Chrome_Mac: Crash Report - device::BluetoothRemoteGattCharacteristicMac::DidWriteValue |
|||||||
Issue descriptionProduct name: Chrome_Mac Magic Signature: device::BluetoothRemoteGattCharacteristicMac::DidWriteValue Current link: https://crash.corp.google.com/browse?q=reportid%3D'd12a7f0970000000'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'device%3A%3ABluetoothRemoteGattCharacteristicMac%3A%3ADidWriteValue'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3 Search properties: reportid: d12a7f0970000000 Metadata : Product Name: Chrome_Mac Product Version: 60.0.3102.0 Report ID: d12a7f0970000000 Report Time: Wed, 17 May 2017 15:00:23 GMT Uptime: 49000 ms Cumulative Uptime: 0 ms User Email: OS Name: Mac OS X OS Version: 10.12.4 16E195 CPU Architecture: amd64 CPU Info: family 6 model 70 stepping 1
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/250918d769bb378b1152db5176a642499fbe4146 commit 250918d769bb378b1152db5176a642499fbe4146 Author: Giovanni Ortuño Urquidi <ortuno@chromium.org> Date: Tue May 23 15:57:47 2017 bluetooth: Mark devices as disconnected when the adapter turns off On macOS when the adapter turns off all devices are disconnected[1] but didDisconnectPeripheral is not called by the OS. This was causing us to think that the device was still connected, keep around all its attributes and dispatch operations on the device even though the device was disconnected. Fixes the issue by calling didDisconnectPeripheral for each of our connected BluetoothDevices. [1] https://developer.apple.com/reference/corebluetooth/cbcentralmanagerdelegate/1518888-centralmanagerdidupdatestate?language=objc Bug: 724300 , 511025 Change-Id: I1dc0f63fcf55949a4596f0ba05a87f158840df16 Reviewed-on: https://chromium-review.googlesource.com/511882 Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Reviewed-by: Vincent Scheib <scheib@chromium.org> Cr-Commit-Position: refs/heads/master@{#473919} [modify] https://crrev.com/250918d769bb378b1152db5176a642499fbe4146/device/bluetooth/bluetooth_adapter_mac.mm [modify] https://crrev.com/250918d769bb378b1152db5176a642499fbe4146/device/bluetooth/bluetooth_adapter_unittest.cc [modify] https://crrev.com/250918d769bb378b1152db5176a642499fbe4146/device/bluetooth/test/bluetooth_test.h [modify] https://crrev.com/250918d769bb378b1152db5176a642499fbe4146/device/bluetooth/test/bluetooth_test_mac.h [modify] https://crrev.com/250918d769bb378b1152db5176a642499fbe4146/device/bluetooth/test/bluetooth_test_mac.mm
,
May 25 2017
ugh, still failing when refreshing the page.
,
May 26 2017
Users experienced this crash on the following builds: Mac Canary 60.0.3110.0 - 0.38 CPM, 1 reports, 1 clients (signature device::BluetoothRemoteGattCharacteristicMac::DidWriteValue) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
May 26 2017
1. Device connects.
2. Write to a characteristic without response. (Which ends up posting a task to run DidWriteValue)
3. Immediately disconnect. (which causes macOS to mark the device as disconnected)
4. Crash. (DidWriteValue is ran which CHECKs that the device is connected, but since it isn't it crashes).
Code to reproduce the issue with a Playbulb. It might take a couple of tries:
(async () => {
console.log('yay');
let device = await navigator.bluetooth.requestDevice({
filters:[{services: [0xff02]}]
});
await device.gatt.connect();
\
let service = await device.gatt.getPrimaryService(0xff02);
let characteristic = await service.getCharacteristic(0xfffc);
characteristic.writeValue(new Uint8Array([0xff, 0x88, 0x88, 0x88]));
device.gatt.disconnect();
})();
,
May 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9383c369577ba6704d02c6827f12dbbab7b28b55 commit 9383c369577ba6704d02c6827f12dbbab7b28b55 Author: Giovanni Ortuño Urquidi <ortuno@chromium.org> Date: Fri May 26 15:37:47 2017 bluetooth: Flush pending writes without response callbacks if we disconnected The problem: 1. Device connects. 2. Write to a characteristic without response. (Which ends up posting a task to run DidWriteValue) 3. Immediately disconnect. (which causes macOS to mark the device as disconnected) 4. Crash. (DidWriteValue is ran which CHECKs that the device is connected, but since it is it crashes). Flushes all pending writes when DidWriteValue is called and the device is disconnected. Bug: 724300 Change-Id: I6cb0fd640e313733297ae093f45bdaa8dfe71a67 Reviewed-on: https://chromium-review.googlesource.com/516487 Reviewed-by: Vincent Scheib <scheib@chromium.org> Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/master@{#475008} [modify] https://crrev.com/9383c369577ba6704d02c6827f12dbbab7b28b55/device/bluetooth/bluetooth_remote_gatt_characteristic_mac.mm [modify] https://crrev.com/9383c369577ba6704d02c6827f12dbbab7b28b55/device/bluetooth/bluetooth_remote_gatt_characteristic_unittest.cc [modify] https://crrev.com/9383c369577ba6704d02c6827f12dbbab7b28b55/device/bluetooth/test/mock_bluetooth_central_manager_mac.mm
,
May 26 2017
,
May 26 2017
hmm this missed the branch point. We should ask for merge once it has been on canary for a day.
,
May 30 2017
,
May 30 2017
Your change meets the bar and is auto-approved for M60. Please go ahead and merge the CL to branch 3112 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 31 2017
Thanks for the fix. Please confirm whether the fix is verified in canary. If yes, merge to 3112 branch before 4.00 PM PST(05/31) to make it to next release.
,
May 31 2017
I already cherry picked the patch but for some reason it didn't show up here. https://chromium-review.googlesource.com/c/517453/ I set the label manually. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ortuno@chromium.org
, May 23 2017