[pull] master from chromium:master #13
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Introduce surface augmenter and overlay prioritizer protocol implementations. Design Doc: go/surface-augmenter Bug: b/192238059 Change-Id: I08a215e1822f5b7364a587c3036e7fbaeb201f9b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3024529 Commit-Queue: Lucas Berthou <berlu@chromium.org> Reviewed-by: Mitsuru Oshima <oshima@chromium.org> Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> Cr-Commit-Position: refs/heads/main@{#923540}
This change adds a PowerModeVoter instance to LocalMojoFrameHandler to cover cases when the renderer is doing work while possibly invisible (which would previously be classified as 'idle' and potentially unnecessarily throttled). Bug: 1166695 Change-Id: I0ffc51f6c66a7ea9fa592cc12ed7258f1d183911 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3163452 Reviewed-by: Nate Chapin <japhet@chromium.org> Reviewed-by: Eric Seckler <eseckler@chromium.org> Commit-Queue: Oksana Zhuravlova <oksamyt@chromium.org> Cr-Commit-Position: refs/heads/main@{#923541}
Roll Chrome Mac PGO profile from chrome-mac-main-1632225600-ae3d3dc83c7a41a68c9453e2af44a2105e01bbf9.profdata to chrome-mac-main-1632247107-eb872ea5396a091343d795f43f915a049a04c926.profdata If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/pgo-mac-chromium Please CC pgo-profile-sheriffs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium main branch: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Cq-Include-Trybots: luci.chrome.try:mac-chrome Tbr: pgo-profile-sheriffs@google.com Change-Id: I5b4796ba1b85ab5411b4ee0e4b6516859a79a70a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173859 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923542}
- Moves Discover Feed Observer from Content Suggestions mMdiator to NTP Coordinator. - Sets NTP Coordinator as DiscoverFeedDelegate instead of Content Suggestions Coordinator. - Moves DiscoverFeedDelegate protocol from content-suggestions/ to ntp/. - Changes implementation of recreateDiscoverFeed, since the NTP must now be recreated. This is because the refactored NTP is rooted at the feed. - Renames function from updateDiscoverFeedVisibility to updateNTPForDiscoverFeed, since it is now used more generally. Bug: 1250869 Change-Id: Iefe0d2331dc3a9cef1a887a18f07082f6ca7e3ee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3172292 Commit-Queue: Adam Trudeau-Arcaro <adamta@google.com> Reviewed-by: Sergio Collazos <sczs@chromium.org> Cr-Commit-Position: refs/heads/main@{#923543}
We have approval from privacy to reduce the thresholds, as long as we also reduce the corresponding output sizes. Bug: 1211045 Change-Id: Ifa4bee7384f43f6c2562ccadd1833c0be7cf65c1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173914 Reviewed-by: Bettina Dea <bdea@chromium.org> Commit-Queue: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/main@{#923544}
The 'scale' property is not supposed to distinguish between 2D and 3D values, so identity values in the Z axis should be normalized away as described in https://drafts.csswg.org/css-transforms-2/#individual-transform-serialization Fixed: 1180311 Change-Id: I6bbf314d6fb9d2d6371b2c2a6ea69ca3bbaccd6b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3171398 Auto-Submit: David Baron <dbaron@chromium.org> Commit-Queue: Anders Hartvoll Ruud <andruud@chromium.org> Reviewed-by: Anders Hartvoll Ruud <andruud@chromium.org> Cr-Commit-Position: refs/heads/main@{#923545}
Bug: 1163972 Change-Id: Ide81517ddce5b49b1bd5c071c280be7231dca1be Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3172637 Reviewed-by: Nate Fischer <ntfschr@chromium.org> Commit-Queue: Palak Agarwal <agpalak@chromium.org> Cr-Commit-Position: refs/heads/main@{#923546}
Change-Id: Icab9e02901c029d2ea3f247f3a7f68c08a5bd928 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173666 Commit-Queue: David Grogan <dgrogan@chromium.org> Commit-Queue: Ian Kilpatrick <ikilpatrick@chromium.org> Auto-Submit: David Grogan <dgrogan@chromium.org> Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org> Cr-Commit-Position: refs/heads/main@{#923547}
Update the PartnerType enum to include newly introduced types. Also, extend the expiry date for TypeC histograms by 6 months. Bug: b/195056095 Change-Id: Id42eccdc3fde1aa5e7b9e6bf643e922bf8f5bdf0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173774 Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org> Commit-Queue: Prashant Malani <pmalani@chromium.org> Cr-Commit-Position: refs/heads/main@{#923548}
https://android.googlesource.com/platform/external/perfetto.git/+log/e311098b41b5..485b177f008b If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/perfetto-trace-processor-mac-chromium Please CC perfetto-bugs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: perfetto-bugs@google.com Change-Id: I2a464f48e104ba87fb42464affa2bb413d2b687b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173772 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923549}
Bug: b:186631850 Change-Id: I4dffa94b5db8c91faa22fbdd0de3cf2241640689 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3163287 Reviewed-by: Ian Barkley-Yeung <iby@chromium.org> Commit-Queue: Xiangdong Kong <xiangdongkong@google.com> Cr-Commit-Position: refs/heads/main@{#923550}
BR clearance is special in that it's applied *after* the content (the
line), while regular CSS clearance is about adding spacing *before*
something. If clearance from a BR element crosses fragmentainer
boundaries, do two things:
1. If the line has content before the BR clear element, add an
additional line break before it, so that we can fit everything on the
line before the BR in the correct fragmentainer. In addition to looking
good, the line may contain floats, and we cannot push those ahead of us,
as we'd get no progress that way!
2. Abort layout of a line with an isolated BR clear element, if it needs
to be pushed to a subsequent fragmentainer, and ignore any orphans and
widows requests in this case (we're creating a line that doesn't really
exist, spec-wise). Layout is aborted with
NGLayoutResult::kOutOfFragmentainerSpace.
We were already handling kOutOfFragmentainerSpace layout abortions for
new-FC children, as this was already supported for nested multicol
containers. Now that we also support it for same-FC children (such as
lines), we need to update the code to not assume that layout was
successful. Handle block fragmentation a bit earlier (so that we'll
return before attempting to access the resulting fragment), and add
checks for successful layout where needed.
It might be possible to add real support for trailing clearance to the
block fragmentation engine, but it just seemed like an unreasonably
large effort (especially maintenance-wise) for such a corner-case.
This fixes the following tests in external/wpt/css/CSS2/floats-clear/
(not part of the virtual/layout_ng_block_frag/ testsuite) when
LayoutNGBlockFragmentation is enabled:
floats-clear-multicol-000.html
floats-clear-multicol-001.html
floats-clear-multicol-balancing-000.html
floats-clear-multicol-balancing-001.html
Bug: 829028
Change-Id: If3ebb307cac4afd388e5edfc2ac576510afe283e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168884
Commit-Queue: Morten Stenshorne <mstensho@chromium.org>
Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org>
Reviewed-by: Koji Ishii <kojii@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923551}
Change-Id: If690cbf454bae5f4f144dbe248e368d3e8ca9fab Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3169468 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Edward Jung (EMEA) <edwardjung@chromium.org> Commit-Queue: Edward Jung (EMEA) <edwardjung@chromium.org> Auto-Submit: Mike Dougherty <michaeldo@chromium.org> Cr-Commit-Position: refs/heads/main@{#923552}
https://webrtc.googlesource.com/src.git/+log/68dc02b32fb3..b918230640db 2021-09-21 boivie@webrtc.org Move StrongAlias to rtc_base If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/webrtc-chromium-autoroll Please CC webrtc-chromium-sheriffs-robots@google.com on the revert to ensure that a human is aware of the problem. To file a bug in WebRTC: https://bugs.chromium.org/p/webrtc/issues/entry To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Bug: None Tbr: webrtc-chromium-sheriffs-robots@google.com Change-Id: I98c339e996c4bed580285ec87d32a642f732885f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173833 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923553}
This reverts commit f0b4035. Reason for revert: Suspected as cause of DestroyProfileOnBrowserClose/ProfileManagerBrowserTest.DeletePasswords failing across many builders. See https://crbug.com/1251749. Original change's description: > [Passwords] Make PasswordStoreImpl a separate backend > > Without enabled features, this should be a noop. > With kUnifiedPasswordManagerShadowAndroid enabled, this should now > not crash anymore (but forward calls to the x-platform implementation). > > With this change, the PasswordStoreImpl isn't implementing the > PasswordStore interface anymore but instead is injected into the > Store on creation. > The behavior is mostly the same except for the deletion. Since the > PasswordStoreImpl is not ref-counted anymore, the password store needs > to initiate its shutdown explicitly. Since tasks on the background > thread that the backend uses may still be in flux, the store passes the > unique_ptr that stores the backend to `Shutdown()`. Shutdown can then > ensure that the backend is only deleted after the tasks are finished. > > This has the nice side-effect that the backend is guaranteed to > outlive its tasks. Therefore, we can post each task with base::Unretained. > > Bug: 1217071 > Change-Id: I8fb47d7cb5bd4e29ae83ddaa29b6512795514eca > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3135655 > Reviewed-by: Christos Froussios <cfroussios@chromium.org> > Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org> > Reviewed-by: Ioana Pandele <ioanap@chromium.org> > Reviewed-by: Christian Dullweber <dullweber@chromium.org> > Reviewed-by: Rohit Rao <rohitrao@chromium.org> > Commit-Queue: Friedrich [CET] <fhorschig@chromium.org> > Cr-Commit-Position: refs/heads/main@{#923481} Bug: 1217071 Change-Id: I1130cc3136f776b992712e7734e193d936d51ba7 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173786 Auto-Submit: Matthew Wolenetz <wolenetz@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org> Owners-Override: Matthew Wolenetz <wolenetz@chromium.org> Cr-Commit-Position: refs/heads/main@{#923554}
Bug: 1069271 Change-Id: I26aea638d61d6d7908e0d1ed86ea6ba730ef0b7b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173670 Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Commit-Queue: danakj <danakj@chromium.org> Cr-Commit-Position: refs/heads/main@{#923555}
PS #8 and PS #7 in this CL had passed PY3 runs on fuchsia. Bug: 1197679 Change-Id: I161f435f60f99ee286e7bc928fd3c0c92e714f71 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3126588 Reviewed-by: Dirk Pranke <dpranke@google.com> Commit-Queue: Preethi Mohan <preethim@google.com> Cr-Commit-Position: refs/heads/main@{#923556}
It turns out that my previous scheme for localization (having one string per device type with a placeholder to put the connection type in) can't be localized correctly in some languages, as the gender of the connection type has to match that of the device type. Instead we need one string for each possible combination. Bug: 1207678 Change-Id: Ie202a45063e7fc00c0264cd9cf6f4adc88f78eea Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173020 Commit-Queue: Jimmy Gong <jimmyxgong@chromium.org> Reviewed-by: Jimmy Gong <jimmyxgong@chromium.org> Cr-Commit-Position: refs/heads/main@{#923557}
https://android.googlesource.com/platform/external/perfetto.git/+log/ad3da2777b62..797d10c71859 If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/perfetto-trace-processor-win-chromium Please CC perfetto-bugs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: perfetto-bugs@google.com Change-Id: I16e54c324eabac4612b124673759d27c36a22a81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173952 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923558}
Screenshot: http://shortn/_IAwTOQqTSV Bug: 1125150 Change-Id: I0f2fe46c05e59b105ff07ee6280f96742cb17c47 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173658 Auto-Submit: Michael Checo <michaelcheco@google.com> Reviewed-by: Jimmy Gong <jimmyxgong@chromium.org> Commit-Queue: Michael Checo <michaelcheco@google.com> Cr-Commit-Position: refs/heads/main@{#923559}
Bug: 1245834 Change-Id: Ie493ff21a6033c6bc77fb4218b440083ce50b88b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3171929 Reviewed-by: dpapad <dpapad@chromium.org> Commit-Queue: Rebekah Potter <rbpotter@chromium.org> Cr-Commit-Position: refs/heads/main@{#923560}
Change-Id: I6f50b8fd7e3e4c24bf1ef092c4f7006d0c91b4c4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173154 Commit-Queue: Internal Frameworks Autoroller <bling-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: Internal Frameworks Autoroller <bling-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923561}
- Set the action toolbar to show when the preview area is in focus - Stop auto-focusing the preview area after a multi-page scan so the toolbar does not automatically show Bug: 1210271 Change-Id: Iffc5760f33a3966495c160d7e27b42438853d710 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3171930 Commit-Queue: Jimmy Gong <jimmyxgong@chromium.org> Reviewed-by: Jimmy Gong <jimmyxgong@chromium.org> Cr-Commit-Position: refs/heads/main@{#923562}
Use base::NoDestructor instead, as base::LazyInstance is deprecated. Bug: 800760 Change-Id: I1dfc4158deed7ed18a00da3650c348c6e52009b9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3165459 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#923563}
…ly path. Bug: 904556 Change-Id: I130d194fb8f85e186d8b1c8e261c61747a543895 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173785 Commit-Queue: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Alexei Svitkine <asvitkine@chromium.org> Auto-Submit: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Alexei Svitkine <asvitkine@chromium.org> Cr-Commit-Position: refs/heads/main@{#923564}
…g pages Currently called in RFH::UnloadOldFrame, which for prerendering pages only happens when committing an error page or for subframe navigations when RenderDocument is enabled. Change-Id: I3dffc80e4be2e6d3e6dbbf74ebbdba89ba553bc0 Bug: 1245056 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3072720 Reviewed-by: Alexander Timin <altimin@chromium.org> Commit-Queue: Adithya Srinivasan <adithyas@chromium.org> Cr-Commit-Position: refs/heads/main@{#923565}
- Add functionality to create file and append to log - Add unit tests Bug: 1125150 Test: ash_webui_unittests Change-Id: I3a2efd17dad3333bcb468c3a65f69975ecaa6ad1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3171255 Commit-Queue: Zentaro Kavanagh <zentaro@chromium.org> Reviewed-by: Jimmy Gong <jimmyxgong@chromium.org> Cr-Commit-Position: refs/heads/main@{#923566}
This is to prevent alerts caused by these builders to be filtered into the shadow reclient set and not be assigned to troppers. Bug: 1251400 Change-Id: Ic803167b82ba780ec32cc70701a89bc2381981b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3169259 Reviewed-by: Dirk Pranke <dpranke@google.com> Commit-Queue: Michael Savigny <msavigny@google.com> Cr-Commit-Position: refs/heads/main@{#923567}
https://chromium.googlesource.com/devtools/devtools-frontend.git/+log/7519fa6c98b8..c6f0c825f7c0 2021-09-21 szuend@chromium.org Prepare DevTools for removal of default 'any' from ObjectWrapper If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/devtools-frontend-chromium Please CC devtools-waterfall-sheriff-onduty@grotations.appspotmail.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Bug: chromium:1228674 Tbr: devtools-waterfall-sheriff-onduty@grotations.appspotmail.com Change-Id: Ibb4b52d8afd2b6c35b9a6a7aaf4cbe9d893afcb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173243 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#923568}
This PopupBrowserTest is frequently timing out on Win7 CI builder. BUG=1251717 Change-Id: I0ad57ba6fd19775579b87e542ba48554f98fbaed Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173784 Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Auto-Submit: Matthew Wolenetz <wolenetz@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/main@{#923569}
pull bot
pushed a commit
that referenced
this pull request
Aug 12, 2022
Using GDB, I found that an underflow occurred with a
range = {start_ = 0, end_ = 3} and selection_before=3
and would lead to a selection being constructed like
gfx::Range::Range (start=18446744073709551613, end=<optimized out>,
this=<optimized out>).
This seemed to induce a crash further down the stack.
Tested that the test crashes with the old code:
```
[ RUN ] InputMethodAshTest.SetCompositionTextFails
Received signal 4 ILL_ILLOPN 556aba022ebf
#0 0x556ab9d9d9d2 base::debug::CollectStackTrace()
#1 0x556ab9ce5103 base::debug::StackTrace::StackTrace()
#2 0x556ab9d9d566 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f7123b99200 (/usr/lib/x86_64-linux-gnu/libpthread-2.33.so+0x121ff)
#4 0x556aba022ebf ui::InputMethodAsh::SetCompositionRange()
#5 0x556ab98c4b3d ui::InputMethodAshTest_SetCompositionTextFails_Test::TestBody()
#6 0x556ab99b79f2 testing::Test::Run()
#7 0x556ab99b82a0 testing::TestInfo::Run()
#8 0x556ab99b8b27 testing::TestSuite::Run()
#9 0x556ab99c1c48 testing::internal::UnitTestImpl::RunAllTests()
#10 0x556ab99c18a9 testing::UnitTest::Run()
#11 0x556ab9def29d base::TestSuite::Run()
#12 0x556ab9cbc6cc _ZNO4base12OnceCallbackIFivEE3RunEv
#13 0x556ab9df1657 base::LaunchUnitTests()
#14 0x556ab988d627 main
#15 0x7f712386d7fd __libc_start_main
#16 0x556ab97d14ea _start
r8: 00007ffdfba1a930 r9: fffffffffffffff8 r10: 00007ffdfba1a5e0 r11: 00007ffdfba1a5d8
r12: 0000000000000005 r13: 0000000000002710 r14: 00007ffdfba1a910 r15: 00007ffdfba1a8a0
di: 00007ffdfba1a8a0 si: 00007ffdfba1a638 bp: 00007ffdfba1a670 bx: 00007ffdfba1a680
dx: 0000000000000000 ax: ffffffffffffd8f0 cx: 00000000ffffffff sp: 00007ffdfba1a630
ip: 0000556aba022ebf efl: 0000000000010a07 cgf: 002b000000000033 erf: 0000000000000000
trp: 0000000000000006 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(EXIT_FAILURE). Core file will not be generated.
[731/734] InputMethodAshTest.SetCompositionTextFails (CRASHED)
[732/734] InputMethodAshTest.ExtractCompositionTextTest_SingleUnderline (1 ms)
[733/734] InputMethodAshTest.ExtractCompositionTextTest_DoubleUnderline (1 ms)
[734/734] InputMethodAshTest.ExtractCompositionTextTest_ErrorUnderline (1 ms)
1 test crashed:
InputMethodAshTest.SetCompositionTextFails (../../ui/base/ime/ash/input_method_ash_unittest.cc:596)
```
CRBUG=1347801
Change-Id: Ie516bc42fd19e9b2db5e7b1408b4ad3b20c1583e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3823154
Reviewed-by: Mehrab N <mehrab@chromium.org>
Commit-Queue: Keith Lee <keithlee@chromium.org>
Reviewed-by: Darren Shen <shend@chromium.org>
Auto-Submit: Keith Lee <keithlee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1034343}
pull bot
pushed a commit
that referenced
this pull request
Aug 31, 2022
This reverts commit 395b2b1. Reason for revert: the following test cases fail - MediaFoundationRendererIntegrationTest.BasicPlayback - MediaFoundationRendererIntegrationTest.BasicPlayback_MediaSource on Windows 10/Asan with the failure log: [ RUN ] MediaFoundationRendererIntegrationTest.BasicPlayback ================================================================= ==644==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000008 (pc 0x7ff6889a1e92 bp 0x00c26c4fe5f0 sp 0x00c26c4fe560 T0) ==644==The signal is caused by a READ memory access. ==644==Hint: address points to the zero page. ==644==*** WARNING: Failed to initialize DbgHelp! *** ==644==*** Most likely this means that the app is already *** ==644==*** using DbgHelp, possibly with incompatible flags. *** ==644==*** Due to technical reasons, symbolization might crash *** ==644==*** or produce wrong results. *** #0 0x7ff6889a1e91 in base::RepeatingCallback<void (const base::UnguessableToken &, const gfx::Size &, base::TimeDelta)>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:263 #1 0x7ff6889a1e91 in media::MediaFoundationRenderer::RequestNextFrame(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer.cc:1022:23 #2 0x7ff68899bed8 in media::MediaFoundationRenderer::OnPlaying(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer.cc:838:3 #3 0x7ff68a04bb3a in base::OnceCallback<void ()>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:145 #4 0x7ff68a04bb3a in base::TaskAnnotator::RunTaskImpl(struct base::PendingTask &) C:\b\s\w\ir\cache\builder\src\base\task\common\task_annotator.cc:133:32 #5 0x7ff68ac91059 in base::TaskAnnotator::RunTask C:\b\s\w\ir\cache\builder\src\base\task\common\task_annotator.h:72 #6 0x7ff68ac91059 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(class base::LazyNow *) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:422:21 #7 0x7ff68ac90046 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork(void) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:292:41 #8 0x7ff68acc53da in base::MessagePumpDefault::Run(class base::MessagePump::Delegate *) C:\b\s\w\ir\cache\builder\src\base\message_loop\message_pump_default.cc:39:55 #9 0x7ff68ac9316b in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, class base::TimeDelta) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:575:12 #10 0x7ff68960a00c in base::RunLoop::Run(class base::Location const &) C:\b\s\w\ir\cache\builder\src\base\run_loop.cc:141:14 #11 0x7ff68942c9a7 in media::PipelineIntegrationTestBase::RunUntilQuitOrError(class base::RunLoop *) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:697:13 #12 0x7ff689424636 in media::PipelineIntegrationTestBase::RunUntilQuitOrEndedOrError(class base::RunLoop *) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:709:3 #13 0x7ff689424449 in media::PipelineIntegrationTestBase::WaitUntilEndedOrError(void) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:226:5 #14 0x7ff689423ac4 in media::PipelineIntegrationTestBase::WaitUntilOnEnded(void) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:217:27 #15 0x7ff686ce4597 in media::MediaFoundationRendererIntegrationTest_BasicPlayback_Test::TestBody(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer_integration_test.cc:92:3 #16 0x7ff6870b0c77 in testing::Test::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:2670:5 #17 0x7ff6870b2c3b in testing::TestInfo::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:2849:11 #18 0x7ff6870b498e in testing::TestSuite::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:3008:30 #19 0x7ff6870d772f in testing::internal::UnitTestImpl::RunAllTests(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:5866:44 #20 0x7ff6870d6bd5 in testing::UnitTest::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:5440:10 #21 0x7ff6896d7a69 in RUN_ALL_TESTS C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\include\gtest\gtest.h:2284 #22 0x7ff6896d7a69 in base::TestSuite::Run(void) C:\b\s\w\ir\cache\builder\src\base\test\test_suite.cc:463:16 #23 0x7ff6896dc4ed in base::OnceCallback<int ()>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:145 #24 0x7ff6896dc4ed in base::`anonymous namespace'::LaunchUnitTestsInternal C:\b\s\w\ir\cache\builder\src\base\test\launcher\unit_test_launcher.cc:181:38 #25 0x7ff6896dc0ba in base::LaunchUnitTests(int, char **, class base::OnceCallback<(void)>, unsigned __int64) C:\b\s\w\ir\cache\builder\src\base\test\launcher\unit_test_launcher.cc:272:10 #26 0x7ff686dcc7f9 in main C:\b\s\w\ir\cache\builder\src\media\test\run_all_unittests.cc:52:10 #27 0x7ff68c67712b in invoke_main d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78 #28 0x7ff68c67712b in __scrt_common_main_seh d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288 #29 0x7fff384a2773 (C:\Windows\System32\KERNEL32.DLL+0x180012773) #30 0x7fff386e0d50 (C:\Windows\SYSTEM32\ntdll.dll+0x180070d50) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: access-violation C:\b\s\w\ir\cache\builder\src\base\callback.h:263 in base::RepeatingCallback<void (const base::UnguessableToken &, const gfx::Size &, base::TimeDelta)>::Run ==644==ABORTING Original change's description: > [MediaFoundation] Request next frame during onPlaying event > > OS: Win10, Win11 > > During OnPlaying event, a frame request should be called to get > the first frame to output at the earliest possible time. This > is the earliest time when a frame is available. Current > implementation waits for render to be called, while > StartPlayingFrom's call for RequestNextFrameBetweenTimestamps > may not output a result if the media engine is not yet ready > to output a frame. > > Bug: 1355520 > Change-Id: Ice60ac41ca4b8cae9b0687626e93017d0a4406f0 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3852409 > Reviewed-by: Xiaohan Wang <xhwang@chromium.org> > Commit-Queue: Daoyuan Li <daoyuanli@microsoft.com> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1041097} Bug: 1355520 Change-Id: Ic483e314ce14e3f187691df772515eacea387cb1 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3863075 Commit-Queue: Asami Doi <asamidoi@chromium.org> Owners-Override: Asami Doi <asamidoi@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Asami Doi <asamidoi@chromium.org> Cr-Commit-Position: refs/heads/main@{#1041256}
pull bot
pushed a commit
that referenced
this pull request
Sep 1, 2022
Enabling ozone_unittests on linux bots revealed some problems
with downcasting. In particular, linux-ubsan-vptr bot started to
fail with the following error message -
./../ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:515:10: runtime error: downcast of address 0x2ccc00349e00 which does not point to an object of type 'const WaylandExchangeDataProvider'
0x2ccc00349e00: note: object is of type 'ui::OSExchangeDataProviderNonBacked'
00 00 00 00 28 3b f6 e3 f0 55 00 00 01 00 00 00 00 00 00 00 20 b1 26 00 cc 2c 00 00 28 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ui::OSExchangeDataProviderNonBacked'
#0 0x55f0e331831c in GetOfferedExchangeDataProvider ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:515:10
#1 0x55f0e331831c in ui::WaylandDataDragController::StartSession(ui::OSExchangeData const&, int, ui::mojom::DragEventSource) ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:133:23
#2 0x55f0e3366bbc in ui::WaylandWindow::StartDrag(ui::OSExchangeData const&, int, ui::mojom::DragEventSource, ui::Cursor, bool, base::OnceCallback<void (ui::mojom::DragOperation)>, ui::WmDragHandler::LocationDelegate*) ui/ozone/platform/wayland/host/wayland_window.cc:227:45
#3 0x55f0e2b28c32 in ui::WaylandDataDragControllerTest_AsyncNoopStartDrag_Test::TestBody() ui/ozone/platform/wayland/host/wayland_data_drag_controller_unittest.cc:973:28
#4 0x55f0e2e26ab1 in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2670:5
#5 0x55f0e2e28046 in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2849:11
#6 0x55f0e2e29beb in testing::TestSuite::Run() third_party/googletest/src/googletest/src/gtest.cc:3008:30
#7 0x55f0e2e3fafe in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5866:44
#8 0x55f0e2e3e604 in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:5440:10
#9 0x55f0e34276d1 in RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73
#10 0x55f0e34276d1 in base::TestSuite::Run() base/test/test_suite.cc:463:16
#11 0x55f0e342b9dc in Run base/callback.h:145:12
#12 0x55f0e342b9dc in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) base/test/launcher/unit_test_launcher.cc:181:38
#13 0x55f0e342b877 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) base/test/launcher/unit_test_launcher.cc:272:10
#14 0x55f0e2acc2cc in main mojo/core/test/run_all_unittests.cc:69:10
#15 0x7ff7560d4082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#16 0x55f0e2ab4169 in _start (/home/msisov/code/chromium/src/out/asan/ozone_unittests+0xb13169) (BuildId: 77bfee5b71bd92da)
It turned out that WaylandDataDragController was getting a non-backed provider
as a Wayland one wasn't set (it's set during OzonePlatformWayland initialization
in production). As a result, downcasting to WaylandExchangeDataProvider
was illegal in tests. It's unknown why tests didn't fail. Probably,
the result of the WaylandDataDragController::GetOfferedExchangeDataProvider
was never used. And the problem with downcasting was only caught with
this new bot.
Bug: 1358123
Change-Id: I4c8deb16a57b485de1fabd91fdcaab136d5da639
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3865512
Commit-Queue: Maksim Sisov <msisov@igalia.com>
Reviewed-by: Alexander Dunaev <adunaev@igalia.com>
Cr-Commit-Position: refs/heads/main@{#1041976}
pull bot
pushed a commit
that referenced
this pull request
Oct 6, 2022
This reverts commit b121781. Reason for revert: breaks asan see https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ASan%20LSan%20Tests%20(1)/106685/test-results ================================================================= ==7990==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500014a3c8 at pc 0x55bcdbc9090d bp 0x7ffe8c468ab0 sp 0x7ffe8c468aa8 READ of size 8 at 0x61500014a3c8 thread T0 (browser_tests) #0 0x55bcdbc9090c in begin buildtools/third_party/libc++/trunk/include/vector:1374:33 #1 0x55bcdbc9090c in begin<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &> base/ranges/ranges.h:44:37 #2 0x55bcdbc9090c in begin<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &> base/ranges/ranges.h:105:10 #3 0x55bcdbc9090c in find_if<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &, (lambda at ../../base/observer_list.h:287:21), base::identity, std::Cr::random_access_iterator_tag> base/ranges/algorithm.h:483:26 #4 0x55bcdbc9090c in base::ObserverList<permissions::PermissionRequestManager::Observer, false, true, base::internal::UncheckedObserverAdapter>::RemoveObserver(permissions::PermissionRequestManager::Observer const*) base/observer_list.h:286:21 #5 0x55bcdf91c380 in Reset base/scoped_observation.h:86:7 #6 0x55bcdf91c380 in ~ScopedObservation base/scoped_observation.h:70:26 #7 0x55bcdf91c380 in permissions::PermissionRequestObserver::~PermissionRequestObserver() components/permissions/test/permission_request_observer.cc:14:55 #8 0x55bccbcd2629 in PermissionRequestChipGestureSensitiveBrowserTest_ShouldUpdateActiverPRMAndObservations_Test::RunTestOnMainThread() chrome/browser/ui/views/permissions/permission_request_chip_browsertest.cc:294:1 #9 0x55bce299402f in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() content/public/test/browser_test_base.cc:883:7 #10 0x55bce299accf in Invoke<void (content::BrowserTestBase::*)(), content::BrowserTestBase *> base/functional/bind_internal.h:643:12 #11 0x55bce299accf in MakeItSo<void (content::BrowserTestBase::*)(), std::Cr::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported> > > base/functional/bind_internal.h:822:12 #12 0x55bce299accf in RunImpl<void (content::BrowserTestBase::*)(), std::Cr::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported> >, 0UL> base/functional/bind_internal.h:916:12 #13 0x55bce299accf in base::internal::Invoker<base::internal::BindState<void (content::BrowserTestBase::*)(), base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported>>, void ()>::RunOnce(base::internal::BindStateBase*) base/functional/bind_internal.h:867:12 Original change's description: > Make confirmation chip independent of request chip > > See design doc: go/confirmation-chip > > Bug: 1364276 > Change-Id: Iab08a5bb96271d45101ba68c0134751b921b7667 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3921717 > Commit-Queue: Florian Jacky <fjacky@chromium.org> > Reviewed-by: Illia Klimov <elklm@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1055397} Bug: 1364276 Change-Id: Iecf56cfafaf15a2ab8329138f7508de8afd0a341 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3937182 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Avi Drissman <avi@chromium.org> Owners-Override: Avi Drissman <avi@chromium.org> Auto-Submit: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/main@{#1055548}
pull bot
pushed a commit
that referenced
this pull request
Oct 21, 2022
`char16_t` (which `UChar` is defined as) cannot be used to alias general memory.
Yet we try to use it to read a `blink::QualifiedName::QualifiedNameImpl` among other things.
This is UB, and gcc -O2 misoptimizes it. When chromium is compiled with allocator shim, this manifests as an immediate crash:
* frame #0: 0x0000556e1280927b electron`FreelistCorruptionDetected [inlined] operator() at partition_freelist_entry.h:31
frame #1: 0x0000556e1280927a electron`FreelistCorruptionDetected(extra=48) at partition_freelist_entry.h:31
frame #2: 0x0000556e129dd167 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) at partition_freelist_entry.h:303
frame #3: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) [inlined] partition_alloc::internal::PartitionFreelistEntry::GetNext(unsigned long) const at partition_freelist_entry.h:328
frame #4: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) [inlined] partition_alloc::internal::SlotSpanMetadata<true>::PopForAlloc(unsigned long) at partition_page.h:739
frame #5: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(this=0x0000556e19292598, root=0x0000556e19292500, flags=33, raw_size=<unavailable>, slot_span_alignment=48, is_already_zeroed=0x00007ffe8f1196f7) at partition_bucket.cc:1354
frame #6: 0x0000556e129ddbc0 electron`partition_alloc::ThreadCache::FillBucket(unsigned long) at partition_root.h:1076
frame #7: 0x0000556e129ddbbb electron`partition_alloc::ThreadCache::FillBucket(this=<unavailable>, bucket_index=5755259732000) at thread_cache.cc:607
frame #8: 0x0000556e129dfd3a electron`base::internal::PartitionMalloc(base::allocator::AllocatorDispatch const*, unsigned long, void*) at thread_cache.h:525
frame #9: 0x0000556e129dfd18 electron`base::internal::PartitionMalloc(base::allocator::AllocatorDispatch const*, unsigned long, void*) at partition_root.h:1742
frame #10: 0x0000556e129dfb18 electron`base::internal::PartitionMalloc((null)=<unavailable>, size=40, context=<unavailable>) at allocator_shim_default_dispatch_to_partition_alloc.cc:304
frame #11: 0x0000556e128dbe43 electron`::malloc(unsigned long) at allocator_shim.cc:201:37
frame #12: 0x0000556e128dbe30 electron`::malloc(size=40) at allocator_shim_override_libc_symbols.h:35:20
frame #13: 0x0000556e16c0f6e6 electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] WTF::RefCounted<blink::QualifiedName::QualifiedNameImpl, WTF::DefaultRefCountedTraits<blink::QualifiedName::QualifiedNameImpl>>::operator new(unsigned long) at ref_counted.h:44
frame #14: 0x0000556e16c0f6e1 electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] blink::QualifiedName::QualifiedNameImpl::Create((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) at qualified_name.h:62
frame #15: 0x0000556e16c0f6dd electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) at qualified_name.cc:69
frame #16: 0x0000556e16c0f6ba electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] void WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>::Translate<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedNameData&, blink::QualifiedNameData>(blink::QualifiedName::QualifiedNameImpl*&, blink::QualifiedNameData&, blink::QualifiedNameData const&, unsigned int) at hash_set.h:184
frame #17: 0x0000556e16c0f6ba electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) (.constprop.0) at hash_table.h:1481
frame #18: 0x0000556e1492f9cf electron`blink::QualifiedName::QualifiedName(WTF::AtomicString const&, WTF::AtomicString const&, WTF::AtomicString const&) [inlined] WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashSet<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::AddWithTranslator<blink::QNameComponentsTranslator, blink::QualifiedNameData&>(blink::QualifiedNameData&) at hash_set.h:307
frame #19: 0x0000556e1492f9ca electron`blink::QualifiedName::QualifiedName((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) at qualified_name.cc:81
When chromium is compiled with system malloc, this manifests as graphical glitches, followed by a crash much later on.
It is worth noting that this exact code snippet was discussed on the GCC bugtracker in 2014
(predating the forking of Chromium from WebKit):
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60546#c21
The corresponding code no longer exists in WebKit.
Attached patch makes the HashMemory function type-safe without changing the API for other users of StringHasher.
Bug: 819294
Change-Id: Iac11ec77501c2f1d6d01db85d5b9d544adeaf71d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3968507
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Auto-Submit: Bruno Pitrus <brunopitrus@hotmail.com>
Cr-Commit-Position: refs/heads/main@{#1061939}
pull bot
pushed a commit
that referenced
this pull request
Nov 29, 2022
In View::HandleAccessibleAction, accessibility sends both a press and
release mouse event to the view instance.
Unfortunately, if the view deletes itself immediately after receiving
the mouse press event, the subsequent mouse release event causes a UAF.
e.g. for illustrative purposes, here's the flow:
bool HandleAccessibleAction(...) {
view->OnEvent(mouse_press);
// |view| is now deleted.
view->OnEvent(mouse_release);
// UAF.
}
Fix this by overriding HandleAccessibleAction in the self-deleting view.
Notes:
The deletion stack for the WindowCycleItemView is
#3 0x560338183db8 in operator() buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:49:5
#4 0x560338183db8 in reset buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:281:7
#5 0x560338183db8 in ~unique_ptr buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:247:75
#6 0x560338183db8 in views::View::DoRemoveChildView(views::View*, bool, bool, views::View*) ui/views/view.cc:2739:1
#7 0x560338183fe4 in views::View::RemoveAllChildViews() ui/views/view.cc:341:5
#8 0x560333f50cbb in ash::WindowCycleView::DestroyContents() ash/wm/window_cycle/window_cycle_view.cc:379:3
#9 0x560333f4b3e7 in ash::WindowCycleList::~WindowCycleList() ash/wm/window_cycle/window_cycle_list.cc:139:18
#10 0x560333f4b747 in ash::WindowCycleList::~WindowCycleList() ash/wm/window_cycle/window_cycle_list.cc:117:37
#11 0x560333f475e8 in operator() buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:49:5
#12 0x560333f475e8 in reset buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:281:7
#13 0x560333f475e8 in ash::WindowCycleController::StopCycling() ash/wm/window_cycle/window_cycle_controller.cc:421:22
#14 0x560333f5944c in ash::WindowCycleItemView::OnMousePressed(ui::MouseEvent const&) ash/wm/window_cycle/window_cycle_item_view.cc:53:44
#15 0x560338193ae2 in views::View::ProcessMousePressed(ui::MouseEvent const&) ui/views/view.cc:3109:23
#16 0x56033819362d in views::View::OnMouseEvent(ui::MouseEvent*) ui/views/view.cc:1492:11
Bug: 1380602
Change-Id: I2533dc299c0f5f5bb32efa130e6d564cb70d4613
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4046647
Commit-Queue: David Tseng <dtseng@chromium.org>
Reviewed-by: Xiaoqian Dai <xdai@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1076637}
pull bot
pushed a commit
that referenced
this pull request
Jan 19, 2023
During an ongoing tab dragging on Lacros, with both WebUITabStrip and TabletMode features ON, Lacros crashes in case the dragged `exo::ShellSurface` (ie browser window) is deleted by JavaScript. What happens is that during a tab drag 'n drop, exo::TabDragDropDelegate store an `aura::Window` instance, and operates over it throughout its life cycle. However, during the drag operation, it is possible that this `aura::Window` instance gets deleted, and the pointer becomes dangling. Here is the pseudo stacktrace of the dragged `aura::Window` instance (and its respective exo::ShellSurface) being destroyed: #4 ~Window () at ../../ui/aura/window.cc:201 #5 aura::Window::~Window() () at ../../ui/aura/window.cc:186 #6 CloseNow () at ../../ui/views/widget/widget.cc:787 #7 ~ShellSurfaceBase () at ../../components/exo/shell_surface_base.cc:347 #8 ~ShellSurface () at ../../components/exo/shell_surface.cc:140 #9 ~XdgShellSurface () at ../../components/exo/xdg_shell_surface.cc:27 #10 ~XdgShellSurface () at ../../components/exo/xdg_shell_surface.cc:27 #11 operator() () at (...) #12 reset () at (...) #13 ~unique_ptr () at (...) #14 ~WaylandXdgSurface () at ../../components/exo/wayland/xdg_shell.cc:783 #15 operator() () at (...) #16 reset () at (...) #17 ~unique_ptr () at (...) #18 DestroyUserData<exo::wayland::WaylandXdgSurface> () at ../../components/exo/wayland/server_util.h:40 #19 0x0000556095b8ae10 in destroy_resource () at ../../third_party/wayland/src/src/wayland-server.c:733 #20 0x0000556095b8acb0 in wl_resource_destroy () at ../../third_party/wayland/src/src/wayland-server.c:750 #21 0x00005560a6dc1d65 in ffi_call_unix64 () #22 0x00005560a6dc12b9 in ffi_call_int () ... and here is the stack trace of the crash, where this `aura::Window` is dereferenced: #0 is_destroying ui/aura/window.h:166:39 #1 ash::TabDragDropDelegate::~TabDragDropDelegate() ash/drag_drop/tab_drag_drop_delegate.cc:117:23 #2 ash::TabDragDropDelegate::~TabDragDropDelegate() ash/drag_drop/tab_drag_drop_delegate.cc:114:45 #3 operator() (...) #4 reset (...) #5 ash::DragDropController::Cleanup() ash/drag_drop/drag_drop_controller.cc:800:27 #6 ash::DragDropController::DoDragCancel(base::TimeDelta) ash/drag_drop/drag_drop_controller.cc:702:3 #7 exo::DragDropOperation::~DragDropOperation() components/exo/drag_drop_operation.cc:277:28 #8 exo::DragDropOperation::~DragDropOperation() components/exo/drag_drop_operation.cc:270:41 #9 exo::Surface::~Surface() components/exo/surface.cc:286:14 #10 operator() (...) #11 reset (...) #12 ~unique_ptr (...) This CL protects `exo::TabDragDropDelegate` dtor against this crash by making use of `aura::WindowObserver` logic and null-checking `TabDragDropDelegate::source_window_`. Last, this CL also extends exo::ExoTestBase class with an additional SetUp() method, that takes a TestShellDelegate as parameter. BUG=1348791 Change-Id: Ic00886fda66d4150ce07d74d6aaccf31e77bc80b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4174397 Reviewed-by: Mitsuru Oshima <oshima@chromium.org> Commit-Queue: Antonio Gomes <tonikitoo@igalia.com> Cr-Commit-Position: refs/heads/main@{#1094249}
pull bot
pushed a commit
that referenced
this pull request
Feb 18, 2023
This reverts commit c262371. Reason for revert: The changes in this CL trigger a DCHECK when running Chrome. See below for callstack and the command I used to build Chrome. Callstack: 2023-02-17T20:24:19.978808Z FATAL chrome[1213141:1213233]: [feature_list.cc(671)] Check failed: CheckFeatureIdentity(feature). GaiaCredentialsModeOmitBug_775438_Workaround #0 0x7f7c3d2a77f2 base::debug::CollectStackTrace() #1 0x7f7c3d289e03 base::debug::StackTrace::StackTrace() #2 0x7f7c3d1654f0 logging::LogMessage::~LogMessage() #3 0x7f7c3d165fce logging::LogMessage::~LogMessage() #4 0x7f7c3d154849 base::FeatureList::GetOverrideState() #5 0x7f7c3d15337d base::FeatureList::IsEnabled() #6 0x7f7c34ed2797 google_apis::GetOmitCredentialsModeForGaiaRequests() #7 0x7f7c34ec0e69 gcm::RegistrationRequest::Start() #8 0x562a357cded1 gcm::GCMClientImpl::Register() #9 0x562a357d5f23 gcm::GCMDriverDesktop::IOWorker::Register() #10 0x7f7c3d1daf5a base::TaskAnnotator::RunTaskImpl() #11 0x7f7c3d2051f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl() #12 0x7f7c3d204633 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() #13 0x7f7c3d205d15 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() #14 0x7f7c3d2b34e3 base::MessagePumpEpoll::Run() #15 0x7f7c3d206232 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run() #16 0x7f7c3d1ab82a base::RunLoop::Run() #17 0x7f7c3d239687 base::Thread::Run() #18 0x7f7c36876359 content::BrowserProcessIOThread::IOThreadRun() #19 0x7f7c368762ec content::BrowserProcessIOThread::Run() #20 0x7f7c3d2399eb base::Thread::ThreadMain() #21 0x7f7c3d25810b base::(anonymous namespace)::ThreadFunc() #22 0x7f7c29aa7fd4 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x88fd3) #23 0x7f7c29b2866c (/usr/lib/x86_64-linux-gnu/libc.so.6+0x10966b) The specific command I used to build Chrome: ``` cd ~/chromium/src; autoninja -C \${out_dir} \ chrome && \${out_dir}/chrome \ --user-data-dir=~/.config/cros \ --use-system-clipboard \ --ash-host-window-bounds="40+40-1920x1080" \ --enable-logging=stderr \ --enable-features=ShimlessRMAFlow,OsFeedback,ShortcutCustomizationApp,ShortcutCustomization,EnableInputInDiagnosticsApp,SearchInShortcutsApp ``` Original change's description: > Use uncredentialed requests to Gaia > > Adopting kOmitBug_775438_Workaround makes the browser spec-compliant and > avoids that developers need to use workarounds such as > --ignore-urlfetcher-cert-requests in order to communicate with non-prod > server environments. > > The change is guarded with a kill switch but is otherwise enabled by > default. > > Below a summary extracted from devidben@'s nice explanation of what this > patch does (readers may find the full Gerrit comment thread > interesting): > > The concrete behavior change is around client certs. Client certs work as follows: > > 1. Either the origin server (depends on what URL you're connecting to) > or the proxy server (depends on the user's network config) can, in a TLS > connection request client certs. > > 2. If we already have a client cert decision recorded for that server, we just use it. > > 3. Otherwise, we show a prompt to the user. > > 4. If the request isn't associated with some tab, we have no place to > show the prompt and we just abort the request. (We cannot continue > without a certificate because that'll persist the "send no certificate" > decision in the net stack... this auth mechanism is somewhat unavoidably > sticky.) > > This CL will change the behavior for just origin-requested client certs (not proxy-requested) to, instead of steps (2-4), unconditionally continue the request with no client certificate. > > Change-Id: I34908fa81c1688ebaf7feb801408d9080207453c > Fixed: 1221565 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4255589 > Reviewed-by: Maks Orlovich <morlovich@chromium.org> > Commit-Queue: Mikel Astiz <mastiz@chromium.org> > Reviewed-by: Rohit Rao <rohitrao@chromium.org> > Reviewed-by: Alex Ilin <alexilin@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1106846} Change-Id: Ib67b7801b007b8bf56a3f65fb0677b94c4719ab9 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4265133 Owners-Override: David Baron <dbaron@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Commit-Queue: David Baron <dbaron@chromium.org> Cr-Commit-Position: refs/heads/main@{#1106998}
pull bot
pushed a commit
that referenced
this pull request
Feb 25, 2023
…ew." This reverts commit 508aa18. Reason for revert: Causes IbanBubbleViewFullFormBrowserTest.Local_ClickingHideOrShowIbanValueManageView failurees. from https://ci.chromium.org/ui/p/chromium/builders/ci/linux-ubsan-vptr/21221/test-results?sortby=&groupby=&q=ExactID%3Aninja%3A%2F%2Fchrome%2Ftest%3Ainteractive_ui_tests%2FIbanBubbleViewFullFormBrowserTest.Local_ClickingHideOrShowIbanValueManageView+VHash%3Ad2ca29b55d68a4ff: ../../chrome/browser/ui/views/autofill/payments/iban_bubble_view_uitest.cc:282:12: runtime error: downcast of address 0x0798015a1b00 which does not point to an object of type 'SaveIbanBubbleView' 0x0798015a1b00: note: object is of type 'autofill::ManageSavedIbanBubbleView' 29 00 00 00 38 f3 68 e6 e4 55 00 00 78 f3 68 e6 e4 55 00 00 c0 ce 6c 01 98 07 00 00 80 18 0b 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'autofill::ManageSavedIbanBubbleView' #0 0x55e4d02f0701 in autofill::IbanBubbleViewFullFormBrowserTest::GetSaveIbanBubbleView() chrome/browser/ui/views/autofill/payments/iban_bubble_view_uitest.cc:282:12 #1 0x55e4d02fb74f in autofill::IbanBubbleViewFullFormBrowserTest::ClickOnDialogView(views::View*) chrome/browser/ui/views/autofill/payments/iban_bubble_view_uitest.cc:345:5 #2 0x55e4d02f6e6e in autofill::IbanBubbleViewFullFormBrowserTest_Local_ClickingHideOrShowIbanValueManageView_Test::RunTestOnMainThread() chrome/browser/ui/views/autofill/payments/iban_bubble_view_uitest.cc:623:3 #3 0x55e4d99bf48e in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() content/public/test/browser_test_base.cc:895:7 #4 0x55e4d4a7be0d in Run base/functional/callback.h:152:12 #5 0x55e4d4a7be0d in content::BrowserMainLoop::InterceptMainMessageLoopRun() content/browser/browser_main_loop.cc:1038:36 #6 0x55e4d4a7bf1e in content::BrowserMainLoop::RunMainMessageLoop() content/browser/browser_main_loop.cc:1050:7 #7 0x55e4d4a811f9 in content::BrowserMainRunnerImpl::Run() content/browser/browser_main_runner_impl.cc:158:15 #8 0x55e4d4a75a6d in content::BrowserMain(content::MainFunctionParams) content/browser/browser_main.cc:32:28 #9 0x55e4d6fe2fbe in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:716:10 #10 0x55e4d6fe5438 in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool) content/app/content_main_runner_impl.cc:1276:10 #11 0x55e4d6fe4f4d in content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:1130:12 #12 0x55e4d6fe02ab in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) content/app/content_main.cc:324:36 #13 0x55e4d6fe0935 in content::ContentMain(content::ContentMainParams) content/app/content_main.cc:341:10 #14 0x55e4d99be269 in content::BrowserTestBase::SetUp() content/public/test/browser_test_base.cc:575:3 #15 0x55e4d7cec8e0 in InProcessBrowserTest::SetUp() chrome/test/base/in_process_browser_test.cc:484:20 #16 0x55e4d0875e53 in SyncTest::SetUp() chrome/browser/sync/test/integration/sync_test.cc:300:24 #17 0x55e4d0e00c17 in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2665:3 #18 0x55e4d0e0265e in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2849:11 #19 0x55e4d0e042fb in testing::TestSuite::Run() third_party/googletest/src/googletest/src/gtest.cc:3008:30 #20 0x55e4d0e1a210 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5866:44 #21 0x55e4d0e18dc8 in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:5440:10 #22 0x55e4daaaa4a0 in RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 #23 0x55e4daaaa4a0 in base::TestSuite::Run() base/test/test_suite.cc:454:16 #24 0x55e4d7cb6b48 in ChromeTestSuiteRunner::RunTestSuiteInternal(ChromeTestSuite*) chrome/test/base/chrome_test_launcher.cc:95:22 #25 0x55e4d03f6416 in InteractiveUITestSuiteRunner::RunTestSuite(int, char**) chrome/test/base/interactive_ui_tests_main.cc:134:12 #26 0x55e4d99fb844 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:415:31 #27 0x55e4d7cb722e in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) chrome/test/base/chrome_test_launcher.cc:318:10 #28 0x55e4d03f63a1 in main chrome/test/base/interactive_ui_tests_main.cc:176:10 #29 0x7fbe2824bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) (BuildId: f7307432a8b162377e77a182b6cc2e53d771ec4b) #30 0x55e4cff4a029 in _start (/b/s/w/ir/out/Release/interactive_ui_tests+0xc8b2029) (BuildId: b65d070fe6c272ab) also: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20CFI/24652/test-results?sortby=&groupby=&q=ExactID%3Aninja%3A%2F%2Fchrome%2Ftest%3Ainteractive_ui_tests%2FIbanBubbleViewFullFormBrowserTest.Local_ClickingHideOrShowIbanValueManageView+VHash%3A18b587341aed5390 Original change's description: > [IBAN local save] Add eye icon to manage saved IBAN bubble view. > > This CL introduce Eye Icon to manage saved IBAN bubble view, which can > reveal full IBAN value or show masked IBAN on clicking. > > Screenshot: > https://screenshot.googleplex.com/3rtMkB6f6UhSL47 > > Mock: > https://screenshot.googleplex.com/FkAmHC4aPtzt44d > > Bug: 1349109 > Change-Id: I51afa60384ff1065785e8351f355eaa66c76fdd8 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4237378 > Reviewed-by: Peter Kasting <pkasting@chromium.org> > Commit-Queue: Qihui Zhao <qihuizhao@google.com> > Reviewed-by: Vinny Persky <vinnypersky@google.com> > Cr-Commit-Position: refs/heads/main@{#1109451} Bug: 1349109 Change-Id: I473c317aaf5d70e538e6ced970ecc4294491d069 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4291366 Commit-Queue: Brian Begnoche <bcb@chromium.org> Owners-Override: Brian Begnoche <bcb@chromium.org> Auto-Submit: Brian Begnoche <bcb@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1109581}
pull bot
pushed a commit
that referenced
this pull request
Mar 31, 2023
This reverts commit 3db66e4. Reason for revert: introduced quite a lot of test failures After this change, quite a lot of tests are failing like this when run in parallel: Received signal 11 SEGV_MAPERR 000000000010 #0 0x5586cfbb1362 base::debug::CollectStackTrace() #1 0x5586cfb97043 base::debug::StackTrace::StackTrace() #2 0x5586cfbb0e5b base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f7b6f64a980 (/lib/x86_64-linux-gnu/libpthread-2.27.so+0x1297f) #4 0x5586d30583af ash::(anonymous namespace)::GetDefaultTopRowAreFKeysValue() #5 0x5586d3057d62 ash::(anonymous namespace)::GetDefaultKeyboardSettings() #6 0x5586d3057702 ash::KeyboardPrefHandlerImpl::InitializeKeyboardSettings() #7 0x5586d303eb8d ash::InputDeviceSettingsControllerImpl::OnKeyboardListUpdated() #8 0x5586d30481db base::internal::FunctorTraits<>::Invoke<>() #9 0x5586d30480b4 base::internal::Invoker<>::Run() #10 0x5586d3050506 _ZNKR4base17RepeatingCallbackIFvNSt2Cr6vectorIN2ui11InputDeviceENS1_9allocatorIS4_EEEENS2_IjNS5_IjEEEEEE3RunES7_S9_ #11 0x5586d3050360 ash::InputDeviceNotifier<>::RefreshDevices() #12 0x5586d30500e1 ash::InputDeviceNotifier<>::InputDeviceNotifier() #13 0x5586d303e3fe ash::InputDeviceSettingsControllerImpl::Init() #14 0x5586d303e080 ash::InputDeviceSettingsControllerImpl::InputDeviceSettingsControllerImpl() #15 0x5586d2f83b5d ash::Shell::Init() #16 0x5586d2f83167 ash::Shell::CreateInstance() #17 0x5586cf57ea8a ash::AshTestHelper::SetUp() #18 0x5586cf57e769 ash::AshTestHelper::SetUp() #19 0x5586ce66768e BrowserWithTestWindowTest::SetUp() #20 0x5586c8e0f37c testing::Test::Run() and then passing on retry. See https://chromium-swarm.appspot.com/task?id=6148891f87a85710&w=true Also reverting for the dependency for reverting https://chromium-review.googlesource.com/c/chromium/src/+/4375455 for crbug.com/1429313. Original change's description: > Settings Split: Implement keyboard policies in pref handler > > Bug: b/241965700 > Change-Id: I5579395a53df6054e3a23bba3086e3b543aecc0c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4367666 > Reviewed-by: Michael Checo <michaelcheco@google.com> > Commit-Queue: David Padlipsky <dpad@google.com> > Cr-Commit-Position: refs/heads/main@{#1123980} Bug: b/241965700, 1429313 Change-Id: Id48919b445d28ce808d7f7c18c822338e31e2c42 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4384674 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Owners-Override: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Collin Baker <collinbaker@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1124303}
pull bot
pushed a commit
that referenced
this pull request
Apr 6, 2023
This reverts commit 135cdf4. Reason for revert: Reverted on suspiscion of breaking tests: https://chromium-review.googlesource.com/c/chromium/src/+/4404274 error AssistantManagerServiceImplTest.ShouldNotCrashRunningAfterStopped history | source | ID: ninja://chromeos:chromeos_unittests/AssistantManagerServiceImplTest.ShouldNotCrashRunningAfterStopped | builder Linux Chromium OS ASan LSan Tests (1) test_suite chromeos_unittests os Ubuntu-18.04 expand_more 30s run #1 unexpectedly failed in task: 616d82542ed81511 expand_more Failure Reason (similar failures): expect_utils.h(49): Failed RunLoop::Run() timed out. Timeout set at TaskEnvironment@base/test/task_environment.cc:415. {"active_queues":[{"any_thread_.immediate_incoming_queuecapacity":14,"any_thread_.immediate_incoming_queuesize":0,"delay_to_next_task_ms":0.591,"delayed_incoming_queue":[{"delayed_run_time":2274764.284,"delayed_run_time_milliseconds_from_now":0.723,"is_cancelled":false,"is_high_res":false,"nestable":true,"posted_from":"CheckResult@chromeos/ash/components/assistant/test_support/expect_utils.h:30","sequence_num":5858}],"delayed_incoming_queue_size":1,"delayed_work_queue":[],"delayed_work_queue_capacity":4,"delayed_work_queue_size":0,"enabled":true,"immediate_incoming_queue":[],"immediate_work_queue":[],"immediate_work_queue_capacity":14,"immediate_work_queue_size":0,"name":"TASK_ENVIRONMENT_DEFAULT_TQ","priority":0,"task_queue_id":"0x616000007880"}],"non_waking_wake_up_queue":{"name":"NonWakingWakeUpQueue","registered_delay_count":0},"queues_to_delete":[],"queues_to_gracefully_shutdown":[],"... expand_more Summary: [ RUN ] AssistantManagerServiceImplTest.ShouldNotCrashRunningAfterStopped chromeos/ash/components/assistant/test_support/expect_utils.h:49: Failure Failed RunLoop::Run() timed out. Timeout set at TaskEnvironment@base/test/task_environment.cc:415. {"active_queues":[{"any_thread_.immediate_incoming_queuecapacity":14,"any_thread_.immediate_incoming_queuesize":0,"delay_to_next_task_ms":0.591,"delayed_incoming_queue":[{"delayed_run_time":2274764.284,"delayed_run_time_milliseconds_from_now":0.723,"is_cancelled":false,"is_high_res":false,"nestable":true,"posted_from":"CheckResult@chromeos/ash/components/assistant/test_support/expect_utils.h:30","sequence_num":5858}],"delayed_incoming_queue_size":1,"delayed_work_queue":[],"delayed_work_queue_capacity":4,"delayed_work_queue_size":0,"enabled":true,"immediate_incoming_queue":[],"immediate_work_queue":[],"immediate_work_queue_capacity":14,"immediate_work_queue_size":0,"name":"TASK_ENVIRONMENT_DEFAULT_TQ","priority":0,"task_queue_id":"0x616000007880"}],"non_waking_wake_up_queue":{"name":"NonWakingWakeUpQueue","registered_delay_count":0},"queues_to_delete":[],"queues_to_gracefully_shutdown":[],"selector":{"immediate_starvation_count":0},"time_domain":{},"wake_up_queue":{"name":"DefaultWakeUpQueue","next_delay_ms":0.723,"registered_delay_count":1}} Stack trace: #0 0x558c875ee996 in operator() ./../../base/test/scoped_run_loop_timeout.cc:54:11 #1 0x558c875ee996 in Invoke<const (lambda at ../../base/test/scoped_run_loop_timeout.cc:51:9) &, const base::Location &, const base::RepeatingCallback<std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char> > ()> &, const base::Location &> ./../../base/functional/bind_internal.h:621:12 #2 0x558c875ee996 in MakeItSo<const (lambda at ../../base/test/scoped_run_loop_timeout.cc:51:9) &, const std::Cr::tuple<base::Location, base::RepeatingCallback<std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char> > ()> > &, const base::Location &> ./../../base/functional/bind_internal.h:925:12 #3 0x558c875ee996 in RunImpl<const (lambda at ../../base/test/scoped_run_loop_timeout.cc:51:9) &, const std::Cr::tuple<base::Location, base::RepeatingCallback<std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char> > ()> > &, 0UL, 1UL> ./../../base/functional/bind_internal.h:1025:12 #4 0x558c875ee996 in base::internal::Invoker<base::internal::BindState<base::test::ScopedRunLoopTimeout::ScopedRunLoopTimeout(base::Location const&, base::TimeDelta, base::RepeatingCallback<std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char>> ()>)::$_0, base::Location, base::RepeatingCallback<std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char>> ()>>, void (base::Location const&)>::Run(base::internal::BindStateBase*, base::Location const&) ./../../base/functional/bind_internal.h:989:12 #5 0x558c872b3da0 in Run ./../../base/functional/callback.h:152:12 #6 0x558c872b3da0 in base::(anonymous namespace)::OnRunLoopTimeout(base::RunLoop*, base::Location const&, base::OnceCallback<void (base::Location const&)>) ./../../base/run_loop.cc:41:25 #7 0x558c872b8fbd in Invoke<void (*)(base::RunLoop *, const base::Location &, base::OnceCallback<void (const base::Location &)>), base::RunLoop *, base::Location, base::RepeatingCallback<void (const base::Location &)> > ./../../base/functional/bind_internal.h:636:12 #8 0x558c872b8fbd in MakeItSo<void (*)(base::RunLoop *, const base::Location &, base::OnceCallback<void (const base::Location &)>), std::Cr::tuple<base::internal::UnretainedWrapper<base::RunLoop, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>, base::Location, base::RepeatingCallback<void (const base::Location &)> > > ./../../base/functional/bind_internal.h:925:12 #9 0x558c872b8fbd in RunImpl<void (*)(base::RunLoop *, const base::Location &, base::OnceCallback<void (const base::Location &)>), std::Cr::tuple<base::internal::UnretainedWrapper<base::RunLoop, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>, base::Location, base::RepeatingCallback<void (const base::Location &)> >, 0UL, 1UL, 2UL> ./../../base/functional/bind_internal.h:1025:12 #10 0x558c872b8fbd in base::internal::Invoker<base::internal::BindState<void (*)(base::RunLoop*, base::Location const&, base::OnceCallback<void (base::Location const&)>), base::internal::UnretainedWrapper<base::RunLoop, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>, base::Location, base::RepeatingCallback<void (base::Location const&)>>, void ()>::RunOnce(base::internal::BindStateBase*) ./../../base/functional/bind_internal.h:976:12 #11 0x558c75bd34b0 in base::OnceCallback<void ()>::Run() && ./../../base/functional/callback.h:152:12 #12 0x558c87326547 in Run ./../../base/functional/callback.h:152:12 #13 0x558c87326547 in base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ./../../base/task/common/task_annotator.cc:178:34 #14 0x558c873b4fd9 in RunTask<(lambda at ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:488:11)> ./../../base/task/common/task_annotator.h:89:5 #15 0x558c873b4fd9 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:486:23 #16 0x558c873b2f33 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:351:41 #17 0x558c873b6df5 in non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:0:0 #18 0x558c87223124 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ./../../base/message_loop/message_pump_default.cc:40:55 #19 0x558c873b7e7b in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:651:12 #20 0x558c872b2938 in base::RunLoop::Run(base::Location const&) ./../../base/run_loop.cc:134:14 #21 0x558c8615e752 in void ash::assistant::test::ExpectResult<ash::assistant::AssistantManagerService::State>(ash::assistant::AssistantManagerService::State, base::RepeatingCallback<ash::assistant::AssistantManagerService::State ()>, std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char>> const&) ./../../chromeos/ash/components/assistant/test_support/expect_utils.h:49:3 #22 0x558c8614cebe in ash::assistant::(anonymous namespace)::AssistantManagerServiceImplTest::WaitForState(ash::assistant::AssistantManagerService::State) ./../../chromeos/ash/services/assistant/assistant_manager_service_impl_unittest.cc:233:5 #23 0x558c8615d3b9 in ash::assistant::AssistantManagerServiceImplTest_ShouldNotCrashRunningAfterStopped_Test::TestBody() ./../../chromeos/ash/services/assistant/assistant_manager_service_impl_unittest.cc:771:3 ../../chromeos/ash/components/assistant/test_support/expect_utils.h:49: Failure Expected: run_loop.Run() doesn't generate new fatal failures in the current thread. Actual: it does. AssistantManagerStateImpl: Failed waiting for expected result. Expected "3" Got "0" Stack trace: #0 0x558c8615eb1f in void ash::assistant::test::ExpectResult<ash::assistant::AssistantManagerService::State>(ash::assistant::AssistantManagerService::State, base::RepeatingCallback<ash::assistant::AssistantManagerService::State ()>, std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char>> const&) ./../../chromeos/ash/components/assistant/test_support/expect_utils.h:49:3 #1 0x558c8614cebe in ash::assistant::(anonymous namespace)::AssistantManagerServiceImplTest::WaitForState(ash::assistant::AssistantManagerService::State) ./../../chromeos/ash/services/assistant/assistant_manager_service_impl_unittest.cc:233:5 #2 0x558c8615d3b9 in ash::assistant::AssistantManagerServiceImplTest_ShouldNotCrashRunningAfterStopped_Test::TestBody() ./../../chromeos/ash/services/assistant/assistant_manager_service_impl_unittest.cc:771:3 [ FAILED ] AssistantManagerServiceImplTest.ShouldNotCrashRunningAfterStopped (30026 ms) Original change's description: > assistant: Prevent timing issue in media_host > > In some situations, the libassistant_media_controller_ inside > media_host_ could be nullptr. In these cases, we need to avoid to call > methods on the nullptr. > > Bug: b:277107422 > Test: added new unittest > Change-Id: If13bd4c887f4641f0cfb8380f3fe604fe288b145 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4404274 > Reviewed-by: Xiaohui Chen <xiaohuic@chromium.org> > Commit-Queue: Tao Wu <wutao@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1126976} Bug: b:277107422 Change-Id: I63c5d52d25c7522e263ba8765da6e0028a4616cf No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4405589 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Peter Williamson <petewil@chromium.org> Auto-Submit: Peter Williamson <petewil@chromium.org> Commit-Queue: Peter Williamson <petewil@chromium.org> Cr-Commit-Position: refs/heads/main@{#1127244}
pull bot
pushed a commit
that referenced
this pull request
Apr 12, 2023
This CL updates start() MediaRecorder to throw NotSupportedError when
there is an error when starting recording. Moreover, it checks that
the type ("audio/webm" for instance) is supported for each audio
and video track.
Test: web-platform-tests/wpt#26666
Spec: https://w3c.github.io/mediacapture-record/MediaRecorder.html#dom-mediarecorder-start - step #13
Bug: 1423413
Change-Id: I6aee49f6076ca033504fe5308bca9bc8b777ffde
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4355396
Reviewed-by: Markus Handell <handellm@google.com>
Commit-Queue: Fr <beaufort.francois@gmail.com>
Cr-Commit-Position: refs/heads/main@{#1129189}
pull bot
pushed a commit
that referenced
this pull request
Jun 15, 2023
This reverts commit 3438f2a. Reason for revert: Suspect causing blink_wpt_tests and blink_web_tests failure on Linux Tests (dbg)(1) bot. Failed tests: blink_wpt_tests failed because of: external/wpt/css/css-contain/content-visibility/detach-locked-slot-children-crash.html external/wpt/css/css-contain/content-visibility/element-reassigned-to-skipped-slot.html external/wpt/css/css-contain/content-visibility/element-reassigned-to-slot-in-skipped-subtree.html external/wpt/html/semantics/forms/the-input-element/focus-dynamic-type-change-on-blur.html ...7 more failure(s) (11 total)... blink_web_tests failed because of: accessibility/details-summary-crash.html fast/events/drag-on-removed-slider-does-not-crash.html fast/forms/range/range-type-change-onchange-2.html html/details_summary/details-add-summary.html ...5 more failure(s) (9 total)... First build failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/114032/overview Sample log: --- STDERR: #6 0x7fc01bd0361d logging::CheckError::~CheckError() STDERR: #7 0x7fbffd21d08a blink::FlatTreeTraversal::AssertPrecondition() STDERR: #8 0x7fbffd21cfd5 blink::FlatTreeTraversal::Parent() STDERR: #9 0x7fbffd3c2a45 blink::FlatTreeTraversal::AncestorsOf() STDERR: #10 0x7fbffd3d410e blink::(anonymous namespace)::NearestLockedExclusiveAncestor() STDERR: #11 0x7fbffd3d3d17 blink::DisplayLockUtilities::IsInUnlockedOrActivatableSubtree() STDERR: #12 0x7fbfedfabc4b blink::DisplayLockUtilities::ShouldIgnoreNodeDueToDisplayLock() STDERR: #13 0x7fbfedf8b61c blink::AXObject::ToString() STDERR: #14 0x7fbfedf8eccc blink::AXObject::Detach() STDERR: #15 0x7fbfedf512df blink::AXNodeObject::Detach() STDERR: #16 0x7fbfedf2d6a5 blink::AXLayoutObject::Detach() STDERR: #17 0x7fbfedfce51a blink::AXObjectCacheImpl::Remove() STDERR: #18 0x7fbfedfcd998 blink::AXObjectCacheImpl::Remove() STDERR: #19 0x7fbfedfcdd74 blink::AXObjectCacheImpl::Remove() STDERR: #20 0x7fbfedfce992 blink::AXObjectCacheImpl::Remove() STDERR: #21 0x7fbffe6d16be blink::LayoutObject::WillBeDestroyed() --- Original change's description: > [A11y] Reland targeted cached property invalidation > > Relands the following CLS: > * Enhance performance by targeting value updates to specific nodes, commit 704633e. > * Don't queue anything for irrelevant attribute changes, commit 2c66a62. > * Add comment explaining call to UpdateStyleAndLayoutTreeForNode(), commit 73b9eed. > * Ensure cached values not invalidated during the computation of them, commit 4d167a6. > * Run a test with --force-renderer-accessibility that used to fail, commit cab7ecd. > * Simplify code to update cached focusable state, commit 79cb184. > * Simplify code that invalidates cached values on an AXObject, commit 6df79a5. > > Fixed: 1446864, 1446550, 1434555, 1362758 > Change-Id: I16855bdcb746cb41387b69e1e97ab72ffc47e342 > Cq-Do-Not-Cancel-Tryjobs: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4545510 > Commit-Queue: Aaron Leventhal <aleventhal@chromium.org> > Reviewed-by: Jacques Newman <janewman@microsoft.com> > Reviewed-by: Chris Harrelson <chrishtr@chromium.org> > Reviewed-by: Philip Rogers <pdr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1157878} Change-Id: Iefe59fe1933747346eda8827fd683f310d6cddb3 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4615927 Reviewed-by: Takuto Ikuta <tikuta@chromium.org> Owners-Override: Takuto Ikuta <tikuta@chromium.org> Commit-Queue: Takuto Ikuta <tikuta@chromium.org> Auto-Submit: Takashi Sakamoto <tasak@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1157993}
pull bot
pushed a commit
that referenced
this pull request
Aug 4, 2023
This reverts commit 7e52434. Reason for revert: the new test is failing, and is likely causing other tests to fail as well. See: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/37593/test-results?sortby=&groupby= Sample failure: [ RUN ] TimeOfDayTest.ReturnsNullTimeWhenLocalTimeFails ==324697==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5632f6dd4ee3 in base::Time::Exploded::HasValidValues() const ./../../base/time/time.cc:302:23 #1 0x5632f61d489d in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:54:12 #2 0x5632ea366c82 in ash::(anonymous namespace)::TimeOfDayTest_ReturnsNullTimeWhenLocalTimeFails_Test::TestBody() ./../../ash/system/time/time_of_day_unittest.cc:98:3 #3 0x5632f496278c in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #4 0x5632f496278c in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2670:5 #5 0x5632f49650b3 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2849:11 #6 0x5632f4967144 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3008:30 #7 0x5632f4994c10 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5866:44 #8 0x5632f4993ce2 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #9 0x5632f4993ce2 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5440:10 #10 0x5632f6f60f30 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 #11 0x5632f6f60f30 in base::TestSuite::Run() ./../../base/test/test_suite.cc:461:16 #12 0x5632f6f6c137 in Run ./../../base/functional/callback.h:152:12 #13 0x5632f6f6c137 in RunTestSuite ./../../base/test/launcher/unit_test_launcher.cc:179:38 #14 0x5632f6f6c137 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:240:10 #15 0x5632f6f6b824 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:288:10 #16 0x5632f68395ae in main ./../../ash/test/ash_unittests.cc:29:10 #17 0x7f1f985cd082 in __libc_start_main ??:0:0 #18 0x5632e637b029 in _start ??:0:0 Uninitialized value was created by an allocation of 'now' in the stack frame #0 0x5632f61d4706 in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:48:3 Other tests seem to be failing for the same reasons, e.g. ScheduledFeatureTest.HandlesLocalTimeFailuresSunsetToSunrise Original change's description: > Explicitly check when local time conversion fails. > > base::Time::LocalExplode() can fail. The API says to check > base::Time::Exploded::HasValidValues() to detect this. > > This functionally is probably the same as before because we > were passing the exploded output to base::Time::FromLocalExploded() > immediately after, and presumably, that would fail if the exploded > input had invalid values. But it's clearer to the reader if this > is explicitly checked first. > > A unit test has also been added to TimeOfDay. > > Bug: b:294436942 > Change-Id: I751da660df4c89a9c545d465dfb5361dfb2acc64 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4750820 > Reviewed-by: Jiaming Cheng <jiamingc@chromium.org> > Commit-Queue: Eric Sum <esum@google.com> > Cr-Commit-Position: refs/heads/main@{#1179335} Bug: b:294436942 Change-Id: Iee92b34c51d4b202b6018dd1c62ddd4c4f76eaf6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4748880 Commit-Queue: David Roger <droger@chromium.org> Owners-Override: David Roger <droger@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1179492}
pull bot
pushed a commit
that referenced
this pull request
Aug 4, 2023
… LogMessage." This reverts commit 07a88f3. Reason for revert: breaks MSAN bot https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/37602/test-results [ RUN ] CStringBuilderTestPA.Char ==313264==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x563432178a89 in partition_alloc::internal::base::strings::CStringBuilder::c_str() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder.cc:145:7 #1 0x563431d9652c in partition_alloc::internal::base::strings::CStringBuilderTestPA_Char_Test::TestBody() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder_pa_unittest.cc:33:3 #2 0x5634322101ba in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #3 0x5634322101ba in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2670:5 #4 0x563432212ae1 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2849:11 #5 0x563432214b72 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3008:30 #6 0x563432242552 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5866:44 #7 0x563432241624 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #8 0x563432241624 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5440:10 #9 0x5634329698b0 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 #10 0x5634329698b0 in base::TestSuite::Run() ./../../base/test/test_suite.cc:461:16 #11 0x5634329cc377 in Run ./../../base/functional/callback.h:152:12 #12 0x5634329cc377 in RunTestSuite ./../../base/test/launcher/unit_test_launcher.cc:179:38 #13 0x5634329cc377 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:240:10 #14 0x5634329cba64 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:288:10 #15 0x5634328f3de4 in main ./../../base/test/run_all_unittests.cc:70:10 #16 0x7f308e293082 in __libc_start_main ??:0:0 #17 0x56342e6a1349 in _start ??:0:0 Uninitialized value was created by an allocation of 'builder' in the stack frame #0 0x563431d96365 in partition_alloc::internal::base::strings::CStringBuilderTestPA_Char_Test::TestBody() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder_pa_unittest.cc:31:3 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/b/s/w/ir/out/Release/base_unittests+0x43f5a89) (BuildId: 039152aa25034492) Exiting Original change's description: > [PA] Add CStringBuilder to replace std::ostringstream used by LogMessage. > > Since std::ostringstream allocates and deallocates memory from heap, c.f. https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:buildtools/third_party/libc++/trunk/src/ios.cpp > > std::ostringstream is not available inside memory allocation. Instead > add CStringBuilder (not resize, fixed buffer size) for LogMessage. > > Change-Id: I8051978487acc5fc9b976d6085909b43f81d9d0d > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4744311 > Reviewed-by: Yuki Shiino <yukishiino@chromium.org> > Commit-Queue: Takashi Sakamoto <tasak@google.com> > Cr-Commit-Position: refs/heads/main@{#1179481} Change-Id: Idb29e3252d9fe67955c0ae25ab46640ebfdae336 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4748189 Auto-Submit: David Roger <droger@chromium.org> Owners-Override: David Roger <droger@chromium.org> Commit-Queue: David Roger <droger@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1179539}
pull bot
pushed a commit
that referenced
this pull request
Aug 9, 2023
This reverts commit 9888813. Reason for revert: Roll forward with msan fix. Original change's description: > Revert "Explicitly check when local time conversion fails." > > This reverts commit 7e52434. > > Reason for revert: the new test is failing, and is likely causing other tests to fail as well. > > See: > https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/37593/test-results?sortby=&groupby= > > Sample failure: > > [ RUN ] TimeOfDayTest.ReturnsNullTimeWhenLocalTimeFails > ==324697==WARNING: MemorySanitizer: use-of-uninitialized-value > #0 0x5632f6dd4ee3 in base::Time::Exploded::HasValidValues() const ./../../base/time/time.cc:302:23 > #1 0x5632f61d489d in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:54:12 > #2 0x5632ea366c82 in ash::(anonymous namespace)::TimeOfDayTest_ReturnsNullTimeWhenLocalTimeFails_Test::TestBody() ./../../ash/system/time/time_of_day_unittest.cc:98:3 > #3 0x5632f496278c in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 > #4 0x5632f496278c in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2670:5 > #5 0x5632f49650b3 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2849:11 > #6 0x5632f4967144 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3008:30 > #7 0x5632f4994c10 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5866:44 > #8 0x5632f4993ce2 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 > #9 0x5632f4993ce2 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5440:10 > #10 0x5632f6f60f30 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 > #11 0x5632f6f60f30 in base::TestSuite::Run() ./../../base/test/test_suite.cc:461:16 > #12 0x5632f6f6c137 in Run ./../../base/functional/callback.h:152:12 > #13 0x5632f6f6c137 in RunTestSuite ./../../base/test/launcher/unit_test_launcher.cc:179:38 > #14 0x5632f6f6c137 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:240:10 > #15 0x5632f6f6b824 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:288:10 > #16 0x5632f68395ae in main ./../../ash/test/ash_unittests.cc:29:10 > #17 0x7f1f985cd082 in __libc_start_main ??:0:0 > #18 0x5632e637b029 in _start ??:0:0 > > Uninitialized value was created by an allocation of 'now' in the stack frame > #0 0x5632f61d4706 in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:48:3 > > > Other tests seem to be failing for the same reasons, e.g. > ScheduledFeatureTest.HandlesLocalTimeFailuresSunsetToSunrise > > Original change's description: > > Explicitly check when local time conversion fails. > > > > base::Time::LocalExplode() can fail. The API says to check > > base::Time::Exploded::HasValidValues() to detect this. > > > > This functionally is probably the same as before because we > > were passing the exploded output to base::Time::FromLocalExploded() > > immediately after, and presumably, that would fail if the exploded > > input had invalid values. But it's clearer to the reader if this > > is explicitly checked first. > > > > A unit test has also been added to TimeOfDay. > > > > Bug: b:294436942 > > Change-Id: I751da660df4c89a9c545d465dfb5361dfb2acc64 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4750820 > > Reviewed-by: Jiaming Cheng <jiamingc@chromium.org> > > Commit-Queue: Eric Sum <esum@google.com> > > Cr-Commit-Position: refs/heads/main@{#1179335} > > Bug: b:294436942 > Change-Id: Iee92b34c51d4b202b6018dd1c62ddd4c4f76eaf6 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4748880 > Commit-Queue: David Roger <droger@chromium.org> > Owners-Override: David Roger <droger@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1179492} Bug: b:294436942 Change-Id: I81aca119976bca9c4992f20064b3923146c5ab4d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4752645 Reviewed-by: James Cook <jamescook@chromium.org> Reviewed-by: Jiaming Cheng <jiamingc@chromium.org> Commit-Queue: Eric Sum <esum@google.com> Cr-Commit-Position: refs/heads/main@{#1181006}
pull bot
pushed a commit
that referenced
this pull request
Sep 1, 2023
…ation
At least on Linux X11, views::test::TestDesktopScreenOzone::Create() may
try to retrieve a localized string for "Built-in display" after [1].
But screen creation happens early for interactive UI tests since [2], at
least before ChromeFeatureListCreator::ConvertFlagsToSwitches() which
assumes ui::ResourceBundle is not initialized. This is causing the crash
below for all interactive UI tests on Linux X11, which this CL fixes by
temporarily initializing ui::ResourceBundle during screen creation.
See crbug.com/1457129 for details.
[24841:24841:FATAL:resource_bundle.cc(357)] Check failed: g_shared_instance_ != nullptr.
#0 0x5585747ceee2 base::debug::CollectStackTrace()
#1 0x5585747b6213 base::debug::StackTrace::StackTrace()
#2 0x5585746ab79d logging::LogMessage::~LogMessage()
#3 0x5585746ac2ee logging::LogMessage::~LogMessage()
#4 0x558574692437 logging::CheckError::~CheckError()
#5 0x558574bd6075 ui::ResourceBundle::GetSharedInstance()
#6 0x558574bc0a18 l10n_util::GetStringUTF8()
#7 0x5585758fddc1 ui::BuildDisplaysFromXRandRInfo()
#8 0x5585758fb539 ui::XDisplayManager::FetchDisplayList()
#9 0x5585758fb449 ui::XDisplayManager::Init()
#10 0x55856dd0e34c ui::X11ScreenOzone::Init()
#11 0x55856d09ed3d views::test::TestDesktopScreenOzone::Create()
#12 0x558572c7ec70 InProcessBrowserTest::SetScreenInstance()
#13 0x558572c7e44f InProcessBrowserTest::SetUp()
#14 0x55856d24c5f2 testing::Test::Run()
#15 0x55856d24d865 testing::TestInfo::Run()
#16 0x55856d24e337 testing::TestSuite::Run()
#17 0x55856d25cf07 testing::internal::UnitTestImpl::RunAllTests()
#18 0x55856d25c9ff testing::UnitTest::Run()
#19 0x5585746730ec base::TestSuite::Run()
#20 0x558572c5eddb ChromeTestSuiteRunner::RunTestSuiteInternal()
#21 0x55856cc79be4 InteractiveUITestSuiteRunner::RunTestSuite()
#22 0x558572c5f069 ChromeTestLauncherDelegate::RunTestSuite()
#23 0x558573d7b9ab content::LaunchTestsInternal()
#24 0x558572c5f325 LaunchChromeTests()
Bug: 1457129
[1] crrev.com/1010705
[2] crrev.com/1011300
Change-Id: I173b41d4369fa26332a37b0f89e14669b6b227a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4632804
Commit-Queue: Frédéric Wang <fwang@igalia.com>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1191366}
pull bot
pushed a commit
that referenced
this pull request
Sep 2, 2023
…reen creation" This reverts commit 5931e82. Reason for revert: Suspect causing multiple test failed on Linux Tests (dbg)(1) first failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/115562/overview Original change's description: > interactive_ui_tests: use temporary ui::ResourceBundle for screen creation > > At least on Linux X11, views::test::TestDesktopScreenOzone::Create() may > try to retrieve a localized string for "Built-in display" after [1]. > But screen creation happens early for interactive UI tests since [2], at > least before ChromeFeatureListCreator::ConvertFlagsToSwitches() which > assumes ui::ResourceBundle is not initialized. This is causing the crash > below for all interactive UI tests on Linux X11, which this CL fixes by > temporarily initializing ui::ResourceBundle during screen creation. > See crbug.com/1457129 for details. > > [24841:24841:FATAL:resource_bundle.cc(357)] Check failed: g_shared_instance_ != nullptr. > #0 0x5585747ceee2 base::debug::CollectStackTrace() > #1 0x5585747b6213 base::debug::StackTrace::StackTrace() > #2 0x5585746ab79d logging::LogMessage::~LogMessage() > #3 0x5585746ac2ee logging::LogMessage::~LogMessage() > #4 0x558574692437 logging::CheckError::~CheckError() > #5 0x558574bd6075 ui::ResourceBundle::GetSharedInstance() > #6 0x558574bc0a18 l10n_util::GetStringUTF8() > #7 0x5585758fddc1 ui::BuildDisplaysFromXRandRInfo() > #8 0x5585758fb539 ui::XDisplayManager::FetchDisplayList() > #9 0x5585758fb449 ui::XDisplayManager::Init() > #10 0x55856dd0e34c ui::X11ScreenOzone::Init() > #11 0x55856d09ed3d views::test::TestDesktopScreenOzone::Create() > #12 0x558572c7ec70 InProcessBrowserTest::SetScreenInstance() > #13 0x558572c7e44f InProcessBrowserTest::SetUp() > #14 0x55856d24c5f2 testing::Test::Run() > #15 0x55856d24d865 testing::TestInfo::Run() > #16 0x55856d24e337 testing::TestSuite::Run() > #17 0x55856d25cf07 testing::internal::UnitTestImpl::RunAllTests() > #18 0x55856d25c9ff testing::UnitTest::Run() > #19 0x5585746730ec base::TestSuite::Run() > #20 0x558572c5eddb ChromeTestSuiteRunner::RunTestSuiteInternal() > #21 0x55856cc79be4 InteractiveUITestSuiteRunner::RunTestSuite() > #22 0x558572c5f069 ChromeTestLauncherDelegate::RunTestSuite() > #23 0x558573d7b9ab content::LaunchTestsInternal() > #24 0x558572c5f325 LaunchChromeTests() > > Bug: 1457129 > > [1] crrev.com/1010705 > [2] crrev.com/1011300 > > Change-Id: I173b41d4369fa26332a37b0f89e14669b6b227a1 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4632804 > Commit-Queue: Frédéric Wang <fwang@igalia.com> > Reviewed-by: Scott Violet <sky@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1191366} Bug: 1457129, 1478318 Change-Id: Ib5adf3d8d8fb0b80789b6351f90cade2d6a6b682 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4833241 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Owen Min <zmin@chromium.org> Reviewed-by: Peter Williamson <petewil@chromium.org> Owners-Override: Owen Min <zmin@chromium.org> Auto-Submit: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/main@{#1191537}
pull bot
pushed a commit
that referenced
this pull request
Sep 5, 2023
@AliMariam reported the dangling pointer detector found a new dangling pointer when running tests on linux Workstation. The error is: ``` The memory was freed at: #3 allocator_shim::internal::PartitionFree() #4 bluez::BluezDBusThreadManager::~BluezDBusThreadManager() #5 bluez::BluezDBusThreadManager::Shutdown() #6 ChromeBrowserMainPartsLinux::PostDestroyThreads() #7 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() #8 content::BrowserMainRunnerImpl::Shutdown() #9 content::BrowserMain() #10 content::RunBrowserProcessMain() #11 content::ContentMainRunnerImpl::RunBrowser() #12 content::ContentMainRunnerImpl::Run() #13 content::RunContentProcess() #14 content::ContentMain() #15 ChromeMain The dangling raw_ptr was released at: #3 base::internal::RawPtrBackupRefImpl<>::ReleaseInternal() #4 dbus::ObjectManager::~ObjectManager() #5 std::__Cr::__tuple_impl<>::~__tuple_impl() #6 base::internal::BindState<>::Destroy() #7 base::[...]::LazilyDeallocatedDeque<>::Ring::~Ring() #8 base::[...]::TaskQueueImpl::UnregisterTaskQueue() #9 base::[...]::SequenceManagerImpl::UnregisterTaskQueueImpl() #10 base::sequence_manager::TaskQueue::ShutdownTaskQueue() #11 content::BrowserTaskQueues::~BrowserTaskQueues() #12 content::BrowserUIThreadScheduler::~BrowserUIThreadScheduler() #13 content::BrowserTaskExecutor::[...]::~UIThreadExecutor() #14 content::BrowserTaskExecutor::[...]::~UIThreadExecutor() #15 content::BrowserTaskExecutor::Shutdown() #16 content::ContentMainRunnerImpl::Shutdown() #17 content::RunContentProcess() #18 content::ContentMain() #19 ChromeMain ``` Diagnostic: - `bluez::BluezDBusThreadManager` owns a `dbus::Bus` as `system_bus`. - `dbus::Bus` owns: - The set of `dbus::ObjectManager` as `object_manager_table_`. - The DBus task runner as `dbus_task_runner_`. - The `dbus::ObjectManager` references `dbus::Bus` via `bus_`. So far so good, the ownership is clear. The problem happens when calling `dbus::Bus::RemoveObjectManager`. Indeed this moves the ObjectManager out of `dbus::Bus` toward a callback to a new thread. This still works transitively, because the dbus::Bus owns the thread. The problem happens after a second transfer back to the original thread. Indeed, there is a race condition possible: Behavior without problems: ----------------------------------- ┌─────────────┐ ┌───────────┐ │Origin thread│ │DBus thread│ └──────┬──────┘ └─────┬─────┘ RemoveObjectManager() │ │────────────────────────────────>│ │ RemoveObjectManagerInternal() │<────────────────────────────────│ RemoveObjectManagerInternalHelper() │ ~ObjectManager() │ │ ┌─────┴─────┐ Shutdown DBus Thread ─────────────>│DBus thread│ Shutdown DBus Thread <─────────────│DBus thread│ │ └───────────┘ ~Bus ┌──────┴──────┐ │Origin thread│ └─────────────┘ Behavior with problems: ---------------------------------------- ┌─────────────┐ ┌───────────┐ │Origin thread│ │DBus thread│ └──────┬──────┘ └─────┬─────┘ RemoveObjectManager() │ │────────────────────────────────>│ │ RemoveObjectManagerInternal() │ ┌────────────│ │ │ ┌─────┴─────┐ Shutdown DBus Thread ─────────────>│DBus thread│ Shutdown DBus Thread <─────────────│DBus thread│ │ │ └───────────┘ ~Bus() │ │ │ │<───────────────────┘ RemoveObjectManagerInternalHelper() ~ObjectManager() ┌──────┴──────┐ │Origin thread│ └─────────────┘ ----------------------------------------------------------------- In the second case: ~Bus() is called before ~ObjectManager(). The fix is a use `ObjectManager::Cleanup()` to cleanup the raw_ptr while the object is still transitively owned by the object it referenced. Bug: chromium:1478759 Fixed: chromium:1478759 Change-Id: I4ac04d449ab8a7b860256c490f8ac878c1c5c7c5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4839496 Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/main@{#1192343}
pull bot
pushed a commit
that referenced
this pull request
Dec 12, 2023
When the kAppServiceStorage flag is enabled, AppService blocks the app publishers creating until it's ready, after reading from the AppStorage file. This affects some tests, e.g. QuickAnswersStateAshTest.*. Those tests crash because no data path for the profile: Received signal 11 SEGV_MAPERR 000000000017 ... #9 0x7f445a1f27b7 base::FilePath::Append() #10 0x7f44710376e4 ash::BrowserContextHelper::GetBrowserContextPathByUserIdHash() #11 0x55e7a2294d85 ash::ProfileHelperImpl::GetUserByProfile() #12 0x55e7a22944d7 ash::ProfileHelper::IsPrimaryProfile() #13 0x55e7b07a2a23 NearbySharingServiceFactory::IsNearbyShareSupportedForBrowserContext() ... Modify the test setup process to create the user manager first, then create the profile to align with the production code. Remove `scoped_user_manager_` in TestExtensionSystem, as that has been moved to TestProfile. BUG=1385932, b:307623506 Change-Id: Ib07f4a5a347893b7eab8d3bb8cd870c6831898c2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5076443 Reviewed-by: Reilly Grant <reillyg@chromium.org> Commit-Queue: Nancy Wang <nancylingwang@chromium.org> Reviewed-by: Xiaohui Chen <xiaohuic@chromium.org> Cr-Commit-Position: refs/heads/main@{#1235337}
pull bot
pushed a commit
that referenced
this pull request
Dec 12, 2023
This reverts commit b573ec1. Reason for revert: file read on main thread causes crashes https://ci.chromium.org/ui/p/chrome/builders/ci/chromeos-reven-chrome/9260/overview 2023-12-11T23:44:32.631073Z FATAL chrome[4644:4644]: [thread_restrictions.cc(58)] Check failed: !tls_blocking_disallowed. Function marked as blocking was called from a scope that disallows blocking! If this task is running inside the ThreadPool, it needs to have MayBlock() in its TaskTraits. Otherwise, consider making this blocking work asynchronous or, as a last resort, you may use ScopedAllowBlocking (see its documentation for best practices). tls_blocking_disallowed 1 set by #0 0x580a56a26b42 base::debug::CollectStackTrace() #1 0x580a56a0d4d3 base::debug::StackTrace::StackTrace() #2 0x580a569e746f base::DisallowUnresponsiveTasks() #3 0x580a5391e8ef content::BrowserMainLoop::PreMainMessageLoopRun() #4 0x580a5062f27f base::OnceCallback<>::Run() #5 0x580a540ca43b content::StartupTaskRunner::RunAllTasksNow() #6 0x580a5391e206 content::BrowserMainLoop::CreateStartupTasks() #7 0x580a5392166e content::BrowserMainRunnerImpl::Initialize() #8 0x580a5391bad6 content::BrowserMain() #9 0x580a560952b6 content::RunBrowserProcessMain() #10 0x580a56097a80 content::ContentMainRunnerImpl::RunBrowser() #11 0x580a5609715e content::ContentMainRunnerImpl::Run() #12 0x580a56093df5 content::RunContentProcess() #13 0x580a56093f42 content::ContentMain() #14 0x580a5010c79d ChromeMain #15 0x7d10446316c6 __libc_start_call_main #16 0x7d1044631782 __libc_start_main_alias_2 #17 0x580a5010c531 _start #0 0x580a56a26b42 base::debug::CollectStackTrace() #1 0x580a56a0d4d3 base::debug::StackTrace::StackTrace() #2 0x580a4ffa72c8 logging::LogMessage::~LogMessage() #3 0x580a56923860 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() #4 0x580a4ffa6d67 logging::CheckError::~CheckError() #5 0x580a569e680b base::internal::AssertBlockingAllowed() #6 0x580a50037d3b base::ScopedBlockingCall::ScopedBlockingCall() #7 0x580a5fffd0fb base::File::Stat() #8 0x580a56a21ae3 base::GetFileInfo() #9 0x580a5a144486 first_run::GetFirstRunSentinelCreationTime() #10 0x580a55d04f18 ash::ReportControllerInitializer::OwnershipStatusChanged() #11 0x580a55d3a722 ash::DeviceSettingsService::NotifyOwnershipStatusChanged() #12 0x580a55d39e59 ash::DeviceSettingsService::HandleCompletedOperation() #13 0x580a55d3a0c8 ash::DeviceSettingsService::HandleCompletedAsyncOperation() #14 0x580a538a96d8 base::internal::FunctorTraits<>::Invoke<>() #15 0x580a55d3a8c2 base::internal::Invoker<>::RunOnce() Original change's description: > Create ReportInitializer that checks for browser preconditions > > Introduce ReportControllerInitializer class in chrome/browser/ash, > functioning as a DeviceSettingsService::Observer. The class waits for > the OwnershipStatusChanged callback with ownership status indicating > device ownership, checks for the presence of the .oobe_completed file, > and waits for CrosSettings::PrepareTrustedValues to signal TRUSTED > status. > > Only after these preconditions are met does the class proceed > to initialize the ReportController. > > BUG=chromium:1504019 > > Change-Id: I0bd93c2eb9f83669ea23395d59b292a4cc858bcb > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5047743 > Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> > Commit-Queue: Hirthanan Subenderan <hirthanan@google.com> > Reviewed-by: Pavol Marko <pmarko@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1235879} Bug: chromium:1504019 Change-Id: If41cc3e2fa0330afa6cb5aeb84f05efd1e614669 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5113660 Auto-Submit: Joel Hockey <joelhockey@chromium.org> Reviewed-by: Hirthanan Subenderan <hirthanan@google.com> Commit-Queue: Joel Hockey <joelhockey@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/main@{#1236048}
pull bot
pushed a commit
that referenced
this pull request
Dec 20, 2023
When the kAppServiceStorage flag is enabled, AppService blocks the app publishers creating until it's ready, after reading from the AppStorage file. This affects some tests, e.g. DeviceAPIServiceRegularUserTest.*, because no data path for the profile: Received signal 11 SEGV_MAPERR 000000000017 ... #9 0x7fb1f37f6ec7 base::FilePath::Append() #10 0x7fb20a6396ec ash::BrowserContextHelper::GetBrowserContextPathByUserIdHash() #11 0x55d607da3a0c ash::ProfileHelperImpl::GetUserByProfile() #12 0x55d607da32f7 ash::ProfileHelper::IsPrimaryProfile() #13 0x55d616260503 NearbySharingServiceFactory::IsNearbyShareSupportedForBrowserContext() #14 0x55d6156cd0fc NotificationDisplayServiceImpl::NotificationDisplayServiceImpl() #15 0x55d6156ccc49 std::__Cr::make_unique<>() ... BrowserContextKeyedServiceFactory::GetServiceForBrowserContext() #20 0x55d6156ccab2 NotificationDisplayServiceFactory::GetForProfile() #21 0x55d605d350be apps::ExtensionAppsChromeOs::Initialize() #22 0x55d605d8041b apps::PublisherHost::Initialize() #23 0x55d605d8026c apps::PublisherHost::PublisherHost() Actually TestingProfile can create FakeChromeUserManager[1]. So we can get FakeChromeUserManager directly. Remove `scoped_user_manager_`, as that has been moved to TestProfile. [1] https://chromium-review.googlesource.com/c/chromium/src/+/5076443/20/chrome/test/base/testing_profile.cc BUG=1385932, b:307623506 Change-Id: Ib26c7fc9fcfa950e01246df6e13a8f3ee449b22b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5134109 Reviewed-by: Ben Franz <bfranz@chromium.org> Commit-Queue: Nancy Wang <nancylingwang@chromium.org> Cr-Commit-Position: refs/heads/main@{#1239047}
pull bot
pushed a commit
that referenced
this pull request
Jan 18, 2024
When the kAppServiceStorage flag is enabled, AppService blocks the app publishers creating until it's ready, after reading from the AppStorage file. This affects some tests, e.g. NetworkConfigurationUpdaterAshTest.*. Those tests crash because no data path for the profile: Received signal 11 SEGV_MAPERR 000000000017 ... #9 0x7fb71a1fe827 base::FilePath::Append() #10 0x7fb72e112a6c ash::BrowserContextHelper::GetBrowserContextPathByUserIdHash() #11 0x556a750dbf21 ash::ProfileHelperImpl::GetUserByProfile() #12 0x556a750db807 ash::ProfileHelper::IsPrimaryProfile() #13 0x556a834e83a3 NearbySharingServiceFactory::IsNearbyShareSupportedForBrowserContext() #14 0x556a8295719c NotificationDisplayServiceImpl::NotificationDisplayServiceImpl() #15 0x556a82956ce9 std::__Cr::make_unique<>() ... #19 0x7fb6fcef560c BrowserContextKeyedServiceFactory::GetServiceForBrowserContext() #20 0x556a82956b52 NotificationDisplayServiceFactory::GetForProfile() #21 0x556a7305f5be apps::ExtensionAppsChromeOs::Initialize() #22 0x556a730aa83b apps::PublisherHost::Initialize() #23 0x556a730aa68c apps::PublisherHost::PublisherHost() The reason should because of FakeUserManager. Actually the fake user manager is created in TestingProfile, so we don't need to build a new one, and we can get the user manager directly with: user_manager::UserManager::Get() Modify the test setup process to get the user manager directly, and remove `user_manager_` in the test code, as that has been moved to TestProfile. BUG=1385932, b:307623506 Change-Id: I5873858d5e18ca6196bc5b83ed38d87e1f18ae14 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5188272 Reviewed-by: Anqing Zhao <anqing@chromium.org> Commit-Queue: Nancy Wang <nancylingwang@chromium.org> Cr-Commit-Position: refs/heads/main@{#1248444}
pull bot
pushed a commit
that referenced
this pull request
Jan 19, 2024
...triggers entry doom and thus ends up running the operation queue in the wrong spot of creation (and entry op) completion handler. This can among other things result in this madness: #6 disk_cache::SimpleEntryImpl::CloseInternal() #7 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #8 SimpleEntryImpl::ScopedOperationRunner::~ScopedOperationRunner() #9 disk_cache::SimpleEntryImpl::WriteDataInternal() #10 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #11 SimpleEntryImpl::ScopedOperationRunner::~ScopedOperationRunner() #12 disk_cache::SimpleEntryImpl::WriteDataInternal() #13 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #14 disk_cache::SimpleEntryImpl::DoomEntry() #15 disk_cache::SimpleBackendImpl::DoomEntryFromHash() #16 disk_cache::SimpleBackendImpl::DoomEntries() #17 disk_cache::SimpleIndex::StartEvictionIfNeeded() #18 disk_cache::SimpleIndex::UpdateEntrySize() #19 disk_cache::SimpleEntryImpl::UpdateDataFromEntryStat() #20 disk_cache::SimpleEntryImpl::CreationOperationComplete() (namespace elided twice to avoid wrapping). ... which means we end up at the in_results = nullptr line near the bottom of CreationOperationComplete with null `synchronous_entry_`(!) (and a dangling in_results->sync_entry, where one would expect the two to be aliases). I *think* we won't actually deliver a callback from this state since we likely needed to be in optimistic path to got thus far, but I am not certain. Similarly, when this sort of thing happens from within read/write ops, it could potentially cause callbacks to be delivered in wrong order if the queued op ends up being a stream 0 operation, which can be executed without a round trip to a worker thread. Change-Id: Iac8058f0d18225677e361c6cdddf92d28fb4833f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5054619 Reviewed-by: Adam Rice <ricea@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Commit-Queue: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#1248862}
pull bot
pushed a commit
that referenced
this pull request
Apr 2, 2024
While investigating a black stripe that appears on the right border of a lacros window while it is been resized horizontally from the opposite border (left), it was figured that depending on the values of the window `origin`, `size` and `scale factor`, the black line was appearing or hidden. A continuous interactive window resize is the perfect scenario to replicate the bug intermittently, and give users the impression of a flashing black line. As an easy way to illustrate the issue, lets assume a lacros window with the following bounds in DIPS, `330,0 596x664`, and a device scale factor of `1.62574` - these values can replicate the problem of the vertical stripe appearing even without triggering a window resize. For instance, this bounds in DIPS becomes `536,0 970x1080` in pixels using DesktopWindowTreeHostPlatform::ConvertRectToPixels(). 1.1) During the window creation, the `ui::Compositor` instance gets its scale factor and size set in pixels. It happens when `Compositor::SetScaleAndSize()` is called. This is the stracktrace: ```` #1 0x592718b9d713 base::debug::StackTrace::StackTrace() #2 0x5927205f4655 ui::Compositor::SetScaleAndSize() #3 0x5927205eac3e aura::WindowTreeHost::UpdateCompositorScaleAndSize() #4 0x5927205ec714 aura::WindowTreeHost::OnHostResizedInPixels() #5 0x592721d2dc2e aura::WindowTreeHostPlatform::OnBoundsChanged() #6 0x592721d2cc40 views::DesktopWindowTreeHostLacros::OnBoundsChanged() #7 0x592721d2e1b9 aura::WindowTreeHostPlatform::OnStateUpdate() #8 0x592719b83731 ui::WaylandWindow::MaybeApplyLatestStateRequest() #9 0x592719b83074 ui::WaylandWindow::RequestState() #10 0x592719b7e189 ui::WaylandWindow::SetWindowScale() #11 0x592719b7d985 ui::WaylandWindow::UpdateWindowScale() #12 0x592719b789ad ui::WaylandToplevelWindow::UpdateWindowScale() #13 0x592719b77f15 ui::WaylandToplevelWindow::Show() #14 0x592721d3139d views::DesktopWindowTreeHostPlatform::Show() #15 0x592721d18b24 views::DesktopNativeWidgetAura::Show() #16 0x592721cd0a7c views::Widget::Show() #17 0x592724d06ffb BrowserView::Show() (...) ```` In practice, `aura::WindowTreeHostPlatform::OnBoundsChanged()` (frame #4) calls out to `WaylandWindow::GetBoundsInPixels()`, that translates `330,0 596x664` in DIPS to `536,0 970x1080` in pixels - see the method below. Ultimately, only the size is set to the ui::Compositor instance, ie `970x1080`. ```` void WindowTreeHostPlatform::OnBoundsChanged(const BoundsChange& change) { (...) float current_scale = compositor()->device_scale_factor(); float new_scale = ui::GetScaleFactorForNativeView(window()); auto weak_ref = GetWeakPtr(); auto new_size = GetBoundsInPixels().size(); <------ ````` 1.2) Meanwhile, `cc::Layer` instances for the window are also being created. During the layer tree creation, the layers' bounds are all set in DIPs. For instance, the root layer is created with an origin of `0,0` and bounds `596x664`, eg: ```` 2024-03-11T18:42:45.387311Z WARNING chrome[29500:29500]: [layer.cc(390)] #0 0x59271e998ce2 base::debug::CollectStackTrace() #1 0x592718b9d713 base::debug::StackTrace::StackTrace() #2 0x592725cc29d7 cc::Layer::SetBounds() #3 0x592725e2ee96 ui::Layer::SetBoundsFromAnimation() #4 0x5927265c0177 ui::LayerAnimator::SetBounds() #5 0x5927205d8fe0 aura::Window::SetBoundsInternal() #6 0x5927205d8f67 aura::Window::SetBounds() #7 0x5927205ea78e aura::WindowTreeHost::UpdateRootWindowSize() #8 0x5927205ea6df aura::WindowTreeHost::InitHost() #9 0x592721d30b36 views::DesktopWindowTreeHostPlatform::Init() #10 0x592721d16336 views::DesktopNativeWidgetAura::InitNativeWidget() #11 0x592725142c44 DesktopBrowserFrameAura::InitNativeWidget() #12 0x592721ccdd41 views::Widget::Init() #13 0x592724cf68af BrowserFrame::InitBrowserFrame() #14 0x592724db9f30 BrowserWindow::CreateBrowserWindow() #15 0x592724951ce0 Browser::Browser() #16 0x5927249511c6 Browser::Create() (...) ```` The layers' bounds get translated at places like `draw_property_utils.cc` `ComputeLocalRectInTargetSpace()`, with MathUtils::MapXXX() functions. In practice, `596x664` translates to `968.942x1079.49`, and finally gets rounded to `969x1080`. Hence, we have a root ui::Compositor size of 970x1080 and a root cc:Layer bounds of 969x1080. Using the visual debugger tool attached to lacros, one can see that all window-wide tiles's width are 969 [1]. OTOH, with the visual debugger tool attached to ash/chrome, we can see that the width the the root surface (lacros) is 970 [2]. This 1px different creates a "punch role" effect in the lacros window, and user sees whatever is underneath it rendered [3]. In the case of this bug, what the user sees is a trailing 1px wide line part of the so called "resize shadow". The user sees it through this unintentionally "punch hole" explained above. This CL changes the way PlatformWindowDelegate::State::size_px variable gets set in WaylandWindow::RequestState(), translating only its size from DIPs to pixels. This way we match how this variable is used in ui::Compositor level and cc::Layers et al (tiles, quads, overlayers, etc). As a way to illustrate the problem, see video [4]. It forcibly paints the 1px lacros root layer transparent buffer red with viz_debugger, so one can clearly see it "flashing" due to the rounding error being fixed here. [1] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54873934 [2] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54878944 [3] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54873933 [4] https://issues.chromium.org/action/issues/40876438/attachments/54936907 Bug: 40876438 Change-Id: Id36476d41e7a2c90f8a44337731a4cfad93e6a13 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5384752 Reviewed-by: Maksim Sisov <msisov@igalia.com> Commit-Queue: Antonio Gomes <tonikitoo@igalia.com> Cr-Commit-Position: refs/heads/main@{#1281135}
pull bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
This is part of the work to get cast on starboard building out of chromium. See go/moving-cwr-to-chromium for more information on the high-level goal. This is the crash that occurs without this CL: FATAL:event_factory_evdev.cc(247)] Check failed: user_input_task_runner_. #0 0x5643c4c23ed2 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] #1 0x5643c4c0dc62 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:229:20] #2 0x5643c4b15369 logging::LogMessage::Flush() [../../base/logging.cc:703:29] #3 0x5643c4b1524d logging::LogMessage::~LogMessage() [../../base/logging.cc:694:3] #4 0x5643c4afb6bf logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] #5 0x5643c4afb71e logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] #6 0x5643c4afb173 logging::CheckError::~CheckError() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] #7 0x5643c611fca5 ui::EventFactoryEvdev::Init() [../../ui/events/ozone/evdev/event_factory_evdev.cc:247:3] #8 0x5643c5f275f7 ui::PlatformEventSource::AddPlatformEventDispatcher() [../../ui/events/platform/platform_event_source.cc:54:3] #9 0x5643c11edb81 ui::(anonymous namespace)::OzonePlatformCast::CreatePlatformWindow() [../../third_party/libc++/src/include/__memory/unique_ptr.h:620:30] #10 0x5643c67cf017 aura::WindowTreeHostPlatform::CreatePlatformWindow() [../../ui/aura/window_tree_host_platform.cc:222:44] #11 0x5643c67cef76 aura::WindowTreeHostPlatform::CreateAndSetPlatformWindow() [../../ui/aura/window_tree_host_platform.cc:93:22] #12 0x5643c67cef2a aura::WindowTreeHostPlatform::WindowTreeHostPlatform() [../../ui/aura/window_tree_host_platform.cc:71:3] #13 0x5643c24eb8d1 chromecast::CastWindowTreeHostAura::CastWindowTreeHostAura() [../../chromecast/graphics/cast_window_tree_host_aura.cc:17:7] #14 0x5643c24e937e chromecast::CastWindowManagerAura::Setup() [../../third_party/libc++/src/include/__memory/unique_ptr.h:620:30] #15 0x5643c24a324d chromecast::shell::CastBrowserMainParts::PreMainMessageLoopRun() [../../chromecast/browser/cast_browser_main_parts.cc:627:20] Bug: b/333571227 Change-Id: I7fd21eec0708282fc14d1b6dd578032ba06187c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5439606 Reviewed-by: Luke Halliwell <halliwell@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Commit-Queue: Antonio Rivera <antoniori@google.com> Cr-Commit-Position: refs/heads/main@{#1285202}
pull bot
pushed a commit
that referenced
this pull request
Apr 20, 2024
This reverts commit c07cbfe. Reason for revert: relanding with tests and fixes Original change's description: > Revert "Get WrapperTypeInfo via ScriptWrappable" > > This reverts commit 81b6e3d. > > Reason for revert: Breaks AutotestPrivateApiTest.AutotestPrivate on linux-chromeos-rel > > https://ci.chromium.org/ui/p/chromium/builders/luci.chromium.ci/linux-chromeos-rel > Sample failure: https://ci.chromium.org/ui/p/chromium/builders/ci/linux-chromeos-rel/75905/overview > > I think this is the relevant part of the stack trace: > > ../../content/public/test/no_renderer_crashes_assertion.cc:102: Failure > Failed > Unexpected termination of a renderer process; status: 3, exit_code: 139 > Stack trace: > #0 0x563e8b77c0da content::NoRendererCrashesAssertion::RenderProcessExited() > #1 0x563e8967d8c4 content::RenderProcessHostImpl::ProcessDied() > #2 0x563e8967d72c content::RenderProcessHostImpl::OnChannelError() > #3 0x563e8ae3ecb5 base::TaskAnnotator::RunTaskImpl() > #4 0x563e8ae583dd base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl() > #5 0x563e8ae57e60 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() > #6 0x563e8ae58845 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() > #7 0x563e8aec2fef base::MessagePumpEpoll::Run() > #8 0x563e8ae58bb2 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run() > #9 0x563e8ae1e7fd base::RunLoop::Run() > #10 0x563e91a0c6c9 extensions::ResultCatcher::GetNextResult() > #11 0x563e8ad7fcf6 extensions::ExtensionApiTest::RunExtensionTest() > #12 0x563e8ad7f999 extensions::ExtensionApiTest::RunExtensionTest() > #13 0x563e854402ed extensions::AutotestPrivateApiTest::RunAutotestPrivateExtensionTest() > > Original change's description: > > Get WrapperTypeInfo via ScriptWrappable > > > > as opposed to using a dedicated internal field for that. > > > > Bug: 328117814 > > Change-Id: I01f9aff3ad8a41fafbd2655d23f076a0f76fdc57 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5455405 > > Reviewed-by: Nate Chapin <japhet@chromium.org> > > Commit-Queue: Andrey Kosyakov <caseq@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#1288405} > > Bug: 328117814 > Change-Id: Id0ad5b6bcab7a99cf31d551df00928708dd93465 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5459075 > Reviewed-by: Jiacheng Guo <gjc@google.com> > Auto-Submit: Timothy Loh <timloh@chromium.org> > Commit-Queue: Jiacheng Guo <gjc@google.com> > Owners-Override: Timothy Loh <timloh@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1288546} Bug: 328117814 Change-Id: Icc69d23b24b71adc9332e3a01c91f336506c035f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466905 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#1290020}
pull bot
pushed a commit
that referenced
this pull request
Apr 20, 2024
Example builder failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/119860/overview. crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: [840814:1:0419/092311.735189:FATAL:ax_object.cc(3129)] Check failed: !IsDetached(). STDERR: #0 0x7f57ed36492c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] STDERR: #1 0x7f57ed316545 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:236:20] STDERR: #2 0x7f57ed3164d5 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:231:28] STDERR: #3 0x7f57ed0349bf logging::LogMessage::Flush() [../../base/logging.cc:710:29] STDERR: #4 0x7f57ed0348e7 logging::LogMessage::~LogMessage() [../../base/logging.cc:698:3] STDERR: #5 0x7f57ecfdbfc5 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] STDERR: #6 0x7f57ecfdbfe9 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] STDERR: #7 0x7f57ecfdcdcc std::__Cr::default_delete<>::operator()() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] STDERR: #8 0x7f57ecfdc32a std::__Cr::unique_ptr<>::reset() [../../third_party/libc++/src/include/__memory/unique_ptr.h:278:7] STDERR: #9 0x7f57ecfdb90d logging::CheckError::~CheckError() [../../base/check.cc:349:16] STDERR: #10 0x7f57bb3ae68b blink::AXObject::IsIncludedInTree() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:3129:3] STDERR: #11 0x7f57bb3a43a4 blink::AXObject::ToString() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:8108:30] STDERR: #12 0x7f57bb3a2a52 blink::AXObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:782:35] STDERR: #13 0x7f57bb3556e6 blink::AXNodeObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_node_object.cc:2377:13] STDERR: #14 0x7f57bb3ec319 blink::AXObjectCacheImpl::Remove() .... Bug: 40933623 Change-Id: Ic447ade12398f7666c4f6f4def61c2e3723feb43 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466669 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Liviu Tinta <liviutinta@chromium.org> Auto-Submit: Liviu Tinta <liviutinta@chromium.org> Owners-Override: Liviu Tinta <liviutinta@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1290248}
pull bot
pushed a commit
that referenced
this pull request
Apr 22, 2024
This reverts commit 6578c4f. Reason for revert: Offending DCHECK was fixed and removed with https://crrev.com/c/5464203. Tests can probably be re-enabled. Original change's description: > [Gardener] Disable tests failing !IsDetached check > > Example builder failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/119860/overview. > > crash log for renderer (pid <unknown>): > STDOUT: <empty> > STDERR: [840814:1:0419/092311.735189:FATAL:ax_object.cc(3129)] Check failed: !IsDetached(). > STDERR: #0 0x7f57ed36492c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] > STDERR: #1 0x7f57ed316545 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:236:20] > STDERR: #2 0x7f57ed3164d5 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:231:28] > STDERR: #3 0x7f57ed0349bf logging::LogMessage::Flush() [../../base/logging.cc:710:29] > STDERR: #4 0x7f57ed0348e7 logging::LogMessage::~LogMessage() [../../base/logging.cc:698:3] > STDERR: #5 0x7f57ecfdbfc5 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] > STDERR: #6 0x7f57ecfdbfe9 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] > STDERR: #7 0x7f57ecfdcdcc std::__Cr::default_delete<>::operator()() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] > STDERR: #8 0x7f57ecfdc32a std::__Cr::unique_ptr<>::reset() [../../third_party/libc++/src/include/__memory/unique_ptr.h:278:7] > STDERR: #9 0x7f57ecfdb90d logging::CheckError::~CheckError() [../../base/check.cc:349:16] > STDERR: #10 0x7f57bb3ae68b blink::AXObject::IsIncludedInTree() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:3129:3] > STDERR: #11 0x7f57bb3a43a4 blink::AXObject::ToString() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:8108:30] > STDERR: #12 0x7f57bb3a2a52 blink::AXObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:782:35] > STDERR: #13 0x7f57bb3556e6 blink::AXNodeObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_node_object.cc:2377:13] > STDERR: #14 0x7f57bb3ec319 blink::AXObjectCacheImpl::Remove() > .... > > Bug: 40933623 > Change-Id: Ic447ade12398f7666c4f6f4def61c2e3723feb43 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466669 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Reviewed-by: Liviu Tinta <liviutinta@chromium.org> > Auto-Submit: Liviu Tinta <liviutinta@chromium.org> > Owners-Override: Liviu Tinta <liviutinta@chromium.org> > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1290248} Bug: 40933623 Change-Id: Ib77c888c8c8a1209a18ddd93f7c07d17c50a04a5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5465688 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#1290555}
pull bot
pushed a commit
that referenced
this pull request
May 21, 2024
Attempting to initialize the GPU triggers MSan failures in GL with eager
checks enabled in MSan:
Uninitialized bytes in strlen at offset 0 inside [0x70200013dec0, 30)
==589==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7fffeeba96de in glLabelObjectEXT (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x4f6de)
#1 0x7fffeeba9b10 in glLabelObjectEXT (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x4fb10)
#2 0x7fffeeb879a3 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x2d9a3)
#3 0x7fffeeb894c0 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x2f4c0)
#4 0x7fffeeb8e400 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x34400)
#5 0x7fffeeb8f384 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x35384)
#6 0x7fffeeb8bd9a (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x31d9a)
#7 0x7fffecceb484 in queryExtensionsString third_party/angle/src/libANGLE/renderer/gl/glx/FunctionsGLX.cpp:354:12
#8 0x7fffecceb484 in rx::FunctionsGLX::initialize(_XDisplay*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>*) third_party/angle/src/libANGLE/renderer/gl/glx/FunctionsGLX.cpp:223:30
#9 0x7fffeccdada2 in rx::DisplayGLX::initialize(egl::Display*) third_party/angle/src/libANGLE/renderer/gl/glx/DisplayGLX.cpp:114:15
#10 0x7fffec70f649 in egl::Display::initialize() third_party/angle/src/libANGLE/Display.cpp:1082:36
#11 0x7fffec0bed17 in egl::Initialize(egl::Thread*, egl::Display*, int*, int*) third_party/angle/src/libGLESv2/egl_stubs.cpp:514:5
#12 0x7fffec0c6319 in EGL_Initialize third_party/angle/src/libGLESv2/entry_points_egl_autogen.cpp:571:27
#13 0x7fffefc4000d in eglInitialize third_party/angle/src/libEGL/libEGL_autogen.cpp:177:12
#14 0x5555868ec92a in gl::GLDisplayEGL::InitializeDisplay(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::EGLDisplayPlatform, gl::GLDisplayEGL*) ui/gl/gl_display.cc:769:10
#15 0x5555868eb310 in gl::GLDisplayEGL::Initialize(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::EGLDisplayPlatform) ui/gl/gl_display.cc:660:8
#16 0x55556c6f1957 in ui::GLOzoneEGL::InitializeGLOneOffPlatform(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::GpuPreference) ui/ozone/common/gl_ozone_egl.cc:25:17
#17 0x55558b1a8999 in gl::init::InitializeGLOneOffPlatform(gl::GpuPreference) ui/gl/init/gl_initializer_ozone.cc:27:26
#18 0x55558b1a6978 in gl::init::InitializeGLOneOffPlatformImplementation(bool, bool, bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:211:24
#19 0x55558b1a6208 in gl::init::(anonymous namespace)::InitializeGLOneOffPlatformHelper(bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:135:10
#20 0x55558b1a662d in gl::init::InitializeGLNoExtensionsOneOff(bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:166:10
#21 0x55558b227379 in gpu::GpuInit::InitializeAndStartSandbox(base::CommandLine*, gpu::GpuPreferences const&) gpu/ipc/service/gpu_init.cc:495:18
#22 0x55559ab41ce4 in content::GpuMain(content::MainFunctionParams) content/gpu/gpu_main.cc:358:39
#23 0x55557b5888da in content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:685:14
#24 0x55557b58abad in content::RunOtherNamedProcessTypeMain(std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, content::MainFunctionParams, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:789:12
#25 0x55557b58e4fe in content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:1156:10
#26 0x55557b585aaf in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) content/app/content_main.cc:332:36
#27 0x55557b58644a in content::ContentMain(content::ContentMainParams) content/app/content_main.cc:345:10
#28 0x555580df9c37 in content::LaunchTestsInternal(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:385:12
#29 0x555580dfab58 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:504:10
#30 0x555582b8afec in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) chrome/test/base/chrome_test_launcher.cc:392:10
#31 0x55557d422a0e in main chrome/test/base/browser_tests_main.cc:60:10
#32 0x7ffff48456c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#33 0x7ffff4845784 in __libc_start_main csu/../csu/libc-start.c:360:3
#34 0x55555e647029 in _start (/usr/local/google/home/dcheng/src/chrome/src/out/msan/browser_tests+0x90f3029) (BuildId: 6cbc295b16ac1107)
Uninitialized value was created by a heap allocation
#0 0x55555e675a22 in malloc /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/msan/msan_interceptors.cpp:1021:3
#1 0x7ffff489b087 in __vasprintf_internal libio/vasprintf.c:116:16
#2 0x4ae8d349882b18ff (<unknown module>)
Bug: 40240570
Change-Id: If59faa297e214b7219ebb4c5c9572b44a33ee070
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5548826
Reviewed-by: Elad Alon <eladalon@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1303583}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )