Crash in BluetoothLowEnergyCharacteristicsFinder |
|||||||||
Issue descriptionSigned in and got an almost-immediate crash. Thread 1 "chrome" received signal SIGSEGV, Segmentation fault. warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) 0x000002004751a3c7 in base::internal::CallbackBase<(base::internal::CopyMode)0>::Reset() () at /usr/local/google/chromium/.cros_cache/chrome-sdk/tarballs/eve+9864.0.0+target_toolchain/usr/bin/../lib/gcc/x86_64-cros-linux-gnu/4.9.x/include/g++-v4/bits/atomic_base.h:631 631 /usr/local/google/chromium/.cros_cache/chrome-sdk/tarballs/eve+9864.0.0+target_toolchain/usr/bin/../lib/gcc/x86_64-cros-linux-gnu/4.9.x/include/g++-v4/bits/atomic_base.h: No such file or directory. warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) (gdb) bt warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) #0 0x000002004751a3c7 in base::internal::CallbackBase<(base::internal::CopyMode)0>::Reset() () at /usr/local/google/chromium/.cros_cache/chrome-sdk/tarballs/eve+9864.0.0+target_toolchain/usr/bin/../lib/gcc/x86_64-cros-linux-gnu/4.9.x/include/g++-v4/bits/atomic_base.h:631 warning: (Internal error: pc 0x2004751a3c7 in read in psymtab, but not in symtab.) warning: Could not find DWO CU obj/components/cryptauth/ble/ble/bluetooth_low_energy_characteristics_finder.dwo(0x624b6a8018e51c9d) referenced by CU at offset 0xeac5f [in module /opt/google/chrome/chrome] warning: (Internal error: pc 0x2004ac32480 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004ac32430 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004ac32480 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004ac32480 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004ac32480 in read in psymtab, but not in symtab.) #1 0x000002004ac32481 in cryptauth::BluetoothLowEnergyCharacteristicsFinder::GattCharacteristicAdded(device::BluetoothAdapter*, device::BluetoothRemoteGattCharacteristic*) () at ../../components/cryptauth/ble/bluetooth_low_energy_characteristics_finder.cc:127 warning: (Internal error: pc 0x2004ac32480 in read in psymtab, but not in symtab.) warning: Could not find DWO CU obj/device/bluetooth/bluetooth/bluetooth_adapter.dwo(0x217df1b92db3256b) referenced by CU at offset 0x7e28b [in module /opt/google/chrome/chrome] warning: (Internal error: pc 0x2004846df89 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004846df10 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004846df89 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004846df89 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004846df89 in read in psymtab, but not in symtab.) #2 0x000002004846df8a in device::BluetoothAdapter::NotifyGattCharacteristicAdded(device::BluetoothRemoteGattCharacteristic*) () at ../../device/bluetooth/bluetooth_adapter.cc:236 warning: (Internal error: pc 0x2004846df89 in read in psymtab, but not in symtab.) warning: Could not find DWO CU obj/device/bluetooth/bluetooth/bluetooth_remote_gatt_service_bluez.dwo(0x3c82c87e196d0623) referenced by CU at offset 0x7e703 [in module /opt/google/chrome/chrome] warning: (Internal error: pc 0x2004848dbc7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004848d890 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004848dbc7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004848dbc7 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x2004848dbc7 in read in psymtab, but not in symtab.) #3 0x000002004848dbc8 in bluez::BluetoothRemoteGattServiceBlueZ::GattCharacteristicAdded(dbus::ObjectPath const&) () at ../../device/bluetooth/bluez/bluetooth_remote_gatt_service_bluez.cc:198 warning: (Internal error: pc 0x2004848dbc7 in read in psymtab, but not in symtab.) warning: Could not find DWO CU obj/device/bluetooth/bluetooth/bluetooth_gatt_characteristic_client.dwo(0x1864ea3a60093a72) referenced by CU at offset 0x7f033 [in module /opt/google/chrome/chrome] #4 0x00000200484bf834 in bluez::BluetoothGattCharacteristicClientImpl::ObjectAdded(dbus::ObjectPath const&, std::string const&) () at ../../device/bluetooth/dbus/bluetooth_gatt_characteristic_client.cc:206 warning: Could not find DWO CU obj/dbus/dbus/object_manager.dwo(0x7fd303a4dd8e0ae) referenced by CU at offset 0x72f97 [in module /opt/google/chrome/chrome] #5 0x0000020047f829d3 in dbus::ObjectManager::AddInterface(dbus::ObjectPath const&, std::string const&, dbus::MessageReader*) () at ../../dbus/object_manager.cc:470 #6 0x0000020047f82508 in dbus::ObjectManager::UpdateObject(dbus::ObjectPath const&, dbus::MessageReader*) () at ../../dbus/object_manager.cc:435 #7 0x0000020047f812fd in dbus::ObjectManager::InterfacesAddedReceived(dbus::Signal*) () at ../../dbus/object_manager.cc:385 warning: Could not find DWO CU obj/dbus/dbus/object_proxy.dwo(0x5f746273547a1d38) referenced by CU at offset 0x72ffb [in module /opt/google/chrome/chrome] #8 0x0000020047f869fd in dbus::ObjectProxy::RunMethod(base::TimeTicks, std::vector<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::allocator<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > >, dbus::Signal*) () at ../../base/callback.h:80 #9 0x0000020047f87571 in void base::internal::FunctorTraits<void (dbus::ObjectProxy::*)(base::TimeTicks, std::vector<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::allocator<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > >, dbus::Signal*), void>::Invoke<scoped_refptr<dbus::ObjectProxy> const&, base::TimeTicks const&, std::vector<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::allocator<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > > const&, dbus::Signal* const&>(void (dbus::ObjectProxy::*)(base::TimeTicks, std::vector<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::allocator<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > >, dbus::Signal*), scoped_refptr<dbus::ObjectProxy> const&, base::TimeTicks const&, std::vector<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::allocator<base::Callback<void (dbus::Signal*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > > const&, dbus::Signal* const&) () at ../../base/bind_internal.h:194 warning: Could not find DWO CU obj/base/base/task_annotator.dwo(0x87b1057d12402357) referenced by CU at offset 0x5477b [in module /opt/google/chrome/chrome] #10 0x000002004751f61a in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) () at ../../base/callback.h:91 warning: Could not find DWO CU obj/base/base/message_loop.dwo(0xd87f3225d5714e81) referenced by CU at offset 0x5514f [in module /opt/google/chrome/chrome] #11 0x0000020047538cee in base::MessageLoop::RunTask(base::PendingTask*) () at ../../base/message_loop/message_loop.cc:406 #12 0x00000200475394ea in base::MessageLoop::DoWork() () at ../../base/message_loop/message_loop.cc:417 warning: Could not find DWO CU obj/base/base/message_pump_libevent.dwo(0x1726dac83e6b68ae) referenced by CU at offset 0x551e7 [in module /opt/google/chrome/chrome] #13 0x000002004753ae99 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () at ../../base/message_loop/message_pump_libevent.cc:220 warning: Could not find DWO CU obj/base/base/run_loop.dwo(0x177055d32672558a) referenced by CU at offset 0x55bcf [in module /opt/google/chrome/chrome] #14 0x000002004755b116 in base::RunLoop::Run() () at ../../base/run_loop.cc:123 warning: Could not find DWO CU obj/chrome/browser/browser/chrome_browser_main.dwo(0x5795370fb61366ff) referenced by CU at offset 0x48deb [in module /opt/google/chrome/chrome] #15 0x00000200471dd398 in ChromeBrowserMainParts::MainMessageLoopRun(int*) () at ../../chrome/browser/chrome_browser_main.cc:1916 warning: Could not find DWO CU obj/content/browser/browser/browser_main_loop.dwo(0x704bf1ff4af1e5a3) referenced by CU at offset 0x1ad26 [in module /opt/google/chrome/chrome] #16 0x0000020045e51b94 in content::BrowserMainLoop::RunMainMessageLoopParts() () at ../../content/browser/browser_main_loop.cc:1173 warning: Could not find DWO CU obj/content/browser/browser/browser_main_runner.dwo(0x4c4cf15d069d6bb6) referenced by CU at offset 0x1ad5a [in module /opt/google/chrome/chrome] #17 0x0000020045e54562 in content::BrowserMainRunnerImpl::Run() () at ../../content/browser/browser_main_runner.cc:152 warning: Could not find DWO CU obj/content/browser/browser/browser_main.dwo(0xb9bd5a4a6b75e30b) referenced by CU at offset 0x1acf2 [in module /opt/google/chrome/chrome] #18 0x0000020045e4d3dc in content::BrowserMain(content::MainFunctionParams const&) () at ../../content/browser/browser_main.cc:46 warning: Could not find DWO CU obj/content/app/content_main_runner_both/content_main_runner.dwo(0x4dae122379b75baf) referenced by CU at offset 0x4847b [in module /opt/google/chrome/chrome] #19 0x00000200471b176c in content::ContentMainRunnerImpl::Run() () at ../../content/app/content_main_runner.cc:709 warning: Could not find DWO CU obj/services/service_manager/embedder/embedder/main.dwo(0x29459b18dd988397) referenced by CU at offset 0x48b97 [in module /opt/google/chrome/chrome] #20 0x00000200471d3192 in service_manager::Main(service_manager::MainParams const&) () at ../../services/service_manager/embedder/main.cc:469 warning: Could not find DWO CU obj/content/app/both/content_main.dwo(0xdcd3d0bafd21b2a3) referenced by CU at offset 0x4844b [in module /opt/google/chrome/chrome] #21 0x00000200471b0711 in content::ContentMain(content::ContentMainParams const&) () at ../../content/app/content_main.cc:19 warning: Could not find DWO CU obj/chrome/chrome_initial/chrome_main.dwo(0x7d67eda15e863621) referenced by CU at offset 0x30 [in module /opt/google/chrome/chrome] #22 0x00000200457e9155 in ChromeMain () at ../../chrome/app/chrome_main.cc:122 #23 0x00007ecd5caac736 in __libc_start_main (main=warning: Could not find DWO CU obj/chrome/chrome_initial/chrome_exe_main_aura.dwo(0x2e0b001d737b2f0a) referenced by CU at offset 0x0 [in module /opt/google/chrome/chrome] 0x200457e9080 <main>, argc=34, argv=0x7ffd78ca1048, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd78ca1038) at ../csu/libc-start.c:289 #24 0x00000200457e8f39 in _start ()
,
Aug 24 2017
Looks like the crash is at [1] where we call success_callback_.Reset(). |success_callback_| is a base::Callback (not a pointer), so there should be no problem calling this function unless the entire object has been deleted. However, we stop observing |adapter_| in the destructor, so I'm not sure how that could happen. Thoughts? [1] https://cs.chromium.org/chromium/src/components/cryptauth/ble/bluetooth_low_energy_characteristics_finder.cc?l=127
,
Aug 24 2017
,
Aug 24 2017
Looks like this is caused by the BluetoothLowEnergyCharacteristicsFinder object being deleted by the callback. Thus, after the callback completes, the BluetoothLowEnergyCharacteristicsFinder function continues running and accesses deleted memory. Since BluetoothLowEnergyCharacteristicsFinder is only used by BluetoothLowEnergyWeaveClientConnection and that class never uses the finder again after the callback is invoked, I'm just going to remove the BluetoothLowEnergyCharacteristicsFinder::ResetCallbacks() function altogether delete the object once the callback is invoked to ensure that no further callbacks will be made.
,
Aug 24 2017
,
Aug 24 2017
Requesting merge for the fix listed above. While it was being submitted, the bug tracker was down, so there was no post on this bug. Once I get approved, how do I go about merging my CL, since it is not associated with this bug?
,
Aug 24 2017
This bug requires manual review: We are only 11 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 24 2017
Approving merge to M61 Chrome OS.
,
Aug 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/884d30853a7d745969ab85b58145c0dfccbb82bc commit 884d30853a7d745969ab85b58145c0dfccbb82bc Author: Kyle Horimoto <khorimoto@google.com> Date: Thu Aug 24 22:04:20 2017 [CrOS Tether] Fix crash in BluetoothLowEnergyCharacteristicsFinder. This class takes two callbacks in its constructor, and sometimes when it invokes these callbacks, the owner of the callbacks deletes the object. Then, after the class continues executing code, it ends up touching deleted memory, causing a crash. To fix this issue, this CL... (1) Removes any subsequent code that would be called after the callback is invoked, removing the possibility of code being executed after the callback is invoked. (2) Causes the owner of the callbacks (BluetoothLowEnergyWeaveClientConnection) to delete its instance of BluetoothLowEnergyCharacteristicsFinder once the callback is invoked. TBR=khorimoto@google.com (cherry picked from commit f9509b77d7b29f651cf7f7cfbe2c456c0c78d0a6) Bug: 758447 , 672263 Change-Id: Id9bbacf26bd53dc796db25542c7c7d9f02a5757f Reviewed-on: https://chromium-review.googlesource.com/631416 Reviewed-by: Tim Song <tengs@chromium.org> Commit-Queue: Kyle Horimoto <khorimoto@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#497117} Reviewed-on: https://chromium-review.googlesource.com/634281 Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Commit-Position: refs/branch-heads/3163@{#863} Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528} [modify] https://crrev.com/884d30853a7d745969ab85b58145c0dfccbb82bc/components/cryptauth/ble/bluetooth_low_energy_characteristics_finder.cc [modify] https://crrev.com/884d30853a7d745969ab85b58145c0dfccbb82bc/components/cryptauth/ble/bluetooth_low_energy_characteristics_finder.h [modify] https://crrev.com/884d30853a7d745969ab85b58145c0dfccbb82bc/components/cryptauth/ble/bluetooth_low_energy_weave_client_connection.cc
,
Aug 24 2017
,
Jan 22 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by khorimoto@chromium.org
, Aug 24 2017