[pull] master from chromium:master #6

pull · 2021-08-31T05:04:38Z

See Commits and Changes for more details.

Can you help keep this open source service alive? 💖 Please sponsor : )

Render-process: Raise an exception of focus() is called multiple times. Browser-process: Kill the render process if it sends more than one message concerning an explicit call to focus(). Design-doc: https://docs.google.com/document/d/1LHJRt-ry9hwzFTbPxKrmD0VvtEFEU6lvqsD7k6wwGKM Bug: 1215480 Change-Id: I64792fda8ccdf88c61edd229ad400b38a931d6c3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3131040 Commit-Queue: Elad Alon <eladalon@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Henrik Boström <hbos@chromium.org> Cr-Commit-Position: refs/heads/main@{#916804}

This reverts commit 4f0f07d. Reason for revert: This is causing failures on the asan/lsan bot. https://bugs.chromium.org/p/chromium/issues/detail?id=1250054 ==7374==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55b1cff1c2ce in find_if<std::__1::__wrap_iter<base::internal::UncheckedObserverAdapter *>, (lambda at ../../base/ranges/algorithm.h:31:10)> ./../../buildtools/third_party/libc++/trunk/include/algorithm:942:5 #1 0x55b1cff1c2ce in find_if<std::__1::__wrap_iter<base::internal::UncheckedObserverAdapter *>, (lambda at ../../base/observer_list.h:284:21), base::identity, std::__1::random_access_iterator_tag> ./../../base/ranges/algorithm.h:465:10 #2 0x55b1cff1c2ce in find_if<std::__1::vector<base::internal::UncheckedObserverAdapter, std::__1::allocator<base::internal::UncheckedObserverAdapter> > &, (lambda at ../../base/observer_list.h:284:21), base::identity, std::__1::random_access_iterator_tag> ./../../base/ranges/algorithm.h:483:10 #3 0x55b1cff1c2ce in base::ObserverList<aura::EnvObserver, false, true, base::internal::UncheckedObserverAdapter>::RemoveObserver(aura::EnvObserver const*) ./../../base/observer_list.h:283:21 #4 0x55b1b16a5284 in Reset ./../../base/scoped_observation.h:69:7 #5 0x55b1b16a5284 in base::ScopedObservation<aura::Env, aura::EnvObserver, &(aura::Env::AddObserver(aura::EnvObserver*)), &(aura::Env::RemoveObserver(aura::EnvObserver*))>::~ScopedObservation() ./../../base/scoped_observation.h:53:26 #6 0x55b1c95200e4 in ash::ArcOverlayManager::~ArcOverlayManager() ./../../ash/public/cpp/external_arc/overlay/arc_overlay_manager.cc:52:1 #7 0x55b1c9520174 in ash::ArcOverlayManager::~ArcOverlayManager() arc_overlay_manager.cc:0:0 #8 0x55b1b0a0deea in operator() ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:54:5 #9 0x55b1b0a0deea in reset ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:315:7 #10 0x55b1b0a0deea in ~unique_ptr ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:269:19 #11 0x55b1b0a0deea in payments::(anonymous namespace)::AndroidPaymentAppFactoryTest::~AndroidPaymentAppFactoryTest() ./../../chrome/browser/payments/android_payment_app_factory_browsertest.cc:29:52 #12 0x55b1b0a10f5c in payments::(anonymous Original change's description: > [Web Payment] App store billing never shows browser UI. > > Before this patch, immediately resolving the promise passed into > PaymentRequest.show() (the so-called "show() promise"), e.g., by calling > PaymentRequest.show(Promise.resolve({})), would have the possibility of > both showing the browser payment sheet and invoking the payment app, > because the code did not expect that the promise would be resolved > faster than enumerating the locally installed payment apps. > > This patch prevents invoking a payment app or showing the browser > payment sheet when the show() promise resolves before the locally > installed payment apps have been enumerated. > > After this patch, immediately resolving the show() promise will not > result in both showing the browser payment sheet and invoking the > payment app at the same time. > > Bug: 1237921 > Change-Id: I132700146d6f9334a5c56d136f80fcdc62873313 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3160759 > Reviewed-by: Jeevan Shikaram <jshikaram@chromium.org> > Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> > Cr-Commit-Position: refs/heads/main@{#921617} Bug: 1237921 Change-Id: I8a1e6c7c6080b175d180d4c37d2fbc3d7eb77af0 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3163453 Auto-Submit: Scott Violet <sky@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/main@{#921917}

Re-enable * ContinuousSearchTabHelperTest * Started timing out on Tablets - should only run on phones so added UiRestriction. * ContinuousSearchUiTest * Crashed on L * Fixed as part of L crash fix https://crbug.com/1241626 but test stayed disabled. Bug: 1246411, 1242436 Change-Id: I02e27613f14948eed529071a11d5335f931d771f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3166272 Reviewed-by: Yashar Dabiran <yashard@chromium.org> Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org> Cr-Commit-Position: refs/heads/main@{#922519}

If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/rts-windows-amd64-chromium-autoroll Please CC guterman@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: guterman@google.com Change-Id: Ie1091a3f8137a47be3f8620d1b7a44208b98d4e7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168797 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922520}

Roll Chrome Linux PGO profile from chrome-linux-main-1631857934-ef2cd07991a0f1dc50b23e31aabeba91924a3945.profdata to chrome-linux-main-1631878093-ed5829c803be50703d69eb10c20513adf2ef6630.profdata If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/pgo-linux-chromium Please CC pgo-profile-sheriffs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium main branch: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Cq-Include-Trybots: luci.chrome.try:linux-chrome Tbr: pgo-profile-sheriffs@google.com Change-Id: I72549fea8a5e9694393b022bd22378c184a4ece7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168807 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922521}

Roll Chrome Mac PGO profile from chrome-mac-main-1631857934-e266b6ba6c69f06c8d6cd06e0e25c9e5b9e5e531.profdata to chrome-mac-main-1631878093-ac00b01ae080696760daa8653d5a32eec229b375.profdata If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/pgo-mac-chromium Please CC pgo-profile-sheriffs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium main branch: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Cq-Include-Trybots: luci.chrome.try:mac-chrome Tbr: pgo-profile-sheriffs@google.com Change-Id: Ie9849c81bc4cdfb834f89dfd14d0214bc216a6aa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168047 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922522}

Add efi secure boot to BootMode in SystemInfoV2. BUG=b:199040975 TEST=CQ Change-Id: I46ce6d02d23bbee82acb22bbf1adc15add9a40d5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167255 Reviewed-by: Sam McNally <sammc@chromium.org> Commit-Queue: Chung-Sheng Wu <chungsheng@chromium.org> Cr-Commit-Position: refs/heads/main@{#922523}

https://chromium.googlesource.com/catapult.git/+log/6b072fac8819..57c353ca1063 2021-09-16 bsheedy@chromium.org Revert "Remove support for old play core versions." 2021-09-16 heiserya@google.com Add pyparsing library 2021-09-15 heiserya@google.com Increase pinpoint build retention period to 60 days (from 10) 2021-09-15 heiserya@google.com Use sys.version_info.major instead of six.PY3 in dashboard 2021-09-15 johnchen@chromium.org [Pinpoint] Delete cached builds containing isolates 2021-09-15 ntfschr@chromium.org Devil: add version_codes.S constant 2021-09-15 bsheedy@chromium.org Revert "[Pinpoint] Make fallback targets lists" 2021-09-14 bsheedy@chromium.org [Telemetry] Make full logging wrapper actually usable 2021-09-14 heiserya@google.com Add six to pinpoint.yaml 2021-09-14 landrey@google.com Correctly determine change direction 2021-09-14 eduardoyap@google.com Switch refs/heads/master references to refs/heads/main. 2021-09-14 heiserya@google.com Export Pinpoint results into BigQuery 2021-09-14 bsheedy@chromium.org [Telemetry] Add full logging artifact wrapper 2021-09-14 wnwen@chromium.org Remove support for old play core versions. If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/catapult-autoroll Please CC eseckler@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:chromeos-kevin-rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel Bug: chromium:1133648,chromium:1205848,chromium:1220662,chromium:1231290,chromium:1239769,chromium:1241484,chromium:1249302,chromium:1250069 Tbr: eseckler@google.com Test: Test: N/A Change-Id: If09f6b49cf2f8dd34af6bba35d5850bf2b2996cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168041 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922524}

Bug: v8:11429 Change-Id: Ife54bd5ee0b1e3a3d955ce7db7c47d9ecbc8bbdf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168871 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922525}

Migrate the HID detection screen to ES6 class syntax and add directives to generate its Polymer3 version. TEST=Polymer3 browser tests failing due to waiting for next screen. Bug: 1184731 Change-Id: Iac70d255680f217de4523dcfcb10cd2f31397c68 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3162978 Reviewed-by: Roman Aleksandrov <raleksandrov@google.com> Commit-Queue: Renato Silva <rrsilva@google.com> Cr-Commit-Position: refs/heads/main@{#922526}

In these previous CLs: https://chromium-review.googlesource.com/c/chromium/src/+/3160696 https://chromium-review.googlesource.com/c/chromium/src/+/3158166 We managed to deflake some paint worklet layout tests, and the flakiness dashboard shows that they are no longer flaky. This CL changes the expectation for those tests. Specifically they are no longer crashing, but they do timeout sometimes, and this is now associated with another bug number. Bug: 1250666 Change-Id: I71c8012dd75f1b3c15fe6bdf8e9db5edbfe0ed96 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168931 Reviewed-by: Kevin Ellis <kevers@chromium.org> Commit-Queue: Xida Chen <xidachen@chromium.org> Cr-Commit-Position: refs/heads/main@{#922527}

RenderPassBuilder is a test helper to construct CompositorRenderPasses for tests. The general approach is to provide AddFooQuad() functions that add FooDrawQuads. Most quad parameters are pulled out into POD structs that can be omitted if the default values are suitable. This CL also convert a few SurfaceAggregator tests as examples. Bug: 1194082 Change-Id: I75d26d2c61ee5ae0423213b40067b64859a1ec87 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3161137 Reviewed-by: Peter McNeeley <petermcneeley@chromium.org> Commit-Queue: kylechar <kylechar@chromium.org> Cr-Commit-Position: refs/heads/main@{#922528}

This reverts commit a4b6a06. Reason for revert: speculative revert for crbug/1250013. Original change's description: > Skip GL shared image backing on display > > If display is not using GL to composite, then it should not need any > GL-based shared image backing. > > Bug: 1143279 > Change-Id: I3eba3b3ddf732df8d56f4bd755c3211b5040a4f2 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3159550 > Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> > Commit-Queue: Bo <boliu@chromium.org> > Cr-Commit-Position: refs/heads/main@{#921357} Bug: 1143279, 1250013 Change-Id: I71481d571121b1c6a06e0499567b3b62683e678e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167863 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Wei-Yin Chen (陳威尹) <wychen@chromium.org> Commit-Queue: Rohit Agarwal <roagarwal@chromium.org> Reviewed-by: Rohit Agarwal <roagarwal@chromium.org> Owners-Override: Rohit Agarwal <roagarwal@chromium.org> Cr-Commit-Position: refs/heads/main@{#922529}

https://chromium.googlesource.com/native_client/src/native_client.git/+log/deb4bc0700c0..214b3d35827e 2021-09-17 fabiansommer@chromium.org Make build scripts and tests py3 compatible (1) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/nacl-autoroll Please CC mseaborn@chromium.org on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Bug: chromium:1205898 Tbr: mseaborn@chromium.org Change-Id: I54247e9fc6864c111941bf1ffa4dd71e20150e93 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168994 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922530}

Bug: 1250688 Change-Id: I5f6fe01514c0e514ffe9b43266727844e9a2473a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168778 Auto-Submit: Eric Seckler <eseckler@chromium.org> Commit-Queue: Sami Kyöstilä <skyostil@chromium.org> Reviewed-by: Sami Kyöstilä <skyostil@chromium.org> Cr-Commit-Position: refs/heads/main@{#922531}

If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/rts-mac-amd64-chromium-autoroll Please CC guterman@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: guterman@google.com Change-Id: I7102a9ead42a8e4beb263033c0e00f719e4606e2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168045 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922532}

The IsFormControlVisible() function may be very expensive even if its name does not suggest it. It iterates through the whole DOM first to find the FormControlElement based on its field renderer id, and then checks if this element is visible. By deleting it we want to avoid use cases where the caller already knows the form control element. In this change we also delete the IsFormVisible() function, which was used only in one place in the codebase. This change preserves equivalence. Bug: 1201875, 1007974 Change-Id: Ie8bbfae617b3d438e18e5054211d1b9a1fe49cde Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3152136 Reviewed-by: Christoph Schwering <schwering@google.com> Reviewed-by: Matthias Körber <koerber@google.com> Commit-Queue: Eva Herencsárová <evih@google.com> Cr-Commit-Position: refs/heads/main@{#922533}

Change-Id: I4d5c2d445c8b77b04e47570a949ac44dfd26418a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168753 Auto-Submit: Ben Mason <benmason@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922534}

Bug: 1250653 Change-Id: Iff389869fb9fd82ec6e27007120ea3aa23d333b2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168592 Commit-Queue: Olesia Marukhno <olesiamarukhno@google.com> Reviewed-by: Christian Dullweber <dullweber@chromium.org> Cr-Commit-Position: refs/heads/main@{#922535}

https://android.googlesource.com/platform/external/perfetto.git/+log/0ae7c36fd528..a9118d769009 If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/perfetto-trace-processor-linux-chromium Please CC perfetto-bugs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: perfetto-bugs@google.com Change-Id: Id512a6bb96353b0f5657a8a41f2365fc25e02347 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3166776 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922536}

This CL adds a preview for images. Fixed: 1237932, 1237933, 1237931 Change-Id: I787a40290209c9e8b7b2b57dc443667fcede5347 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3165238 Commit-Queue: Gauthier Ambard <gambard@chromium.org> Reviewed-by: David Jean <djean@chromium.org> Cr-Commit-Position: refs/heads/main@{#922537}

To improve readability, this change replaces the use cases of getting the form's/field's renderer id and creating a FormRendererId/FieldRendererId object from it by calling the GetFormRendererId()/GetFieldRendererId() function. This change preserves equivalence. Bug: 1007974 Change-Id: I3c04d3b28576932e1d9e622d4abf6dca0e79416a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3151881 Commit-Queue: Eva Herencsárová <evih@google.com> Reviewed-by: Christoph Schwering <schwering@google.com> Reviewed-by: Matthias Körber <koerber@google.com> Cr-Commit-Position: refs/heads/main@{#922538}

Bug: 794619 Change-Id: I5eb6a4ac0072e61c7638e6cacd402a86bb1a9354 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3152198 Auto-Submit: Peter Kasting <pkasting@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/main@{#922539}

During a rebase the typemaps accidently got deleted. https://chromium-review.googlesource.com/c/chromium/src/+/3088135/5..6 This CL restores them. Bug: 1199077 Change-Id: I7ed5df23ee1594ced20975166a75d0891256b1de Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167070 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/main@{#922540}

https://android.googlesource.com/platform/external/perfetto.git/+log/0ae7c36fd528..a9118d769009 If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/perfetto-trace-processor-mac-chromium Please CC perfetto-bugs@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: perfetto-bugs@google.com Change-Id: Iee810d190baacdc33ce1feef4b157d0da04ed8d0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3166900 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922541}

This reverts commit af9a35b. Reason for revert: The original CL was innocent. The revert didn't fix the problem. Original change's description: > Revert "[WebTransport] Update IDL interfaces" > > This reverts commit e2e578b. > > Reason for revert: The failure is due to some changes in Webtransport. This and another CL are the main two suspects. See the failure https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket/8835850329184843521/+/u/compile/stdout > > Original change's description: > > [WebTransport] Update IDL interfaces > > > > Removed: > > - SendStream > > - ReceiveStream > > - StreamAbortInfo > > - BidirectionalStream.writingAborted > > - BidirectionalStream.abortWriting > > - BidirectionalStream.readingAborted > > - BidirectionalStream.abortReading > > - WebTransport.datagramWritable > > - WebTransport.datagramReadable > > - WebTransport.setDatagramWritableQueueExpirationDuration > > > > Renamed: > > - DatagramDuplexStream => WebTransportDatagramDuplexStream > > - BidirectionalStream => WebTransportBidirectionalStream > > > > Bug: 1011392 > > Change-Id: Id8702bf1c8c0937211610ecf30a7a79c37fd7513 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3165256 > > Commit-Queue: Yutaka Hirano <yhirano@chromium.org> > > Reviewed-by: Adam Rice <ricea@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#922444} > > Bug: 1011392 > Change-Id: Ie81ab632713eae57d5cbad7afc8f79d2522cfca9 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168495 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Reviewed-by: Martin Rodriguez <rodmartin@google.com> > Reviewed-by: Sergey Poromov <poromov@chromium.org> > Owners-Override: Amr Aboelkher <amraboelkher@google.com> > Commit-Queue: Amr Aboelkher <amraboelkher@google.com> > Cr-Commit-Position: refs/heads/main@{#922485} Bug: 1011392 Change-Id: Ib9dfafed699f095f7b14079ee8621b03b035eee6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168515 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Amr Aboelkher <amraboelkher@google.com> Reviewed-by: Amr Aboelkher <amraboelkher@google.com> Owners-Override: Amr Aboelkher <amraboelkher@google.com> Cr-Commit-Position: refs/heads/main@{#922542}

Migrate the ActiveDirectory password change screen to ES6 class syntax and add directives to generate its Polymer3 version. Also fix an issue with the variables names that was caught by the closure compiler. Bug: 1184731 Change-Id: If3e1034ea762e122873db1a5b303ec2a8ef6d2c1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3165137 Commit-Queue: Renato Silva <rrsilva@google.com> Reviewed-by: Roman Aleksandrov <raleksandrov@google.com> Cr-Commit-Position: refs/heads/main@{#922543}

As per the linked bug, ChromeVox currently reads out the following four strings when focussing the "Turn on" button: 1- Developers 2- Button 3- Run Linux tools, editors and IDEs on your Chromebook. Learn more 4- Press Search plus Space to activate This CL removes the aria-label which makes the main description be "Developers", and instead be the actual text "Turn on". Bug: 1227818 Change-Id: I57c25ce4792addf8f022497e61bc98469ea445b2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167116 Auto-Submit: Timothy Loh <timloh@chromium.org> Commit-Queue: Kyle Horimoto <khorimoto@chromium.org> Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Commit-Position: refs/heads/main@{#922544}

If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/androidx-chromium Please CC clank-library-failures@google.com,mheikal@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md Tbr: clank-library-failures@google.com,mheikal@google.com Change-Id: I2ff9dc24627c8d774010167e271973de27864e58 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3168103 Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Bot-Commit: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#922545}

… LogMessage." This reverts commit 07a88f3. Reason for revert: breaks MSAN bot https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/37602/test-results [ RUN ] CStringBuilderTestPA.Char ==313264==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x563432178a89 in partition_alloc::internal::base::strings::CStringBuilder::c_str() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder.cc:145:7 #1 0x563431d9652c in partition_alloc::internal::base::strings::CStringBuilderTestPA_Char_Test::TestBody() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder_pa_unittest.cc:33:3 #2 0x5634322101ba in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #3 0x5634322101ba in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2670:5 #4 0x563432212ae1 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2849:11 #5 0x563432214b72 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3008:30 #6 0x563432242552 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5866:44 #7 0x563432241624 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 #8 0x563432241624 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5440:10 #9 0x5634329698b0 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 #10 0x5634329698b0 in base::TestSuite::Run() ./../../base/test/test_suite.cc:461:16 #11 0x5634329cc377 in Run ./../../base/functional/callback.h:152:12 #12 0x5634329cc377 in RunTestSuite ./../../base/test/launcher/unit_test_launcher.cc:179:38 #13 0x5634329cc377 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:240:10 #14 0x5634329cba64 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:288:10 #15 0x5634328f3de4 in main ./../../base/test/run_all_unittests.cc:70:10 #16 0x7f308e293082 in __libc_start_main ??:0:0 #17 0x56342e6a1349 in _start ??:0:0 Uninitialized value was created by an allocation of 'builder' in the stack frame #0 0x563431d96365 in partition_alloc::internal::base::strings::CStringBuilderTestPA_Char_Test::TestBody() ./../../base/allocator/partition_allocator/partition_alloc_base/strings/cstring_builder_pa_unittest.cc:31:3 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/b/s/w/ir/out/Release/base_unittests+0x43f5a89) (BuildId: 039152aa25034492) Exiting Original change's description: > [PA] Add CStringBuilder to replace std::ostringstream used by LogMessage. > > Since std::ostringstream allocates and deallocates memory from heap, c.f. https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:buildtools/third_party/libc++/trunk/src/ios.cpp > > std::ostringstream is not available inside memory allocation. Instead > add CStringBuilder (not resize, fixed buffer size) for LogMessage. > > Change-Id: I8051978487acc5fc9b976d6085909b43f81d9d0d > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4744311 > Reviewed-by: Yuki Shiino <yukishiino@chromium.org> > Commit-Queue: Takashi Sakamoto <tasak@google.com> > Cr-Commit-Position: refs/heads/main@{#1179481} Change-Id: Idb29e3252d9fe67955c0ae25ab46640ebfdae336 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4748189 Auto-Submit: David Roger <droger@chromium.org> Owners-Override: David Roger <droger@chromium.org> Commit-Queue: David Roger <droger@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1179539}

This reverts commit 9888813. Reason for revert: Roll forward with msan fix. Original change's description: > Revert "Explicitly check when local time conversion fails." > > This reverts commit 7e52434. > > Reason for revert: the new test is failing, and is likely causing other tests to fail as well. > > See: > https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/37593/test-results?sortby=&groupby= > > Sample failure: > > [ RUN ] TimeOfDayTest.ReturnsNullTimeWhenLocalTimeFails > ==324697==WARNING: MemorySanitizer: use-of-uninitialized-value > #0 0x5632f6dd4ee3 in base::Time::Exploded::HasValidValues() const ./../../base/time/time.cc:302:23 > #1 0x5632f61d489d in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:54:12 > #2 0x5632ea366c82 in ash::(anonymous namespace)::TimeOfDayTest_ReturnsNullTimeWhenLocalTimeFails_Test::TestBody() ./../../ash/system/time/time_of_day_unittest.cc:98:3 > #3 0x5632f496278c in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 > #4 0x5632f496278c in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2670:5 > #5 0x5632f49650b3 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2849:11 > #6 0x5632f4967144 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3008:30 > #7 0x5632f4994c10 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5866:44 > #8 0x5632f4993ce2 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest-internal-inl.h:0:10 > #9 0x5632f4993ce2 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5440:10 > #10 0x5632f6f60f30 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73 > #11 0x5632f6f60f30 in base::TestSuite::Run() ./../../base/test/test_suite.cc:461:16 > #12 0x5632f6f6c137 in Run ./../../base/functional/callback.h:152:12 > #13 0x5632f6f6c137 in RunTestSuite ./../../base/test/launcher/unit_test_launcher.cc:179:38 > #14 0x5632f6f6c137 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:240:10 > #15 0x5632f6f6b824 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:288:10 > #16 0x5632f68395ae in main ./../../ash/test/ash_unittests.cc:29:10 > #17 0x7f1f985cd082 in __libc_start_main ??:0:0 > #18 0x5632e637b029 in _start ??:0:0 > > Uninitialized value was created by an allocation of 'now' in the stack frame > #0 0x5632f61d4706 in ash::TimeOfDay::ToTimeToday() const ./../../ash/system/time/time_of_day.cc:48:3 > > > Other tests seem to be failing for the same reasons, e.g. > ScheduledFeatureTest.HandlesLocalTimeFailuresSunsetToSunrise > > Original change's description: > > Explicitly check when local time conversion fails. > > > > base::Time::LocalExplode() can fail. The API says to check > > base::Time::Exploded::HasValidValues() to detect this. > > > > This functionally is probably the same as before because we > > were passing the exploded output to base::Time::FromLocalExploded() > > immediately after, and presumably, that would fail if the exploded > > input had invalid values. But it's clearer to the reader if this > > is explicitly checked first. > > > > A unit test has also been added to TimeOfDay. > > > > Bug: b:294436942 > > Change-Id: I751da660df4c89a9c545d465dfb5361dfb2acc64 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4750820 > > Reviewed-by: Jiaming Cheng <jiamingc@chromium.org> > > Commit-Queue: Eric Sum <esum@google.com> > > Cr-Commit-Position: refs/heads/main@{#1179335} > > Bug: b:294436942 > Change-Id: Iee92b34c51d4b202b6018dd1c62ddd4c4f76eaf6 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4748880 > Commit-Queue: David Roger <droger@chromium.org> > Owners-Override: David Roger <droger@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1179492} Bug: b:294436942 Change-Id: I81aca119976bca9c4992f20064b3923146c5ab4d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4752645 Reviewed-by: James Cook <jamescook@chromium.org> Reviewed-by: Jiaming Cheng <jiamingc@chromium.org> Commit-Queue: Eric Sum <esum@google.com> Cr-Commit-Position: refs/heads/main@{#1181006}

https://crrev.com/c/2492281 introduced a commented out DCHECK() in `AgentSchedulingGroupHost::GetProcess()` ensuring that method is never called when its LifecycleState is in the `kRenderProcessHostDestroyed` state. It's commented out with the disclaimer above it, saying it cannot be enabled yet: "since RenderViewHostImpl outlives its associated AgentSchedulingGroupHost, and the [RenderViewHostImpl] dtor queries the associated RenderProcessHost to remove itself from the PerProcessRenderViewHostSet and RemoveObserver() itself." However, this isn't exactly correct. The RVHI doesn't appear to actually outlive its RPHI/ASGH; that would cause a different kind of crash/error altogether. The flow I believe the comment intends to describe can be seen in various browser test failures that occur when the DCHECK is enabled, that look like: ``` #6 0x7f9375403d6d logging::CheckError::~CheckError() #7 0x7f93609062e9 content::AgentSchedulingGroupHost::GetProcess() #8 0x7f9360e507dd content::RenderViewHostImpl::GetProcess() #9 0x7f9360e4dec6 content::RenderViewHostImpl::~RenderViewHostImpl() #10 0x7f9360e4e339 content::RenderViewHostImpl::~RenderViewHostImpl() ``` What happens is `RenderViewHostImpl::dtor()` is called, which calls: 1. `GetAgentSchedulingGroup().RemoveRoute()` [1] a. ASGH accomplishes this by going through its RenderProcessHostImpl b. If this is the last route in the process, then `RenderProcessHostImpl::Cleanup()` is invoked, which first alerts all observers of the `RenderProcessHostDestroyed()` event, and then immediately schedules its destruction in an asynchronous task 2. `GetProcess().GetID()` and `GetProcess()->RemoveObserver()` a. This fails because by this point, `AgentSchedulingGroup`, which is-a `RenderProcessHostObserver`, has already been notified of the `RenderProcessHostDestroyed` event, despite the RPHI still being alive, although its destruction has been scheduled. There are a few options to deal with this: 1. Move all invocations of methods that can trigger the `RenderProcessHostDestroyed()` event — like `RemoveRoute()` — to *after* any co-located calls to `GetProcess()`. This is really a hack, and is very fragile. Even if implemented, it's probably not actually possible to get this correct, since there are many calls to `GetProcess()` from other classes, that happen far away from calls to things like `RemoveRoute()`. That's what we see in [2], where I tried to implement this. And even still, if this were completely possible, it's very undesirable because then you have to keep in mind the allowed ordering of some random method invocations that might arbitrarily change over time across classes. BAD! 2. Another solution is to weaken the DCHECK(), as to ensure that we never call `GetProcess()` when `state_` is destroyed *unless* the RPHI also has its `deleting_soon_` bool set to true, indicating that destruction has been scheduled. We let this case slide because there's nothing wrong with getting the RPHI at this point. In unit tests, `MockRenderProcessHost` doesn't have an `deleting_soon_` bool, so we'd have to have a special carve-out for this case, where we just treat it as OK and pass the DCHECK() since we know we're in a unit test. This solution isn't bad, but unfortunately it's not possible to implement since there is no way to detect whether `ASGH::process_` is a `RenderProcessHostImpl` or a `MockRenderProcessHost`, so we can't distinguish between the "production" and the "test" scenario. 3. A better solution would probably be to just remove the DCHECK() since it's not doing anything useful. It's commented out, and even if it were enabled, it wouldn't necessarily be correct. There's nothing inherently wrong with consulting an RPHI in the gap between `Cleanup()` and `::dtor()`, which is what the DCHECK prevents. The DCHECK isn't protecting against accessing an already-actually- destroyed RPHI anyways; that's what the `base::SafeRef` around `AgentSchedulingGroupHost::process_` does! Given the fact that this DCHECK() was probably misunderstood in the first place — mistaking the RPHDestroyed() event for *actual* destruction — and was put into place before the base::SafeRef protection was implemented, which actually does something here, I firmly believe this is the best solution forward. This CL removes the DCHECK(). [1]: https://source.chromium.org/chromium/chromium/src/+/main:content/browser/renderer_host/render_view_host_impl.cc;l=383-388;drc=31154961f51fd2c1116e37fbc7e2f0ea6099414e [2]: https://chromium-review.googlesource.com/c/chromium/src/+/4226953/4?checksPatchset=4&tab=checks Bug: 1111231 Change-Id: Icf40f0f0bc0d40642a5fb2b64a664fc204d7d906 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4226953 Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Dominic Farolino <dom@chromium.org> Cr-Commit-Position: refs/heads/main@{#1190316}

…ation At least on Linux X11, views::test::TestDesktopScreenOzone::Create() may try to retrieve a localized string for "Built-in display" after [1]. But screen creation happens early for interactive UI tests since [2], at least before ChromeFeatureListCreator::ConvertFlagsToSwitches() which assumes ui::ResourceBundle is not initialized. This is causing the crash below for all interactive UI tests on Linux X11, which this CL fixes by temporarily initializing ui::ResourceBundle during screen creation. See crbug.com/1457129 for details. [24841:24841:FATAL:resource_bundle.cc(357)] Check failed: g_shared_instance_ != nullptr. #0 0x5585747ceee2 base::debug::CollectStackTrace() #1 0x5585747b6213 base::debug::StackTrace::StackTrace() #2 0x5585746ab79d logging::LogMessage::~LogMessage() #3 0x5585746ac2ee logging::LogMessage::~LogMessage() #4 0x558574692437 logging::CheckError::~CheckError() #5 0x558574bd6075 ui::ResourceBundle::GetSharedInstance() #6 0x558574bc0a18 l10n_util::GetStringUTF8() #7 0x5585758fddc1 ui::BuildDisplaysFromXRandRInfo() #8 0x5585758fb539 ui::XDisplayManager::FetchDisplayList() #9 0x5585758fb449 ui::XDisplayManager::Init() #10 0x55856dd0e34c ui::X11ScreenOzone::Init() #11 0x55856d09ed3d views::test::TestDesktopScreenOzone::Create() #12 0x558572c7ec70 InProcessBrowserTest::SetScreenInstance() #13 0x558572c7e44f InProcessBrowserTest::SetUp() #14 0x55856d24c5f2 testing::Test::Run() #15 0x55856d24d865 testing::TestInfo::Run() #16 0x55856d24e337 testing::TestSuite::Run() #17 0x55856d25cf07 testing::internal::UnitTestImpl::RunAllTests() #18 0x55856d25c9ff testing::UnitTest::Run() #19 0x5585746730ec base::TestSuite::Run() #20 0x558572c5eddb ChromeTestSuiteRunner::RunTestSuiteInternal() #21 0x55856cc79be4 InteractiveUITestSuiteRunner::RunTestSuite() #22 0x558572c5f069 ChromeTestLauncherDelegate::RunTestSuite() #23 0x558573d7b9ab content::LaunchTestsInternal() #24 0x558572c5f325 LaunchChromeTests() Bug: 1457129 [1] crrev.com/1010705 [2] crrev.com/1011300 Change-Id: I173b41d4369fa26332a37b0f89e14669b6b227a1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4632804 Commit-Queue: Frédéric Wang <fwang@igalia.com> Reviewed-by: Scott Violet <sky@chromium.org> Cr-Commit-Position: refs/heads/main@{#1191366}

…reen creation" This reverts commit 5931e82. Reason for revert: Suspect causing multiple test failed on Linux Tests (dbg)(1) first failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/115562/overview Original change's description: > interactive_ui_tests: use temporary ui::ResourceBundle for screen creation > > At least on Linux X11, views::test::TestDesktopScreenOzone::Create() may > try to retrieve a localized string for "Built-in display" after [1]. > But screen creation happens early for interactive UI tests since [2], at > least before ChromeFeatureListCreator::ConvertFlagsToSwitches() which > assumes ui::ResourceBundle is not initialized. This is causing the crash > below for all interactive UI tests on Linux X11, which this CL fixes by > temporarily initializing ui::ResourceBundle during screen creation. > See crbug.com/1457129 for details. > > [24841:24841:FATAL:resource_bundle.cc(357)] Check failed: g_shared_instance_ != nullptr. > #0 0x5585747ceee2 base::debug::CollectStackTrace() > #1 0x5585747b6213 base::debug::StackTrace::StackTrace() > #2 0x5585746ab79d logging::LogMessage::~LogMessage() > #3 0x5585746ac2ee logging::LogMessage::~LogMessage() > #4 0x558574692437 logging::CheckError::~CheckError() > #5 0x558574bd6075 ui::ResourceBundle::GetSharedInstance() > #6 0x558574bc0a18 l10n_util::GetStringUTF8() > #7 0x5585758fddc1 ui::BuildDisplaysFromXRandRInfo() > #8 0x5585758fb539 ui::XDisplayManager::FetchDisplayList() > #9 0x5585758fb449 ui::XDisplayManager::Init() > #10 0x55856dd0e34c ui::X11ScreenOzone::Init() > #11 0x55856d09ed3d views::test::TestDesktopScreenOzone::Create() > #12 0x558572c7ec70 InProcessBrowserTest::SetScreenInstance() > #13 0x558572c7e44f InProcessBrowserTest::SetUp() > #14 0x55856d24c5f2 testing::Test::Run() > #15 0x55856d24d865 testing::TestInfo::Run() > #16 0x55856d24e337 testing::TestSuite::Run() > #17 0x55856d25cf07 testing::internal::UnitTestImpl::RunAllTests() > #18 0x55856d25c9ff testing::UnitTest::Run() > #19 0x5585746730ec base::TestSuite::Run() > #20 0x558572c5eddb ChromeTestSuiteRunner::RunTestSuiteInternal() > #21 0x55856cc79be4 InteractiveUITestSuiteRunner::RunTestSuite() > #22 0x558572c5f069 ChromeTestLauncherDelegate::RunTestSuite() > #23 0x558573d7b9ab content::LaunchTestsInternal() > #24 0x558572c5f325 LaunchChromeTests() > > Bug: 1457129 > > [1] crrev.com/1010705 > [2] crrev.com/1011300 > > Change-Id: I173b41d4369fa26332a37b0f89e14669b6b227a1 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4632804 > Commit-Queue: Frédéric Wang <fwang@igalia.com> > Reviewed-by: Scott Violet <sky@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1191366} Bug: 1457129, 1478318 Change-Id: Ib5adf3d8d8fb0b80789b6351f90cade2d6a6b682 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4833241 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Owen Min <zmin@chromium.org> Reviewed-by: Peter Williamson <petewil@chromium.org> Owners-Override: Owen Min <zmin@chromium.org> Auto-Submit: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/main@{#1191537}

@AliMariam

@AliMariam reported the dangling pointer detector found a new dangling pointer when running tests on linux Workstation. The error is: ``` The memory was freed at: #3 allocator_shim::internal::PartitionFree() #4 bluez::BluezDBusThreadManager::~BluezDBusThreadManager() #5 bluez::BluezDBusThreadManager::Shutdown() #6 ChromeBrowserMainPartsLinux::PostDestroyThreads() #7 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() #8 content::BrowserMainRunnerImpl::Shutdown() #9 content::BrowserMain() #10 content::RunBrowserProcessMain() #11 content::ContentMainRunnerImpl::RunBrowser() #12 content::ContentMainRunnerImpl::Run() #13 content::RunContentProcess() #14 content::ContentMain() #15 ChromeMain The dangling raw_ptr was released at: #3 base::internal::RawPtrBackupRefImpl<>::ReleaseInternal() #4 dbus::ObjectManager::~ObjectManager() #5 std::__Cr::__tuple_impl<>::~__tuple_impl() #6 base::internal::BindState<>::Destroy() #7 base::[...]::LazilyDeallocatedDeque<>::Ring::~Ring() #8 base::[...]::TaskQueueImpl::UnregisterTaskQueue() #9 base::[...]::SequenceManagerImpl::UnregisterTaskQueueImpl() #10 base::sequence_manager::TaskQueue::ShutdownTaskQueue() #11 content::BrowserTaskQueues::~BrowserTaskQueues() #12 content::BrowserUIThreadScheduler::~BrowserUIThreadScheduler() #13 content::BrowserTaskExecutor::[...]::~UIThreadExecutor() #14 content::BrowserTaskExecutor::[...]::~UIThreadExecutor() #15 content::BrowserTaskExecutor::Shutdown() #16 content::ContentMainRunnerImpl::Shutdown() #17 content::RunContentProcess() #18 content::ContentMain() #19 ChromeMain ``` Diagnostic: - `bluez::BluezDBusThreadManager` owns a `dbus::Bus` as `system_bus`. - `dbus::Bus` owns: - The set of `dbus::ObjectManager` as `object_manager_table_`. - The DBus task runner as `dbus_task_runner_`. - The `dbus::ObjectManager` references `dbus::Bus` via `bus_`. So far so good, the ownership is clear. The problem happens when calling `dbus::Bus::RemoveObjectManager`. Indeed this moves the ObjectManager out of `dbus::Bus` toward a callback to a new thread. This still works transitively, because the dbus::Bus owns the thread. The problem happens after a second transfer back to the original thread. Indeed, there is a race condition possible: Behavior without problems: ----------------------------------- ┌─────────────┐ ┌───────────┐ │Origin thread│ │DBus thread│ └──────┬──────┘ └─────┬─────┘ RemoveObjectManager() │ │────────────────────────────────>│ │ RemoveObjectManagerInternal() │<────────────────────────────────│ RemoveObjectManagerInternalHelper() │ ~ObjectManager() │ │ ┌─────┴─────┐ Shutdown DBus Thread ─────────────>│DBus thread│ Shutdown DBus Thread <─────────────│DBus thread│ │ └───────────┘ ~Bus ┌──────┴──────┐ │Origin thread│ └─────────────┘ Behavior with problems: ---------------------------------------- ┌─────────────┐ ┌───────────┐ │Origin thread│ │DBus thread│ └──────┬──────┘ └─────┬─────┘ RemoveObjectManager() │ │────────────────────────────────>│ │ RemoveObjectManagerInternal() │ ┌────────────│ │ │ ┌─────┴─────┐ Shutdown DBus Thread ─────────────>│DBus thread│ Shutdown DBus Thread <─────────────│DBus thread│ │ │ └───────────┘ ~Bus() │ │ │ │<───────────────────┘ RemoveObjectManagerInternalHelper() ~ObjectManager() ┌──────┴──────┐ │Origin thread│ └─────────────┘ ----------------------------------------------------------------- In the second case: ~Bus() is called before ~ObjectManager(). The fix is a use `ObjectManager::Cleanup()` to cleanup the raw_ptr while the object is still transitively owned by the object it referenced. Bug: chromium:1478759 Fixed: chromium:1478759 Change-Id: I4ac04d449ab8a7b860256c490f8ac878c1c5c7c5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4839496 Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/main@{#1192343}

This reverts commit e2c2265. Reason for revert: failing on: https://ci.chromium.org/ui/p/chromium/builders/ci/linux-chromeos-dbg/34119/test-results?sortby=&groupby= 2023-09-12T23:08:42.747041Z FATAL browser_tests[325873:325873]: [scalable_iph_browser_test_base.cc(114)] Check failed: !mock_delegate_. Mocks have already been set up. [...] #6 0x55e25ba19703 ash::ScalableIphBrowserTestBase::SetUpMocks() #7 0x55e25ba19661 ash::ScalableIphBrowserTestBase::SetUpOnMainThread() #8 0x55e2699e883b content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() [...] Original change's description: > Add phone hub onboarding eligible condition > > - This CL adds x_CustomConditionPhoneHubOnboardingEligible. The > condition is true if feature status of Phone Hub is either > kEligiblePhoneButNotSetUp or kDisabled. > - This adds a dependency from ScalableIph to PhoneHubManager. > PhoneHubManager is expected to be initialized at a specific timing. > This CL makes sure that ScalableIph is initialized after > PhoneHubManager. > - This CL fixes an issue with our OOBE flow test in our browser tests. > - To fix the browser test, we had to change behavior of > LoggedInUserMixin. Previously LoggedInUserMixin has configured > LoginManagerMixin to skip post login screens by default. This CL > makes it optional. > - familiy_user_device_metrics_browsertest.cc was depending on the > default behavior. This CL updates the test. > > Bug: b:295369951 > Test: browser_tests --gtest_filter=*ScalableIph* > Change-Id: I361169d5ca7d531ed26f16cd94b3247be6edb94d > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4845174 > Reviewed-by: Alexander Alekseev <alemate@chromium.org> > Reviewed-by: Toni Barzic <tbarzic@chromium.org> > Reviewed-by: Courtney Wong <courtneywong@chromium.org> > Reviewed-by: Tao Wu <wutao@chromium.org> > Commit-Queue: Yuki Awano <yawano@google.com> > Cr-Commit-Position: refs/heads/main@{#1195612} Bug: b:295369951 Change-Id: I7bde487bc9268817bb1468c7db30d470e42de941 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4860192 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Frank Liberato <liberato@chromium.org> Commit-Queue: Frank Liberato <liberato@chromium.org> Owners-Override: Frank Liberato <liberato@google.com> Cr-Commit-Position: refs/heads/main@{#1195718}

This reverts commit 596cfbd. Reason for revert: Reland with a fix. Original change's description: > Revert "Add phone hub onboarding eligible condition" > > This reverts commit e2c2265. > > Reason for revert: failing on: > > https://ci.chromium.org/ui/p/chromium/builders/ci/linux-chromeos-dbg/34119/test-results?sortby=&groupby= > > 2023-09-12T23:08:42.747041Z FATAL browser_tests[325873:325873]: [scalable_iph_browser_test_base.cc(114)] Check failed: !mock_delegate_. Mocks have already been set up. > [...] > #6 0x55e25ba19703 ash::ScalableIphBrowserTestBase::SetUpMocks() > #7 0x55e25ba19661 ash::ScalableIphBrowserTestBase::SetUpOnMainThread() > #8 0x55e2699e883b content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() > [...] > > Original change's description: > > Add phone hub onboarding eligible condition > > > > - This CL adds x_CustomConditionPhoneHubOnboardingEligible. The > > condition is true if feature status of Phone Hub is either > > kEligiblePhoneButNotSetUp or kDisabled. > > - This adds a dependency from ScalableIph to PhoneHubManager. > > PhoneHubManager is expected to be initialized at a specific timing. > > This CL makes sure that ScalableIph is initialized after > > PhoneHubManager. > > - This CL fixes an issue with our OOBE flow test in our browser tests. > > - To fix the browser test, we had to change behavior of > > LoggedInUserMixin. Previously LoggedInUserMixin has configured > > LoginManagerMixin to skip post login screens by default. This CL > > makes it optional. > > - familiy_user_device_metrics_browsertest.cc was depending on the > > default behavior. This CL updates the test. > > > > Bug: b:295369951 > > Test: browser_tests --gtest_filter=*ScalableIph* > > Change-Id: I361169d5ca7d531ed26f16cd94b3247be6edb94d > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4845174 > > Reviewed-by: Alexander Alekseev <alemate@chromium.org> > > Reviewed-by: Toni Barzic <tbarzic@chromium.org> > > Reviewed-by: Courtney Wong <courtneywong@chromium.org> > > Reviewed-by: Tao Wu <wutao@chromium.org> > > Commit-Queue: Yuki Awano <yawano@google.com> > > Cr-Commit-Position: refs/heads/main@{#1195612} > > Bug: b:295369951 > Change-Id: I7bde487bc9268817bb1468c7db30d470e42de941 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4860192 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Auto-Submit: Frank Liberato <liberato@chromium.org> > Commit-Queue: Frank Liberato <liberato@chromium.org> > Owners-Override: Frank Liberato <liberato@google.com> > Cr-Commit-Position: refs/heads/main@{#1195718} Bug: b:295369951 Change-Id: Icd257f7b427877f34fdf2e017b4d4cb503089428 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4861031 Commit-Queue: Yuki Awano <yawano@google.com> Reviewed-by: Courtney Wong <courtneywong@chromium.org> Reviewed-by: Alexander Alekseev <alemate@chromium.org> Reviewed-by: Tao Wu <wutao@chromium.org> Reviewed-by: Toni Barzic <tbarzic@chromium.org> Cr-Commit-Position: refs/heads/main@{#1196352}

This patch resolves an issue where Elements that are partially drawn offscreen do not get captured at all. This is due to some checks that assume the captured render pass is entirely within the root render pass' coordinates. While the element's render pass contents get properly clipped (so if you captured the entire pass the offscreen portion would be painted black), the size of the render pass remains unchanged. This is resolved by taking the render pass output_rect in system B, translating to system A to intersect with the frame size, then translating back to system B for capturing a subsection of the render pass. The Project: For more information, Googlers may visit: go/element-capture All developers are welcome to visit the W3 spec page at: https://screen-share.github.io/element-capture/ Coming Up Next: * Bug fixing and stabilizations. * Working with eladlon@ to replace the hack with the proper restrictTo API. Bug: 1418194, b/291600493 Change-Id: Id8cf9cfb9c24d7af014941b580a222a0cc073fb8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4846294 Reviewed-by: Khushal Sagar <khushalsagar@chromium.org> Commit-Queue: Jordan Bayles <jophba@chromium.org> Cr-Commit-Position: refs/heads/main@{#1196562}

…Item`" This reverts commit 08e77e6. Reason for revert: Builder: Linux ChromiumOS MSan Tests https://ci.chromium.org/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests First failing build: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/38777/overview Sample stack trace: ==235916==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x56206b82114e in ash::OverviewGrid::FitWindowRectsInBounds() ./../../ash/wm/overview/overview_grid.cc:2609:9 #1 0x56206b803b04 in ash::OverviewGrid::GetWindowRects() ./../../ash/wm/overview/overview_grid.cc:2441:24 #2 0x56206b806fce in ash::OverviewGrid::PositionWindows() ./../../ash/wm/overview/overview_grid.cc:689:13 #3 0x56206b80c92a in ash::OverviewGrid::AddItem() ./../../ash/wm/overview/overview_grid.cc:835:5 #4 0x56206b865c27 in ash::OverviewSession::AddItem() ./../../ash/wm/overview/overview_session.cc:565:9 #5 0x56206b80fb65 in ash::OverviewGrid::AddDropTargetForDraggingFromThisGrid(ash::OverviewItemBase*) ./../../ash/wm/overview/overview_grid.cc:949:22 #6 0x56206b8817d0 in ash::OverviewWindowDragController::StartNormalDragMode(gfx::PointF const&) ./../../ash/wm/overview/overview_window_drag_controller.cc:352:18 #7 0x56206b8811a3 in ash::OverviewWindowDragController::Drag(gfx::PointF const&) ./../../ash/wm/overview/overview_window_drag_controller.cc:281:7 Original change's description: > snap-group: Correct drop target bounds for the `OverviewGroupItem` > > The bounds for the drop target should match the item which the drop > target is a placeholder for. It should also be applicable for group > item. This cl does the following things to make it work: > 1. Update the logic in > `OverviewGrid::CalculateWidthAndMaybeSetUnclippedBounds()` where > the width for the drop target widget is calculated; > 2. Update `IsDropTargetWindow()` to `IsDropTargetItem()` in order to > take the overview group item into account; > 3. Update the insets value in `OverviewGroupItem` anonymous space, to > only have insets in the middle. > > Fixed: b/301490403 > Demo: http://b/301490403#comment2 > Test: Added unit tests + manual > Change-Id: I67e84bdf795833e9b92bbca39098013485953dd7 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4906318 > Reviewed-by: Ahmed Fakhry <afakhry@chromium.org> > Commit-Queue: Michele Fan <michelefan@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1204855} Bug: 1489085 Change-Id: I282a746c4c4fe7ff58f679c6339970c59ae47e68 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4904793 Owners-Override: Giovanni Ortuno Urquidi <ortuno@chromium.org> Commit-Queue: Giovanni Ortuno Urquidi <ortuno@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Giovanni Ortuno Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/main@{#1205009}

Fixes crashes from ChromeOS LKGM and uprev: 2023-12-05T01:55:19.934369Z FATAL chrome[3861:1]: [v8_initializer.cc(784)] V8 error: Cannot create a handle without a HandleScope (v8::HandleScope::CreateHandle()). #0 0x58368e9b9372 base::debug::CollectStackTrace() #1 0x58368e99e243 base::debug::StackTrace::StackTrace() #2 0x583687fa98c8 logging::LogMessage::~LogMessage() #3 0x58369371ae51 blink::ReportV8FatalError() #4 0x5836898c46b8 v8::Utils::ReportApiFailure() #5 0x583697d32136 v8::internal::HandleScope::Extend() #6 0x583697944118 v8::HandleScope::CreateHandle() #7 0x5836946bd75c blink::SoftNavigationHeuristics::SetCurrentTimeAsStartTime() #8 0x5836946be3d0 blink::SoftNavigationEventScope::~SoftNavigationEventScope() #9 0x583697fb0441 blink::EventDispatcher::Dispatch() #10 0x583693d5380c blink::MouseEvent::DispatchEvent() Bug: 1507981 Change-Id: I4106e037bc08c81ede1f2d497b9f993991fb9e47 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5087067 Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Cr-Commit-Position: refs/heads/main@{#1233189}

When the kAppServiceStorage flag is enabled, AppService blocks the app publishers (ExtensionAppsChromeOs) creating until it's ready, after reading from the AppStorage file. This affects some tests,e.g. All/CookieDeprecationLabelAllowedTest.IsClientEligibleChecked*. Received signal 11 SEGV_MAPERR 0000000000e8 ... #6 0x562c609a8f2f base::ScopedValidateSequenceChecker::ScopedValidateSequenceChecker() #7 0x562c604a31d4 PrefNotifierImpl::RemovePrefObserver() #8 0x562c604a0d24 PrefChangeRegistrar::RemoveAll() #9 0x562c604a0ba0 PrefChangeRegistrar::~PrefChangeRegistrar() #10 0x562c55e555bc apps::ExtensionAppsChromeOs::~ExtensionAppsChromeOs() #11 0x562c55e55bca apps::ExtensionAppsChromeOs::~ExtensionAppsChromeOs() #12 0x562c55e76e2c apps::PublisherHost::~PublisherHost() #14 0x562c55e0b367 apps::AppServiceProxyAsh::~AppServiceProxyAsh() #15 0x562c55e0b696 apps::AppServiceProxyAsh::~AppServiceProxyAsh() ... #19 0x562c5f53b6ac TestingProfile::~TestingProfile() #20 0x562c5f53bb36 TestingProfile::~TestingProfile() Because the local state `local_state_` is destroyed before TestingProfile. Modify the test code, to define `local_state_` first, to let TestingProfile be destroyed first, which is also aligned with the production code. BUG=1385932, b:307623506 Change-Id: I4d7a7d0493ddb6b6f779a7b38344a8f3e05c341b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5106950 Reviewed-by: Abe Boujane <boujane@google.com> Commit-Queue: Nancy Wang <nancylingwang@chromium.org> Cr-Commit-Position: refs/heads/main@{#1236035}

This reverts commit b573ec1. Reason for revert: file read on main thread causes crashes https://ci.chromium.org/ui/p/chrome/builders/ci/chromeos-reven-chrome/9260/overview 2023-12-11T23:44:32.631073Z FATAL chrome[4644:4644]: [thread_restrictions.cc(58)] Check failed: !tls_blocking_disallowed. Function marked as blocking was called from a scope that disallows blocking! If this task is running inside the ThreadPool, it needs to have MayBlock() in its TaskTraits. Otherwise, consider making this blocking work asynchronous or, as a last resort, you may use ScopedAllowBlocking (see its documentation for best practices). tls_blocking_disallowed 1 set by #0 0x580a56a26b42 base::debug::CollectStackTrace() #1 0x580a56a0d4d3 base::debug::StackTrace::StackTrace() #2 0x580a569e746f base::DisallowUnresponsiveTasks() #3 0x580a5391e8ef content::BrowserMainLoop::PreMainMessageLoopRun() #4 0x580a5062f27f base::OnceCallback<>::Run() #5 0x580a540ca43b content::StartupTaskRunner::RunAllTasksNow() #6 0x580a5391e206 content::BrowserMainLoop::CreateStartupTasks() #7 0x580a5392166e content::BrowserMainRunnerImpl::Initialize() #8 0x580a5391bad6 content::BrowserMain() #9 0x580a560952b6 content::RunBrowserProcessMain() #10 0x580a56097a80 content::ContentMainRunnerImpl::RunBrowser() #11 0x580a5609715e content::ContentMainRunnerImpl::Run() #12 0x580a56093df5 content::RunContentProcess() #13 0x580a56093f42 content::ContentMain() #14 0x580a5010c79d ChromeMain #15 0x7d10446316c6 __libc_start_call_main #16 0x7d1044631782 __libc_start_main_alias_2 #17 0x580a5010c531 _start #0 0x580a56a26b42 base::debug::CollectStackTrace() #1 0x580a56a0d4d3 base::debug::StackTrace::StackTrace() #2 0x580a4ffa72c8 logging::LogMessage::~LogMessage() #3 0x580a56923860 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() #4 0x580a4ffa6d67 logging::CheckError::~CheckError() #5 0x580a569e680b base::internal::AssertBlockingAllowed() #6 0x580a50037d3b base::ScopedBlockingCall::ScopedBlockingCall() #7 0x580a5fffd0fb base::File::Stat() #8 0x580a56a21ae3 base::GetFileInfo() #9 0x580a5a144486 first_run::GetFirstRunSentinelCreationTime() #10 0x580a55d04f18 ash::ReportControllerInitializer::OwnershipStatusChanged() #11 0x580a55d3a722 ash::DeviceSettingsService::NotifyOwnershipStatusChanged() #12 0x580a55d39e59 ash::DeviceSettingsService::HandleCompletedOperation() #13 0x580a55d3a0c8 ash::DeviceSettingsService::HandleCompletedAsyncOperation() #14 0x580a538a96d8 base::internal::FunctorTraits<>::Invoke<>() #15 0x580a55d3a8c2 base::internal::Invoker<>::RunOnce() Original change's description: > Create ReportInitializer that checks for browser preconditions > > Introduce ReportControllerInitializer class in chrome/browser/ash, > functioning as a DeviceSettingsService::Observer. The class waits for > the OwnershipStatusChanged callback with ownership status indicating > device ownership, checks for the presence of the .oobe_completed file, > and waits for CrosSettings::PrepareTrustedValues to signal TRUSTED > status. > > Only after these preconditions are met does the class proceed > to initialize the ReportController. > > BUG=chromium:1504019 > > Change-Id: I0bd93c2eb9f83669ea23395d59b292a4cc858bcb > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5047743 > Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> > Commit-Queue: Hirthanan Subenderan <hirthanan@google.com> > Reviewed-by: Pavol Marko <pmarko@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1235879} Bug: chromium:1504019 Change-Id: If41cc3e2fa0330afa6cb5aeb84f05efd1e614669 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5113660 Auto-Submit: Joel Hockey <joelhockey@chromium.org> Reviewed-by: Hirthanan Subenderan <hirthanan@google.com> Commit-Queue: Joel Hockey <joelhockey@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/main@{#1236048}

When the kAppServiceStorage flag is enabled, AppService blocks the app publishers creating until it's ready, after reading from the AppStorage file. This affects some tests,e.g. ArcProvisionNotificationServiceOobeTest.*. Received signal 11 SEGV_MAPERR 000000000000 ... #5 0x562602f60ed8 base::ScopedObservationTraits<>::AddObserver() #6 0x562602f5c5a5 base::ScopedObservation<>::Observe() #7 0x562602f576b4 apps::ExtensionAppsChromeOs::Initialize() #8 0x562602fa335b apps::PublisherHost::Initialize() #9 0x562602fa31ac apps::PublisherHost::PublisherHost() #10 0x562602e81ce9 std::__Cr::make_unique<>() #11 0x562602e7a3ba apps::AppServiceProxyAsh::OnAppsReady() Because the test has been in the Teardown phase when the publish is created as the AppService is ready async, and NotificationDisplayService could not exists. So modify publishers to check NotificationDisplayService when observe it. [1] https://source.chromium.org/chromium/chromium/src/+/main:chrome/test/base/testing_profile.cc;l=267 BUG=1385932, b:307623506 Change-Id: I372dc8eb02e0d29fb76704378a40a43c580ef2bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5109253 Reviewed-by: Alan Cutter <alancutter@chromium.org> Commit-Queue: Nancy Wang <nancylingwang@chromium.org> Cr-Commit-Position: refs/heads/main@{#1236821}

...triggers entry doom and thus ends up running the operation queue in the wrong spot of creation (and entry op) completion handler. This can among other things result in this madness: #6 disk_cache::SimpleEntryImpl::CloseInternal() #7 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #8 SimpleEntryImpl::ScopedOperationRunner::~ScopedOperationRunner() #9 disk_cache::SimpleEntryImpl::WriteDataInternal() #10 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #11 SimpleEntryImpl::ScopedOperationRunner::~ScopedOperationRunner() #12 disk_cache::SimpleEntryImpl::WriteDataInternal() #13 disk_cache::SimpleEntryImpl::RunNextOperationIfNeeded() #14 disk_cache::SimpleEntryImpl::DoomEntry() #15 disk_cache::SimpleBackendImpl::DoomEntryFromHash() #16 disk_cache::SimpleBackendImpl::DoomEntries() #17 disk_cache::SimpleIndex::StartEvictionIfNeeded() #18 disk_cache::SimpleIndex::UpdateEntrySize() #19 disk_cache::SimpleEntryImpl::UpdateDataFromEntryStat() #20 disk_cache::SimpleEntryImpl::CreationOperationComplete() (namespace elided twice to avoid wrapping). ... which means we end up at the in_results = nullptr line near the bottom of CreationOperationComplete with null `synchronous_entry_`(!) (and a dangling in_results->sync_entry, where one would expect the two to be aliases). I *think* we won't actually deliver a callback from this state since we likely needed to be in optimistic path to got thus far, but I am not certain. Similarly, when this sort of thing happens from within read/write ops, it could potentially cause callbacks to be delivered in wrong order if the queued op ends up being a stream 0 operation, which can be executed without a round trip to a worker thread. Change-Id: Iac8058f0d18225677e361c6cdddf92d28fb4833f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5054619 Reviewed-by: Adam Rice <ricea@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Commit-Queue: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#1248862}

Sometimes, we hit a limit where the field trial allocator is full in tests. For example, see failures in http://shortn/_YGDSsu6Sjs. Sample: #5 0x557208a9b41e logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() #6 0x557208a9add6 logging::CheckError::~CheckError() #7 0x557208ac98f1 base::FieldTrialList::ClearParamsFromSharedMemoryForTesting() #8 0x557208c56906 base::test::ScopedFeatureList::Reset() #9 0x557208c567f4 base::test::ScopedFeatureList::~ScopedFeatureList() #10 0x5571fdeaf4ae ClientHintsBrowserTest::~ClientHintsBrowserTest() #11 0x5571fdeace3c ClientHintsBrowserTest_ClientHintsAlps_Test::~ClientHintsBrowserTest_ClientHintsAlps_Test() Seems like when ScopedFeatureList is reset, it also wants to reset the params. It does so by completely invalidating everything in the allocator, and duplicating them (but without params). This CL does so that it does not invalidate and then duplicate an entry in the allocator if it has no params anyway. Bug: b/271447491 Change-Id: I834e6ef162ca7f790b5aa2581d6e50d2f27221b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5314262 Commit-Queue: Luc Nguyen <lucnguyen@google.com> Reviewed-by: Alexei Svitkine <asvitkine@chromium.org> Cr-Commit-Position: refs/heads/main@{#1264332}

This reverts commit 6f447d5. Reason for revert: Crashes on ChromeOS as soon as I touch the device's touchpad 2024-03-26T00:58:16.588106Z FATAL chrome[5433:5496]: [sequence_checker.cc(21)] Check failed: checker.CalledOnValidSequence(&bound_at). #0 0x56f06aa34da2 base::debug::CollectStackTrace() #1 0x56f06aa19ba2 base::debug::StackTrace::StackTrace() #2 0x56f06a934073 logging::LogMessage::Flush() #3 0x56f063de6fcd logging::LogMessage::~LogMessage() #4 0x56f06a92053c logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() #5 0x56f06a9205ae logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() #6 0x56f063dc2ba6 logging::CheckError::~CheckError() #7 0x56f063de9d22 base::ScopedValidateSequenceChecker::ScopedValidateSequenceChecker() #8 0x56f063de4706 base::ObserverList<>::begin() #9 0x56f06bfa75eb ui::CursorController::SetCursorLocation() #10 0x56f0646d9be5 ui::DrmCursor::SetCursorLocationLocked() #11 0x56f0646da6bf ui::DrmCursor::MoveCursor() #12 0x56f06bfd76e6 ui::GestureInterpreterLibevdevCros::OnGestureMove() Original change's description: > Mark WeakLinkNode sequence checking expensive > > This makes for-each-node sequence checking expensive (which seems > redundant). As a compromise we do non-"expensive" sequence checking in > ObserverList::begin(), which should provide the same level of protection > unless iterators are passed between sequences, which would be one heck > of a thing to try to do. > > This accounts for about 60% of sequence checking in a profile I did way > back. I have not profiled to see how much sequence checking remains with > the sequence checking moved to begin() nor do I know the average > ObserverList size. Let's try it out. > > In the same profile (though I don't remember what I profiled) sequence > checking accounted for 1.2% of cycles. Hopefully this explains some of > the performance gap between a DCHECK and regular Canary build. > > Bug: 40241607 > Change-Id: Id80d3363771e05e6f38c1432ae66b4c352acf8b8 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5319909 > Reviewed-by: François Degros <fdegros@chromium.org> > Commit-Queue: Peter Boström <pbos@chromium.org> > Reviewed-by: danakj <danakj@chromium.org> > Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> > Reviewed-by: Colin Blundell <blundell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1277148} Bug: 40241607 Change-Id: I8e11a7d796ba10a38453dff336f46e3aba04ab97 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5394849 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: François Degros <fdegros@chromium.org> Commit-Queue: François Degros <fdegros@chromium.org> Cr-Commit-Position: refs/heads/main@{#1278133}

This reverts commit abec508. Reason for revert: Suspect this broke QuickStartBrowserTest.EndToEndWithEmptyWifiCreds Sample failure log: 024-03-26T19:37:47.953153Z VERBOSE1 browser_tests[1612997:1612997]: [wizard_controller.cc(3010)] AdvanceToScreen user-creation 2024-03-26T19:37:47.953317Z VERBOSE1 browser_tests[1612997:1612997]: [wizard_controller.cc(2864)] SetCurrentScreen: user-creation 2024-03-26T19:37:48.052577Z ERROR browser_tests[1612997:1612997]: [auto_enrollment_type_checker.cc(205)] Kill switch config request failed with code -102 2024-03-26T19:37:48.052765Z WARNING browser_tests[1612997:1612997]: [auto_enrollment_controller.cc(237)] Starting auto-enrollment controller. 2024-03-26T19:37:48.055312Z ERROR browser_tests[1612997:1612997]: [auto_enrollment_controller.cc(185)] Failed to retrieve firmware management parameters. 2024-03-26T19:37:48.055419Z WARNING browser_tests[1612997:1612997]: [auto_enrollment_type_checker.cc(517)] Auto-enrollment disabled. 2024-03-26T19:37:48.055443Z WARNING browser_tests[1612997:1612997]: [auto_enrollment_controller.cc(529)] New auto-enrollment state: No enrollment 2024-03-26T19:37:48.958545Z VERBOSE1 browser_tests[1612997:1612997]: [wizard_controller.cc(1946)] Wizard screen network-selection exited with reason: Connected 2024-03-26T19:37:54.008532Z ERROR browser_tests[1612997:1613031]: [external_metrics.cc(224)] Failed to create DirReaderPosix. Cannot read per-pid uma files. 2024-03-26T19:37:48.958646Z FATAL browser_tests[1612997:1612997]: [wizard_controller.cc(1952)] Check failed: current_screen_->screen_id() == screen. #0 0x7f7062f3960c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] #1 0x7f7062ef1045 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:229:20] #2 0x7f7062ef0fd5 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:224:28] #3 0x7f7062c2e590 logging::LogMessage::Flush() [../../base/logging.cc:703:29] #4 0x7f7062c2e4d7 logging::LogMessage::~LogMessage() [../../base/logging.cc:694:3] #5 0x7f7062bd9fd5 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] #6 0x7f7062bd9ff9 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] Original change's description: > [QuickStart][OOBE] Bug fixes on network screen > > Fix an issue on the network screen that caused a brief 'Network not > available' error when adding WiFi credentials using QuickStart. A > short artificial delay (2 seconds) was introduced between the moment > when we are notified that we are connected and the actual > transition to the next screen. This will ensure that the network screen > remains showing the WiFi being transferred a bit longer. > > Also move the binding of the Mojo pipe for configuring the network > from a method and into the screen's constructor. Previously, it > would trigger a crash when attempting to set a network for the second > time. > > Test: Browsertests & manual verification using Pixelbook & Pixel 7 > > Bug: b/328677262 > Change-Id: Idf5f126a70a52799709d7da4a92aec647b4e5c6f > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5366560 > Commit-Queue: Renato Silva <rrsilva@google.com> > Reviewed-by: Danila Kuzmin <dkuzmin@google.com> > Cr-Commit-Position: refs/heads/main@{#1278415} Bug: b/328677262 Change-Id: I61830fdf37dfa41d7ae781711f54bc3999cfab11 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5399119 Commit-Queue: Devlin Cronin <rdevlin.cronin@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Devlin Cronin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/main@{#1278588}

While investigating a black stripe that appears on the right border of a lacros window while it is been resized horizontally from the opposite border (left), it was figured that depending on the values of the window `origin`, `size` and `scale factor`, the black line was appearing or hidden. A continuous interactive window resize is the perfect scenario to replicate the bug intermittently, and give users the impression of a flashing black line. As an easy way to illustrate the issue, lets assume a lacros window with the following bounds in DIPS, `330,0 596x664`, and a device scale factor of `1.62574` - these values can replicate the problem of the vertical stripe appearing even without triggering a window resize. For instance, this bounds in DIPS becomes `536,0 970x1080` in pixels using DesktopWindowTreeHostPlatform::ConvertRectToPixels(). 1.1) During the window creation, the `ui::Compositor` instance gets its scale factor and size set in pixels. It happens when `Compositor::SetScaleAndSize()` is called. This is the stracktrace: ```` #1 0x592718b9d713 base::debug::StackTrace::StackTrace() #2 0x5927205f4655 ui::Compositor::SetScaleAndSize() #3 0x5927205eac3e aura::WindowTreeHost::UpdateCompositorScaleAndSize() #4 0x5927205ec714 aura::WindowTreeHost::OnHostResizedInPixels() #5 0x592721d2dc2e aura::WindowTreeHostPlatform::OnBoundsChanged() #6 0x592721d2cc40 views::DesktopWindowTreeHostLacros::OnBoundsChanged() #7 0x592721d2e1b9 aura::WindowTreeHostPlatform::OnStateUpdate() #8 0x592719b83731 ui::WaylandWindow::MaybeApplyLatestStateRequest() #9 0x592719b83074 ui::WaylandWindow::RequestState() #10 0x592719b7e189 ui::WaylandWindow::SetWindowScale() #11 0x592719b7d985 ui::WaylandWindow::UpdateWindowScale() #12 0x592719b789ad ui::WaylandToplevelWindow::UpdateWindowScale() #13 0x592719b77f15 ui::WaylandToplevelWindow::Show() #14 0x592721d3139d views::DesktopWindowTreeHostPlatform::Show() #15 0x592721d18b24 views::DesktopNativeWidgetAura::Show() #16 0x592721cd0a7c views::Widget::Show() #17 0x592724d06ffb BrowserView::Show() (...) ```` In practice, `aura::WindowTreeHostPlatform::OnBoundsChanged()` (frame #4) calls out to `WaylandWindow::GetBoundsInPixels()`, that translates `330,0 596x664` in DIPS to `536,0 970x1080` in pixels - see the method below. Ultimately, only the size is set to the ui::Compositor instance, ie `970x1080`. ```` void WindowTreeHostPlatform::OnBoundsChanged(const BoundsChange& change) { (...) float current_scale = compositor()->device_scale_factor(); float new_scale = ui::GetScaleFactorForNativeView(window()); auto weak_ref = GetWeakPtr(); auto new_size = GetBoundsInPixels().size(); <------ ````` 1.2) Meanwhile, `cc::Layer` instances for the window are also being created. During the layer tree creation, the layers' bounds are all set in DIPs. For instance, the root layer is created with an origin of `0,0` and bounds `596x664`, eg: ```` 2024-03-11T18:42:45.387311Z WARNING chrome[29500:29500]: [layer.cc(390)] #0 0x59271e998ce2 base::debug::CollectStackTrace() #1 0x592718b9d713 base::debug::StackTrace::StackTrace() #2 0x592725cc29d7 cc::Layer::SetBounds() #3 0x592725e2ee96 ui::Layer::SetBoundsFromAnimation() #4 0x5927265c0177 ui::LayerAnimator::SetBounds() #5 0x5927205d8fe0 aura::Window::SetBoundsInternal() #6 0x5927205d8f67 aura::Window::SetBounds() #7 0x5927205ea78e aura::WindowTreeHost::UpdateRootWindowSize() #8 0x5927205ea6df aura::WindowTreeHost::InitHost() #9 0x592721d30b36 views::DesktopWindowTreeHostPlatform::Init() #10 0x592721d16336 views::DesktopNativeWidgetAura::InitNativeWidget() #11 0x592725142c44 DesktopBrowserFrameAura::InitNativeWidget() #12 0x592721ccdd41 views::Widget::Init() #13 0x592724cf68af BrowserFrame::InitBrowserFrame() #14 0x592724db9f30 BrowserWindow::CreateBrowserWindow() #15 0x592724951ce0 Browser::Browser() #16 0x5927249511c6 Browser::Create() (...) ```` The layers' bounds get translated at places like `draw_property_utils.cc` `ComputeLocalRectInTargetSpace()`, with MathUtils::MapXXX() functions. In practice, `596x664` translates to `968.942x1079.49`, and finally gets rounded to `969x1080`. Hence, we have a root ui::Compositor size of 970x1080 and a root cc:Layer bounds of 969x1080. Using the visual debugger tool attached to lacros, one can see that all window-wide tiles's width are 969 [1]. OTOH, with the visual debugger tool attached to ash/chrome, we can see that the width the the root surface (lacros) is 970 [2]. This 1px different creates a "punch role" effect in the lacros window, and user sees whatever is underneath it rendered [3]. In the case of this bug, what the user sees is a trailing 1px wide line part of the so called "resize shadow". The user sees it through this unintentionally "punch hole" explained above. This CL changes the way PlatformWindowDelegate::State::size_px variable gets set in WaylandWindow::RequestState(), translating only its size from DIPs to pixels. This way we match how this variable is used in ui::Compositor level and cc::Layers et al (tiles, quads, overlayers, etc). As a way to illustrate the problem, see video [4]. It forcibly paints the 1px lacros root layer transparent buffer red with viz_debugger, so one can clearly see it "flashing" due to the rounding error being fixed here. [1] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54873934 [2] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54878944 [3] https://issues.chromium.org/u/0/action/issues/40876438/attachments/54873933 [4] https://issues.chromium.org/action/issues/40876438/attachments/54936907 Bug: 40876438 Change-Id: Id36476d41e7a2c90f8a44337731a4cfad93e6a13 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5384752 Reviewed-by: Maksim Sisov <msisov@igalia.com> Commit-Queue: Antonio Gomes <tonikitoo@igalia.com> Cr-Commit-Position: refs/heads/main@{#1281135}

This reverts commit fe5ffc2. Reason for revert: Reland with CursorController changed to use std::vector too. Original change's description: > Revert "Mark WeakLinkNode sequence checking expensive" > > This reverts commit 6f447d5. > > Reason for revert: Crashes on ChromeOS as soon as I touch the > device's touchpad > > 2024-03-26T00:58:16.588106Z FATAL chrome[5433:5496]: [sequence_checker.cc(21)] Check failed: checker.CalledOnValidSequence(&bound_at). > #0 0x56f06aa34da2 base::debug::CollectStackTrace() > #1 0x56f06aa19ba2 base::debug::StackTrace::StackTrace() > #2 0x56f06a934073 logging::LogMessage::Flush() > #3 0x56f063de6fcd logging::LogMessage::~LogMessage() > #4 0x56f06a92053c logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() > #5 0x56f06a9205ae logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() > #6 0x56f063dc2ba6 logging::CheckError::~CheckError() > #7 0x56f063de9d22 base::ScopedValidateSequenceChecker::ScopedValidateSequenceChecker() > #8 0x56f063de4706 base::ObserverList<>::begin() > #9 0x56f06bfa75eb ui::CursorController::SetCursorLocation() > #10 0x56f0646d9be5 ui::DrmCursor::SetCursorLocationLocked() > #11 0x56f0646da6bf ui::DrmCursor::MoveCursor() > #12 0x56f06bfd76e6 ui::GestureInterpreterLibevdevCros::OnGestureMove() > > > Original change's description: > > Mark WeakLinkNode sequence checking expensive > > > > This makes for-each-node sequence checking expensive (which seems > > redundant). As a compromise we do non-"expensive" sequence checking in > > ObserverList::begin(), which should provide the same level of protection > > unless iterators are passed between sequences, which would be one heck > > of a thing to try to do. > > > > This accounts for about 60% of sequence checking in a profile I did way > > back. I have not profiled to see how much sequence checking remains with > > the sequence checking moved to begin() nor do I know the average > > ObserverList size. Let's try it out. > > > > In the same profile (though I don't remember what I profiled) sequence > > checking accounted for 1.2% of cycles. Hopefully this explains some of > > the performance gap between a DCHECK and regular Canary build. > > > > Bug: 40241607 > > Change-Id: Id80d3363771e05e6f38c1432ae66b4c352acf8b8 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5319909 > > Reviewed-by: François Degros <fdegros@chromium.org> > > Commit-Queue: Peter Boström <pbos@chromium.org> > > Reviewed-by: danakj <danakj@chromium.org> > > Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> > > Reviewed-by: Colin Blundell <blundell@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#1277148} > > Bug: 40241607 > Change-Id: I8e11a7d796ba10a38453dff336f46e3aba04ab97 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5394849 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Owners-Override: François Degros <fdegros@chromium.org> > Commit-Queue: François Degros <fdegros@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1278133} Bug: 40241607 Change-Id: I7aedf2194f8cc17a56ffa79c1824e33a7072c1f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5406313 Reviewed-by: danakj <danakj@chromium.org> Reviewed-by: Colin Blundell <blundell@chromium.org> Reviewed-by: Michael Spang <spang@chromium.org> Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> Reviewed-by: François Degros <fdegros@chromium.org> Commit-Queue: Peter Boström <pbos@chromium.org> Cr-Commit-Position: refs/heads/main@{#1281466}

This is part of the work to get cast on starboard building out of chromium. See go/moving-cwr-to-chromium for more information on the high-level goal. This is the crash that occurs without this CL: FATAL:event_factory_evdev.cc(247)] Check failed: user_input_task_runner_. #0 0x5643c4c23ed2 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] #1 0x5643c4c0dc62 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:229:20] #2 0x5643c4b15369 logging::LogMessage::Flush() [../../base/logging.cc:703:29] #3 0x5643c4b1524d logging::LogMessage::~LogMessage() [../../base/logging.cc:694:3] #4 0x5643c4afb6bf logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] #5 0x5643c4afb71e logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] #6 0x5643c4afb173 logging::CheckError::~CheckError() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] #7 0x5643c611fca5 ui::EventFactoryEvdev::Init() [../../ui/events/ozone/evdev/event_factory_evdev.cc:247:3] #8 0x5643c5f275f7 ui::PlatformEventSource::AddPlatformEventDispatcher() [../../ui/events/platform/platform_event_source.cc:54:3] #9 0x5643c11edb81 ui::(anonymous namespace)::OzonePlatformCast::CreatePlatformWindow() [../../third_party/libc++/src/include/__memory/unique_ptr.h:620:30] #10 0x5643c67cf017 aura::WindowTreeHostPlatform::CreatePlatformWindow() [../../ui/aura/window_tree_host_platform.cc:222:44] #11 0x5643c67cef76 aura::WindowTreeHostPlatform::CreateAndSetPlatformWindow() [../../ui/aura/window_tree_host_platform.cc:93:22] #12 0x5643c67cef2a aura::WindowTreeHostPlatform::WindowTreeHostPlatform() [../../ui/aura/window_tree_host_platform.cc:71:3] #13 0x5643c24eb8d1 chromecast::CastWindowTreeHostAura::CastWindowTreeHostAura() [../../chromecast/graphics/cast_window_tree_host_aura.cc:17:7] #14 0x5643c24e937e chromecast::CastWindowManagerAura::Setup() [../../third_party/libc++/src/include/__memory/unique_ptr.h:620:30] #15 0x5643c24a324d chromecast::shell::CastBrowserMainParts::PreMainMessageLoopRun() [../../chromecast/browser/cast_browser_main_parts.cc:627:20] Bug: b/333571227 Change-Id: I7fd21eec0708282fc14d1b6dd578032ba06187c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5439606 Reviewed-by: Luke Halliwell <halliwell@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Commit-Queue: Antonio Rivera <antoniori@google.com> Cr-Commit-Position: refs/heads/main@{#1285202}

This reverts commit c07cbfe. Reason for revert: relanding with tests and fixes Original change's description: > Revert "Get WrapperTypeInfo via ScriptWrappable" > > This reverts commit 81b6e3d. > > Reason for revert: Breaks AutotestPrivateApiTest.AutotestPrivate on linux-chromeos-rel > > https://ci.chromium.org/ui/p/chromium/builders/luci.chromium.ci/linux-chromeos-rel > Sample failure: https://ci.chromium.org/ui/p/chromium/builders/ci/linux-chromeos-rel/75905/overview > > I think this is the relevant part of the stack trace: > > ../../content/public/test/no_renderer_crashes_assertion.cc:102: Failure > Failed > Unexpected termination of a renderer process; status: 3, exit_code: 139 > Stack trace: > #0 0x563e8b77c0da content::NoRendererCrashesAssertion::RenderProcessExited() > #1 0x563e8967d8c4 content::RenderProcessHostImpl::ProcessDied() > #2 0x563e8967d72c content::RenderProcessHostImpl::OnChannelError() > #3 0x563e8ae3ecb5 base::TaskAnnotator::RunTaskImpl() > #4 0x563e8ae583dd base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl() > #5 0x563e8ae57e60 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() > #6 0x563e8ae58845 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() > #7 0x563e8aec2fef base::MessagePumpEpoll::Run() > #8 0x563e8ae58bb2 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run() > #9 0x563e8ae1e7fd base::RunLoop::Run() > #10 0x563e91a0c6c9 extensions::ResultCatcher::GetNextResult() > #11 0x563e8ad7fcf6 extensions::ExtensionApiTest::RunExtensionTest() > #12 0x563e8ad7f999 extensions::ExtensionApiTest::RunExtensionTest() > #13 0x563e854402ed extensions::AutotestPrivateApiTest::RunAutotestPrivateExtensionTest() > > Original change's description: > > Get WrapperTypeInfo via ScriptWrappable > > > > as opposed to using a dedicated internal field for that. > > > > Bug: 328117814 > > Change-Id: I01f9aff3ad8a41fafbd2655d23f076a0f76fdc57 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5455405 > > Reviewed-by: Nate Chapin <japhet@chromium.org> > > Commit-Queue: Andrey Kosyakov <caseq@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#1288405} > > Bug: 328117814 > Change-Id: Id0ad5b6bcab7a99cf31d551df00928708dd93465 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5459075 > Reviewed-by: Jiacheng Guo <gjc@google.com> > Auto-Submit: Timothy Loh <timloh@chromium.org> > Commit-Queue: Jiacheng Guo <gjc@google.com> > Owners-Override: Timothy Loh <timloh@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1288546} Bug: 328117814 Change-Id: Icc69d23b24b71adc9332e3a01c91f336506c035f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466905 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#1290020}

Example builder failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/119860/overview. crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: [840814:1:0419/092311.735189:FATAL:ax_object.cc(3129)] Check failed: !IsDetached(). STDERR: #0 0x7f57ed36492c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] STDERR: #1 0x7f57ed316545 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:236:20] STDERR: #2 0x7f57ed3164d5 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:231:28] STDERR: #3 0x7f57ed0349bf logging::LogMessage::Flush() [../../base/logging.cc:710:29] STDERR: #4 0x7f57ed0348e7 logging::LogMessage::~LogMessage() [../../base/logging.cc:698:3] STDERR: #5 0x7f57ecfdbfc5 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] STDERR: #6 0x7f57ecfdbfe9 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] STDERR: #7 0x7f57ecfdcdcc std::__Cr::default_delete<>::operator()() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] STDERR: #8 0x7f57ecfdc32a std::__Cr::unique_ptr<>::reset() [../../third_party/libc++/src/include/__memory/unique_ptr.h:278:7] STDERR: #9 0x7f57ecfdb90d logging::CheckError::~CheckError() [../../base/check.cc:349:16] STDERR: #10 0x7f57bb3ae68b blink::AXObject::IsIncludedInTree() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:3129:3] STDERR: #11 0x7f57bb3a43a4 blink::AXObject::ToString() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:8108:30] STDERR: #12 0x7f57bb3a2a52 blink::AXObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:782:35] STDERR: #13 0x7f57bb3556e6 blink::AXNodeObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_node_object.cc:2377:13] STDERR: #14 0x7f57bb3ec319 blink::AXObjectCacheImpl::Remove() .... Bug: 40933623 Change-Id: Ic447ade12398f7666c4f6f4def61c2e3723feb43 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466669 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Liviu Tinta <liviutinta@chromium.org> Auto-Submit: Liviu Tinta <liviutinta@chromium.org> Owners-Override: Liviu Tinta <liviutinta@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1290248}

This reverts commit 6578c4f. Reason for revert: Offending DCHECK was fixed and removed with https://crrev.com/c/5464203. Tests can probably be re-enabled. Original change's description: > [Gardener] Disable tests failing !IsDetached check > > Example builder failure: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests%20(dbg)(1)/119860/overview. > > crash log for renderer (pid <unknown>): > STDOUT: <empty> > STDERR: [840814:1:0419/092311.735189:FATAL:ax_object.cc(3129)] Check failed: !IsDetached(). > STDERR: #0 0x7f57ed36492c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1039:7] > STDERR: #1 0x7f57ed316545 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:236:20] > STDERR: #2 0x7f57ed3164d5 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:231:28] > STDERR: #3 0x7f57ed0349bf logging::LogMessage::Flush() [../../base/logging.cc:710:29] > STDERR: #4 0x7f57ed0348e7 logging::LogMessage::~LogMessage() [../../base/logging.cc:698:3] > STDERR: #5 0x7f57ecfdbfc5 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:166:3] > STDERR: #6 0x7f57ecfdbfe9 logging::(anonymous namespace)::DCheckLogMessage::~DCheckLogMessage() [../../base/check.cc:161:32] > STDERR: #7 0x7f57ecfdcdcc std::__Cr::default_delete<>::operator()() [../../third_party/libc++/src/include/__memory/unique_ptr.h:67:5] > STDERR: #8 0x7f57ecfdc32a std::__Cr::unique_ptr<>::reset() [../../third_party/libc++/src/include/__memory/unique_ptr.h:278:7] > STDERR: #9 0x7f57ecfdb90d logging::CheckError::~CheckError() [../../base/check.cc:349:16] > STDERR: #10 0x7f57bb3ae68b blink::AXObject::IsIncludedInTree() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:3129:3] > STDERR: #11 0x7f57bb3a43a4 blink::AXObject::ToString() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:8108:30] > STDERR: #12 0x7f57bb3a2a52 blink::AXObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_object.cc:782:35] > STDERR: #13 0x7f57bb3556e6 blink::AXNodeObject::Detach() [../../third_party/blink/renderer/modules/accessibility/ax_node_object.cc:2377:13] > STDERR: #14 0x7f57bb3ec319 blink::AXObjectCacheImpl::Remove() > .... > > Bug: 40933623 > Change-Id: Ic447ade12398f7666c4f6f4def61c2e3723feb43 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5466669 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Reviewed-by: Liviu Tinta <liviutinta@chromium.org> > Auto-Submit: Liviu Tinta <liviutinta@chromium.org> > Owners-Override: Liviu Tinta <liviutinta@chromium.org> > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#1290248} Bug: 40933623 Change-Id: Ib77c888c8c8a1209a18ddd93f7c07d17c50a04a5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5465688 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#1290555}

This reverts commit 5b98671. Reason for revert: browser_test failures starting at https://ci.chromium.org/ui/p/chrome/builders/ci/linux-chromeos-chrome/41245/blamelist The failures all have stack: 2024-05-01T22:20:26.913799Z ERROR browser_tests[68320:68386]: [object_proxy.cc(576)] Failed to call method: org.chromium.debugd.GetPerfOutputV2: object_path= /org/chromium/debugd: org.freedesktop.DBus.Error.ServiceUnknown: The name org.chromium.debugd was not provided by any .service files #0 0x55f5d4f55172 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1043:7] #1 0x55f5d4f4139e base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:241:20] #2 0x55f5d57d3a8a content::(anonymous namespace)::SignalHandler() [../../content/public/test/browser_test_base.cc:177:24] #3 0x7f9d71a42520 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x4251f) #4 0x55f5db0e82e7 ash::FwupdDownloadClientImpl::GetURLLoaderFactory() [../../chrome/browser/ui/ash/fwupd_download_client_impl.cc:21:44] #5 0x55f5d833381c ash::FirmwareUpdateManager::DownloadLvfsMirrorFile() [../../chromeos/ash/components/fwupd/firmware_update_manager.cc:1051:35] #6 0x55f5d83350c1 base::internal::DecayedFunctorTraits<>::Invoke<>() [../../base/functional/bind_internal.h:738:12] #7 0x55f5d8334f93 base::internal::Invoker<>::RunOnce() [../../base/functional/bind_internal.h:954:5] Original change's description: > fwupd: Add refresh metadata logic > > Download the jcat file from chromeos local mirror and store it in cache. > Copy the file to a gz file and unzip it. Read the contents to get the > latest firmware file name. Download that file from chromeos local mirror > and call UpdateMetadata on those 2 files. > > BUG=b:328637488 > TEST=autoninja chrome; manually check from logs > chromeos_unittests --gtest_filter=FwupdClientTest.* && > FirmwareUpdateManager* > > Change-Id: I5673ad909963c4436a580746db9b94dd1c1a4f1b > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5444929 > Commit-Queue: Rishabh Agrawal <rishabhagr@chromium.org> > Reviewed-by: Scott Violet <sky@chromium.org> > Reviewed-by: Adenilson Cavalcanti <cavalcantii@chromium.org> > Reviewed-by: Jimmy Gong <jimmyxgong@chromium.org> > Reviewed-by: Steven Bennetts <stevenjb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1295074} Bug: b:328637488 Change-Id: Ib753c1db9048f1acf693606ff7058d9820942f3b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5508951 Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Joel Hockey <joelhockey@chromium.org> Owners-Override: Joel Hockey <joelhockey@chromium.org> Cr-Commit-Position: refs/heads/main@{#1295258}

@page

Since @page border box layout objects aren't in the the layout tree, any code that wants to walk up the tree to find the containing block will be in for a surprise. This would happen if percentage-based @page padding was used [1]. Recomputing padding during painting when we have already done it during layout is rather pointless anyway. Read it out directly from the fragment. [1] #1 blink::LayoutBox::ContainingBlockLogicalWidthForContent() #2 blink::LayoutBoxModelObject::ComputedCSSPadding() #3 blink::LayoutBoxModelObject::PaddingTop() #4 blink::LayoutBoxModelObject::PaddingOutsets() #5 blink::BoxPainterBase::PaintFillLayer() #6 blink::BoxPainterBase::PaintFillLayers() #7 blink::BoxFragmentPainter::PaintBackground() Bug: 40286153 Change-Id: I1e6e92c2ce1d81aab2673ec9a877eac455534102 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5526469 Commit-Queue: Morten Stenshorne <mstensho@chromium.org> Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org> Cr-Commit-Position: refs/heads/main@{#1300711}

Attempting to initialize the GPU triggers MSan failures in GL with eager checks enabled in MSan: Uninitialized bytes in strlen at offset 0 inside [0x70200013dec0, 30) ==589==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7fffeeba96de in glLabelObjectEXT (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x4f6de) #1 0x7fffeeba9b10 in glLabelObjectEXT (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x4fb10) #2 0x7fffeeb879a3 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x2d9a3) #3 0x7fffeeb894c0 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x2f4c0) #4 0x7fffeeb8e400 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x34400) #5 0x7fffeeb8f384 (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x35384) #6 0x7fffeeb8bd9a (/lib/x86_64-linux-gnu/libGLX_mesa.so.0+0x31d9a) #7 0x7fffecceb484 in queryExtensionsString third_party/angle/src/libANGLE/renderer/gl/glx/FunctionsGLX.cpp:354:12 #8 0x7fffecceb484 in rx::FunctionsGLX::initialize(_XDisplay*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>*) third_party/angle/src/libANGLE/renderer/gl/glx/FunctionsGLX.cpp:223:30 #9 0x7fffeccdada2 in rx::DisplayGLX::initialize(egl::Display*) third_party/angle/src/libANGLE/renderer/gl/glx/DisplayGLX.cpp:114:15 #10 0x7fffec70f649 in egl::Display::initialize() third_party/angle/src/libANGLE/Display.cpp:1082:36 #11 0x7fffec0bed17 in egl::Initialize(egl::Thread*, egl::Display*, int*, int*) third_party/angle/src/libGLESv2/egl_stubs.cpp:514:5 #12 0x7fffec0c6319 in EGL_Initialize third_party/angle/src/libGLESv2/entry_points_egl_autogen.cpp:571:27 #13 0x7fffefc4000d in eglInitialize third_party/angle/src/libEGL/libEGL_autogen.cpp:177:12 #14 0x5555868ec92a in gl::GLDisplayEGL::InitializeDisplay(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::EGLDisplayPlatform, gl::GLDisplayEGL*) ui/gl/gl_display.cc:769:10 #15 0x5555868eb310 in gl::GLDisplayEGL::Initialize(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::EGLDisplayPlatform) ui/gl/gl_display.cc:660:8 #16 0x55556c6f1957 in ui::GLOzoneEGL::InitializeGLOneOffPlatform(bool, std::__Cr::vector<gl::DisplayType, std::__Cr::allocator<gl::DisplayType>>, gl::GpuPreference) ui/ozone/common/gl_ozone_egl.cc:25:17 #17 0x55558b1a8999 in gl::init::InitializeGLOneOffPlatform(gl::GpuPreference) ui/gl/init/gl_initializer_ozone.cc:27:26 #18 0x55558b1a6978 in gl::init::InitializeGLOneOffPlatformImplementation(bool, bool, bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:211:24 #19 0x55558b1a6208 in gl::init::(anonymous namespace)::InitializeGLOneOffPlatformHelper(bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:135:10 #20 0x55558b1a662d in gl::init::InitializeGLNoExtensionsOneOff(bool, gl::GpuPreference) ui/gl/init/gl_factory.cc:166:10 #21 0x55558b227379 in gpu::GpuInit::InitializeAndStartSandbox(base::CommandLine*, gpu::GpuPreferences const&) gpu/ipc/service/gpu_init.cc:495:18 #22 0x55559ab41ce4 in content::GpuMain(content::MainFunctionParams) content/gpu/gpu_main.cc:358:39 #23 0x55557b5888da in content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:685:14 #24 0x55557b58abad in content::RunOtherNamedProcessTypeMain(std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, content::MainFunctionParams, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:789:12 #25 0x55557b58e4fe in content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:1156:10 #26 0x55557b585aaf in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) content/app/content_main.cc:332:36 #27 0x55557b58644a in content::ContentMain(content::ContentMainParams) content/app/content_main.cc:345:10 #28 0x555580df9c37 in content::LaunchTestsInternal(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:385:12 #29 0x555580dfab58 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:504:10 #30 0x555582b8afec in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) chrome/test/base/chrome_test_launcher.cc:392:10 #31 0x55557d422a0e in main chrome/test/base/browser_tests_main.cc:60:10 #32 0x7ffff48456c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #33 0x7ffff4845784 in __libc_start_main csu/../csu/libc-start.c:360:3 #34 0x55555e647029 in _start (/usr/local/google/home/dcheng/src/chrome/src/out/msan/browser_tests+0x90f3029) (BuildId: 6cbc295b16ac1107) Uninitialized value was created by a heap allocation #0 0x55555e675a22 in malloc /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/msan/msan_interceptors.cpp:1021:3 #1 0x7ffff489b087 in __vasprintf_internal libio/vasprintf.c:116:16 #2 0x4ae8d349882b18ff (<unknown module>) Bug: 40240570 Change-Id: If59faa297e214b7219ebb4c5c9572b44a33ee070 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5548826 Reviewed-by: Elad Alon <eladalon@chromium.org> Commit-Queue: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/main@{#1303583}

This CL is trivial (contextualized by its downstream counterpart). Some PA unit tests will `free()` an object and subsequently use the address as a slot start. PA's standard mechanism for asserting that an address is a slot start is incompatible with this, and so the test should be performed with an explicitly unchecked variant. Sample backtrace from LUD unit tests: ``` (lldb) bt * thread #1, name = 'base_unittests', stop reason = signal SIGTRAP * frame #0: 0x0000555559e206b9 base_unittests`partition_alloc::internal::logging::LogMessage::~LogMessage()::$_0::operator()(this=0x00007fffffffbaa7) const at log_message.cc:128:5 frame #1: 0x0000555559e20682 base_unittests`partition_alloc::internal::logging::LogMessage::~LogMessage(this=0x00007fffffffbc28) at log_message.cc:128:5 frame #2: 0x0000555559e1fdf6 base_unittests`partition_alloc::internal::logging::CheckError::~CheckError(this=0x00007fffffffbc28) at check.cc:74:18 frame #3: 0x0000555557311045 base_unittests`partition_alloc::internal::logging::check_error::DCheck::~DCheck(this=0x00007fffffffbc28) at check.h:120:49 frame #4: 0x0000555557313786 base_unittests`partition_alloc::internal::IsReservationStart(address=67723054809088) at reservation_offset_table.h:265:3 frame #5: 0x0000555557313524 base_unittests`partition_alloc::internal::PartitionPageMetadata::FromAddr(address=67723054825472) at partition_page.h:485:3 frame #6: 0x0000555557312fd6 base_unittests`partition_alloc::internal::SlotSpanMetadata::FromAddr(address=67723054825472) at partition_page.h:534:25 frame #7: 0x00005555573157c0 base_unittests`partition_alloc::internal::SlotStart<true>::CheckIsSlotStart(this=0x00007fffffffc8b0) at partition_page.h:852:32 frame #8: 0x0000555557315780 base_unittests`partition_alloc::internal::SlotStart<true>::SlotStart(this=0x00007fffffffc8b0, untagged_slot_start=67723054825472) at partition_page.h:846:7 frame #9: 0x0000555557316708 base_unittests`partition_alloc::PartitionRoot::ObjectToSlotStart(this=0x00002b6c0005c000, object=0x00003d9800a04000) const at partition_root.h:832:12 frame #10: 0x0000555559e2cb74 base_unittests`partition_alloc::internal::LightweightQuarantineBranch::IsQuarantinedForTesting(this=0x00002b6c000146d8, object=0x00003d9800a04000) at lightweight_quarantine.cc:108:48 frame #11: 0x0000555558c26758 base_unittests`partition_alloc::PartitionAllocLightweightQuarantineTest_TooLargeAllocation_Test::TestBody(this=0x00002b6c00014680) at lightweight_quarantine_unittest.cc:129:3 ``` Bug: 337078970 Change-Id: I08592544b79be323a724b139f642105316cfdf30 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5584938 Reviewed-by: Keishi Hattori <keishi@chromium.org> Commit-Queue: Kalvin Lee <kdlee@chromium.org> Cr-Commit-Position: refs/heads/main@{#1309767}

The Browser class allows arbitrary classes that inherit from BrowserUserData to attach themselves to a Browser instance. However, BrowserUserData instances are destroyed after Browser's fields are already destroyed. If a BrowserUserData subclass tries to use the Browser in its destructor, this is a use-after-destroy. An example of such an error caught by MSan's use-after-dtor check: #0 BrowserView::GetBrowserViewForBrowser(Browser const*) chrome/browser/ui/views/frame/browser_view.cc:1103:26 #1 ReadAnythingCoordinator::~ReadAnythingCoordinator() chrome/browser/ui/views/side_panel/read_anything/read_anything_coordinator.cc:176:31 #2 ReadAnythingCoordinator::~ReadAnythingCoordinator() chrome/browser/ui/views/side_panel/read_anything/read_anything_coordinator.cc:161:53 #3 operator() third_party/libc++/src/include/__memory/unique_ptr.h:67:5 #4 reset third_party/libc++/src/include/__memory/unique_ptr.h:278:7 #5 ~unique_ptr third_party/libc++/src/include/__memory/unique_ptr.h:248:71 #6 ~pair third_party/libc++/src/include/__utility/pair.h:63:29 <...> #18 0x559686690082 in base::SupportsUserData::~SupportsUserData() base/supports_user_data.cc:122:1 #19 0x55968264e074 in Browser::~Browser() chrome/browser/ui/browser.cc:726:1 #20 0x55968264eb53 in Browser::~Browser() chrome/browser/ui/browser.cc:638:21 Browser now explicitly destroys BrowserUserData instances as the first step of its destruction, to avoid BrowserUserData instances from using a partially-destroyed Browser. However, this reveals an additional issue in ReadAnythingCoordinator, which registers itself as a BrowserList observer, but never unregisters itself. It is unclear what the semantics should be for something that is both a BrowserUserData and a BrowserList observer; fortunately, ReadAnythingCoordinator does not care about the OnBrowserRemoved() event, so this particular question can be punted down the road... Fixing this second issue requires removing the early return in the ReadAnythingCoordinator destructor to avoid skipping observer unregistrations; unfortunately, this reveals one last bug in ReadAnythingCoordinator: it tries to use SidePanelRegistry from its destructor, but both ReadAnythingCoordinator and SidePanelRegistry are BrowserUserData instances. In an ancestor CL, SupportsUserData has been updated so Browser now consistently appears to have no attached BrowserUserData when clearing BrowserUserData instances, whether that's during destruction or during an explicit `ClearAllUserData()` call. While it is an antipattern for a BrowserUserData's destructor to try using another BrowserUserData, fixing that is out of scope of this CL—so just add a null check for now. Bug: 40222690 Change-Id: I3144ca6225f0c739365d065db8bfe1db55db7560 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5590095 Reviewed-by: Abigail Klein <abigailbklein@google.com> Reviewed-by: Mike Wasserman <msw@chromium.org> Commit-Queue: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Erik Chen <erikchen@chromium.org> Cr-Commit-Position: refs/heads/main@{#1313680}

…ingPrefetch` This CL adds `PrerenderFinalStatus::kPrerenderFailedDuringPrefetch` and UMA `Prerender.Experimental.PrefetchAheadOfPrerenderFailed.PrefetchStatus{PreloadingTriggerType}`, which are used in the case of prefetch ahead of prerender fails. Fixed: 366144969 Change-Id: I853cc93c44c5875f7e37889321106120bdb72b41 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5922301 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Auto-Submit: Ken Okada <kenoss@chromium.org> Cr-Commit-Position: refs/heads/main@{#1367437}

pull bot added the ⤵️ pull label Aug 31, 2021

ckitagawa-work and others added 27 commits September 17, 2021 14:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] master from chromium:master #6

[pull] master from chromium:master #6

pull bot commented Aug 31, 2021 •

edited

Loading

[pull] master from chromium:master #6

[pull] master from chromium:master #6

Conversation

pull bot commented Aug 31, 2021 • edited Loading

pull bot commented Aug 31, 2021 •

edited

Loading