d734 (Google Chrome Framework - run_loop.cc: 102) <name omitted> 0x0000000109810492 (Google Chrome Framework - chrome_main_app_mode_mac.mm: 290) ChromeAppModeStart_v4 0x0000000106a1c0d7 (app_mode_loader + 0x000020d7) 0x00007fff67b2e08c (libdyld.dylib + 0x0001708c) start 0x00007fff67b2e08c (libdyld.dylib + 0x0001708c) start ------------------------------------------------------------------------------- Manual regression range finder link ------------------------------------------------------------------------------- https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27mojo%3A%3A%60anonymous+namespace%5C%27%3A%3ASendInvitation%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27app_shim%27#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions
,
Dec 18
[stability sheriff] I'm not familiar with the app_shim process. ccameron could you look? There are some changes in the blame list like: https://chromium-review.googlesource.com/c/1364220 https://chromium-review.googlesource.com/c/1364210 https://chromium-review.googlesource.com/c/1359724 https://chromium-review.googlesource.com/c/1373433 https://chromium-review.googlesource.com/c/1373733
,
Dec 18
NamedPlatformChannel::ConnectToServer can fail and return an invalid endpoint. You probably just need to handle that gracefully.
,
Jan 3
+ellyjones to triage and find an owner
,
Jan 4
to sdy@ - I think from the stack trace that this is a PWA bug? Not R-V-EI though.
,
Jan 7
[stability sheriff] sdy@: could you please confirm if you are the right owner for this bug?
,
Jan 7
I don't know what this crash is off the top of my head, but I can look at it.
,
Jan 7
Please see comment #3. At least when I last looked, the crash seemed clearly due to an invalid handle being passed to SendInvitation, which is not allowed. The invalid handle was acquired (or rather... not acquired) by making an unsuccessful call to NamedPlatformChannel::ConnectToServer in the shim code.
,
Jan 7
Thanks! I missed that comment before.
,
Jan 8
[stability sheriff] Thanks for looking into this. Removing this bug from the stability sheriff queue.
,
Yesterday
(44 hours ago)
I think I found the root cause of this, and it's a horrible bug that I'm surprised we hadn't hit before. Note that in app_shim_loader at [0], we populate app_mode::ChromeAppModeInfo. This is in code that is compiled directly into app_shim_loader. Then at [1] we read the app_mode::ChromeAppModeInfo and parse it. The idea is that app_mode::ChromeAppModeInfo is stable across versions. The problem is that it *IS NOT*. It includes such things as std::string (not stable) and base::FilePath (totally not stable!). The result is that when I try to run a shim, the app_mode::ChromeAppModeInfo is garbage and I get the error spew: ccameron-macbookpro:Chrome Canary Apps.localized ccameron$ ./Killer\ Marmot.app/Contents/MacOS/app_mode_loader [0121/015456.736026:FATAL:double_fork_and_exec.cc(126)] execvp /Users/ccameron/Applications/Chrome Canary Apps.localized/Killer Marmot.app/Helpers/crashpad_handler: No such file or directory (2) [0121/015456.736702:ERROR:file_io.cc(89)] ReadExactly: expected 8, observed 0 [0121/015456.737642:WARNING:resource_bundle.cc(357)] locale_file_path.empty() for locale en_US [0121/015457.013714:WARNING:resource_bundle.cc(922)] locale resources are not loaded [0121/015457.017747:ERROR:named_platform_channel_posix.cc(145)] connect App Shim Socket: No such file or directory (2) Trace/BPT trap: 5 This is not a fun bug to discover on the week of branch, but it is totally fix-able (just use types that are *actually* stable). All shims that ever were created need to be regenerated (but hey, they're already all broken ... probably by the completely innocuous crrev.com/620036 (just a guess, could have been a toolchain update). [0] https://cs.chromium.org/chromium/src/chrome/app_shim/app_mode_loader_mac.mm?rcl=58acb7411fa06ff319f01e21fdadd6b3ea538cca&l=200 [1] https://cs.chromium.org/chromium/src/chrome/app_shim/chrome_main_app_mode_mac.mm?rcl=58acb7411fa06ff319f01e21fdadd6b3ea538cca&l=168
,
Yesterday
(44 hours ago)
I think we have run into exactly this bug before in Issue 561205 , which was caused from moving from the system C++ stdlib (a GNU variant) to a statically linked libc++. Hopefully the same fix from then will work now - bumping the versioned name of the method looked up in the Chromium framework by the shim, which will cause the shim to fail to find the entry point, and be recreated. :)
,
Today
(14 hours ago)
The fix from issue 561205 won't help here. We now statically link not system libc++, but one that's explicitly built with _LIBCPP_ABI_UNSTABLE -- C++ abi types can change more or less at any point now. If we had done the right fix back in issue 561205 (mentioned in comment 11), we wouldn't have this replay now :-/
,
Today
(14 hours ago)
,
Today
(8 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9ba5da35aa4601b8e3f13b2028a09cc516d463e3 commit 9ba5da35aa4601b8e3f13b2028a09cc516d463e3 Author: Christopher Cameron <ccameron@chromium.org> Date: Tue Jan 22 22:00:56 2019 MacPWAs: Make ChromeAppModeInfo stable This structure is to be shared across separately-compiled versions of Chrome, since it is shared between the app_mode_loader and Chrome. The structures std::string and base::FilePath are not stable, so don't use them. Increment the app version number to reflect this change. Add compile-time checks that will indicate if the structure size changes. Version mismatches were manifesting as a crash in mojo::SendInvitation the mojo::ScopedMessagePipeHandle was invalid. Add a CHECK that the handle is valid for controlled demolition. Bug: 916034 Change-Id: If06a590b8a28bc9ea9d8c2470a49a2fc4111c93b Reviewed-on: https://chromium-review.googlesource.com/c/1425038 Commit-Queue: ccameron <ccameron@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Dominick Ng <dominickn@chromium.org> Cr-Commit-Position: refs/heads/master@{#624947} [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/app/framework.order [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/app_shim/app_mode_loader_mac.mm [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/app_shim/app_shim_controller.mm [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/app_shim/chrome_main_app_mode_mac.mm [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/browser/apps/platform_apps/shortcut_manager.cc [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/common/mac/app_mode_common.h [modify] https://crrev.com/9ba5da35aa4601b8e3f13b2028a09cc516d463e3/chrome/common/mac/app_mode_common.mm |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by kkaluri@chromium.org
, Dec 18Components: Internals>Mojo
Labels: -Type-Bug RegressedIn-73 TE-CrashTriage Target-73 Stability-Sheriff-Desktop FoundIn-73 Type-Bug-Regression