New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 835708 link

Starred by 2 users

Issue metadata

Status: Closed
Owner:
Closed: Nov 19
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

CRAS crash in bt_device_process_msg

Project Member Reported by hychao@chromium.org, Apr 23 2018

Issue description

https://crash.corp.google.com/3379f230620b21ba

0x000070cbe2f99dd2	(libc-2.23.so -raise.c:54 )	raise
0x000070cbe2f9bbf5	(libc-2.23.so -abort.c:89 )	abort
0x000070cbe2fdb496	(libc-2.23.so -libc_fatal.c:175 )	__libc_message
0x000070cbe2fe1610	(libc-2.23.so -malloc.c:5004 )	malloc_printerr
0x000070cbe2fe1f14	(libc-2.23.so -malloc.c:3865 )	_int_free
0x000057e5b2eb2a9b	(cras -cras_bt_device.c:1113 )	bt_device_process_msg
0x000057e5b2ece673	(cras -cras_main_message.c:95 )	handle_main_messages
0x000057e5b2eaf805	(cras -cras_server.c:554 )	cras_server_run
0x000057e5b2eaed0c	(cras -cras.c:139 )	main
0x000070cbe2f86735	(libc-2.23.so -libc-start.c:289 )	__libc_start_main
0x000057e5b2eae988	(cras + 0x00008988 )	_start
0x00007ffeda102bf7		
0x000057e5b2eae95f	(cras + 0x0000895f )	_init
 
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 24 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/adhd/+/8e025f0681a20225177893f743c175f3be95e5fe

commit 8e025f0681a20225177893f743c175f3be95e5fe
Author: Hsin-Yu Chao <hychao@chromium.org>
Date: Tue Apr 24 13:22:35 2018

CRAS: bt_device - Don't process msg if device doesn't exist

This change is for reducing crash in bt audio.
If a bt device got destroyed but a message from main thread
arrives later than that, do not process this message.

BUG= chromium:835708 
TEST=None

Change-Id: I882d668517d9231eee73d99b6bbde87e00b83cb7
Reviewed-on: https://chromium-review.googlesource.com/1023676
Commit-Ready: Hsinyu Chao <hychao@chromium.org>
Tested-by: Hsinyu Chao <hychao@chromium.org>
Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

[modify] https://crrev.com/8e025f0681a20225177893f743c175f3be95e5fe/cras/src/server/cras_bt_device.c

Comment 2 by hychao@chromium.org, Apr 26 2018

Cc: kbleicher@chromium.org
Labels: -Pri-3 Merge-Request-67 M-67 Pri-2
Status: Started (was: Assigned)
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 26 2018

Labels: -Merge-Request-67 Merge-Review-67 Hotlist-Merge-Review
This bug requires manual review: M67 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Was this crash a M67 regression?  Also, has the fix been tested / verified?


Comment 5 by hychao@chromium.org, Apr 30 2018

This is not a regression for M67. I believe this crash exists for a while.
Note that this crash is not reproducible locally. I'd like request merge to R67 so we can start watching crash report as early as possible to see if this gets fixed or not.

Comment 6 by cindyb@chromium.org, Apr 30 2018

Labels: -Merge-Review-67 Merge-Rejected-67
Prefer not to introduce at this stage in M67. Focus is on stability for the release. 
Status: Closed (was: Started)
Recent crash stats:
num_crash	product.Version	stable_signature
10	10575.58.0	bt_device_process_msg-d2944260
3	10575.58.0	bt_device_process_msg-41e18959
1	10575.58.0	bt_device_process_msg-9b29610f
1	10323.67.9	bt_device_process_msg-e5092d63
1	10575.58.0	bt_device_process_msg-21cf8b3f
1	10575.58.0	bt_device_process_msg-7f180cbc
1	10575.55.0	bt_device_process_msg-41e18959
1	10575.58.0	bt_device_process_msg-70e11a21
1	10895.78.0	bt_device_process_msg-41e18959
1	10575.55.0	bt_device_process_msg-8b8e4b80

There's one occurrence in M69, after fix CL in #1 landed:
https://crash.corp.google.com/browse?q=&stbtiq=bt_device_process_msg&reportid=736a7600ebd875ff&index=0

Closing this issue for now. May reopen if we see more occurrence in future.

Sign in to add a comment