New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 900093 link

Starred by 1 user

Issue metadata

Status: Verified
Merged: issue 905580
Owner:
Closed: Jan 3
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

CRAS: crash hfp_buf_queued-9c163718

Project Member Reported by hychao@chromium.org, Oct 30

Issue description

Chrome OS: 11151.11.0

This is a reopen of  issue 863823 

which I thought the pin stream CL https://chromium-review.googlesource.com/1257487 fixes the crash, but turns out not :(

note: the CL landed at 11145.0.0

 
Found another improvement case when I investigate other crashes.

https://chromium-review.googlesource.com/c/chromiumos/third_party/adhd/+/1337236
CRAS: fix potential crash when init pinned stream
Mergedinto: 905580
Status: Duplicate (was: Assigned)
Dup to another crash bug, which shares the same root problem that an iodev with NULL format leaks to audio thread.
Status: Started (was: Duplicate)
Turns out the crash still happens after 905580 fixed...

Here's an example in M72 11316.6.0
https://crash.corp.google.com/browse?stbtiq=3f793d8dfe4e6ac3

Still the cause is that hfp iodev with NULL fmt leaked to audio thread.
Labels: M-72
Good news, I've found another trigger point to this crash.
This one still relates to pin stream. 

In short, the code to handle BT profile stream uses cras_iodev_list_disable_dev() but without setting the force_close flag. That's a leak to audio thread if there's active pin stream on the iodev.

Upload fix to:
https://chromium-review.googlesource.com/c/chromiumos/third_party/adhd/+/1390679

Project Member

Comment 5 by bugdroid1@chromium.org, Dec 29

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/adhd/+/ed0173de041e37cb6b581506a7ef54505e5b9e9c

commit ed0173de041e37cb6b581506a7ef54505e5b9e9c
Author: Hsin-Yu Chao <hychao@google.com>
Date: Sat Dec 29 00:14:06 2018

CRAS: bt_device - Force close dev at profile switch

Pin stream could stay connected to a BT output iodev while profile
switching from A2DP to HFP/HSP, and that causes crash because
iodev is still accessed by audio thread while main thread updates
its node.

BUG= chromium:900093 
TEST=Connect BT headset and select it for both input and output from
UI system tray.
Add a pinned output stream by 'cras_test_client --playback_f /dev/zero
--pin <id>' where id is for the BT output.
Then start input stream by 'cras_test_client --capture_file /tmp/1'
to trigger profile switch from A2DP to HFP. Verify CRAS doesn't crash.

Change-Id: If7f21e7d0e5a47c7d52175d6406e9311f5e0663c
Reviewed-on: https://chromium-review.googlesource.com/1390685
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Hsinyu Chao <hychao@chromium.org>
Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org>

[modify] https://crrev.com/ed0173de041e37cb6b581506a7ef54505e5b9e9c/cras/src/server/cras_bt_device.c

Labels: Merge-Request-72
Project Member

Comment 7 by sheriffbot@chromium.org, Jan 2

Labels: -Merge-Request-72 Merge-Review-72 Hotlist-Merge-Review
This bug requires manual review: M72 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: govind@(Android), kariahda@(iOS), djmm@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: djmm@chromium.org
Labels: -Merge-Review-72 Merge-Approved-72
Project Member

Comment 10 by bugdroid1@chromium.org, Jan 3

Labels: merge-merged-release-R72-11316.B
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/adhd/+/3346911e10cc420d959357801d3cd76a9b165e48

commit 3346911e10cc420d959357801d3cd76a9b165e48
Author: Hsin-Yu Chao <hychao@google.com>
Date: Thu Jan 03 03:53:05 2019

CRAS: bt_device - Force close dev at profile switch

Pin stream could stay connected to a BT output iodev while profile
switching from A2DP to HFP/HSP, and that causes crash because
iodev is still accessed by audio thread while main thread updates
its node.

BUG= chromium:900093 
TEST=Connect BT headset and select it for both input and output from
UI system tray.
Add a pinned output stream by 'cras_test_client --playback_f /dev/zero
--pin <id>' where id is for the BT output.
Then start input stream by 'cras_test_client --capture_file /tmp/1'
to trigger profile switch from A2DP to HFP. Verify CRAS doesn't crash.

Change-Id: If7f21e7d0e5a47c7d52175d6406e9311f5e0663c
Reviewed-on: https://chromium-review.googlesource.com/1390685
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Hsinyu Chao <hychao@chromium.org>
Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org>
(cherry picked from commit ed0173de041e37cb6b581506a7ef54505e5b9e9c)
Reviewed-on: https://chromium-review.googlesource.com/c/1394403
Reviewed-by: Hsinyu Chao <hychao@chromium.org>
Commit-Queue: Hsinyu Chao <hychao@chromium.org>

[modify] https://crrev.com/3346911e10cc420d959357801d3cd76a9b165e48/cras/src/server/cras_bt_device.c

Labels: -Merge-Approved-72 Merge-Merged
Status: Fixed (was: Started)

Comment 12 by hychao@chromium.org, Today (2 hours ago)

Status: Verified (was: Fixed)
Claiming victory now.
This no longer show up in the top 3 crashes in 11316.66.0, 11316.82.0, and 11578.0.0.

Sign in to add a comment