Description
upload-symbols (v3.20 build 39) bundled with FirebaseCrashlytics crashes with Trace/BPT trap: 5 (SIGTRAP / _xpc_api_misuse) when executed from an Xcode build phase (via xcodebuild subprocess) on macOS 26.3.1 / Xcode 26.2.
The same binary runs successfully when invoked manually from a login shell (including --version, --help, and a real upload with valid -gsp + dSYM). The same CI setup works on a second runner still on macOS 26.3 (build 25D125). After that runner is upgraded to 26.3.1, the crash reproduces there too.
Crash report asiSignatures: ["API Misuse"]. The failure path is inside libxpc triggered by xpc_connection_set_target_uid, which appears to be rejected in the Xcode build-phase subprocess environment because that context lacks a full audit session / login context.
This looks related to but distinct from #15896:
Reproducing the issue
- Set up a CI runner on macOS 26.3.1 + Xcode 26.2.
- In an iOS Flutter app integrating
firebase_crashlytics, run the Xcode archive step from a CI environment (e.g. flutter build ipa or xcodebuild archive driven by a CI runner process).
- Xcode invokes the
[firebase_crashlytics] Crashlytics Upload Symbols Run Script build phase, which executes:
"$PODS_ROOT/FirebaseCrashlytics/upload-symbols" --flutter-project "$PROJECT_DIR/firebase_app_id_file.json"
- The script fails with:
line N: PID Trace/BPT trap: 5 "$PODS_ROOT/FirebaseCrashlytics/upload-symbols" ...
Command PhaseScriptExecution failed with a nonzero exit code
Manually running the same binary from a login shell on the same machine with the same arguments (real Google service plist, real dSYM folder) succeeds and uploads dSYMs to Crashlytics as expected.
Moving upload-symbols out of the Xcode build phase and invoking upload_symbols_to_crashlytics (Fastlane) / direct upload-symbols call from a regular shell context (CI script step) bypasses the crash completely and uploads the dSYMs successfully.
Firebase SDK Version
12.4.0 (also reproduces with 12.9.0, which includes the "Conformed to Mach IPC security restrictions" fix)
Xcode Version
26.2 (build 17C52)
Installation Method
CocoaPods
Firebase Product(s)
Targeted Platforms
Relevant Log Output
Script-XXXXXXXXXXXXXXXXXXXX.sh: line N: PID Trace/BPT trap: 5 "${PODS_ROOT}/FirebaseCrashlytics/upload-symbols" --flutter-project "$PROJECT_DIR/firebase_app_id_file.json"
Command PhaseScriptExecution failed with a nonzero exit code
Crash report (excerpt):
asiSignatures: ["API Misuse"]
Thread 1 Crashed:
...
_xpc_api_misuse
xpc_connection_set_target_uid
-[SOServiceConnection _connectToService]
-[SOConfigurationClient defaultClient]
+[SOAuthorizationCore _canPerformAuthorizationWithURL:...]
AppSSO::shouldManageURL(...)
AppSSOProtocol::_canHandleTask(...)
-[__NSURLSessionLocal _protocolClassForTask:]
-[NSURLSessionTask resume]
Additional notes
On the failing machine, the binary's extended attributes include com.apple.provenance (from the pod fetch). Removing this attribute before execution does not change the behavior.
Environment comparison:
|
Failing runner |
Working runner |
| macOS |
26.3.1 (25D2128) |
26.3 (25D125) |
| Xcode |
26.2 (17C52) |
26.2 (17C52) |
xcode-select -p |
/Applications/Xcode-26.2.0.app/Contents/Developer |
same |
upload-symbols |
3.20 build 39 |
3.20 build 39 |
Happy to provide additional crash reports or testing on the failing environment if that helps.
Description
upload-symbols(v3.20 build 39) bundled with FirebaseCrashlytics crashes withTrace/BPT trap: 5(SIGTRAP /_xpc_api_misuse) when executed from an Xcode build phase (viaxcodebuildsubprocess) on macOS 26.3.1 / Xcode 26.2.The same binary runs successfully when invoked manually from a login shell (including
--version,--help, and a real upload with valid-gsp+ dSYM). The same CI setup works on a second runner still on macOS 26.3 (build 25D125). After that runner is upgraded to 26.3.1, the crash reproduces there too.Crash report
asiSignatures:["API Misuse"]. The failure path is insidelibxpctriggered byxpc_connection_set_target_uid, which appears to be rejected in the Xcode build-phase subprocess environment because that context lacks a full audit session / login context.This looks related to but distinct from #15896:
Path to CoreSymbolication is invalid, abortingerror and is fixed by readingDEVELOPER_DIR(PR Update upload-symbols with better logging and readingDEVELOPER_DIRto get Xcode path for CoreSymbolication #16007, pending release).__builtin_traps insidexpc_connection_set_target_uidbefore any debug logging (-d) can run.DEVELOPER_DIRis already pointing at a valid Xcode installation on the failing machine (confirmed viaxcode-select -p).Reproducing the issue
firebase_crashlytics, run the Xcode archive step from a CI environment (e.g.flutter build ipaorxcodebuild archivedriven by a CI runner process).[firebase_crashlytics] Crashlytics Upload SymbolsRun Script build phase, which executes:Manually running the same binary from a login shell on the same machine with the same arguments (real Google service plist, real dSYM folder) succeeds and uploads dSYMs to Crashlytics as expected.
Moving
upload-symbolsout of the Xcode build phase and invokingupload_symbols_to_crashlytics(Fastlane) / directupload-symbolscall from a regular shell context (CI script step) bypasses the crash completely and uploads the dSYMs successfully.Firebase SDK Version
12.4.0 (also reproduces with 12.9.0, which includes the "Conformed to Mach IPC security restrictions" fix)
Xcode Version
26.2 (build 17C52)
Installation Method
CocoaPods
Firebase Product(s)
Targeted Platforms
Relevant Log Output
Crash report (excerpt):
Additional notes
On the failing machine, the binary's extended attributes include
com.apple.provenance(from the pod fetch). Removing this attribute before execution does not change the behavior.Environment comparison:
xcode-select -p/Applications/Xcode-26.2.0.app/Contents/Developerupload-symbolsHappy to provide additional crash reports or testing on the failing environment if that helps.