Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Three most recent builds are broken in Lion and Mavericks. #12

Closed
Wowfunhappy opened this issue Feb 26, 2021 · 5 comments
Closed

Three most recent builds are broken in Lion and Mavericks. #12

Wowfunhappy opened this issue Feb 26, 2021 · 5 comments
Labels
bug Something isn't working

Comments

@Wowfunhappy
Copy link

I don't know why Mavericks is being such a pain. :(

On 10.9, builds 857665, 857998, and 858115 do not start up properly. A window opens, but no content is drawn inside. Attempting to quit causes Chromium to hang; a hang report is attached. Build 857511 works fine.

These builds work fine inside of my Mountain Lion VM.

Chromium_2021-02-26-164811_Jonathans-Mac-Pro.hang.zip

@Jagoche
Copy link

Jagoche commented Feb 27, 2021

Same situation with Lion.

857511 starts up fine on 10.7.5. Later versions stop responding after a window (with garbage displayed) opens.

@Wowfunhappy Wowfunhappy changed the title Three most recent builds are broken again in Mavericks. Three most recent builds are broken in Lion and Mavericks. Feb 27, 2021
@blueboxd
Copy link
Owner

Confirmed on 10.7/10.9 and even on 10.10.
This is very odd. Render process exits cleanly (exit status 0), not crashing...
Now I'm tracing commit history, so please wait a while.
Sorry for the inconvenience.

@blueboxd blueboxd added the bug Something isn't working label Feb 27, 2021
@blueboxd
Copy link
Owner

Found this cl seems breaking messaging on 10.10-.
I'll investigate details and workarounds later.
Reverted and fixed at r858409 for now.

@Wowfunhappy
Copy link
Author

Thank you as always!

@Jagoche
Copy link

Jagoche commented Feb 28, 2021

Many thanks! r858409 launches normally.

blueboxd pushed a commit that referenced this issue Mar 23, 2021
This CL fixes a segfault when a WaylandScreen is created after a
WaylandWindow..

Basically, when WaylandScreen is created, it gets the list of
existing outputs, which it uses to create displays. In its own turn,
it also checks what WaylandWindows are on those displays and
calls WaylandWindow::UpdateBufferScale. This operation also
results in SetBounds to be called, which calls to
PlatformWindowDelegate::GetMinimumSizeForWindow, which requires
ScreenOzone instance to have PlatformScreen (WaylandScreen in this
case) to be set.

But as long as creation of the screen, updating buffer scale, and
setting updated bounds based on new scale value happens in the
same sequence of calls, ScreenOzone just doesn't have the PlatformScreen
set, and it results in a crash. See the stacktrace below -

#3 0x7f9c30bba4c0 (/lib/x86_64-linux-gnu/libc-2.23.so+0x354bf)
#4 0x556900be4bad aura::ScreenOzone::GetPrimaryDisplay()
#5 0x5568ff6aebff views::DesktopWindowTreeHostPlatform::GetRootTransform()
#6 0x5568ff6af1ba views::DesktopWindowTreeHostPlatform::GetMinimumSizeForWindow()
#7 0x5568faeb9aaf ui::WaylandWindow::SetBounds()
#8 0x5568faeb961e ui::WaylandWindow::UpdateBufferScale()
#9 0x5568faeb473d ui::WaylandScreen::AddOrUpdateDisplay()
#10 0x5568faeb3023 ui::WaylandOutputManager::CreateWaylandScreen()
#11 0x5568faec7fa2 ui::(anonymous namespace)::OzonePlatformWayland::CreateScreen()
#12 0x556900be480a aura::ScreenOzone::ScreenOzone()
#13 0x5568ff6aa10e views::DesktopScreenOzone::DesktopScreenOzone()

This only happens in test environments (interactive_ui_tests, when
Ozone is initialized, WaylandWindows are created, but the screen
instance is created and set a bit later.

Thus, make WaylandWindow use existing information about preferred
outputs that it has.

Bug: 1134495
Change-Id: I3f2f9349adc85684d5cf4f5e2bca8497c326bb9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2773276
Commit-Queue: Maksim Sisov <msisov@igalia.com>
Reviewed-by: Robert Kroeger <rjkroege@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865569}
blueboxd pushed a commit that referenced this issue Apr 9, 2021
This reverts commit c787d2a.

Reason for revert:

Causes flaky failures on some Linux bots, e.g., https://ci.chromium.org/p/chromium/builders/ci/Linux%20Ozone%20Tester%20%28Wayland%29
Example failure:
browser_tests_wayland failed because of:
ExtensionBackForwardCacheContentScriptDisabledBrowserTest.CSSDisallowed

pattern of failures on this bot:
https://screenshot.googleplex.com/87iSx5FiDVGZRmF

Failure error is
../../chrome/browser/extensions/back_forward_cache_browsertest.cc:110: Failure
Value of: delete_observer_rfh_a.deleted()
  Actual: false
Expected: true
Stack trace:
#0 0x563563bb7efc extensions::ExtensionBackForwardCacheContentScriptDisabledBrowserTest_CSSDisallowed_Test::RunTestOnMainThread()
#1 0x563567b440ce content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#2 0x5635676da77d ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#3 0x5635676d9d54 ChromeBrowserMainParts::PreMainMessageLoopRun()
#4 0x56356561f0df content::BrowserMainLoop::PreMainMessageLoopRun()
#5 0x563565a4e6a3 content::StartupTaskRunner::RunAllTasksNow()
#6 0x56356561ed5d content::BrowserMainLoop::CreateStartupTasks()
#7 0x563565621228 content::BrowserMainRunnerImpl::Initialize()
#8 0x56356561d610 content::BrowserMain()
#9 0x563566297393 content::ContentMainRunnerImpl::RunBrowser()
#10 0x563566296f1d content::ContentMainRunnerImpl::Run()
#11 0x5635662944ad content::RunContentProcess()
#12 0x563566294e4d content::ContentMain()
#13 0x563567b43778 content::BrowserTestBase::SetUp()
#14 0x563567587576 InProcessBrowserTest::SetUp()

The same error appears on other bots when this fails too, e.g.,
https://ci.chromium.org/p/chromium/builders/ci/Linux%20Ozone%20Tester%20%28X11%29/29058 
https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8850497656556318928/+/steps/browser_tests_x11/0/logs/Deterministic_failure:_ExtensionBackForwardCacheContentScriptDisabledBrowserTest.CSSDisallowed__status_FAILURE_/0

Original change's description:
> If an extension does a content injection disable bf cache.
>
> This code tracks whether a content injection (insertCSS, contentScript,
> executeScript) has occurred for a WebFrame. If so then turn off
> BFCache for the frame.
>
> BUG=1192785
>
> Change-Id: I682a9efb247aae358023e3a591368c84d47001ce
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2787195
> Reviewed-by: Reilly Grant <reillyg@chromium.org>
> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
> Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#870582}

Bug: 1192785
Change-Id: Ib122b1d64155d85009038d961306ac620053564b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2816001
Auto-Submit: Mark Pearson <mpearson@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Mark Pearson <mpearson@chromium.org>
Reviewed-by: Mark Pearson <mpearson@chromium.org>
Reviewed-by: anthonyvd <anthonyvd@chromium.org>
Owners-Override: Mark Pearson <mpearson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#870681}
blueboxd pushed a commit that referenced this issue Apr 19, 2021
This reverts commit 7ae3611.

Reason for revert: cast_shell+browsertests failing on Cast [Audio] Linux
 First failure https://ci.chromium.org/ui/p/chromium/builders/ci/Cast%20Audio%20Linux/103652/overview

Example crash stack
BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x55bcce76b6a9 base::debug::CollectStackTrace()
#1 0x55bcce6dfda3 base::debug::StackTrace::StackTrace()
#2 0x55bcd0fb5cac content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7fd872d664c0 (/lib/x86_64-linux-gnu/libc-2.23.so+0x354bf)
#4 0x55bcccba88b0 _ZNSt3__17find_ifINS_11__wrap_iterIPKN4base8internal24UncheckedObserverAdapterEEEZNS3_23ProjectedUnaryPredicateIZNKS2_12ObserverListIN3net16MDnsListenerImplELb0ELb1ES4_E11HasObserverEPKSB_EUlRKT_E_NS2_8identityEEEDaRSF_RT0_EUlOSF_E_EESF_SF_SF_SL_
#5 0x55bcccba889e _ZN4base6ranges7find_ifINSt3__111__wrap_iterIPKNS_8internal24UncheckedObserverAdapterEEEZNKS_12ObserverListIN3net16MDnsListenerImplELb0ELb1ES5_E11HasObserverEPKSB_EUlRKT_E_NS_8identityENS2_26random_access_iterator_tagEEEDaSF_SF_T0_T1_
#6 0x55bcccba6dca base::ObserverList<>::RemoveObserver()
#7 0x55bccd28a44e chromecast::DisplayConfiguratorObserver::~DisplayConfiguratorObserver()
#8 0x55bccd26fbcd chromecast::shell::CastBrowserMainParts::~CastBrowserMainParts()
#9 0x55bccd26fc7c chromecast::shell::CastBrowserMainParts::~CastBrowserMainParts()
#10 0x55bccd3a6836 content::BrowserMainLoop::~BrowserMainLoop()
#11 0x55bccd3a6920 content::BrowserMainLoop::~BrowserMainLoop()
#12 0x55bccd3a9c06 content::BrowserMainRunnerImpl::Shutdown()
#13 0x55bccd3a65aa content::BrowserMain()
#14 0x55bcce68bc80 content::RunBrowserProcessMain()
#15 0x55bcce68c9a6 content::ContentMainRunnerImpl::RunBrowser()
#16 0x55bcce68c62c content::ContentMainRunnerImpl::Run()
#17 0x55bcce68ad93 content::RunContentProcess()
#18 0x55bcce68b49a content::ContentMain()
#19 0x55bcd0fb50e1 content::BrowserTestBase::SetUp()
#20 0x55bccc9fdf90 chromecast::WebviewTest::SetUp()
#21 0x55bcce69a89c testing::Test::Run()
#22 0x55bcce69adb8 testing::TestInfo::Run()
#23 0x55bcce69b27d testing::TestSuite::Run()
#24 0x55bcce6a2233 testing::internal::UnitTestImpl::RunAllTests()
#25 0x55bcce6a1f87 testing::UnitTest::Run()
#26 0x55bcd0fa57ef base::TestSuite::Run()
#27 0x55bccc9de2a4 chromecast::shell::CastTestLauncherDelegate::RunTestSuite()
#28 0x55bcd0fb930e content::LaunchTests()
#29 0x55bccc9de23c main
#30 0x7fd872d51840 __libc_start_main
#31 0x55bccc9de12a _start

Original change's description:
> Add display change observer.
>
> Centralize the logic to force a repaint post display changes in an
> observer. This way the complexity of refreshing the display is
> handled in the observer rather than in every piece of code that
> needs to update the display state.
>
> Bug: b/180040068
> Test: Ran cast_shell on the desktop to verify there are no crashes
> Change-Id: I022850322c8b9177463bdc0526121016ebf0f330
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2727577
> Reviewed-by: Daniel Nicoara <dnicoara@chromium.org>
> Commit-Queue: Shiv Sakhuja <shivsak@google.com>
> Cr-Commit-Position: refs/heads/master@{#873512}

Bug: b/180040068
Change-Id: Id01a6e537f2285a9c35ce90acc9eba81b0ea6c1f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2835019
Owners-Override: Olga Sharonova <olka@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Olga Sharonova <olka@chromium.org>
Cr-Commit-Position: refs/heads/master@{#873746}
blueboxd pushed a commit that referenced this issue Apr 27, 2021
This reverts commit 59bae41.

Reason for revert: Broken on Linux Chromium OS ASan LSan Tests (1)
https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20(1)/39927/

<div><pre>[ RUN      ] PrerenderBrowserTest.PrerenderBlankIframe
2021-04-26T19:40:32.221868Z INFO content_browsertests[5132:5132]: [content_main_runner_impl.cc(1077)] Chrome is running in full browser mode.

DevTools listening on ws://127.0.0.1:36659/devtools/browser/21b92715-e642-49fe-98ef-4b69eea3f8b2
2021-04-26T19:40:32.847975Z ERROR content_browsertests[5132:5132]: [browser_test_utils.cc(837)] No committed entry.
2021-04-26T19:40:34.078783Z WARNING content_browsertests[5132:5132]: [render_frame_host_impl.cc(977)] InterfaceRequest was dropped, the document is no longer active: blink.mojom.AppCacheBackend
2021-04-26T19:40:34.281683Z FATAL content_browsertests[5285:1]: [document.cc(8103)] Check failed: is_prerendering_.
    #0 0x55b148a133cb in backtrace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4205:13
    #1 0x55b1586bd249 in base::debug::CollectStackTrace(void**, unsigned long) ./../../base/debug/stack_trace_posix.cc:840:39
    #2 0x55b1583f3f03 in StackTrace ./../../base/debug/stack_trace.cc:198:12
    #3 0x55b1583f3f03 in base::debug::StackTrace::StackTrace() ./../../base/debug/stack_trace.cc:195:28
    #4 0x55b158448eb2 in logging::LogMessage::~LogMessage() ./../../base/logging.cc:589:29
    #5 0x55b15844adde in logging::LogMessage::~LogMessage() ./../../base/logging.cc:583:27
    #6 0x55b15e0d8fa6 in blink::Document::ActivateForPrerendering() ./../../third_party/blink/renderer/core/dom/document.cc:8103:3
    #7 0x55b15392c60c in Run ./../../base/callback.h:101:12
    #8 0x55b15392c60c in RunInternal ./../../third_party/blink/renderer/platform/wtf/functional.h:221:33
    #9 0x55b15392c60c in WTF::ThreadCheckingCallbackWrapper<base::OnceCallback<void ()>, void ()>::Run() ./../../third_party/blink/renderer/platform/wtf/functional.h:206:12
    #10 0x55b1585795fa in Run ./../../base/callback.h:101:12
    #11 0x55b1585795fa in base::TaskAnnotator::RunTask(char const*, base::PendingTask*) ./../../base/task/common/task_annotator.cc:173:33
    #12 0x55b1585e197a in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:351:25
    #13 0x55b1585e071f in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:264:36
    #14 0x55b158468934 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ./../../base/message_loop/message_pump_default.cc:39:55
    #15 0x55b1585e36d9 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:460:12
    #16 0x55b158503839 in base::RunLoop::Run(base::Location const&) ./../../base/run_loop.cc:133:14
    #17 0x55b1671389dc in content::RendererMain(content::MainFunctionParams const&) ./../../content/renderer/renderer_main.cc:261:16
    #18 0x55b15003c45a in content::RunZygote(content::ContentMainDelegate*) ./../../content/app/content_main_runner_impl.cc:572:14
    #19 0x55b15003f244 in content::ContentMainRunnerImpl::Run(bool) ./../../content/app/content_main_runner_impl.cc:958:10
    #20 0x55b150039a30 in content::RunContentProcess(content::ContentMainParams const&, content::ContentMainRunner*) ./../../content/app/content_main.cc:372:36
    #21 0x55b150039f11 in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:398:10
    #22 0x55b157438e9c in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) ./../../content/public/test/test_launcher.cc:372:12
    #23 0x55b1572a1d21 in main ./../../content/test/content_test_launcher.cc:91:10
    #24 0x7f772d1ad840 in __libc_start_main ??:0:0
    #25 0x55b1489dcaaa in _start ??:0:0
Task trace:
    #0 0x55b15ea7ff11 in blink::LocalFrame::ActivateForPrerendering() ./../../third_party/blink/renderer/core/frame/local_frame.cc:3766:18
    #1 0x55b15780d116 in IPC::(anonymous namespace)::ChannelAssociatedGroupController::Accept(mojo::Message*) ./../../ipc/ipc_mojo_bootstrap.cc:904:13
IPC message handler context: 0xA60C9B35

Received signal 6
    #0 0x55b148a133cb in backtrace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4205:13
    #1 0x55b1586bd249 in base::debug::CollectStackTrace(void**, unsigned long) ./../../base/debug/stack_trace_posix.cc:840:39
    #2 0x55b1583f3f03 in StackTrace ./../../base/debug/stack_trace.cc:198:12
    #3 0x55b1583f3f03 in base::debug::StackTrace::StackTrace() ./../../base/debug/stack_trace.cc:195:28
    #4 0x55b1586bbd47 in base::debug::(anonymous namespace)::StackDumpSignalHandler(int, siginfo_t*, void*) ./../../base/debug/stack_trace_posix.cc:345:3
    #5 0x7f7730097390 in __funlockfile ??:?
    #6 0x7f7730097390 in ?? ??:0
    #7 0x7f772d1c2438 in raise ??:0:0
    #8 0x7f772d1c403a in abort ??:0:0
    #9 0x55b1586b9f6a in base::debug::BreakDebugger() ./../../base/debug/debugger_posix.cc:326:3
    #10 0x55b158449863 in logging::LogMessage::~LogMessage() ./../../base/logging.cc:891:7
    #11 0x55b15844adde in logging::LogMessage::~LogMessage() ./../../base/logging.cc:583:27
    #12 0x55b15e0d8fa6 in blink::Document::ActivateForPrerendering() ./../../third_party/blink/renderer/core/dom/document.cc:8103:3
    #13 0x55b15392c60c in Run ./../../base/callback.h:101:12
    #14 0x55b15392c60c in RunInternal ./../../third_party/blink/renderer/platform/wtf/functional.h:221:33
    #15 0x55b15392c60c in WTF::ThreadCheckingCallbackWrapper<base::OnceCallback<void ()>, void ()>::Run() ./../../third_party/blink/renderer/platform/wtf/functional.h:206:12
    #16 0x55b1585795fa in Run ./../../base/callback.h:101:12
    #17 0x55b1585795fa in base::TaskAnnotator::RunTask(char const*, base::PendingTask*) ./../../base/task/common/task_annotator.cc:173:33
    #18 0x55b1585e197a in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:351:25
    #19 0x55b1585e071f in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:264:36
    #20 0x55b158468934 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ./../../base/message_loop/message_pump_default.cc:39:55
    #21 0x55b1585e36d9 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:460:12
    #22 0x55b158503839 in base::RunLoop::Run(base::Location const&) ./../../base/run_loop.cc:133:14
    #23 0x55b1671389dc in content::RendererMain(content::MainFunctionParams const&) ./../../content/renderer/renderer_main.cc:261:16
    #24 0x55b15003c45a in content::RunZygote(content::ContentMainDelegate*) ./../../content/app/content_main_runner_impl.cc:572:14
    #25 0x55b15003f244 in content::ContentMainRunnerImpl::Run(bool) ./../../content/app/content_main_runner_impl.cc:958:10
    #26 0x55b150039a30 in content::RunContentProcess(content::ContentMainParams const&, content::ContentMainRunner*) ./../../content/app/content_main.cc:372:36
    #27 0x55b150039f11 in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:398:10
    #28 0x55b157438e9c in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) ./../../content/public/test/test_launcher.cc:372:12
    #29 0x55b1572a1d21 in main ./../../content/test/content_test_launcher.cc:91:10
    #30 0x7f772d1ad840 in __libc_start_main ??:0:0
    #31 0x55b1489dcaaa in _start ??:0:0
  r8: 0000000000003000  r9: 00000feee51a2840 r10: 0000000000000008 r11: 0000000000000202
 r12: 00000fef65260c00 r13: 00000feee5268e48 r14: 00007f7729347230 r15: 00007f77293472b0
  di: 0000000000000001  si: 0000000000000001  bp: 00007ffcf0a97110  bx: 00007ffcf0a97120
  dx: 0000000000000006  ax: 0000000000000000  cx: 00007f772d1c2438  sp: 00007ffcf0a96fd8
  ip: 00007f772d1c2438 efl: 0000000000000202 cgf: 002b000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(EXIT_FAILURE). Core file will not be generated.
../../content/public/test/no_renderer_crashes_assertion.cc:101: Failure
Failed
Unexpected termination of a renderer process; status: 1, exit_code: 256
Stack trace:
    #0 0x556300884c70 in content::NoRendererCrashesAssertion::Observe(int, content::NotificationSource const&, content::NotificationDetails const&) ./../../content/public/test/no_renderer_crashes_assertion.cc:101:5
    #1 0x5562fe8a511c in content::NotificationServiceImpl::Notify(int, content::NotificationSource const&, content::NotificationDetails const&) ./../../content/browser/notification_service_impl.cc:123:16
    #2 0x5562fed854dc in content::RenderProcessHostImpl::ProcessDied(bool, content::ChildProcessTerminationInfo*) ./../../content/browser/renderer_host/render_process_host_impl.cc:4468:35
    #3 0x5562fed84d46 in content::RenderProcessHostImpl::FastShutdownIfPossible(unsigned long, bool) ./../../content/browser/renderer_host/render_process_host_impl.cc:3480:3
    #4 0x5563007096fd in content::ContentBrowserTest::PostRunTestOnMainThread() ./../../content/public/test/content_browser_test.cc:159:26
    #5 0x55630081ddfd in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() ./../../content/public/test/browser_test_base.cc:833:3
    #6 0x5562f23f595a in base::OnceCallback<void ()>::Run() && ./../../base/callback.h:101:12
    #7 0x556300a86450 in content::ShellBrowserMainParts::PreMainMessageLoopRun() ./../../content/shell/browser/shell_browser_main_parts.cc:200:37
    #8 0x5562fe06aed1 in content::BrowserMainLoop::PreMainMessageLoopRun() ./../../content/browser/browser_main_loop.cc:961:28
    #9 0x5562f78e60d9 in base::OnceCallback<int ()>::Run() && ./../../base/callback.h:101:12
    #10 0x5562ff118ca5 in content::StartupTaskRunner::RunAllTasksNow() ./../../content/browser/startup_task_runner.cc:41:29
    #11 0x5562fe06a59d in content::BrowserMainLoop::CreateStartupTasks() ./../../content/browser/browser_main_loop.cc:869:25
    #12 0x5562fe0715f3 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ./../../content/browser/browser_main_runner_impl.cc:131:15
    #13 0x5562fe066342 in content::BrowserMain(content::MainFunctionParams const&) ./../../content/browser/browser_main.cc:43:32
    #14 0x5562f94bb63d in content::RunBrowserProcessMain(content::MainFunctionParams const&, content::ContentMainDelegate*) ./../../content/app/content_main_runner_impl.cc:598:10
    #15 0x5562f94bded9 in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams&, bool) ./../../content/app/content_main_runner_impl.cc:1081:10
    #16 0x5562f94bd258 in content::ContentMainRunnerImpl::Run(bool) ./../../content/app/content_main_runner_impl.cc:956:12
    #17 0x5562f94b7a30 in content::RunContentProcess(content::ContentMainParams const&, content::ContentMainRunner*) ./../../content/app/content_main.cc:372:36
    #18 0x5562f94b7f11 in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:398:10
    #19 0x55630081c4bd in content::BrowserTestBase::SetUp() ./../../content/public/test/browser_test_base.cc:696:3

2021-04-26T19:40:34.692356Z WARNING content_browsertests[5132:5174]: [discardable_shared_memory_manager.cc(432)] Some MojoDiscardableSharedMemoryManagerImpls are still alive. They will be leaked.
[  FAILED  ] PrerenderBrowserTest.PrerenderBlankIframe, where TypeParam =  and GetParam() =  (2830 ms)

Original change's description:
> Prerender: Enable PrerenderBrowserTest.PrerenderBlankIframe
>
> To sheriffs: Feel free to revert this CL if the test is flaky.
>
> The CL author tried to reproduce this on local environments but
> failed. For further investigation, this CL enables the test again to see
> how it works on the try bots.
>
> Bug: 1185965
> Change-Id: Ie7f65ef094a815e72b93091c8b3d0ab9b361e593
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2850329
> Reviewed-by: Lingqi Chi <lingqi@chromium.org>
> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#876111}

Bug: 1185965
Change-Id: I245d5e5f2715c75ead3a50389cbd0e9a4ad49aed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2853351
Auto-Submit: Thiemo Nagel <tnagel@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Thiemo Nagel <tnagel@chromium.org>
Owners-Override: Thiemo Nagel <tnagel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#876535}
blueboxd pushed a commit that referenced this issue May 25, 2021
This CL addresses an issue where the map of View objects to AXNodeIDs in
the AXAuraObjectCache gets populated with stale elements. When a View is
destructed, we remove it from this cache, but if the View was focused,
we incorrectly add a new entry back (see stack traces below). This
causes issues if later on a View is created at the same address at this
deleted view (manifesting as a flaky test failure on the linked bug).

We fix this by having the AXViewObjWrapper remove the cache entry when
the View is destroyed (OnViewIsDeleting).

Stack trace for removing AXAuraObjCache entry
#0 views::AXAuraObjCache::Remove()
#1 views::AXAuraObjCache::RemoveViewSubtree()
#2 views::Widget::NotifyWillRemoveView()
#3 views::View::DoRemoveChildView()
#4 views::View::~View()

Stack trace for re-adding AXAuraObjCache entry
#0 views::AXAuraObjCache::GetOrCreate()
#1 AutomationManagerAura::OnViewEvent()
#2 views::AXEventManager::NotifyViewEvent()
#3 views::View::NotifyAccessibilityEvent()
#4 views::View::SetVisible()
#5 views::FocusRing::RefreshLayer()
#6 views::View::Blur()
#7 views::FocusManager::SetFocusedViewWithReason()
#8 views::Widget::ViewHierarchyChanged()
#9 views::internal::RootView::ViewHierarchyChanged()
#10 views::View::ViewHierarchyChangedImpl()
#11 views::View::PropagateRemoveNotifications()
#12 views::View::DoRemoveChildView()
#13 views::View::~View()

AX-Relnotes: n/a.

Bug: b/159074662
Change-Id: Iaf787af321da7de5448e88c036a556a3fc4e1032
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2912232
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Commit-Queue: Timothy Loh <timloh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#886102}
blueboxd pushed a commit that referenced this issue May 27, 2021
Minizip is a library provided by //third_party/zlib. Its zip and unzip
tools can be built in a developer checkout for testing purposes with:

  autoninja -C out/Release minizip_bin
  autoninja -C out/Release miniunz_bin

Add GN build rules for these files. Patch minizip and miniunz tools so
they compile. Add a patch file and minizip.md for usage.

On Android, disable large file support (see bug comment #12). off_t is
32 bits (instead of 64 bits) and should compile on the bots where this
patch failed compile before [1] and was reverted (CL:2895825).

[1] Added CQ android_asan, android_archive_rel_ng try jobs to pre-test
that compile works on these waterfall builders.

Bug: 1207895
Change-Id: Idbb3414a2c14fc541e31d6eff97859245296003f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2919568
Reviewed-by: Adenilson Cavalcanti <cavalcantii@chromium.org>
Commit-Queue: Noel Gordon <noel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#886990}
blueboxd pushed a commit that referenced this issue Jun 19, 2021
This will make compile step faster.
Previously symbol_level=0 means no symbol. But llvm changed the
behavior. Now it contains function names, which in general is
fine for developers.

This is the result for linux-lacros-rel:
symbol_level=0: https://ci.chromium.org/p/chromium/builders/try/linux-lacros-rel/247920?
The browser_tests shard 0 contains:
../../chrome/browser/profiles/profile_manager_browsertest.cc:616: Failure
Expected equality of these values:
  2U
    Which is: 2
  chrome::GetTotalBrowserCount()
    Which is: 1
Stack trace:
#0 0x56441415eea1 ProfileManagerBrowserTest_PRE_AddMultipleProfiles_Test::RunTestOnMainThread()
#1 0x56441a1d278c content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#2 0x564413970763 chrome_service_worker_browser_test::ChromeServiceWorkerLinkFetchTest::ManifestCallbackAndRun()
#3 0x5644199f3cce ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#4 0x5644199f3024 ChromeBrowserMainParts::PreMainMessageLoopRun()
#5 0x564416e69bef content::BrowserMainLoop::PreMainMessageLoopRun()
#6 0x56441740a676 content::StartupTaskRunner::RunAllTasksNow()
#7 0x564416e69855 content::BrowserMainLoop::CreateStartupTasks()
#8 0x564416e6c10b content::BrowserMainRunnerImpl::Initialize()
#9 0x564416e67dd7 content::BrowserMain()
#10 0x564417d95478 content::ContentMainRunnerImpl::RunBrowser()
#11 0x564417d94ec0 content::ContentMainRunnerImpl::Run()
#12 0x564417d92d1c content::RunContentProcess()
#13 0x564417d92ded content::ContentMain()
#14 0x56441a1d1a78 content::BrowserTestBase::SetUp()
#15 0x5644197edc5e InProcessBrowserTest::SetUp()

symbol_level=1: https://ci.chromium.org/p/chromium/builders/try/linux-lacros-rel/248772
The browser_tests shard 0 contains:
../../chrome/browser/profiles/profile_manager_browsertest.cc:616: Failure
Expected equality of these values:
  2U
    Which is: 2
  chrome::GetTotalBrowserCount()
    Which is: 1
Stack trace:
#0 0x5565d9f0f621 ProfileManagerBrowserTest_PRE_AddMultipleProfiles_Test::RunTestOnMainThread()
#1 0x5565dff88ebc content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#2 0x5565d971fe93 chrome_service_worker_browser_test::ChromeServiceWorkerLinkFetchTest::ManifestCallbackAndRun()
#3 0x5565df7aa9ce ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#4 0x5565df7a9d24 ChromeBrowserMainParts::PreMainMessageLoopRun()
#5 0x5565dcc1fbdf content::BrowserMainLoop::PreMainMessageLoopRun()
#6 0x5565dd1c09c6 content::StartupTaskRunner::RunAllTasksNow()
#7 0x5565dcc1f845 content::BrowserMainLoop::CreateStartupTasks()
#8 0x5565dcc220fb content::BrowserMainRunnerImpl::Initialize()
#9 0x5565dcc1ddc7 content::BrowserMain()
#10 0x5565ddb4ce78 content::ContentMainRunnerImpl::RunBrowser()
#11 0x5565ddb4c8c0 content::ContentMainRunnerImpl::Run()
#12 0x5565ddb4a71c content::RunContentProcess()
#13 0x5565ddb4a7ed content::ContentMain()
#14 0x5565dff881a8 content::BrowserTestBase::SetUp()
#15 0x5565df5a494e InProcessBrowserTest::SetUp()
It's the same debug information.

Bug: 1221324
Change-Id: I96a0768508cf9bd073a5522e792a4120606bddb8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2965870
Reviewed-by: Erik Staab <estaab@chromium.org>
Reviewed-by: Yuke Liao <liaoyuke@chromium.org>
Commit-Queue: Sven Zheng <svenzheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#893997}
blueboxd pushed a commit that referenced this issue Jun 22, 2021
…API support."

This reverts commit 97e3106.

Reason for revert: Crashing on DUT.

Here's the stack trace:

#0 0x5b1fdc2d8989 base::debug::CollectStackTrace()
#1 0x5b1fdc1e9d53 base::debug::StackTrace::StackTrace()
#2 0x5b1fdc2d84e1 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7a7b96fd29f0 (/lib64/libpthread-2.32.so+0x129ef)
#4 0x5b1fdef55c2b _sys_cr_finisheddevice::UsbDeviceLinux::Open()
#5 0x5b1fdef50b0f device::UsbServiceLinux::OnDeviceAdded()
#6 0x5b1fdef52570 base::internal::FunctorTraits<>::Invoke<>()
#7 0x5b1fdc263e50 base::TaskAnnotator::RunTask()
#8 0x5b1fdc289291 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#9 0x5b1fdc28ace2 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#10 0x5b1fdc36060b base::MessagePumpLibevent::Run()
#11 0x5b1fdc28b226 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#12 0x5b1fdc2427b0 base::RunLoop::Run()
#13 0x5b1fd94e4ce6 content::BrowserMainLoop::RunMainMessageLoop()
#14 0x5b1fd94e6b92 content::BrowserMainRunnerImpl::Run()
#15 0x5b1fd94e1df8 content::BrowserMain()
#16 0x5b1fdc1b6810 content::ContentMainRunnerImpl::RunBrowser()
#17 0x5b1fdc1b6173 content::ContentMainRunnerImpl::Run()
#18 0x5b1fdc1b3d94 content::RunContentProcess()
#19 0x5b1fdc1b3e6c content::ContentMain()
#20 0x5b1fd7dafa1f ChromeMain
#21 0x7a7b96861e05 __libc_start_main
#22 0x5b1fd7daf8aa _start
  r8: 00007fffb9571db0  r9: 00007fffb9571dd8 r10: 0000000000000058 r11: 0000000000000293
 r12: 00001de68aaf7460 r13: 00007fffb9571dd8 r14: 00007fffb9571db0 r15: 00007fffb9571d88
  di: 0000000000000000  si: 00005b1fddf84260  bp: 00007fffb9571f50  bx: 00001de689a4ad20
  dx: 00005b1fddf84210  ax: 00001de689f0cb00  cx: 00001de689f0cfc0  sp: 00007fffb9571d60
  ip: 00005b1fdef55c2b efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000


Original change's description:
> [Lacros] Enable WebUSB, WebSerial, chrome.usb, chrome.serial API support.
>
> This CL enables USB and Serial related API on Lacros, by applying the
> broad stroke of switching Lacros to use code that was previously
> Ash-only. More work might be needed later to iron out details.
>
> Bug: 1195247, 1195248
> Change-Id: I04579cf60ca263907407abdc12cf7a9d5f9d10c6
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2939830
> Commit-Queue: Samuel Huang <huangs@chromium.org>
> Reviewed-by: Theodore Olsauskas-Warren <sauski@google.com>
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Reviewed-by: Reilly Grant <reillyg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#893539}

Bug: 1195247, 1195248
Change-Id: I57c7a0dabb64c1ac25a4569fea5559778fe3e547
Owners-Override: Theodore Olsauskas-Warren <sauski@google.com>
Owners-Override: Tom Sepez <tsepez@chromium.org>
Owners-Override: Reilly Grant <reillyg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2972361
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Theodore Olsauskas-Warren <sauski@google.com>
Commit-Queue: Joshua Pawlicki <waffles@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Joshua Pawlicki <waffles@chromium.org>
Auto-Submit: Hidehiko Abe <hidehiko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#894279}
blueboxd pushed a commit that referenced this issue Jul 27, 2021
This reverts commit 0d437e0.

Reason for revert: Breaks Lacros.
[343589:343589:0726/205512.291579:FATAL:sandbox_seccomp_bpf_linux.cc(239)] Check failed: BPFBasePolicy::GetFSDeniedErrno() == (*__errno_location ()) (1 vs. 13)
#0 0x7fa2e2e3a8af base::debug::CollectStackTrace()
#1 0x7fa2e2baee0a base::debug::StackTrace::StackTrace()
#2 0x7fa2e2baedc5 base::debug::StackTrace::StackTrace()
#3 0x7fa2e2bfe239 logging::LogMessage::~LogMessage()
#4 0x7fa2e2bfe959 logging::LogMessage::~LogMessage()
#5 0x7fa2e2b6e5eb logging::CheckError::~CheckError()
#6 0x7fa2cc927b2f sandbox::policy::SandboxSeccompBPF::RunSandboxSanityChecks()
#7 0x7fa2cc91fc71 sandbox::policy::SandboxLinux::StartSeccompBPF()
#8 0x7fa2cc9206fd sandbox::policy::SandboxLinux::InitializeSandbox()
#9 0x7fa2d83e65a3 content::(anonymous namespace)::StartSandboxLinux()
#10 0x7fa2d83e62b9 content::(anonymous namespace)::ContentSandboxHelper::EnsureSandboxInitialized()
#11 0x7fa2a32de13e gpu::GpuInit::InitializeAndStartSandbox()
#12 0x7fa2d83e5ca0 content::GpuMain()
#13 0x7fa2dbd8a5ad content::RunZygote()
#14 0x7fa2dbd8aa3a content::RunOtherNamedProcessTypeMain()
#15 0x7fa2dbd8b7b4 content::ContentMainRunnerImpl::Run()
#16 0x7fa2dbd889ae content::RunContentProcess()
#17 0x7fa2dbd892fd content::ContentMain()
#18 0x5588c3250966 ChromeMain
#19 0x5588c3250812 main
#20 0x7fa2a56aed0a __libc_start_main
#21 0x5588c325072a _start
To repro the failure, follow go/lacros-build and build
linux Lacros. Lacros can't be launched with the failure above.

Original change's description:
> Use EACCES over EPERM for broker process denied errno
>
> When dlopen is called without an absolute path, it looks in a number
> of search paths for the requested library (e.g. /lib64/libfoo.so,
> /usr/lib/libfoo.so). Often, these files don't exist and the
> corresponding openat syscall should return ENOENT, but because of
> the GPU sandbox, the syscall returns EPERM instead [1]. glibc's
> implementation of dlopen, however, early-exits when it sees an
> unexpected errno [2] and terminates without attempting the remaining
> search paths. Thus, even if the library *is* allowlisted in a later
> path, dlopen will still exit with a failure.
>
> This CL fixes this issue by changing the denied errno to EACCES for
> the broker process.
>
> Bug: 1233028
> Change-Id: I192098eb072f2ee6fb18aa7da3d1998f8328149f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3054490
> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Brian Ho <hob@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#905330}

Bug: 1233028
Change-Id: I111ff2bf802615e1299aee7feb88471d49a238e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3055402
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Victor Vianna <victorvianna@google.com>
Owners-Override: Victor Vianna <victorvianna@google.com>
Cr-Commit-Position: refs/heads/master@{#905685}
blueboxd pushed a commit that referenced this issue Aug 11, 2021
Update UserSessionInitializer::PreStartSession() to take bool
is_primary_session and only call
NetworkCertLoader::MarkUserNSSDBWillBeInitialized() when true.

Fixes crash:
2021-08-08T22:59:06.505936Z FATAL chrome[21728:21728]: [network_cert_loader.cc(148)] Check failed: state_ == State::kNotInitialized || state_ == State::kMarkedWillBeInitialized.
#0 0x57e49567eb89 base::debug::CollectStackTrace()
#1 0x57e4955c5c93 base::debug::StackTrace::StackTrace()
#2 0x57e48fd06890 logging::LogMessage::~LogMessage()
#3 0x57e4955d904e logging::LogMessage::~LogMessage()
#4 0x57e497827697 chromeos::NetworkCertLoader::CertCache::MarkWillBeInitialized()
#5 0x57e4978277d2 chromeos::NetworkCertLoader::MarkUserNSSDBWillBeInitialized()
#6 0x57e4937607ac ash::UserSessionManager::StartSession()
#7 0x57e493712814 chromeos::ExistingUserController::OnAuthSuccess()
#8 0x57e498a7a9e5 chromeos::LoginPerformer::OnAuthSuccess()
#9 0x57e498a72c39 chromeos::CryptohomeAuthenticator::OnAuthSuccess()
#10 0x57e490df73f4 base::TaskAnnotator::RunTask()
#11 0x57e48fe5bc9d base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#12 0x57e4956477c2 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#13 0x57e4909e2445 base::MessagePumpLibevent::Run()
#14 0x57e495647a83 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#15 0x57e49560bb56 base::RunLoop::Run()
#16 0x57e4924d69f1 content::BrowserMainLoop::RunMainMessageLoop()
#17 0x57e4924d8840 content::BrowserMainRunnerImpl::Run()
#18 0x57e4924d3ce8 content::BrowserMain()
#19 0x57e495082b38 content::RunBrowserProcessMain()
#20 0x57e495083e3b content::ContentMainRunnerImpl::RunBrowser()
#21 0x57e4950838c6 content::ContentMainRunnerImpl::Run()
#22 0x57e49508123e content::RunContentProcess()
#23 0x57e495081c40 content::ContentMain()
#24 0x57e4910cf23e ChromeMain
#25 0x789c45710e05 __libc_start_main
#26 0x57e4910cf0da _start
Task trace:
#0 0x57e498a73fcc chromeos::CryptohomeAuthenticator::Resolve()
#1 0x57e496c95be1 dbus::ObjectProxy::OnPendingCallIsComplete()
#2 0x57e496c91b91 dbus::Bus::OnDispatchStatusChanged()
#3 0x57e49567fa66 base::FileDescriptorWatcher::Controller::Watcher::OnFileCanReadWithoutBlocking()


Change-Id: I4b250f807ca8f3fff35cb380b3a47ce98b7ade09
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3080039
Auto-Submit: Joel Hockey <joelhockey@chromium.org>
Reviewed-by: Alexander Alekseev <alemate@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Commit-Queue: Joel Hockey <joelhockey@chromium.org>
Cr-Commit-Position: refs/heads/master@{#910647}
blueboxd pushed a commit that referenced this issue Sep 16, 2021
This reverts commit 4f0f07d.

Reason for revert: This is causing failures on the asan/lsan bot.
https://bugs.chromium.org/p/chromium/issues/detail?id=1250054
==7374==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55b1cff1c2ce in find_if<std::__1::__wrap_iter<base::internal::UncheckedObserverAdapter *>, (lambda at ../../base/ranges/algorithm.h:31:10)> ./../../buildtools/third_party/libc++/trunk/include/algorithm:942:5
    #1 0x55b1cff1c2ce in find_if<std::__1::__wrap_iter<base::internal::UncheckedObserverAdapter *>, (lambda at ../../base/observer_list.h:284:21), base::identity, std::__1::random_access_iterator_tag> ./../../base/ranges/algorithm.h:465:10
    #2 0x55b1cff1c2ce in find_if<std::__1::vector<base::internal::UncheckedObserverAdapter, std::__1::allocator<base::internal::UncheckedObserverAdapter> > &, (lambda at ../../base/observer_list.h:284:21), base::identity, std::__1::random_access_iterator_tag> ./../../base/ranges/algorithm.h:483:10
    #3 0x55b1cff1c2ce in base::ObserverList<aura::EnvObserver, false, true, base::internal::UncheckedObserverAdapter>::RemoveObserver(aura::EnvObserver const*) ./../../base/observer_list.h:283:21
    #4 0x55b1b16a5284 in Reset ./../../base/scoped_observation.h:69:7
    #5 0x55b1b16a5284 in base::ScopedObservation<aura::Env, aura::EnvObserver, &(aura::Env::AddObserver(aura::EnvObserver*)), &(aura::Env::RemoveObserver(aura::EnvObserver*))>::~ScopedObservation() ./../../base/scoped_observation.h:53:26
    #6 0x55b1c95200e4 in ash::ArcOverlayManager::~ArcOverlayManager() ./../../ash/public/cpp/external_arc/overlay/arc_overlay_manager.cc:52:1
    #7 0x55b1c9520174 in ash::ArcOverlayManager::~ArcOverlayManager() arc_overlay_manager.cc:0:0
    #8 0x55b1b0a0deea in operator() ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:54:5
    #9 0x55b1b0a0deea in reset ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:315:7
    #10 0x55b1b0a0deea in ~unique_ptr ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:269:19
    #11 0x55b1b0a0deea in payments::(anonymous namespace)::AndroidPaymentAppFactoryTest::~AndroidPaymentAppFactoryTest() ./../../chrome/browser/payments/android_payment_app_factory_browsertest.cc:29:52
    #12 0x55b1b0a10f5c in payments::(anonymous 

Original change's description:
> [Web Payment] App store billing never shows browser UI.
>
> Before this patch, immediately resolving the promise passed into
> PaymentRequest.show() (the so-called "show() promise"), e.g., by calling
> PaymentRequest.show(Promise.resolve({})), would have the possibility of
> both showing the browser payment sheet and invoking the payment app,
> because the code did not expect that the promise would be resolved
> faster than enumerating the locally installed payment apps.
>
> This patch prevents invoking a payment app or showing the browser
> payment sheet when the show() promise resolves before the locally
> installed payment apps have been enumerated.
>
> After this patch, immediately resolving the show() promise will not
> result in both showing the browser payment sheet and invoking the
> payment app at the same time.
>
> Bug: 1237921
> Change-Id: I132700146d6f9334a5c56d136f80fcdc62873313
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3160759
> Reviewed-by: Jeevan Shikaram <jshikaram@chromium.org>
> Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#921617}

Bug: 1237921
Change-Id: I8a1e6c7c6080b175d180d4c37d2fbc3d7eb77af0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3163453
Auto-Submit: Scott Violet <sky@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#921917}
blueboxd pushed a commit that referenced this issue Sep 25, 2021
This reverts commit 77e9679.

Reason for revert:
Likely cause of failure
Step "browser_tests on Ubuntu-18.04" failing on builder "linux-chromeos-chrome"

The failure is a crash in browser_tests.

This failure is fairly but not perfectly consistent.  In three of the last four runs on this bot, browser_tests failed with something in the NativeInputMethodEngineTest.EmojiSuggestion* suite.  It's not always the same test that fails each time.  Nevertheless, this is pretty indicative that nowadays something is wrong in this suite.  This is the obvious candidate, submitted right when the test became mostly-failing.

Here is the first failure as an example:
Retrying 1 test (retry #0)
[ RUN      ] NativeInputMethodEngineTest.EmojiSuggestionDisabledReasonkUrlOrAppNotAllowed
2021-09-24T11:30:01.258384Z WARNING browser_tests[27592:27592]: [audio_manager_linux.cc(60)] Falling back to ALSA for audio output. PulseAudio is not available or could not be initialized.
[434.616] default_socket.cc:58    /run/perfetto/ exists but cannot be accessed. Falling back on /tmp/  (errno: 13, Permission denied)
2021-09-24T11:30:01.293097Z WARNING browser_tests[27592:27609]: [wallpaper_decoder.cc(29)] Failed reading file
2021-09-24T11:30:01.304548Z ERROR browser_tests[27592:27592]: [print_job_reporting_service_factory.cc(47)] DMToken must be valid
2021-09-24T11:30:01.309314Z ERROR browser_tests[27592:27592]: [proximity_auth_profile_pref_manager.cc(194)] Failed to find local state prefs for current user.
2021-09-24T11:30:01.332070Z WARNING browser_tests[27592:27592]: [remote_commands_service.cc(188)] Client is not registered.
2021-09-24T11:30:01.358975Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.359074Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Cache: 0MB
2021-09-24T11:30:01.359110Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.README: 0MB
2021-09-24T11:30:01.359138Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.359147Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.WebData: 0MB
2021-09-24T11:30:01.359429Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.CodeCache: 0MB
2021-09-24T11:30:01.359547Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SiteCharacteristicsDatabase: 0MB
2021-09-24T11:30:01.359581Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Favicons: 0MB
2021-09-24T11:30:01.359621Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginDataForAccount: 0MB
2021-09-24T11:30:01.360073Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.GCache: 0MB
2021-09-24T11:30:01.360118Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.History: 0MB
2021-09-24T11:30:01.360147Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.360161Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.360173Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.360234Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.360415Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SyncData: 0MB
2021-09-24T11:30:01.361882Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOCK: 0MB
2021-09-24T11:30:01.361936Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginData: 0MB
2021-09-24T11:30:01.361964Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOG: 0MB
2021-09-24T11:30:01.362091Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T11:30:01.412518Z ERROR browser_tests[27592:27592]: [plugin_vm_manager_impl.cc(150)] New session has dispatcher unexpected already running. Perhaps Chrome crashed?
2021-09-24T11:30:01.433615Z INFO browser_tests[27592:27592]: [key_permissions_manager_impl.cc(509)] One-time key permissions migration started for token: 0.
2021-09-24T11:30:01.451071Z WARNING browser_tests[27592:27592]: [drivefs_session.cc(65)] DriveFs mount failed with error: 3
2021-09-24T11:30:01.458878Z WARNING browser_tests[27592:27592]: [login_unlock_throughput_recorder.cc(58)] Zero frames expected in login animation throughput data
2021-09-24T11:30:01.464809Z INFO browser_tests[27592:27592]: [android_sms_pairing_state_tracker_impl.cc(71)] No Pairing cookie found
2021-09-24T11:30:01.470495Z INFO browser_tests[27592:27592]: [ui_test_utils.cc(224)] NavigateToURL: chrome://newtab/
2021-09-24T11:30:01.473373Z WARNING browser_tests[27592:27639]: [google_brand_chromeos.cc(40)] Brand code file missing: /opt/oem/etc/BRAND_CODE
2021-09-24T11:30:01.535229Z ERROR browser_tests[27592:27639]: [als_reader.cc(52)] Missing num of als
2021-09-24T11:30:01.535643Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(230)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
2021-09-24T11:30:01.535680Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(233)] crbug.com/1216328: Checking Bluetooth availability ended.
2021-09-24T11:30:01.535688Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
2021-09-24T11:30:01.535695Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(240)] crbug.com/1216328: Checking default browser status ended.
2021-09-24T11:30:01.555145Z INFO browser_tests[27592:27592]: [key_permissions_manager_impl.cc(534)] One-time key permissions migration succeeded for token: 0.
BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x556151f72449 base::debug::CollectStackTrace()
#1 0x556151ed9d73 base::debug::StackTrace::StackTrace()
#2 0x5561525e4683 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7f7dd56e2040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
#4 0x5561556c8304 ChromeOmniboxNavigationObserver::DidFinishNavigation()
#5 0x5561503c8362 content::WebContentsImpl::WebContentsObserverList::NotifyObservers<>()
#6 0x5561503d05f0 content::WebContentsImpl::DidFinishNavigation()
#7 0x5561502a5093 content::NavigationRequest::~NavigationRequest()
#8 0x5561502a59dc content::NavigationRequest::~NavigationRequest()
#9 0x5561502b8919 content::Navigator::DidNavigate()
#10 0x5561502caeed content::RenderFrameHostImpl::DidCommitNavigationInternal()
#11 0x5561502ca24a content::RenderFrameHostImpl::DidCommitNavigation()
#12 0x5561502e9d60 base::internal::FunctorTraits<>::Invoke<>()
#13 0x5561502e9d0f base::internal::Invoker<>::RunOnce()
#14 0x55614fd53470 content::mojom::NavigationClient_CommitFailedNavigation_ForwardToCallback::Accept()
#15 0x55615301c6e0 mojo::InterfaceEndpointClient::HandleValidatedMessage()
#16 0x5561530201e0 mojo::MessageDispatcher::Accept()
#17 0x55615301d435 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#18 0x5561531dc3e2 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnEndpointThread()
#19 0x55615301e323 base::internal::Invoker<>::RunOnce()
#20 0x556151f35f23 base::TaskAnnotator::RunTask()
#21 0x556151f467b3 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
#22 0x556151f46569 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#23 0x556151f46b32 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#24 0x556151fa9c4b base::MessagePumpLibevent::Run()
#25 0x556151f46d6d base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#26 0x556151f18c1b base::RunLoop::Run()
#27 0x556151ec159d InProcessBrowserTest::RunUntilBrowserProcessQuits()
#28 0x556151ec207f InProcessBrowserTest::QuitBrowsers()
#29 0x556151ec1fce InProcessBrowserTest::PostRunTestOnMainThread()
#30 0x5561525e3d34 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#31 0x556152012479 ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#32 0x55615201197e ChromeBrowserMainParts::PreMainMessageLoopRun()
#33 0x55614efa9b98 chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun()
#34 0x5561500381cd content::BrowserMainLoop::PreMainMessageLoopRun()
#35 0x5561503a1a9c content::StartupTaskRunner::RunAllTasksNow()
chromium#36 0x556150037e4a content::BrowserMainLoop::CreateStartupTasks()
#37 0x55615003a147 content::BrowserMainRunnerImpl::Initialize()
#38 0x556150036912 content::BrowserMain()
chromium#39 0x556150bf6aed content::RunBrowserProcessMain()
#40 0x556150bf79bd content::ContentMainRunnerImpl::RunBrowser()
#41 0x556150bf752e content::ContentMainRunnerImpl::Run()
chromium#42 0x556150bf5b38 content::RunContentProcess()
#43 0x556150bf5c08 content::ContentMain()
#44 0x5561525e3543 content::BrowserTestBase::SetUp()
#45 0x556151ec12c1 InProcessBrowserTest::SetUp()
#46 0x55614e1c8786 ash::input_method::(anonymous namespace)::NativeInputMethodEngineTest::SetUp()
#47 0x55614f308e8f testing::Test::Run()
#48 0x55614f3097c5 testing::TestInfo::Run()
#49 0x55614f309f21 testing::TestSuite::Run()
#50 0x55614f313798 testing::internal::UnitTestImpl::RunAllTests()
#51 0x55614f31338b testing::UnitTest::Run()
#52 0x556151fd7ff2 base::TestSuite::Run()
#53 0x556151e96409 BrowserTestSuiteRunnerChromeOS::RunTestSuite()
#54 0x556152613c1f content::LaunchTests()
#55 0x556151e98224 LaunchChromeTests()
#56 0x556151e9638b main
#57 0x7f7dd56c4bf7 __libc_start_main
#58 0x55614cca11ea _start
from
https://ci.chromium.org/p/chrome/builders/ci/linux-chromeos-chrome/17628

Here is the fourth:  (different test in the same suite, different stack trace):
[ RUN      ] NativeInputMethodEngineTest.EmojiSuggestionDisabledReasonkUserSettingsOff
2021-09-24T16:19:05.593039Z WARNING browser_tests[31407:31407]: [audio_manager_linux.cc(60)] Falling back to ALSA for audio output. PulseAudio is not available or could not be initialized.
[959.207] default_socket.cc:58    /run/perfetto/ exists but cannot be accessed. Falling back on /tmp/  (errno: 13, Permission denied)
2021-09-24T16:19:05.646514Z WARNING browser_tests[31407:31423]: [wallpaper_decoder.cc(29)] Failed reading file
2021-09-24T16:19:05.673272Z ERROR browser_tests[31407:31407]: [print_job_reporting_service_factory.cc(47)] DMToken must be valid
2021-09-24T16:19:05.678360Z ERROR browser_tests[31407:31407]: [proximity_auth_profile_pref_manager.cc(194)] Failed to find local state prefs for current user.
2021-09-24T16:19:05.728926Z WARNING browser_tests[31407:31407]: [remote_commands_service.cc(188)] Client is not registered.
2021-09-24T16:19:05.763864Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.763999Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Cache: 0MB
2021-09-24T16:19:05.764049Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.README: 0MB
2021-09-24T16:19:05.764094Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.764120Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.WebData: 0MB
2021-09-24T16:19:05.764270Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.CodeCache: 0MB
2021-09-24T16:19:05.764446Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SiteCharacteristicsDatabase: 0MB
2021-09-24T16:19:05.765718Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Favicons: 0MB
2021-09-24T16:19:05.765751Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginDataForAccount: 0MB
2021-09-24T16:19:05.766067Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.GCache: 0MB
2021-09-24T16:19:05.766094Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.History: 0MB
2021-09-24T16:19:05.766115Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.766123Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.766131Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.766199Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.766336Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LocalStorage: 0MB
2021-09-24T16:19:05.766472Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SyncData: 0MB
2021-09-24T16:19:05.766498Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOCK: 0MB
2021-09-24T16:19:05.766524Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginData: 0MB
2021-09-24T16:19:05.766552Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOG: 0MB
2021-09-24T16:19:05.766909Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
2021-09-24T16:19:05.880798Z ERROR browser_tests[31407:31407]: [plugin_vm_manager_impl.cc(150)] New session has dispatcher unexpected already running. Perhaps Chrome crashed?
2021-09-24T16:19:05.921761Z INFO browser_tests[31407:31407]: [key_permissions_manager_impl.cc(509)] One-time key permissions migration started for token: 0.
2021-09-24T16:19:05.932877Z WARNING browser_tests[31407:31407]: [drivefs_session.cc(65)] DriveFs mount failed with error: 3
2021-09-24T16:19:05.951965Z WARNING browser_tests[31407:31407]: [login_unlock_throughput_recorder.cc(58)] Zero frames expected in login animation throughput data
2021-09-24T16:19:05.973007Z INFO browser_tests[31407:31407]: [android_sms_pairing_state_tracker_impl.cc(71)] No Pairing cookie found
2021-09-24T16:19:05.977396Z WARNING browser_tests[31407:31428]: [google_brand_chromeos.cc(40)] Brand code file missing: /opt/oem/etc/BRAND_CODE
2021-09-24T16:19:05.981581Z INFO browser_tests[31407:31407]: [ui_test_utils.cc(224)] NavigateToURL: chrome://newtab/
2021-09-24T16:19:06.072941Z ERROR browser_tests[31407:31457]: [als_reader.cc(52)] Missing num of als
2021-09-24T16:19:06.073283Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(230)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
2021-09-24T16:19:06.073310Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(233)] crbug.com/1216328: Checking Bluetooth availability ended.
2021-09-24T16:19:06.073337Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
2021-09-24T16:19:06.073358Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(240)] crbug.com/1216328: Checking default browser status ended.
2021-09-24T16:19:06.085536Z INFO browser_tests[31407:31407]: [key_permissions_manager_impl.cc(534)] One-time key permissions migration succeeded for token: 0.
BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x564f24b8af29 base::debug::CollectStackTrace()
#1 0x564f24af2843 base::debug::StackTrace::StackTrace()
#2 0x564f251fd373 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7f03d338d040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
#4 0x564f282e0d94 ChromeOmniboxNavigationObserver::DidFinishNavigation()
#5 0x564f22fe1042 content::WebContentsImpl::WebContentsObserverList::NotifyObservers<>()
#6 0x564f22fe92d0 content::WebContentsImpl::DidFinishNavigation()
#7 0x564f22ebdd73 content::NavigationRequest::~NavigationRequest()
#8 0x564f22ebe6bc content::NavigationRequest::~NavigationRequest()
#9 0x564f22ed15f9 content::Navigator::DidNavigate()
#10 0x564f22ee3bcd content::RenderFrameHostImpl::DidCommitNavigationInternal()
#11 0x564f22ee2f2a content::RenderFrameHostImpl::DidCommitNavigation()
#12 0x564f22f02a40 base::internal::FunctorTraits<>::Invoke<>()
#13 0x564f22f029ef base::internal::Invoker<>::RunOnce()
#14 0x564f2296c430 content::mojom::NavigationClient_CommitFailedNavigation_ForwardToCallback::Accept()
#15 0x564f25c35100 mojo::InterfaceEndpointClient::HandleValidatedMessage()
#16 0x564f25c38c00 mojo::MessageDispatcher::Accept()
#17 0x564f25c35e55 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#18 0x564f25df4e02 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnEndpointThread()
#19 0x564f25c36d43 base::internal::Invoker<>::RunOnce()
#20 0x564f24b4ea03 base::TaskAnnotator::RunTask()
#21 0x564f24b5f293 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
#22 0x564f24b5f049 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#23 0x564f24b5f612 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#24 0x564f24bc28cb base::MessagePumpLibevent::Run()
#25 0x564f24b5f84d base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#26 0x564f24b316fb base::RunLoop::Run()
#27 0x564f22f433f3 content::BrowserTaskExecutor::RunAllPendingTasksOnThreadForTesting()
#28 0x564f2522df45 content::RunAllPendingInMessageLoop()
#29 0x564f24adaa96 InProcessBrowserTest::PostRunTestOnMainThread()
#30 0x564f251fca24 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#31 0x564f24c2b0f9 ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#32 0x564f24c2a5fe ChromeBrowserMainParts::PreMainMessageLoopRun()
#33 0x564f21bc1f38 chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun()
#34 0x564f22c510ed content::BrowserMainLoop::PreMainMessageLoopRun()
#35 0x564f22fba77c content::StartupTaskRunner::RunAllTasksNow()
chromium#36 0x564f22c50d6a content::BrowserMainLoop::CreateStartupTasks()
#37 0x564f22c53067 content::BrowserMainRunnerImpl::Initialize()
#38 0x564f22c4f832 content::BrowserMain()
chromium#39 0x564f2380f5bd content::RunBrowserProcessMain()
#40 0x564f2381048d content::ContentMainRunnerImpl::RunBrowser()
#41 0x564f2380fffe content::ContentMainRunnerImpl::Run()
chromium#42 0x564f2380e608 content::RunContentProcess()
#43 0x564f2380e6d8 content::ContentMain()
#44 0x564f251fc233 content::BrowserTestBase::SetUp()
#45 0x564f24ad9d91 InProcessBrowserTest::SetUp()
#46 0x564f20de0a86 ash::input_method::(anonymous namespace)::NativeInputMethodEngineTest::SetUp()
#47 0x564f21f21e4f testing::Test::Run()
#48 0x564f21f22785 testing::TestInfo::Run()
#49 0x564f21f22ee1 testing::TestSuite::Run()
#50 0x564f21f2c758 testing::internal::UnitTestImpl::RunAllTests()
#51 0x564f21f2c34b testing::UnitTest::Run()
#52 0x564f24bf0c72 base::TestSuite::Run()
#53 0x564f24aaeed9 BrowserTestSuiteRunnerChromeOS::RunTestSuite()
#54 0x564f2522c62f content::LaunchTests()
#55 0x564f24ab0cf4 LaunchChromeTests()
#56 0x564f24aaee5b main
#57 0x7f03d336fbf7 __libc_start_main
#58 0x564f1f8b94ea _start
from
https://ci.chromium.org/p/chrome/builders/ci/linux-chromeos-chrome/17631

Original change's description:
> Privatise unnecessarily public current_input_method in
> InputMethodManagerImpl::StateImpl.
>
> This involves replacing some direct pokes of current_input_method
> with public GetCurrentInputMethod() that employs a fallback onto
> InputMethodUtil::GetFallbackInputMethodDescriptor() when ID is
> blank. This should be more reasonable and consistent.
>
> Bug: 1134465
> Change-Id: I2c423a58547cc7249efdf8056624623998765aba
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3177760
> Commit-Queue: Bao-Duy Tran <tranbaoduy@chromium.org>
> Reviewed-by: Keith Lee <keithlee@chromium.org>
> Reviewed-by: Curtis McMullan <curtismcmullan@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#924702}

Bug: 1134465
Change-Id: I6144a0ebd7472f31d4b937d9e99b6a6c8bc0eee1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3182806
Auto-Submit: Mark Pearson <mpearson@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Mark Pearson <mpearson@chromium.org>
Owners-Override: Mark Pearson <mpearson@chromium.org>
Cr-Commit-Position: refs/heads/main@{#924810}
blueboxd pushed a commit that referenced this issue Sep 27, 2021
… CrosState"

This reverts commit 3895114.

Reason for revert: likely cause of failures
Step "chromeos_components_unittests on Ubuntu-18.04" failing on builder "Linux Chromium OS ASan LSan Tests (1)"

The first run with the relevant failures:
https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20(1)/40730/overview

The following tests consistently fail starting after this first run:
CrosStateSenderTest.NotificationFeatureStateChanged
CrosStateSenderTest.PerformUpdateCrosStateRetrySequence

The first fails with this stack trace:
---
[ RUN      ] CrosStateSenderTest.NotificationFeatureStateChanged
=================================================================
==4136==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700004b31c at pc 0x5559c16fed11 bp 0x7fffb87b9250 sp 0x7fffb87b9248
READ of size 4 at 0x60700004b31c thread T0
    #0 0x5559c16fed10 in chromeos::multidevice_setup::MultiDeviceSetupClient::GetFeatureState(chromeos::multidevice_setup::mojom::Feature) const ./../../chromeos/services/multidevice_setup/public/cpp/multidevice_setup_client.cc:51:44
    #1 0x5559ce6da0ed in chromeos::phonehub::CrosStateSender::PerformUpdateCrosState() ./../../chromeos/components/phonehub/cros_state_sender.cc:93:34
    #2 0x5559ce6d9e1d in chromeos::phonehub::CrosStateSender::AttemptUpdateCrosState() ./../../chromeos/components/phonehub/cros_state_sender.cc:85:3
    #3 0x5559c17102b7 in chromeos::secure_channel::ConnectionManager::NotifyStatusChanged() ./../../chromeos/services/secure_channel/public/cpp/client/connection_manager.cc:23:14
    #4 0x5559ba7314dc in chromeos::phonehub::CrosStateSenderTest_NotificationFeatureStateChanged_Test::TestBody() ./../../chromeos/components/phonehub/cros_state_sender_unittest.cc:146:29
    #5 0x5559baf612a1 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #6 0x5559baf612a1 in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2706:5
    #7 0x5559baf62ca4 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2885:11
    #8 0x5559baf647b3 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3044:30
    #9 0x5559baf87628 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5903:44
    #10 0x5559baf86d49 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #11 0x5559baf86d49 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5470:10
    #12 0x5559c6e8422f in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2492:46
    #13 0x5559c6e8422f in base::TestSuite::Run() ./../../base/test/test_suite.cc:465:16
    #14 0x5559bd07db0e in base::OnceCallback<int ()>::Run() && ./../../base/callback.h:99:12
    #15 0x5559c6e8a853 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:177:38
    #16 0x5559c6e8a4d5 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:247:10
    #17 0x5559ba482d45 in main ./../../chromeos/components/run_all_unittests.cc:22:10
    #18 0x7f002b751bf6 in __libc_start_main ??:0:0

0x60700004b31c is located 4 bytes to the right of 72-byte region [0x60700004b2d0,0x60700004b318)
allocated by thread T0 here:
    #0 0x5559ba47faed in operator new(unsigned long) /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
    #1 0x5559c14ad498 in __libcpp_operator_new<unsigned long> ./../../buildtools/third_party/libc++/trunk/include/new:235:10
    #2 0x5559c14ad498 in __libcpp_allocate ./../../buildtools/third_party/libc++/trunk/include/new:261:10
    #3 0x5559c14ad498 in allocate ./../../buildtools/third_party/libc++/trunk/include/__memory/allocator.h:82:38
    #4 0x5559c14ad498 in allocate ./../../buildtools/third_party/libc++/trunk/include/__memory/allocator_traits.h:261:20
    #5 0x5559c14ad498 in std::__1::vector<std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState>, std::__1::allocator<std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> > >::__vallocate(unsigned long) ./../../buildtools/third_party/libc++/trunk/include/vector:994:37
    #6 0x5559c16fdfe3 in vector<const std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> *> ./../../buildtools/third_party/libc++/trunk/include/vector:1224:9
    #7 0x5559c16fdfe3 in flat_tree<const std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> *> ./../../base/containers/flat_tree.h:571:20
    #8 0x5559c16fdfe3 in flat_tree ./../../base/containers/flat_tree.h:595:7
    #9 0x5559c16fdfe3 in flat_tree ./../../base/containers/flat_map.h:211:15
    #10 0x5559c16fdfe3 in chromeos::multidevice_setup::MultiDeviceSetupClient::GenerateDefaultFeatureStatesMap() ./../../chromeos/services/multidevice_setup/public/cpp/multidevice_setup_client.cc:21:10
    #11 0x5559d736b57e in chromeos::multidevice_setup::FakeMultiDeviceSetupClient::FakeMultiDeviceSetupClient() ./../../chromeos/services/multidevice_setup/public/cpp/fake_multidevice_setup_client.cc:13:27
    #12 0x5559ba733ad7 in make_unique<chromeos::multidevice_setup::FakeMultiDeviceSetupClient> ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:725:32
    #13 0x5559ba733ad7 in chromeos::phonehub::CrosStateSenderTest::SetUp() ./../../chromeos/components/phonehub/cros_state_sender_unittest.cc:40:9
    #14 0x5559baf6118e in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #15 0x5559baf6118e in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2701:3
    #16 0x5559baf62ca4 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2885:11
    #17 0x5559baf647b3 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3044:30
    #18 0x5559baf87628 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5903:44
    #19 0x5559baf86d49 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #20 0x5559baf86d49 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5470:10
    #21 0x5559c6e8422f in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2492:46
    #22 0x5559c6e8422f in base::TestSuite::Run() ./../../base/test/test_suite.cc:465:16
    #23 0x5559bd07db0e in base::OnceCallback<int ()>::Run() && ./../../base/callback.h:99:12
    #24 0x5559c6e8a853 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:177:38
    #25 0x5559c6e8a4d5 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:247:10
    #26 0x5559ba482d45 in main ./../../chromeos/components/run_all_unittests.cc:22:10
    #27 0x7f002b751bf6 in __libc_start_main ??:0:0

SUMMARY: AddressSanitizer: heap-buffer-overflow (/b/s/w/ir/out/Release/chromeos_components_unittests+0x15f40d10)
Shadow bytes around the buggy address:
  0x0c0e80001610: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
  0x0c0e80001620: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0e80001630: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd
  0x0c0e80001640: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0e80001650: fd fd fd fd fd fd fa fa fa fa 00 00 00 00 00 00
=>0x0c0e80001660: 00 00 00[fa]fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0e80001670: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
  0x0c0e80001680: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c0e80001690: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0e800016a0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa 00 00
  0x0c0e800016b0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4136==ABORTING
---

The second fails with this one:
---
[ RUN      ] CrosStateSenderTest.PerformUpdateCrosStateRetrySequence
=================================================================
==3811==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700005f9ec at pc 0x5579c6175d11 bp 0x7ffd5e6a0e10 sp 0x7ffd5e6a0e08
READ of size 4 at 0x60700005f9ec thread T0
    #0 0x5579c6175d10 in chromeos::multidevice_setup::MultiDeviceSetupClient::GetFeatureState(chromeos::multidevice_setup::mojom::Feature) const ./../../chromeos/services/multidevice_setup/public/cpp/multidevice_setup_client.cc:51:44
    #1 0x5579d31510ed in chromeos::phonehub::CrosStateSender::PerformUpdateCrosState() ./../../chromeos/components/phonehub/cros_state_sender.cc:93:34
    #2 0x5579d3150e1d in chromeos::phonehub::CrosStateSender::AttemptUpdateCrosState() ./../../chromeos/components/phonehub/cros_state_sender.cc:85:3
    #3 0x5579c61872b7 in chromeos::secure_channel::ConnectionManager::NotifyStatusChanged() ./../../chromeos/services/secure_channel/public/cpp/client/connection_manager.cc:23:14
    #4 0x5579bf1a3085 in chromeos::phonehub::CrosStateSenderTest_PerformUpdateCrosStateRetrySequence_Test::TestBody() ./../../chromeos/components/phonehub/cros_state_sender_unittest.cc:63:29
    #5 0x5579bf9d82a1 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #6 0x5579bf9d82a1 in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2706:5
    #7 0x5579bf9d9ca4 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2885:11
    #8 0x5579bf9db7b3 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3044:30
    #9 0x5579bf9fe628 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5903:44
    #10 0x5579bf9fdd49 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #11 0x5579bf9fdd49 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5470:10
    #12 0x5579cb8fb22f in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2492:46
    #13 0x5579cb8fb22f in base::TestSuite::Run() ./../../base/test/test_suite.cc:465:16
    #14 0x5579c1af4b0e in base::OnceCallback<int ()>::Run() && ./../../base/callback.h:99:12
    #15 0x5579cb901853 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:177:38
    #16 0x5579cb9014d5 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:247:10
    #17 0x5579beef9d45 in main ./../../chromeos/components/run_all_unittests.cc:22:10
    #18 0x7fc58b24bbf6 in __libc_start_main ??:0:0

0x60700005f9ec is located 4 bytes to the right of 72-byte region [0x60700005f9a0,0x60700005f9e8)
allocated by thread T0 here:
    #0 0x5579beef6aed in operator new(unsigned long) /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
    #1 0x5579c5f24498 in __libcpp_operator_new<unsigned long> ./../../buildtools/third_party/libc++/trunk/include/new:235:10
    #2 0x5579c5f24498 in __libcpp_allocate ./../../buildtools/third_party/libc++/trunk/include/new:261:10
    #3 0x5579c5f24498 in allocate ./../../buildtools/third_party/libc++/trunk/include/__memory/allocator.h:82:38
    #4 0x5579c5f24498 in allocate ./../../buildtools/third_party/libc++/trunk/include/__memory/allocator_traits.h:261:20
    #5 0x5579c5f24498 in std::__1::vector<std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState>, std::__1::allocator<std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> > >::__vallocate(unsigned long) ./../../buildtools/third_party/libc++/trunk/include/vector:994:37
    #6 0x5579c6174fe3 in vector<const std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> *> ./../../buildtools/third_party/libc++/trunk/include/vector:1224:9
    #7 0x5579c6174fe3 in flat_tree<const std::__1::pair<chromeos::multidevice_setup::mojom::Feature, chromeos::multidevice_setup::mojom::FeatureState> *> ./../../base/containers/flat_tree.h:571:20
    #8 0x5579c6174fe3 in flat_tree ./../../base/containers/flat_tree.h:595:7
    #9 0x5579c6174fe3 in flat_tree ./../../base/containers/flat_map.h:211:15
    #10 0x5579c6174fe3 in chromeos::multidevice_setup::MultiDeviceSetupClient::GenerateDefaultFeatureStatesMap() ./../../chromeos/services/multidevice_setup/public/cpp/multidevice_setup_client.cc:21:10
    #11 0x5579dbde257e in chromeos::multidevice_setup::FakeMultiDeviceSetupClient::FakeMultiDeviceSetupClient() ./../../chromeos/services/multidevice_setup/public/cpp/fake_multidevice_setup_client.cc:13:27
    #12 0x5579bf1aaad7 in make_unique<chromeos::multidevice_setup::FakeMultiDeviceSetupClient> ./../../buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:725:32
    #13 0x5579bf1aaad7 in chromeos::phonehub::CrosStateSenderTest::SetUp() ./../../chromeos/components/phonehub/cros_state_sender_unittest.cc:40:9
    #14 0x5579bf9d818e in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #15 0x5579bf9d818e in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2701:3
    #16 0x5579bf9d9ca4 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2885:11
    #17 0x5579bf9db7b3 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3044:30
    #18 0x5579bf9fe628 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5903:44
    #19 0x5579bf9fdd49 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0
    #20 0x5579bf9fdd49 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5470:10
    #21 0x5579cb8fb22f in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2492:46
    #22 0x5579cb8fb22f in base::TestSuite::Run() ./../../base/test/test_suite.cc:465:16
    #23 0x5579c1af4b0e in base::OnceCallback<int ()>::Run() && ./../../base/callback.h:99:12
    #24 0x5579cb901853 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::OnceCallback<void ()>) ./../../base/test/launcher/unit_test_launcher.cc:177:38
    #25 0x5579cb9014d5 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) ./../../base/test/launcher/unit_test_launcher.cc:247:10
    #26 0x5579beef9d45 in main ./../../chromeos/components/run_all_unittests.cc:22:10
    #27 0x7fc58b24bbf6 in __libc_start_main ??:0:0

SUMMARY: AddressSanitizer: heap-buffer-overflow (/b/s/w/ir/out/Release/chromeos_components_unittests+0x15f40d10)
Shadow bytes around the buggy address:
  0x0c0e80003ee0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd
  0x0c0e80003ef0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0e80003f00: fd fd fd fd fd fd fa fa fa fa fd fd fd fd fd fd
  0x0c0e80003f10: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0e80003f20: fd fd fa fa fa fa fd fd fd fd fd fd fd fd fd fd
=>0x0c0e80003f30: fa fa fa fa 00 00 00 00 00 00 00 00 00[fa]fa fa
  0x0c0e80003f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80003f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80003f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80003f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80003f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3811==ABORTING
---

Original change's description:
> [CameraRoll]Send camera roll setting to the Android device in CrosState
>
> Include camera roll setting state as part of CrosState,
> so connected mobile device would be able to get update
> when setting value is toggled.
>
> Change-Id: I04d0ed3872d5adeff5e8f8dc76c6eb6df3a50b9c
> Bug: https://crbug.com/1221297
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3173740
> Commit-Queue: Jianbing Wu <jianbing@google.com>
> Auto-Submit: Jianbing Wu <jianbing@google.com>
> Reviewed-by: Jon Mann <jonmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#924995}

Bug: https://crbug.com/1221297
Change-Id: Ic87d96786b4244b27b1e284f801df8799911b1fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3184482
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Mark Pearson <mpearson@chromium.org>
Commit-Queue: Jon Mann <jonmann@chromium.org>
Reviewed-by: Jon Mann <jonmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#925118}
blueboxd pushed a commit that referenced this issue Sep 27, 2021
This reverts commit 37ea471.

Reason for revert: Reverted CL is unrelated to the cited "reason for revert".

Original change's description:
> Revert "Privatise unnecessarily public current_input_method in"
>
> This reverts commit 77e9679.
>
> Reason for revert:
> Likely cause of failure
> Step "browser_tests on Ubuntu-18.04" failing on builder "linux-chromeos-chrome"
>
> The failure is a crash in browser_tests.
>
> This failure is fairly but not perfectly consistent.  In three of the last four runs on this bot, browser_tests failed with something in the NativeInputMethodEngineTest.EmojiSuggestion* suite.  It's not always the same test that fails each time.  Nevertheless, this is pretty indicative that nowadays something is wrong in this suite.  This is the obvious candidate, submitted right when the test became mostly-failing.
>
> Here is the first failure as an example:
> Retrying 1 test (retry #0)
> [ RUN      ] NativeInputMethodEngineTest.EmojiSuggestionDisabledReasonkUrlOrAppNotAllowed
> 2021-09-24T11:30:01.258384Z WARNING browser_tests[27592:27592]: [audio_manager_linux.cc(60)] Falling back to ALSA for audio output. PulseAudio is not available or could not be initialized.
> [434.616] default_socket.cc:58    /run/perfetto/ exists but cannot be accessed. Falling back on /tmp/  (errno: 13, Permission denied)
> 2021-09-24T11:30:01.293097Z WARNING browser_tests[27592:27609]: [wallpaper_decoder.cc(29)] Failed reading file
> 2021-09-24T11:30:01.304548Z ERROR browser_tests[27592:27592]: [print_job_reporting_service_factory.cc(47)] DMToken must be valid
> 2021-09-24T11:30:01.309314Z ERROR browser_tests[27592:27592]: [proximity_auth_profile_pref_manager.cc(194)] Failed to find local state prefs for current user.
> 2021-09-24T11:30:01.332070Z WARNING browser_tests[27592:27592]: [remote_commands_service.cc(188)] Client is not registered.
> 2021-09-24T11:30:01.358975Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.359074Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Cache: 0MB
> 2021-09-24T11:30:01.359110Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.README: 0MB
> 2021-09-24T11:30:01.359138Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.359147Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.WebData: 0MB
> 2021-09-24T11:30:01.359429Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.CodeCache: 0MB
> 2021-09-24T11:30:01.359547Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SiteCharacteristicsDatabase: 0MB
> 2021-09-24T11:30:01.359581Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Favicons: 0MB
> 2021-09-24T11:30:01.359621Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginDataForAccount: 0MB
> 2021-09-24T11:30:01.360073Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.GCache: 0MB
> 2021-09-24T11:30:01.360118Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.History: 0MB
> 2021-09-24T11:30:01.360147Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.360161Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.360173Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.360234Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.360415Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SyncData: 0MB
> 2021-09-24T11:30:01.361882Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOCK: 0MB
> 2021-09-24T11:30:01.361936Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginData: 0MB
> 2021-09-24T11:30:01.361964Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOG: 0MB
> 2021-09-24T11:30:01.362091Z WARNING browser_tests[27592:27639]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T11:30:01.412518Z ERROR browser_tests[27592:27592]: [plugin_vm_manager_impl.cc(150)] New session has dispatcher unexpected already running. Perhaps Chrome crashed?
> 2021-09-24T11:30:01.433615Z INFO browser_tests[27592:27592]: [key_permissions_manager_impl.cc(509)] One-time key permissions migration started for token: 0.
> 2021-09-24T11:30:01.451071Z WARNING browser_tests[27592:27592]: [drivefs_session.cc(65)] DriveFs mount failed with error: 3
> 2021-09-24T11:30:01.458878Z WARNING browser_tests[27592:27592]: [login_unlock_throughput_recorder.cc(58)] Zero frames expected in login animation throughput data
> 2021-09-24T11:30:01.464809Z INFO browser_tests[27592:27592]: [android_sms_pairing_state_tracker_impl.cc(71)] No Pairing cookie found
> 2021-09-24T11:30:01.470495Z INFO browser_tests[27592:27592]: [ui_test_utils.cc(224)] NavigateToURL: chrome://newtab/
> 2021-09-24T11:30:01.473373Z WARNING browser_tests[27592:27639]: [google_brand_chromeos.cc(40)] Brand code file missing: /opt/oem/etc/BRAND_CODE
> 2021-09-24T11:30:01.535229Z ERROR browser_tests[27592:27639]: [als_reader.cc(52)] Missing num of als
> 2021-09-24T11:30:01.535643Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(230)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
> 2021-09-24T11:30:01.535680Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(233)] crbug.com/1216328: Checking Bluetooth availability ended.
> 2021-09-24T11:30:01.535688Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
> 2021-09-24T11:30:01.535695Z ERROR browser_tests[27592:27639]: [chrome_browser_main_extra_parts_metrics.cc(240)] crbug.com/1216328: Checking default browser status ended.
> 2021-09-24T11:30:01.555145Z INFO browser_tests[27592:27592]: [key_permissions_manager_impl.cc(534)] One-time key permissions migration succeeded for token: 0.
> BrowserTestBase received signal: Segmentation fault. Backtrace:
> #0 0x556151f72449 base::debug::CollectStackTrace()
> #1 0x556151ed9d73 base::debug::StackTrace::StackTrace()
> #2 0x5561525e4683 content::(anonymous namespace)::DumpStackTraceSignalHandler()
> #3 0x7f7dd56e2040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
> #4 0x5561556c8304 ChromeOmniboxNavigationObserver::DidFinishNavigation()
> #5 0x5561503c8362 content::WebContentsImpl::WebContentsObserverList::NotifyObservers<>()
> #6 0x5561503d05f0 content::WebContentsImpl::DidFinishNavigation()
> #7 0x5561502a5093 content::NavigationRequest::~NavigationRequest()
> #8 0x5561502a59dc content::NavigationRequest::~NavigationRequest()
> #9 0x5561502b8919 content::Navigator::DidNavigate()
> #10 0x5561502caeed content::RenderFrameHostImpl::DidCommitNavigationInternal()
> #11 0x5561502ca24a content::RenderFrameHostImpl::DidCommitNavigation()
> #12 0x5561502e9d60 base::internal::FunctorTraits<>::Invoke<>()
> #13 0x5561502e9d0f base::internal::Invoker<>::RunOnce()
> #14 0x55614fd53470 content::mojom::NavigationClient_CommitFailedNavigation_ForwardToCallback::Accept()
> #15 0x55615301c6e0 mojo::InterfaceEndpointClient::HandleValidatedMessage()
> #16 0x5561530201e0 mojo::MessageDispatcher::Accept()
> #17 0x55615301d435 mojo::InterfaceEndpointClient::HandleIncomingMessage()
> #18 0x5561531dc3e2 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnEndpointThread()
> #19 0x55615301e323 base::internal::Invoker<>::RunOnce()
> #20 0x556151f35f23 base::TaskAnnotator::RunTask()
> #21 0x556151f467b3 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
> #22 0x556151f46569 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
> #23 0x556151f46b32 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
> #24 0x556151fa9c4b base::MessagePumpLibevent::Run()
> #25 0x556151f46d6d base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
> #26 0x556151f18c1b base::RunLoop::Run()
> #27 0x556151ec159d InProcessBrowserTest::RunUntilBrowserProcessQuits()
> #28 0x556151ec207f InProcessBrowserTest::QuitBrowsers()
> #29 0x556151ec1fce InProcessBrowserTest::PostRunTestOnMainThread()
> #30 0x5561525e3d34 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
> #31 0x556152012479 ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
> #32 0x55615201197e ChromeBrowserMainParts::PreMainMessageLoopRun()
> #33 0x55614efa9b98 chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun()
> #34 0x5561500381cd content::BrowserMainLoop::PreMainMessageLoopRun()
> #35 0x5561503a1a9c content::StartupTaskRunner::RunAllTasksNow()
> chromium#36 0x556150037e4a content::BrowserMainLoop::CreateStartupTasks()
> #37 0x55615003a147 content::BrowserMainRunnerImpl::Initialize()
> #38 0x556150036912 content::BrowserMain()
> chromium#39 0x556150bf6aed content::RunBrowserProcessMain()
> #40 0x556150bf79bd content::ContentMainRunnerImpl::RunBrowser()
> #41 0x556150bf752e content::ContentMainRunnerImpl::Run()
> chromium#42 0x556150bf5b38 content::RunContentProcess()
> #43 0x556150bf5c08 content::ContentMain()
> #44 0x5561525e3543 content::BrowserTestBase::SetUp()
> #45 0x556151ec12c1 InProcessBrowserTest::SetUp()
> #46 0x55614e1c8786 ash::input_method::(anonymous namespace)::NativeInputMethodEngineTest::SetUp()
> #47 0x55614f308e8f testing::Test::Run()
> #48 0x55614f3097c5 testing::TestInfo::Run()
> #49 0x55614f309f21 testing::TestSuite::Run()
> #50 0x55614f313798 testing::internal::UnitTestImpl::RunAllTests()
> #51 0x55614f31338b testing::UnitTest::Run()
> #52 0x556151fd7ff2 base::TestSuite::Run()
> #53 0x556151e96409 BrowserTestSuiteRunnerChromeOS::RunTestSuite()
> #54 0x556152613c1f content::LaunchTests()
> #55 0x556151e98224 LaunchChromeTests()
> #56 0x556151e9638b main
> #57 0x7f7dd56c4bf7 __libc_start_main
> #58 0x55614cca11ea _start
> from
> https://ci.chromium.org/p/chrome/builders/ci/linux-chromeos-chrome/17628
>
> Here is the fourth:  (different test in the same suite, different stack trace):
> [ RUN      ] NativeInputMethodEngineTest.EmojiSuggestionDisabledReasonkUserSettingsOff
> 2021-09-24T16:19:05.593039Z WARNING browser_tests[31407:31407]: [audio_manager_linux.cc(60)] Falling back to ALSA for audio output. PulseAudio is not available or could not be initialized.
> [959.207] default_socket.cc:58    /run/perfetto/ exists but cannot be accessed. Falling back on /tmp/  (errno: 13, Permission denied)
> 2021-09-24T16:19:05.646514Z WARNING browser_tests[31407:31423]: [wallpaper_decoder.cc(29)] Failed reading file
> 2021-09-24T16:19:05.673272Z ERROR browser_tests[31407:31407]: [print_job_reporting_service_factory.cc(47)] DMToken must be valid
> 2021-09-24T16:19:05.678360Z ERROR browser_tests[31407:31407]: [proximity_auth_profile_pref_manager.cc(194)] Failed to find local state prefs for current user.
> 2021-09-24T16:19:05.728926Z WARNING browser_tests[31407:31407]: [remote_commands_service.cc(188)] Client is not registered.
> 2021-09-24T16:19:05.763864Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.763999Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Cache: 0MB
> 2021-09-24T16:19:05.764049Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.README: 0MB
> 2021-09-24T16:19:05.764094Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.764120Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.WebData: 0MB
> 2021-09-24T16:19:05.764270Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.CodeCache: 0MB
> 2021-09-24T16:19:05.764446Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SiteCharacteristicsDatabase: 0MB
> 2021-09-24T16:19:05.765718Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Favicons: 0MB
> 2021-09-24T16:19:05.765751Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginDataForAccount: 0MB
> 2021-09-24T16:19:05.766067Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.GCache: 0MB
> 2021-09-24T16:19:05.766094Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.History: 0MB
> 2021-09-24T16:19:05.766115Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.766123Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.766131Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.766199Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.766336Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LocalStorage: 0MB
> 2021-09-24T16:19:05.766472Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.SyncData: 0MB
> 2021-09-24T16:19:05.766498Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOCK: 0MB
> 2021-09-24T16:19:05.766524Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LoginData: 0MB
> 2021-09-24T16:19:05.766552Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.LOG: 0MB
> 2021-09-24T16:19:05.766909Z WARNING browser_tests[31407:31433]: [user_data_stats_recorder.cc(186)] Ash.UserDataStatsRecorder.DataSize.Unknown: 0MB
> 2021-09-24T16:19:05.880798Z ERROR browser_tests[31407:31407]: [plugin_vm_manager_impl.cc(150)] New session has dispatcher unexpected already running. Perhaps Chrome crashed?
> 2021-09-24T16:19:05.921761Z INFO browser_tests[31407:31407]: [key_permissions_manager_impl.cc(509)] One-time key permissions migration started for token: 0.
> 2021-09-24T16:19:05.932877Z WARNING browser_tests[31407:31407]: [drivefs_session.cc(65)] DriveFs mount failed with error: 3
> 2021-09-24T16:19:05.951965Z WARNING browser_tests[31407:31407]: [login_unlock_throughput_recorder.cc(58)] Zero frames expected in login animation throughput data
> 2021-09-24T16:19:05.973007Z INFO browser_tests[31407:31407]: [android_sms_pairing_state_tracker_impl.cc(71)] No Pairing cookie found
> 2021-09-24T16:19:05.977396Z WARNING browser_tests[31407:31428]: [google_brand_chromeos.cc(40)] Brand code file missing: /opt/oem/etc/BRAND_CODE
> 2021-09-24T16:19:05.981581Z INFO browser_tests[31407:31407]: [ui_test_utils.cc(224)] NavigateToURL: chrome://newtab/
> 2021-09-24T16:19:06.072941Z ERROR browser_tests[31407:31457]: [als_reader.cc(52)] Missing num of als
> 2021-09-24T16:19:06.073283Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(230)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
> 2021-09-24T16:19:06.073310Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(233)] crbug.com/1216328: Checking Bluetooth availability ended.
> 2021-09-24T16:19:06.073337Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
> 2021-09-24T16:19:06.073358Z ERROR browser_tests[31407:31457]: [chrome_browser_main_extra_parts_metrics.cc(240)] crbug.com/1216328: Checking default browser status ended.
> 2021-09-24T16:19:06.085536Z INFO browser_tests[31407:31407]: [key_permissions_manager_impl.cc(534)] One-time key permissions migration succeeded for token: 0.
> BrowserTestBase received signal: Segmentation fault. Backtrace:
> #0 0x564f24b8af29 base::debug::CollectStackTrace()
> #1 0x564f24af2843 base::debug::StackTrace::StackTrace()
> #2 0x564f251fd373 content::(anonymous namespace)::DumpStackTraceSignalHandler()
> #3 0x7f03d338d040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
> #4 0x564f282e0d94 ChromeOmniboxNavigationObserver::DidFinishNavigation()
> #5 0x564f22fe1042 content::WebContentsImpl::WebContentsObserverList::NotifyObservers<>()
> #6 0x564f22fe92d0 content::WebContentsImpl::DidFinishNavigation()
> #7 0x564f22ebdd73 content::NavigationRequest::~NavigationRequest()
> #8 0x564f22ebe6bc content::NavigationRequest::~NavigationRequest()
> #9 0x564f22ed15f9 content::Navigator::DidNavigate()
> #10 0x564f22ee3bcd content::RenderFrameHostImpl::DidCommitNavigationInternal()
> #11 0x564f22ee2f2a content::RenderFrameHostImpl::DidCommitNavigation()
> #12 0x564f22f02a40 base::internal::FunctorTraits<>::Invoke<>()
> #13 0x564f22f029ef base::internal::Invoker<>::RunOnce()
> #14 0x564f2296c430 content::mojom::NavigationClient_CommitFailedNavigation_ForwardToCallback::Accept()
> #15 0x564f25c35100 mojo::InterfaceEndpointClient::HandleValidatedMessage()
> #16 0x564f25c38c00 mojo::MessageDispatcher::Accept()
> #17 0x564f25c35e55 mojo::InterfaceEndpointClient::HandleIncomingMessage()
> #18 0x564f25df4e02 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnEndpointThread()
> #19 0x564f25c36d43 base::internal::Invoker<>::RunOnce()
> #20 0x564f24b4ea03 base::TaskAnnotator::RunTask()
> #21 0x564f24b5f293 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
> #22 0x564f24b5f049 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
> #23 0x564f24b5f612 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
> #24 0x564f24bc28cb base::MessagePumpLibevent::Run()
> #25 0x564f24b5f84d base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
> #26 0x564f24b316fb base::RunLoop::Run()
> #27 0x564f22f433f3 content::BrowserTaskExecutor::RunAllPendingTasksOnThreadForTesting()
> #28 0x564f2522df45 content::RunAllPendingInMessageLoop()
> #29 0x564f24adaa96 InProcessBrowserTest::PostRunTestOnMainThread()
> #30 0x564f251fca24 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
> #31 0x564f24c2b0f9 ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
> #32 0x564f24c2a5fe ChromeBrowserMainParts::PreMainMessageLoopRun()
> #33 0x564f21bc1f38 chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun()
> #34 0x564f22c510ed content::BrowserMainLoop::PreMainMessageLoopRun()
> #35 0x564f22fba77c content::StartupTaskRunner::RunAllTasksNow()
> chromium#36 0x564f22c50d6a content::BrowserMainLoop::CreateStartupTasks()
> #37 0x564f22c53067 content::BrowserMainRunnerImpl::Initialize()
> #38 0x564f22c4f832 content::BrowserMain()
> chromium#39 0x564f2380f5bd content::RunBrowserProcessMain()
> #40 0x564f2381048d content::ContentMainRunnerImpl::RunBrowser()
> #41 0x564f2380fffe content::ContentMainRunnerImpl::Run()
> chromium#42 0x564f2380e608 content::RunContentProcess()
> #43 0x564f2380e6d8 content::ContentMain()
> #44 0x564f251fc233 content::BrowserTestBase::SetUp()
> #45 0x564f24ad9d91 InProcessBrowserTest::SetUp()
> #46 0x564f20de0a86 ash::input_method::(anonymous namespace)::NativeInputMethodEngineTest::SetUp()
> #47 0x564f21f21e4f testing::Test::Run()
> #48 0x564f21f22785 testing::TestInfo::Run()
> #49 0x564f21f22ee1 testing::TestSuite::Run()
> #50 0x564f21f2c758 testing::internal::UnitTestImpl::RunAllTests()
> #51 0x564f21f2c34b testing::UnitTest::Run()
> #52 0x564f24bf0c72 base::TestSuite::Run()
> #53 0x564f24aaeed9 BrowserTestSuiteRunnerChromeOS::RunTestSuite()
> #54 0x564f2522c62f content::LaunchTests()
> #55 0x564f24ab0cf4 LaunchChromeTests()
> #56 0x564f24aaee5b main
> #57 0x7f03d336fbf7 __libc_start_main
> #58 0x564f1f8b94ea _start
> from
> https://ci.chromium.org/p/chrome/builders/ci/linux-chromeos-chrome/17631
>
> Original change's description:
> > Privatise unnecessarily public current_input_method in
> > InputMethodManagerImpl::StateImpl.
> >
> > This involves replacing some direct pokes of current_input_method
> > with public GetCurrentInputMethod() that employs a fallback onto
> > InputMethodUtil::GetFallbackInputMethodDescriptor() when ID is
> > blank. This should be more reasonable and consistent.
> >
> > Bug: 1134465
> > Change-Id: I2c423a58547cc7249efdf8056624623998765aba
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3177760
> > Commit-Queue: Bao-Duy Tran <tranbaoduy@chromium.org>
> > Reviewed-by: Keith Lee <keithlee@chromium.org>
> > Reviewed-by: Curtis McMullan <curtismcmullan@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#924702}
>
> Bug: 1134465
> Change-Id: I6144a0ebd7472f31d4b937d9e99b6a6c8bc0eee1
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3182806
> Auto-Submit: Mark Pearson <mpearson@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Mark Pearson <mpearson@chromium.org>
> Owners-Override: Mark Pearson <mpearson@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#924810}

Bug: 1134465
Change-Id: I358d66835e54d67d8d151e3da38da9a8f33d83bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3184801
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Darren Shen <shend@chromium.org>
Commit-Queue: Bao-Duy Tran <tranbaoduy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#925158}
blueboxd pushed a commit that referenced this issue Oct 16, 2021
This reverts commit 842626c.

Reason for revert: [sheriff] suspected to cause multiple failures in 
SafetyTipPageInfoBubbleViewBrowserTests on linux-ubsan-vptr:

https://ci.chromium.org/p/chromium/builders/ci/linux-ubsan-vptr/6970

Sample failure:
[ RUN      ] All/SafetyTipPageInfoBubbleViewBrowserTest.BubbleWaitsForVisible/1
[...]
../../chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc:390:23: runtime error: downcast of address 0x180601885e00 which does not point to an object of type 'PageInfoBubbleView'
0x180601885e00: note: object is of type 'PageInfoNewBubbleView'
 00 00 00 00  18 70 11 10 50 56 00 00  80 68 50 01 06 18 00 00  b8 00 00 00 30 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'PageInfoNewBubbleView'
    #0 0x564ffa77d440 in SafetyTipPageInfoBubbleViewBrowserTest::CheckPageInfoShowsSafetyTipInfo(Browser*, security_state::SafetyTipStatus, GURL const&) chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc:390:23
    #1 0x564ffa788397 in SafetyTipPageInfoBubbleViewBrowserTest_BubbleWaitsForVisible_Test::RunTestOnMainThread() chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc:837:3
    #2 0x565002ae1026 in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() content/public/test/browser_test_base.cc:868:7
    #3 0x565001aae15a in Run base/callback.h:142:12
    #4 0x565001aae15a in ChromeBrowserMainParts::PreMainMessageLoopRunImpl() chrome/browser/chrome_browser_main.cc:1745:38
    #5 0x565001aaba50 in ChromeBrowserMainParts::PreMainMessageLoopRun() chrome/browser/chrome_browser_main.cc:1083:18
    #6 0x564ffd8e2f00 in content::BrowserMainLoop::PreMainMessageLoopRun() content/browser/browser_main_loop.cc:957:28
    #7 0x564ffe307f82 in Run base/callback.h:142:12
    #8 0x564ffe307f82 in content::StartupTaskRunner::RunAllTasksNow() content/browser/startup_task_runner.cc:41:29
    #9 0x564ffd8e2368 in content::BrowserMainLoop::CreateStartupTasks() content/browser/browser_main_loop.cc:865:25
    #10 0x564ffd8e889c in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) content/browser/browser_main_runner_impl.cc:131:15
    #11 0x564ffd8dec1e in content::BrowserMain(content::MainFunctionParams const&) content/browser/browser_main.cc:45:32
    #12 0x564fff2a06e8 in content::RunBrowserProcessMain(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:641:10
    #13 0x564fff2a2e90 in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams&, bool) content/app/content_main_runner_impl.cc:1137:10
    #14 0x564fff2a1f18 in content::ContentMainRunnerImpl::Run(bool) content_main_runner_impl.cc
    #15 0x564fff29dde0 in content::RunContentProcess(content::ContentMainParams const&, content::ContentMainRunner*) content_main.cc
    #16 0x564fff29e7dd in content::ContentMain(content::ContentMainParams const&) content_main.cc
    #17 0x565002adfcff in content::BrowserTestBase::SetUp() content/public/test/browser_test_base.cc:712:3
    #18 0x5650018271c4 in InProcessBrowserTest::SetUp() chrome/test/base/in_process_browser_test.cc:401:20
    #19 0x564ffa79d759 in SafetyTipPageInfoBubbleViewBrowserTest::SetUp() chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc:306:27
    #20 0x564ffb8f8c7d in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2701:3
    #21 0x564ffb8fa600 in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2885:11
    #22 0x564ffb8fc1bb in testing::TestSuite::Run() third_party/googletest/src/googletest/src/gtest.cc:3044:30
    #23 0x564ffb9115ca in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5903:44
    #24 0x564ffb90fd8c in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:5470:10
    #25 0x565001a12e28 in RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2492:46
    #26 0x565001a12e28 in base::TestSuite::Run() base/test/test_suite.cc:445:16
    #27 0x5650017d0bac in ChromeTestSuiteRunner::RunTestSuiteInternal(ChromeTestSuite*) chrome/test/base/chrome_test_launcher.cc:88:22
    #28 0x5650017d0c1b in ChromeTestSuiteRunner::RunTestSuite(int, char**) chrome_test_launcher.cc
    #29 0x565002b8529b in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:409:31
    #30 0x5650017d11b1 in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) chrome/test/base/chrome_test_launcher.cc:284:10
    #31 0x5650017c9dcc in main chrome/test/base/browser_tests_main.cc:61:10
    #32 0x7fc242b01bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #33 0x564ff76da7e9 in _start (/b/s/w/ir/out/Release/browser_tests+0xe8af7e9)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc:390:23 in 

Original change's description:
> Enable PageInfoV2Desktop by default
>
> Enable flag and remove testing config.
>
> Bug: 1188101
> Change-Id: Ifd839436f3d4c0127d15b449bbca84855ccd858f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3217207
> Reviewed-by: Balazs Engedy <engedy@chromium.org>
> Reviewed-by: Christian Dullweber <dullweber@chromium.org>
> Reviewed-by: Theodore Olsauskas-Warren <sauski@google.com>
> Reviewed-by: Xinghui Lu <xinghuilu@chromium.org>
> Commit-Queue: Olesia Marukhno <olesiamarukhno@google.com>
> Cr-Commit-Position: refs/heads/main@{#931972}

Bug: 1188101
Change-Id: Ic51b9fdc730b7046e24b4d394248218b86eef09d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226638
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Owners-Override: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#932067}
blueboxd pushed a commit that referenced this issue Oct 16, 2021
… off"

This reverts commit 7db902d.

Reason for revert: [sheriff] suspected to cause multiple AccountProfileMapperTest failures on linux-lacros-tester-rel:

First failing build: https://ci.chromium.org/p/chromium/builders/ci/linux-lacros-tester-rel/16078

Sample failure:
[ RUN      ] AccountProfileMapperTest.RemovePrimaryAccountFromPrimaryProfile

Received signal 11 SEGV_MAPERR 209300000105
#0 0x5584a2716cd9 base::debug::CollectStackTrace()
#1 0x5584a2684db3 base::debug::StackTrace::StackTrace()
#2 0x5584a2716823 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f9750773980 (/lib/x86_64-linux-gnu/libpthread-2.27.so+0x1297f)
#4 0x5584a269ec4c base::internal::WeakReference::IsValid()
#5 0x55849d569978 base::ObserverList<>::RemoveObserver()
#6 0x5584a2edaf01 ProfileAccountManager::Shutdown()
#7 0x5584a377e0bc DependencyManager::PerformInterlockedTwoPhaseShutdown()
#8 0x5584a1be43ae TestingProfile::~TestingProfile()
#9 0x55849cf239ae (anonymous namespace)::PermissionManagerTestingProfile::~PermissionManagerTestingProfile()
#10 0x5584a2d094bf ProfileDestroyer::DestroyOriginalProfileNow()
#11 0x5584a2d091ed ProfileDestroyer::DestroyProfileWhenAppropriate()
#12 0x5584a2d1a886 ProfileManager::ProfileInfo::~ProfileInfo()
#13 0x5584a1be6fef std::__1::__tree<>::destroy()
#14 0x5584a2d1ca09 ProfileManager::~ProfileManager()
#15 0x5584a1be14ae FakeProfileManager::~FakeProfileManager()
#16 0x5584a1be5d12 TestingProfileManager::~TestingProfileManager()
#17 0x55849dc1309b AccountProfileMapperTest_GetAccounts_Test::~AccountProfileMapperTest_GetAccounts_Test()
#18 0x55849ef2f92c testing::TestInfo::Run()
#19 0x55849ef30617 testing::TestSuite::Run()


Original change's description:
> [Lacros] Do not create AccountProfileMapper if the feature is off
>
> AccountProfileMapper should only be created if the
> kMultiProfileAccountConsistency feature is enabled. Otherwise, it might
> have negative side-effects like deleting user profiles.
>
> To add a DCHECK(kMultiProfileAccountConsistency) to
> AccountProfileMapper,
> this CL also enables kMultiProfileAccountConsistency in all related
> unit tests. This appears to be a non-trivial task because ProfileManager
> will now create its own instance of AccountProfileMapper that doesn't
> use an AccountManagerFacade mock.
>
> This CL adds a TestingProfileManager::SetAccountProfileMapper() methods
> to inject a fake instance for testing.
>
> Bug: 1226045
> Change-Id: I69f74aed3f4bd9bdb107912d5e92872d53691a07
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3222809
> Reviewed-by: David Roger <droger@chromium.org>
> Commit-Queue: Alex Ilin <alexilin@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#931942}

Bug: 1226045
Change-Id: If5ee60910f6cba1aabc407dba814448f538a2d39
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3227179
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Owners-Override: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#932071}
blueboxd pushed a commit that referenced this issue Nov 8, 2021
This CL changes the aura::WindowObserver hook used in
exo::ExtendedDragSource:

Previously, ExtendedDragSource::OnWindowVisibilityChanging() was
used to call ash::ToplevelWindowEventHandler::AttemptToStartDrag(),
and kick off the drag 'n drop.
Problem is that for the scenario of TabletMode ON and WebUITabStrip
OFF, using OnWindowVisibilityChanging() hook is too early.
Reason:

In today's ToT, when a window detaches, during a tab drag 'n drop,
the following check takes place and fails, causing the whole
operation to abort (see lines 309-310 below):

 295 std::unique_ptr<WindowResizer> CreateWindowResizerForTabletMode(
 296     aura::Window* window, ...) {
 (...)
 306   WindowState* window_state = WindowState::Get(window);
 307   // Only maximized/fullscreen/snapped window can be dragged from
 308   // the top of the screen.
 309   if (!window_state->IsMaximized() && !window_state->IsFullscreen()
 310       && !window_state->IsSnapped()) {
 311     return nullptr;

This happens because the |window_state| in case is only set to
MAXIMIZED from a code that uses OnWindowVisibilityChanged() hook:

(...)
#12 0x7fe849164dda TabletModeWindowManager::OnWindowVisibilityChanged()
(...)
#15 0x7fe8520d2be3 aura::Window::NotifyWindowVisibilityChanged()
#16 0x7fe8520cdf2c aura::Window::SetVisibleInternal()
#17 0x7fe8520cdc54 aura::Window::Show()
#18 0x7fe84cfcf013 views::NativeWidgetAura::Show()
#19 0x7fe84cf89398 views::Widget::Show()
#20 0x561eee1cb154 exo::ShellSurfaceBase::CommitWidget()
#21 0x561eee1cacf6 exo::ShellSurfaceBase::OnSurfaceCommit()

Hence, using OnDraggedWindowVisibilityChanging() in
exo::ExtendedDragSource class is too early.

This CL changes the hook used to OnWindowVisibilityChanged(),
and also sets the following aura::Window properties, used by the
drag 'n drop logic: ash::kTabDraggingSourceWindowKey and
ash::kIsDraggingTabsKey.

With this change, the functionality starts to take shape, and it is
possible to drag the window around. Snapping and merge-back are still
not fully functional (see follow up CLs).

R=oshima@chromium.org
BUG=1252941

Change-Id: I8600652a974210e3081e97d6d65639582ad222ad
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3254858
Reviewed-by: Mitsuru Oshima <oshima@chromium.org>
Commit-Queue: Antonio Gomes <tonikitoo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#939226}
blueboxd pushed a commit that referenced this issue Nov 26, 2021
When an external policy causes a web app to be pinned, the shelf
updates in response.

Previously, when a number of web apps were installed and pinned by
policy, the last web app would not be pinned until the next restart.

go/policy-install-pin-dd

(cherry picked from commit 0bb7e3d)

Bug: 1157338
Change-Id: If406d30a3e226af56525fefbbc878001b934465e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3211618
Commit-Queue: Eric Willigers <ericwilligers@chromium.org>
Auto-Submit: Eric Willigers <ericwilligers@chromium.org>
Reviewed-by: Nancy Wang <nancylingwang@chromium.org>
Reviewed-by: Glen Robertson <glenrob@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#929574}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3214178
Reviewed-by: Eric Willigers <ericwilligers@chromium.org>
Reviewed-by: Stefan Kuhne <skuhne@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/4664@{#12}
Cr-Branched-From: 24dc4ee-refs/heads/main@{#929512}
blueboxd pushed a commit that referenced this issue Dec 8, 2021
This reverts commit 8ad2b7f.

Reason for revert:
Breaks EnrollmentOnRevenWithNoStateKeysResponse.ManualEnrollment
on linux-chromeos-chrome:
https://ci.chromium.org/ui/p/chrome/builders/ci/linux-chromeos-chrome/19072/overview

RunLoop timeout in
#11 0x5556ebf29852 ash::test::TestPredicateWaiter::Wait()
#12 0x5556e735d411 ash::test::EnrollmentUIMixin::WaitForStep()
#13 0x5556e726ede2 ash::(anonymous namespace)::EnrollmentOnRevenWithNoStateKeysResponse_ManualEnrollment_Test::RunTestOnMainThread()

Original change's description:
> reven: Don't block enrollment/device policy init on state keys
>
> Server-backed state keys are not available on reven, but reven also
> doesn't support FRE/AutoRE, so don't block enterprise enrollment or
> device policy initialization on the availability of server-backed state
> keys.
>
> Bug: b:206775318
> Change-Id: Ia3bc7e2ae7fed61bc0bc55070ddb1938cf44681f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3310924
> Commit-Queue: Pavol Marko <pmarko@chromium.org>
> Reviewed-by: Roman Sorokin <rsorokin@chromium.org>
> Reviewed-by: Roland Bock <rbock@google.com>
> Reviewed-by: Igor <igorcov@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#948910}

Bug: b:206775318
Change-Id: I0a19cb688a87ca5a5c7e851e7a45d5fd6bc0eb8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3320608
Owners-Override: Gabriel Charette <gab@chromium.org>
Auto-Submit: Gabriel Charette <gab@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#949013}
blueboxd pushed a commit that referenced this issue Jan 5, 2022
It turns out that exo::ExtendedDragSource class can benefit from
overriding both OnWindowVisibilityChanging() and
OnWindowVisibilityChanged() hooks.

In [1], the use of OnWindowVisibilityChanging() hook was changed by
OnWindowVisibilityChanged(), since according to the existing Ash's
drag'n drop logic, by the time
ash::ToplevelWindowEventHandler::AttemptToStartDrag() is called
the window state should be up to date, something that occurs in
ash::TabletModeWindowManager::OnWindowVisibilityChanged().

However, it turns how that Lacros needs to set ash::kIsDraggingTabsKey
property as soon as possible, so that undesirable window resizes don't
take place during the drag'n drop beginning - causing the window to
flicker.

This CL reintroduces OnWindowVisibilityChanging() hook, and
moves some of the logic in OnWindowVisibilityChanged() into it,
In practice, it avoids Lacros from flicking when starting a drag'n
drop (see stack trace below)

[1] https://crrev.com/c/3254858

 #9 0x7f8f4dda154a ash::TabletModeWindowState::UpdateBounds() <-- calls aura::Window::SetBounds()
 #10 0x7f8f4dda0e0e ash::TabletModeWindowState::UpdateWindow()
 #11 0x7f8f4dda16ef ash::TabletModeWindowState::AttachState()
 #12 0x7f8f4ddcd304 ash::WindowState::SetStateObject()
 #13 0x7f8f4dda03b1 ash::TabletModeWindowState::TabletModeWindowState()
 #14 0x7f8f4dd98830 ash::TabletModeWindowManager::TrackWindow()
 #15 0x7f8f4dd995a7 ash::TabletModeWindowManager::OnWindowVisibilityChanged()
 #16 0x7f8f4ff664fc aura::Window::NotifyWindowVisibilityChangedAtReceiver()
 #17 0x7f8f4ff661c6 aura::Window::NotifyWindowVisibilityChangedDown()
 #18 0x7f8f4ff652d7 aura::Window::NotifyWindowVisibilityChanged()
 #19 0x7f8f4ff6002a aura::Window::SetVisibleInternal()
 #20 0x7f8f4ff5fcaa aura::Window::Show()
 #21 0x7f8f4f371b3b views::NativeWidgetAura::Show()
 #22 0x7f8f4f3260b8 views::Widget::Show()
 #23 0x55d01acb6fd6 exo::ShellSurfaceBase::CommitWidget()
 #24 0x55d01acb6b78 exo::ShellSurfaceBase::OnSurfaceCommit()
 #25 0x55d01ac7d90d exo::Surface::Commit()
 (..)

BUG=1252941
R=oshima@chromium.org

Change-Id: Ib6ba73d3bb2a90a3ac180c974f292bec39c1b3d4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3365554
Reviewed-by: Mitsuru Oshima <oshima@chromium.org>
Commit-Queue: Antonio Gomes <tonikitoo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#955327}
blueboxd pushed a commit that referenced this issue Jan 15, 2022
This reverts commit 6ff1599.

Reason for revert: Seems to have caused browser_test failures on linux-chromeos-chrome 

https://ci.chromium.org/p/chrome/builders/ci/linux-chromeos-chrome/19698
rowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x563ae696f899 base::debug::CollectStackTrace()
#1 0x563ae68d6683 base::debug::StackTrace::StackTrace()
#2 0x563ae6ff8293 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7f9ac9026040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
#4 0x563ae7720266 PrefChangeRegistrar::RemoveAll()
#5 0x563ae7720222 PrefChangeRegistrar::~PrefChangeRegistrar()
#6 0x563ae2f37095 std::__1::unique_ptr<>::reset()
#7 0x563ae3696a1b policy::ActiveDirectoryMigrationManager::~ActiveDirectoryMigrationManager()
#8 0x563ae3696a38 policy::ActiveDirectoryMigrationManager::~ActiveDirectoryMigrationManager()
#9 0x563ae369a699 policy::BrowserPolicyConnectorAsh::~BrowserPolicyConnectorAsh()
#10 0x563ae369a6fe policy::BrowserPolicyConnectorAsh::~BrowserPolicyConnectorAsh()
#11 0x563ae6a0edbd BrowserProcessImpl::~BrowserProcessImpl()
#12 0x563ae6a0edea BrowserProcessImpl::~BrowserProcessImpl()
#13 0x563ae6a668e9 browser_shutdown::ShutdownPostThreadsStop()
#14 0x563ae6a0e226 ChromeBrowserMainParts::PostDestroyThreads()
#15 0x563ae349ef9b ash::ChromeBrowserMainPartsAsh::PostDestroyThreads()
#16 0x563ae495d2d9 content::BrowserMainLoop::ShutdownThreadsAndCleanUp()
#17 0x563ae495e53c content::BrowserMainRunnerImpl::Shutdown()
#18 0x563ae495a9ce content::BrowserMain()
#19 0x563ae555e819 content::RunBrowserProcessMain()
#20 0x563ae555f8e0 content::ContentMainRunnerImpl::RunBrowser()
#21 0x563ae555f431 content::ContentMainRunnerImpl::Run()
#22 0x563ae555d209 content::RunContentProcess()
#23 0x563ae555d861 content::ContentMain()
#24 0x563ae6ff6f2b content::BrowserTestBase::SetUp()
#25 0x563ae68bf947 InProcessBrowserTest::SetUp()
#26 0x563ae3b0fbed testing::Test::Run()
#27 0x563ae3b10520 testing::TestInfo::Run()
#28 0x563ae3b10ce1 testing::TestSuite::Run()
#29 0x563ae3b1a61a testing::internal::UnitTestImpl::RunAllTests()
#30 0x563ae3b1a219 testing::UnitTest::Run()
#31 0x563ae69d5af8 base::TestSuite::Run()
#32 0x563ae688bfa1 BrowserTestSuiteRunnerChromeOS::RunTestSuite()
#33 0x563ae70407b7 content::LaunchTests()
#34 0x563ae688e77a LaunchChromeTests()
#35 0x563ae688bf23 main
chromium#36 0x7f9ac9008bf7 __libc_start_main
#37 0x563ae134462a _start

Original change's description:
> Remote powerwash on Chromad via policy
>
> Implement remote powerwash on Chromad, using the recently added
> ChromadToCloudMigrationEnabled policy. The powerwash will be used to
> start the migration of AD managed devices into cloud management. Besides
> having the new policy enabled, the device needs to be on the login
> screen and the enrollment ID must have already been uploaded to
> DMServer.
>
> Bug: 1209246
> Change-Id: I6a67b8a8a43c28bc5f03f27e96d0415f69b6bc83
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3141873
> Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
> Reviewed-by: Roman Sorokin <rsorokin@chromium.org>
> Reviewed-by: Colin Blundell <blundell@chromium.org>
> Commit-Queue: Felipe Andrade <fsandrade@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#959123}

Bug: 1209246
Change-Id: If067abcf2a9289ebacaeb240b1f67749c305509c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3389555
Auto-Submit: Scott Violet <sky@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#959243}
blueboxd pushed a commit that referenced this issue Jan 20, 2022
This reverts commit 65b9357.

Reason for revert: Made linux-chromeos-rel very unhappy

First failure:
https://ci.chromium.org/ui/p/chromium/builders/ci/linux-chromeos-rel/54339/overview

Example stack trace:
BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x5602878b1df9 base::debug::CollectStackTrace()
#1 0x560287814a63 base::debug::StackTrace::StackTrace()
#2 0x560287f236f9 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7f5dca479040 (/lib/x86_64-linux-gnu/libc-2.27.so+0x3f03f)
#4 0x56028382eb06 std::__1::__tree<>::__erase_unique<>()
#5 0x5602849cda7e crosapi::BrowserManager::StopKeepAlive()
#6 0x5602877e163f std::__1::unique_ptr<>::reset()
#7 0x5602877e0fa2 crosapi::test::AshBrowserTestStarter::~AshBrowserTestStarter()
#8 0x5602877ff1b3 std::__1::unique_ptr<>::reset()
#9 0x560287f22469 content::BrowserTestBase::SetUp()
#10 0x5602877fd219 InProcessBrowserTest::SetUp()
#11 0x560284bb448d testing::Test::Run()
#12 0x560284bb4e28 testing::TestInfo::Run()
#13 0x560284bb55e3 testing::TestSuite::Run()
#14 0x560284bbecd5 testing::internal::UnitTestImpl::RunAllTests()
#15 0x560284bbe8e7 testing::UnitTest::Run()
#16 0x560287919f5a base::TestSuite::Run()
#17 0x5602877c996f BrowserTestSuiteRunnerChromeOS::RunTestSuite()
#18 0x560287f6ba53 content::LaunchTests()
#19 0x5602877cc08e LaunchChromeTests()
#20 0x5602877c98f1 main
#21 0x7f5dca45bbf7 __libc_start_main
#22 0x56028236e7ea _start


Original change's description:
> Make Lacros lifetime closer to real use.
>
> We started to enable Lacros's KeepAlive for AppService.
> Following that, now AshBrowserTestStarter uses it to make it
> closer to the real use cases.
>
> To avoid name conflict, put AshBrowserTestStarter to crosapi::test
> namespace.
>
> BUG=1277898
> TEST=Ran browser_tests.
>
> Change-Id: I007e2cf5dc75cf581b3fdca595c18b2a9fbc8c5c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3386527
> Reviewed-by: Sven Zheng <svenzheng@chromium.org>
> Reviewed-by: David Tseng <dtseng@chromium.org>
> Commit-Queue: Hidehiko Abe <hidehiko@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#960880}

Bug: 1277898
Change-Id: I5d1b9053bb82d0a5593f8ffaf5a70ff66cd72618
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3401559
Auto-Submit: Leonard Grey <lgrey@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leonard Grey <lgrey@chromium.org>
Commit-Queue: Leonard Grey <lgrey@chromium.org>
Cr-Commit-Position: refs/heads/main@{#960983}
blueboxd pushed a commit that referenced this issue Feb 3, 2022
(cherry picked from commit 96f38d8)

Fixed: 1277889
Change-Id: Ibf514746f402b781212aa1ff75948946af503f17
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3326841
Reviewed-by: Christoph Schwering <schwering@google.com>
Commit-Queue: Friedrich Horschig <fhorschig@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#950501}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3329854
Auto-Submit: Friedrich Horschig <fhorschig@chromium.org>
Commit-Queue: Christoph Schwering <schwering@google.com>
Cr-Commit-Position: refs/branch-heads/4758@{#12}
Cr-Branched-From: 4a2cf4b-refs/heads/main@{#950365}
blueboxd pushed a commit that referenced this issue Mar 2, 2022
This reverts commit dbba982.

Reason for revert:
Likely cause of consistent failures on the linux-ubsan-vptr bot:
https://ci.chromium.org/p/chromium/builders/ci/linux-ubsan-vptr

Failures are in browser_tests, which fail these two:
- PersistentBackground/WebNavigationApiTestWithContextType.TargetBlank/0
- PersistentBackground/WebNavigationApiTestWithContextType.TargetBlankIncognito/0
consistently after this change landed.

Failures look like:
Value of: catcher.GetNextResult()
  Actual: false
Expected: true
Failed 1 of 2 tests


Here's a full message with context if you need it for
PersistentBackground/WebNavigationApiTestWithContextType.TargetBlank/0
----
[ RUN      ] PersistentBackground/WebNavigationApiTestWithContextType.TargetBlank/0
[464:464:0301/144733.588542:WARNING:field_trial_util.cc(105)] Field trial config study skipped: DesktopTabGroupsUserEducation.Enabled (some of its features are already overridden)
[464:464:0301/144733.588746:WARNING:field_trial_util.cc(105)] Field trial config study skipped: GoogleLensDesktopContextMenuSearch.Enabled (some of its features are already overridden)
[464:464:0301/144733.588871:WARNING:field_trial_util.cc(105)] Field trial config study skipped: OmniboxUpdatedConnectionSecurityIndicatorsIPH.Enabled (some of its features are already overridden)
[464:464:0301/144733.588964:WARNING:field_trial_util.cc(105)] Field trial config study skipped: PreconnectToSearchDesktop.EnabledWithStartupDelayForegroundOnly (some of its features are already overridden)
[464:464:0301/144733.589045:WARNING:field_trial_util.cc(105)] Field trial config study skipped: SharedHighlightingIphDesktop.Enabled (some of its features are already overridden)
[464:464:0301/144733.589080:WARNING:field_trial_util.cc(105)] Field trial config study skipped: TabAudioMuting.Enabled (some of its features are already overridden)
[464:464:0301/144733.589102:WARNING:field_trial_util.cc(105)] Field trial config study skipped: TabSearchIPH.TabSearchIPH (some of its features are already overridden)
[464:464:0301/144733.589268:WARNING:field_trial_util.cc(105)] Field trial config study skipped: WebUITabStrip.Enabled (some of its features are already overridden)
libva error: va_getDriverName() failed with unknown libva error,driver_name=(null)
[656:656:0301/144733.806065:WARNING:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
[656:656:0301/144733.850910:ERROR:gpu_memory_buffer_support_x11.cc(44)] dri3 extension not supported.
[464:464:0301/144733.932449:WARNING:bluez_dbus_manager.cc(248)] Floss manager not present, cannot set Floss enable/disable.
[464:718:0301/144733.993927:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.Properties.Get: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[464:718:0301/144733.993972:WARNING:property.cc(144)] DaemonVersion: GetAndBlock: failed.
[464:718:0301/144733.994251:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.UPower.GetDisplayDevice: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[464:718:0301/144733.995241:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.UPower.EnumerateDevices: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[464:749:0301/144734.486797:WARNING:embedded_test_server.cc(665)] Request not handled. Returning 404: /favicon.ico
[464:464:0301/144734.572404:INFO:CONSOLE(0)] "[SUCCESS] targetBlank", source: chrome-extension://dakfcpefccmhodaclomjmbepmggkkebb/_generated_background_page.html (0)
[464:464:0301/144734.577512:INFO:CONSOLE(0)] "[FAIL] testGetFrame: API Test Error in testGetFrame
Actual: null
Expected: {"errorOccurred":false,"url":"http://127.0.0.1:33405/extensions/api_test/webnavigation/targetBlank/a.html","parentFrameId":-1,"documentId":"EEAB76DF6EE3FA5A5D1FD6CFFA67B4E6","documentLifecycle":"active","frameType":"outermost_frame"}
Error
    at extensions::test:248:20
    at chrome-extension://dakfcpefccmhodaclomjmbepmggkkebb/test_targetBlank.js:143:23", source: chrome-extension://dakfcpefccmhodaclomjmbepmggkkebb/_generated_background_page.html (0)
../../chrome/browser/extensions/api/web_navigation/web_navigation_apitest.cc:489: Failure
Value of: catcher.GetNextResult()
  Actual: false
Expected: true
Failed 1 of 2 tests
Stack trace:
#0 0x55c0a052ad5c extensions::WebNavigationApiTestWithContextType_TargetBlank_Test::RunTestOnMainThread()
#1 0x55c0a95c0429 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#2 0x55c0a41d24e7 content::BrowserMainLoop::InterceptMainMessageLoopRun()
#3 0x55c0a41d25f2 content::BrowserMainLoop::RunMainMessageLoop()
#4 0x55c0a41d7381 content::BrowserMainRunnerImpl::Run()
#5 0x55c0a41cc372 content::BrowserMain()
#6 0x55c0a5c52a82 content::RunBrowserProcessMain()
#7 0x55c0a5c55580 content::ContentMainRunnerImpl::RunBrowser()
#8 0x55c0a5c547e7 content::ContentMainRunnerImpl::Run()
#9 0x55c0a5c4ff32 content::RunContentProcess()
#10 0x55c0a5c50a4e content::ContentMain()
#11 0x55c0a95bf226 content::BrowserTestBase::SetUp()
#12 0x55c0a82e1175 InProcessBrowserTest::SetUp()

[464:464:0301/144735.270606:WARNING:pref_notifier_impl.cc(41)] Pref observer for media_router.cast_allow_all_ips found at shutdown.
[  FAILED  ] PersistentBackground/WebNavigationApiTestWithContextType.TargetBlank/0, where GetParam() = 4-byte object <03-00 00-00> (2103 ms)
----

Original change's description:
> Add documentId to WebNavigation GetFrame API
>
> - Make tabId and frameId optional.
> - Support querying based solely on the documentId.
>
> See https://bit.ly/3G4RBEn for discussion regarding this change.
>
> BUG=1264911
>
> Change-Id: I399bc050d4dea144cdce79ff7084c31cd012b094
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3448388
> Reviewed-by: Devlin Cronin <rdevlin.cronin@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#976413}

Bug: 1264911
Change-Id: Ifc94658fcc11e214065f4d1d73c2831c9caa6172
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3499404
Auto-Submit: Mark Pearson <mpearson@chromium.org>
Owners-Override: Mark Pearson <mpearson@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#976477}
blueboxd pushed a commit that referenced this issue Mar 30, 2022
This CL is used to prepare for CL:3547984 to enable the
AppServiceOnAppUpdateWithoutMojom flag.

With the mojom AppService, web apps are not published to
AppRegistryCache until the web app registry becomes ready, because
subscribers_ is empty:
https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/web_applications/app_service/web_apps.cc;l=296

Only when WebApps::StartPublishingWebApps is called after web app
provider is ready, subscribers_ has valid subscriber and can publish web
apps:
https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/web_applications/app_service/web_apps.cc;l=351

With non mojom AppService, even if the web app registry is not ready,
the web apps can be published to the non mojom AppRegistryCache, because
subscribers_ is not used to publish the non mojom web apps.

This different behavior might break the test
SystemWebAppManagerUninstallBrowserTest::Uninstall, which verifies the
mock system web app added in the pre test is removed:
https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/web_applications/web_app_id_constants.cc;l=105
Call stack:
#6 0x55e407b17a54 web_app::WebApps::PublishWebApp()
#7 0x55e407b1410b web_app::WebAppPublisherHelper::OnWebAppWillBeUninstalled()
#8 0x55e40a479ec9 web_app::WebAppInstallManager::NotifyWebAppWillBeUninstalled()
#9 0x55e40a4951d4 web_app::WebAppUninstallJob::Start()
#10 0x55e40a472bee web_app::WebAppInstallFinalizer::UninstallWebAppInternal()
#11 0x55e40a472659 web_app::WebAppInstallFinalizer::UninstallExternalWebAppOrRemoveSource()
#12 0x55e40a4725d0 web_app::WebAppInstallFinalizer::UninstallExternalWebApp()
#13 0x55e40a4727ad web_app::WebAppInstallFinalizer::UninstallExternalWebAppByUrl()
#14 0x55e40a43a988 web_app::ExternallyManagedAppManagerImpl::UninstallApps()
#15 0x55e40a438c37 web_app::ExternallyManagedAppManager::SynchronizeInstalledApps()

In the test, SynchronizeInstalledApps is called at the very early stage,
before StartPublishingWebApps is called, so actually the mock system web
app is neither removed, nor added with mojom AppService, but it is added
to the non mojom AppRegistryCache as kUninstallByUser status.

This CL modifies the web apps for the non mojom AppService, to add a
flag to check whether the web app registry becomes ready. And publish
the non mojom web apps only when the the web app registry becomes ready,
to keep the consistent behavior as the mojom AppService.

BUG=1253250

Change-Id: I8f4ddd292747f2f7fb9c10a855684bd0d091a307
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3555225
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Commit-Queue: Nancy Wang <nancylingwang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#986874}
blueboxd pushed a commit that referenced this issue Jun 22, 2022
This reverts commit 886f154.

Reason for revert: Punting to M104.

Original change's description:
> ime: Enable Chinese System PK by default.
>
> Chinese System PK is targetting M103, so enabling it now to give it
> maximum soak time. There are still some "P1" bugs left to fix before
> branch, but since Chinese IMEs are not "launched", it shouldn't be a
> big deal.
>
> Bug: 1299646
> Change-Id: I4d8038402fe497be94733978d35e92bd792ed406
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3595521
> Reviewed-by: David Vallet <dvallet@chromium.org>
> Commit-Queue: Darren Shen <shend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#994441}

(cherry picked from commit 729e64b)

Bug: 1299646
Change-Id: I7bdc2a40f1dcb073cc498a2b074c2b6fd28949d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3646708
Commit-Queue: Darren Shen <shend@chromium.org>
Reviewed-by: David Vallet <dvallet@chromium.org>
Auto-Submit: Darren Shen <shend@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1002937}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3648852
Reviewed-by: John Palmer <jopalmer@chromium.org>
Cr-Commit-Position: refs/branch-heads/5060@{#12}
Cr-Branched-From: b83393d-refs/heads/main@{#1002911}
blueboxd pushed a commit that referenced this issue Aug 31, 2022
This reverts commit 395b2b1.

Reason for revert: the following test cases fail
- MediaFoundationRendererIntegrationTest.BasicPlayback
- MediaFoundationRendererIntegrationTest.BasicPlayback_MediaSource

on Windows 10/Asan

with the failure log:

[ RUN      ] MediaFoundationRendererIntegrationTest.BasicPlayback
=================================================================
==644==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000008 (pc 0x7ff6889a1e92 bp 0x00c26c4fe5f0 sp 0x00c26c4fe560 T0)
==644==The signal is caused by a READ memory access.
==644==Hint: address points to the zero page.
==644==*** WARNING: Failed to initialize DbgHelp!              ***
==644==*** Most likely this means that the app is already      ***
==644==*** using DbgHelp, possibly with incompatible flags.    ***
==644==*** Due to technical reasons, symbolization might crash ***
==644==*** or produce wrong results.                           ***
    #0 0x7ff6889a1e91 in base::RepeatingCallback<void (const base::UnguessableToken &, const gfx::Size &, base::TimeDelta)>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:263
    #1 0x7ff6889a1e91 in media::MediaFoundationRenderer::RequestNextFrame(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer.cc:1022:23
    #2 0x7ff68899bed8 in media::MediaFoundationRenderer::OnPlaying(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer.cc:838:3
    #3 0x7ff68a04bb3a in base::OnceCallback<void ()>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:145
    #4 0x7ff68a04bb3a in base::TaskAnnotator::RunTaskImpl(struct base::PendingTask &) C:\b\s\w\ir\cache\builder\src\base\task\common\task_annotator.cc:133:32
    #5 0x7ff68ac91059 in base::TaskAnnotator::RunTask C:\b\s\w\ir\cache\builder\src\base\task\common\task_annotator.h:72
    #6 0x7ff68ac91059 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(class base::LazyNow *) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:422:21
    #7 0x7ff68ac90046 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork(void) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:292:41
    #8 0x7ff68acc53da in base::MessagePumpDefault::Run(class base::MessagePump::Delegate *) C:\b\s\w\ir\cache\builder\src\base\message_loop\message_pump_default.cc:39:55
    #9 0x7ff68ac9316b in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, class base::TimeDelta) C:\b\s\w\ir\cache\builder\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:575:12
    #10 0x7ff68960a00c in base::RunLoop::Run(class base::Location const &) C:\b\s\w\ir\cache\builder\src\base\run_loop.cc:141:14
    #11 0x7ff68942c9a7 in media::PipelineIntegrationTestBase::RunUntilQuitOrError(class base::RunLoop *) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:697:13
    #12 0x7ff689424636 in media::PipelineIntegrationTestBase::RunUntilQuitOrEndedOrError(class base::RunLoop *) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:709:3
    #13 0x7ff689424449 in media::PipelineIntegrationTestBase::WaitUntilEndedOrError(void) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:226:5
    #14 0x7ff689423ac4 in media::PipelineIntegrationTestBase::WaitUntilOnEnded(void) C:\b\s\w\ir\cache\builder\src\media\test\pipeline_integration_test_base.cc:217:27
    #15 0x7ff686ce4597 in media::MediaFoundationRendererIntegrationTest_BasicPlayback_Test::TestBody(void) C:\b\s\w\ir\cache\builder\src\media\renderers\win\media_foundation_renderer_integration_test.cc:92:3
    #16 0x7ff6870b0c77 in testing::Test::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:2670:5
    #17 0x7ff6870b2c3b in testing::TestInfo::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:2849:11
    #18 0x7ff6870b498e in testing::TestSuite::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:3008:30
    #19 0x7ff6870d772f in testing::internal::UnitTestImpl::RunAllTests(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:5866:44
    #20 0x7ff6870d6bd5 in testing::UnitTest::Run(void) C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\src\gtest.cc:5440:10
    #21 0x7ff6896d7a69 in RUN_ALL_TESTS C:\b\s\w\ir\cache\builder\src\third_party\googletest\src\googletest\include\gtest\gtest.h:2284
    #22 0x7ff6896d7a69 in base::TestSuite::Run(void) C:\b\s\w\ir\cache\builder\src\base\test\test_suite.cc:463:16
    #23 0x7ff6896dc4ed in base::OnceCallback<int ()>::Run C:\b\s\w\ir\cache\builder\src\base\callback.h:145
    #24 0x7ff6896dc4ed in base::`anonymous namespace'::LaunchUnitTestsInternal C:\b\s\w\ir\cache\builder\src\base\test\launcher\unit_test_launcher.cc:181:38
    #25 0x7ff6896dc0ba in base::LaunchUnitTests(int, char **, class base::OnceCallback<(void)>, unsigned __int64) C:\b\s\w\ir\cache\builder\src\base\test\launcher\unit_test_launcher.cc:272:10
    #26 0x7ff686dcc7f9 in main C:\b\s\w\ir\cache\builder\src\media\test\run_all_unittests.cc:52:10
    #27 0x7ff68c67712b in invoke_main d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
    #28 0x7ff68c67712b in __scrt_common_main_seh d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #29 0x7fff384a2773  (C:\Windows\System32\KERNEL32.DLL+0x180012773)
    #30 0x7fff386e0d50  (C:\Windows\SYSTEM32\ntdll.dll+0x180070d50)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation C:\b\s\w\ir\cache\builder\src\base\callback.h:263 in base::RepeatingCallback<void (const base::UnguessableToken &, const gfx::Size &, base::TimeDelta)>::Run
==644==ABORTING

Original change's description:
> [MediaFoundation] Request next frame during onPlaying event
>
> OS: Win10, Win11
>
> During OnPlaying event, a frame request should be called to get
> the first frame to output at the earliest possible time. This
> is the earliest time when a frame is available. Current
> implementation waits for render to be called, while
> StartPlayingFrom's call for RequestNextFrameBetweenTimestamps
> may not output a result if the media engine is not yet ready
> to output a frame.
>
> Bug: 1355520
> Change-Id: Ice60ac41ca4b8cae9b0687626e93017d0a4406f0
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3852409
> Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
> Commit-Queue: Daoyuan Li <daoyuanli@microsoft.com>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1041097}

Bug: 1355520
Change-Id: Ic483e314ce14e3f187691df772515eacea387cb1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3863075
Commit-Queue: Asami Doi <asamidoi@chromium.org>
Owners-Override: Asami Doi <asamidoi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Asami Doi <asamidoi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1041256}
blueboxd pushed a commit that referenced this issue Aug 31, 2022
Change-Id: Ifb1c7eee23a84ce9a82d2647a31bed17983abc54
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3785207
Auto-Submit: Ben Mason <benmason@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5195@{#12}
Cr-Branched-From: 7aa3f07-refs/heads/main@{#1027018}
blueboxd pushed a commit that referenced this issue Sep 2, 2022
Enabling ozone_unittests on linux bots revealed some problems
with downcasting. In particular, linux-ubsan-vptr bot started to
fail with the following error message -

./../ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:515:10: runtime error: downcast of address 0x2ccc00349e00 which does not point to an object of type 'const WaylandExchangeDataProvider'
0x2ccc00349e00: note: object is of type 'ui::OSExchangeDataProviderNonBacked'
 00 00 00 00  28 3b f6 e3 f0 55 00 00  01 00 00 00 00 00 00 00  20 b1 26 00 cc 2c 00 00  28 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'ui::OSExchangeDataProviderNonBacked'
    #0 0x55f0e331831c in GetOfferedExchangeDataProvider ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:515:10
    #1 0x55f0e331831c in ui::WaylandDataDragController::StartSession(ui::OSExchangeData const&, int, ui::mojom::DragEventSource) ui/ozone/platform/wayland/host/wayland_data_drag_controller.cc:133:23
    #2 0x55f0e3366bbc in ui::WaylandWindow::StartDrag(ui::OSExchangeData const&, int, ui::mojom::DragEventSource, ui::Cursor, bool, base::OnceCallback<void (ui::mojom::DragOperation)>, ui::WmDragHandler::LocationDelegate*) ui/ozone/platform/wayland/host/wayland_window.cc:227:45
    #3 0x55f0e2b28c32 in ui::WaylandDataDragControllerTest_AsyncNoopStartDrag_Test::TestBody() ui/ozone/platform/wayland/host/wayland_data_drag_controller_unittest.cc:973:28
    #4 0x55f0e2e26ab1 in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2670:5
    #5 0x55f0e2e28046 in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2849:11
    #6 0x55f0e2e29beb in testing::TestSuite::Run() third_party/googletest/src/googletest/src/gtest.cc:3008:30
    #7 0x55f0e2e3fafe in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5866:44
    #8 0x55f0e2e3e604 in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:5440:10
    #9 0x55f0e34276d1 in RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2284:73
    #10 0x55f0e34276d1 in base::TestSuite::Run() base/test/test_suite.cc:463:16
    #11 0x55f0e342b9dc in Run base/callback.h:145:12
    #12 0x55f0e342b9dc in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) base/test/launcher/unit_test_launcher.cc:181:38
    #13 0x55f0e342b877 in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) base/test/launcher/unit_test_launcher.cc:272:10
    #14 0x55f0e2acc2cc in main mojo/core/test/run_all_unittests.cc:69:10
    #15 0x7ff7560d4082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #16 0x55f0e2ab4169 in _start (/home/msisov/code/chromium/src/out/asan/ozone_unittests+0xb13169) (BuildId: 77bfee5b71bd92da)

It turned out that WaylandDataDragController was getting a non-backed provider
as a Wayland one wasn't set (it's set during OzonePlatformWayland initialization
in production). As a result, downcasting to WaylandExchangeDataProvider
was illegal in tests. It's unknown why tests didn't fail. Probably,
the result of the WaylandDataDragController::GetOfferedExchangeDataProvider
was never used. And the problem with downcasting was only caught with
this new bot.

Bug: 1358123
Change-Id: I4c8deb16a57b485de1fabd91fdcaab136d5da639
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3865512
Commit-Queue: Maksim Sisov <msisov@igalia.com>
Reviewed-by: Alexander Dunaev <adunaev@igalia.com>
Cr-Commit-Position: refs/heads/main@{#1041976}
blueboxd pushed a commit that referenced this issue Sep 29, 2022
Change-Id: Ib76a7fd5378168db8c8bb11e0ccc2dd670f89ee1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3840697
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5249@{#12}
Cr-Branched-From: 4f7bea5-refs/heads/main@{#1036826}
blueboxd pushed a commit that referenced this issue Oct 7, 2022
This reverts commit b121781.

Reason for revert: breaks asan

see https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ASan%20LSan%20Tests%20(1)/106685/test-results

=================================================================
==7990==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500014a3c8 at pc 0x55bcdbc9090d bp 0x7ffe8c468ab0 sp 0x7ffe8c468aa8
READ of size 8 at 0x61500014a3c8 thread T0 (browser_tests)
    #0 0x55bcdbc9090c in begin buildtools/third_party/libc++/trunk/include/vector:1374:33
    #1 0x55bcdbc9090c in begin<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &> base/ranges/ranges.h:44:37
    #2 0x55bcdbc9090c in begin<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &> base/ranges/ranges.h:105:10
    #3 0x55bcdbc9090c in find_if<std::Cr::vector<base::internal::UncheckedObserverAdapter, std::Cr::allocator<base::internal::UncheckedObserverAdapter> > &, (lambda at ../../base/observer_list.h:287:21), base::identity, std::Cr::random_access_iterator_tag> base/ranges/algorithm.h:483:26
    #4 0x55bcdbc9090c in base::ObserverList<permissions::PermissionRequestManager::Observer, false, true, base::internal::UncheckedObserverAdapter>::RemoveObserver(permissions::PermissionRequestManager::Observer const*) base/observer_list.h:286:21
    #5 0x55bcdf91c380 in Reset base/scoped_observation.h:86:7
    #6 0x55bcdf91c380 in ~ScopedObservation base/scoped_observation.h:70:26
    #7 0x55bcdf91c380 in permissions::PermissionRequestObserver::~PermissionRequestObserver() components/permissions/test/permission_request_observer.cc:14:55
    #8 0x55bccbcd2629 in PermissionRequestChipGestureSensitiveBrowserTest_ShouldUpdateActiverPRMAndObservations_Test::RunTestOnMainThread() chrome/browser/ui/views/permissions/permission_request_chip_browsertest.cc:294:1
    #9 0x55bce299402f in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() content/public/test/browser_test_base.cc:883:7
    #10 0x55bce299accf in Invoke<void (content::BrowserTestBase::*)(), content::BrowserTestBase *> base/functional/bind_internal.h:643:12
    #11 0x55bce299accf in MakeItSo<void (content::BrowserTestBase::*)(), std::Cr::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported> > > base/functional/bind_internal.h:822:12
    #12 0x55bce299accf in RunImpl<void (content::BrowserTestBase::*)(), std::Cr::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported> >, 0UL> base/functional/bind_internal.h:916:12
    #13 0x55bce299accf in base::internal::Invoker<base::internal::BindState<void (content::BrowserTestBase::*)(), base::internal::UnretainedWrapper<content::BrowserTestBase, base::RawPtrBanDanglingIfSupported>>, void ()>::RunOnce(base::internal::BindStateBase*) base/functional/bind_internal.h:867:12


Original change's description:
> Make confirmation chip independent of request chip
>
> See design doc: go/confirmation-chip
>
> Bug: 1364276
> Change-Id: Iab08a5bb96271d45101ba68c0134751b921b7667
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3921717
> Commit-Queue: Florian Jacky <fjacky@chromium.org>
> Reviewed-by: Illia Klimov <elklm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1055397}

Bug: 1364276
Change-Id: Iecf56cfafaf15a2ab8329138f7508de8afd0a341
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3937182
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Avi Drissman <avi@chromium.org>
Owners-Override: Avi Drissman <avi@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1055548}
blueboxd pushed a commit that referenced this issue Oct 13, 2022
This CL is fixing the bucket for ShutdownType2 for process
that do an early exit within BasicStartupComplete(...).

These cases can be repro on Linux with these commands:

1) ./chrome --version
2) ./chrome --product-version
3) ./chrome --credits
4) ./chrome --diagnostics

The ChromeMainDelegate must be robust for cases where the
BasicStartupComplete is not fully executed due to an error
(early exits).

The chrome logging was assuming it was initialized. This CL is
ensuring the code was initialized to call the corresponding
shutdown code.

[1004/174420.541708:FATAL:logging_chrome.cc(468)] Check failed: chrome_logging_initialized_. Attempted to clean up logging when it wasn't initialized.
#0 0x55a6a8cf8952 base::debug::CollectStackTrace()
#1 0x55a6a8be9cc3 base::debug::StackTrace::StackTrace()
#2 0x55a6a8c0468f logging::LogMessage::~LogMessage()
#3 0x55a6a8c0549e logging::LogMessage::~LogMessage()
#4 0x55a6ab92495b logging::CleanupChromeLogging()
#5 0x55a6a355f45b ChromeMainDelegate::ProcessExiting()
#6 0x55a6a85ed50d content::ContentMainRunnerImpl::Shutdown()
#7 0x55a6a85eaddb content::ContentMainRunnerImpl::~ContentMainRunnerImpl()
#8 0x55a6a85eaf1e content::ContentMainRunnerImpl::~ContentMainRunnerImpl()
#9 0x55a6a85e8bb0 content::ContentMain()
#10 0x55a6a355d236 ChromeMain
#11 0x7fc168e4781d __libc_start_main
#12 0x55a6a355d02a _start


Change-Id: I51c9d7b18535f69d6733a8d0b88d0a80111bdcb7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3931775
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
Commit-Queue: Etienne Bergeron <etienneb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1058086}
blueboxd pushed a commit that referenced this issue Oct 21, 2022
`char16_t` (which `UChar` is defined as) cannot be used to alias general memory.
Yet we try to use it to read a `blink::QualifiedName::QualifiedNameImpl` among other things.

This is UB, and gcc -O2 misoptimizes it. When chromium is compiled with allocator shim, this manifests as an immediate crash:

  * frame #0: 0x0000556e1280927b electron`FreelistCorruptionDetected [inlined] operator() at partition_freelist_entry.h:31
    frame #1: 0x0000556e1280927a electron`FreelistCorruptionDetected(extra=48) at partition_freelist_entry.h:31
    frame #2: 0x0000556e129dd167 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) at partition_freelist_entry.h:303
    frame #3: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) [inlined] partition_alloc::internal::PartitionFreelistEntry::GetNext(unsigned long) const at partition_freelist_entry.h:328
    frame #4: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(partition_alloc::PartitionRoot<true>*, unsigned int, unsigned long, unsigned long, bool*) [inlined] partition_alloc::internal::SlotSpanMetadata<true>::PopForAlloc(unsigned long) at partition_page.h:739
    frame #5: 0x0000556e129dd162 electron`partition_alloc::internal::PartitionBucket<true>::SlowPathAlloc(this=0x0000556e19292598, root=0x0000556e19292500, flags=33, raw_size=<unavailable>, slot_span_alignment=48, is_already_zeroed=0x00007ffe8f1196f7) at partition_bucket.cc:1354
    frame #6: 0x0000556e129ddbc0 electron`partition_alloc::ThreadCache::FillBucket(unsigned long) at partition_root.h:1076
    frame #7: 0x0000556e129ddbbb electron`partition_alloc::ThreadCache::FillBucket(this=<unavailable>, bucket_index=5755259732000) at thread_cache.cc:607
    frame #8: 0x0000556e129dfd3a electron`base::internal::PartitionMalloc(base::allocator::AllocatorDispatch const*, unsigned long, void*) at thread_cache.h:525
    frame #9: 0x0000556e129dfd18 electron`base::internal::PartitionMalloc(base::allocator::AllocatorDispatch const*, unsigned long, void*) at partition_root.h:1742
    frame #10: 0x0000556e129dfb18 electron`base::internal::PartitionMalloc((null)=<unavailable>, size=40, context=<unavailable>) at allocator_shim_default_dispatch_to_partition_alloc.cc:304
    frame #11: 0x0000556e128dbe43 electron`::malloc(unsigned long) at allocator_shim.cc:201:37
    frame #12: 0x0000556e128dbe30 electron`::malloc(size=40) at allocator_shim_override_libc_symbols.h:35:20
    frame #13: 0x0000556e16c0f6e6 electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] WTF::RefCounted<blink::QualifiedName::QualifiedNameImpl, WTF::DefaultRefCountedTraits<blink::QualifiedName::QualifiedNameImpl>>::operator new(unsigned long) at ref_counted.h:44
    frame #14: 0x0000556e16c0f6e1 electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] blink::QualifiedName::QualifiedNameImpl::Create((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) at qualified_name.h:62
    frame #15: 0x0000556e16c0f6dd electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) at qualified_name.cc:69
    frame #16: 0x0000556e16c0f6ba electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>(blink::QualifiedNameData&, blink::QualifiedNameData&) (.constprop.0) [inlined] void WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>::Translate<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedNameData&, blink::QualifiedNameData>(blink::QualifiedName::QualifiedNameImpl*&, blink::QualifiedNameData&, blink::QualifiedNameData const&, unsigned int) at hash_set.h:184
    frame #17: 0x0000556e16c0f6ba electron`WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::InsertPassingHashCode<WTF::HashSetTranslatorAdapter<blink::QNameComponentsTranslator>, blink::QualifiedNameData&, blink::QualifiedNameData&>((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) (.constprop.0) at hash_table.h:1481
    frame #18: 0x0000556e1492f9cf electron`blink::QualifiedName::QualifiedName(WTF::AtomicString const&, WTF::AtomicString const&, WTF::AtomicString const&) [inlined] WTF::HashTableAddResult<WTF::HashTable<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedName::QualifiedNameImpl*, WTF::IdentityExtractor, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>, blink::QualifiedName::QualifiedNameImpl*> WTF::HashSet<blink::QualifiedName::QualifiedNameImpl*, blink::QualifiedNameHash, WTF::HashTraits<blink::QualifiedName::QualifiedNameImpl*>, WTF::PartitionAllocator>::AddWithTranslator<blink::QNameComponentsTranslator, blink::QualifiedNameData&>(blink::QualifiedNameData&) at hash_set.h:307
    frame #19: 0x0000556e1492f9ca electron`blink::QualifiedName::QualifiedName((null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>, (null)=<unavailable>) at qualified_name.cc:81

When chromium is compiled with system malloc, this manifests as graphical glitches, followed by a crash much later on.

It is worth noting that this exact code snippet was discussed on the GCC bugtracker in 2014
(predating the forking of Chromium from WebKit):
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60546#c21

The corresponding code no longer exists in WebKit.

Attached patch makes the HashMemory function type-safe without changing the API for other users of StringHasher.

Bug: 819294
Change-Id: Iac11ec77501c2f1d6d01db85d5b9d544adeaf71d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3968507
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Auto-Submit: Bruno Pitrus <brunopitrus@hotmail.com>
Cr-Commit-Position: refs/heads/main@{#1061939}
blueboxd pushed a commit that referenced this issue Nov 30, 2022
In View::HandleAccessibleAction, accessibility sends both a press and
release mouse event to the view instance.

Unfortunately, if the view deletes itself immediately after receiving
the mouse press event, the subsequent mouse release event causes a UAF.

e.g. for illustrative purposes, here's the flow:

bool HandleAccessibleAction(...) {
  view->OnEvent(mouse_press);
  // |view| is now deleted.
  view->OnEvent(mouse_release);
  // UAF.
}

Fix this by overriding HandleAccessibleAction in the self-deleting view.

Notes:
The deletion stack for the WindowCycleItemView is
    #3 0x560338183db8 in operator() buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:49:5
    #4 0x560338183db8 in reset buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:281:7
    #5 0x560338183db8 in ~unique_ptr buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:247:75
    #6 0x560338183db8 in views::View::DoRemoveChildView(views::View*, bool, bool, views::View*) ui/views/view.cc:2739:1
    #7 0x560338183fe4 in views::View::RemoveAllChildViews() ui/views/view.cc:341:5
    #8 0x560333f50cbb in ash::WindowCycleView::DestroyContents() ash/wm/window_cycle/window_cycle_view.cc:379:3
    #9 0x560333f4b3e7 in ash::WindowCycleList::~WindowCycleList() ash/wm/window_cycle/window_cycle_list.cc:139:18
    #10 0x560333f4b747 in ash::WindowCycleList::~WindowCycleList() ash/wm/window_cycle/window_cycle_list.cc:117:37
    #11 0x560333f475e8 in operator() buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:49:5
    #12 0x560333f475e8 in reset buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h:281:7
    #13 0x560333f475e8 in ash::WindowCycleController::StopCycling() ash/wm/window_cycle/window_cycle_controller.cc:421:22
    #14 0x560333f5944c in ash::WindowCycleItemView::OnMousePressed(ui::MouseEvent const&) ash/wm/window_cycle/window_cycle_item_view.cc:53:44
    #15 0x560338193ae2 in views::View::ProcessMousePressed(ui::MouseEvent const&) ui/views/view.cc:3109:23
    #16 0x56033819362d in views::View::OnMouseEvent(ui::MouseEvent*) ui/views/view.cc:1492:11

Bug: 1380602
Change-Id: I2533dc299c0f5f5bb32efa130e6d564cb70d4613
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4046647
Commit-Queue: David Tseng <dtseng@chromium.org>
Reviewed-by: Xiaoqian Dai <xdai@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1076637}
blueboxd pushed a commit that referenced this issue Feb 8, 2023
R=​tonikitoo@igalia.com

(cherry picked from commit 7457dc4)

Fixed: 1400872
Test: ozone_unittests --gtest_filter='*WaylandDataDragControllerTest.DropWhileFetchingData*'
Change-Id: If56d2e977403fc260910009794b8f9b7f9d8585e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4111696
Auto-Submit: Nick Yamane <nickdiego@igalia.com>
Reviewed-by: Antonio Gomes <tonikitoo@igalia.com>
Commit-Queue: Nick Yamane <nickdiego@igalia.com>
Cr-Original-Commit-Position: refs/heads/main@{#1084398}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4115650
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5481@{#12}
Cr-Branched-From: 130f3e4-refs/heads/main@{#1084008}
blueboxd pushed a commit that referenced this issue Feb 21, 2023
Change-Id: Ib90a33092f8319b87bf4b363f82ed45971f25356
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4241405
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5481_77@{#12}
Cr-Branched-From: 65ed616-refs/branch-heads/5481@{#839}
Cr-Branched-From: 130f3e4-refs/heads/main@{#1084008}
blueboxd pushed a commit that referenced this issue Mar 7, 2023
Change-Id: Id5f55c7e246b72902b1cca3dbbb2958a5cc3fcc4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4202167
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5563@{#12}
Cr-Branched-From: 3ac59a6-refs/heads/main@{#1097615}
blueboxd pushed a commit that referenced this issue Apr 14, 2023
This CL updates the ash version ['111.0.5563.41', '110.0.5481.181'] for Lacros version skew testing.
This cl only affect linux-lacros config builders like
linux-lacros-tester-rel, linux-lacros-rel.
This cl will certainly NOT affect Lacros on-device builders
(lacros-amd64-generic-rel, lacros-amd64-generic-chrome-skylab,
etc) or any other platforms.

If this CL caused regressions, please revert and stop the autoroller
at https://luci-scheduler.appspot.com/jobs/chrome/lacros-version-skew-roller
Also please file a bug to OS>LaCrOS>Partner, and CC svenzheng@chromium.org.

R=rubber-stamper@appspot.gserviceaccount.com

Bug: None
Change-Id: I5b1cb471d1a1dbb9966af2732b5bcb994a08987b
Requires-Testing: True
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4290110
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: chrome-weblayer-builder <chrome-weblayer-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5615@{#12}
Cr-Branched-From: 9c6408e-refs/heads/main@{#1109224}
blueboxd pushed a commit that referenced this issue May 9, 2023
Uploaded by https://ci.chromium.org/b/8785687939937648129

Change-Id: I156f51dd1da3d6dd47e4270f9434be37dd9fddd7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4371687
Bot-Commit: ChromeOS bot <3su6n15k.default@developer.gserviceaccount.com>
Commit-Queue: ChromeOS bot <3su6n15k.default@developer.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5672@{#12}
Cr-Branched-From: 5f2a724-refs/heads/main@{#1121455}
blueboxd pushed a commit that referenced this issue May 27, 2023
Change-Id: I31e1bb5393ef69a6eed554ccd5a7d1c5c84b5cc2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4480353
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5735@{#12}
Cr-Branched-From: 2f562e4-refs/heads/main@{#1135570}
blueboxd pushed a commit that referenced this issue Jul 29, 2023
Change-Id: If5ce11d82d3eba152f356bfebba4fc7706fd0886
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4701945
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5790_90@{#12}
Cr-Branched-From: 86fb9d0-refs/branch-heads/5790@{#1583}
Cr-Branched-From: 1d71a33-refs/heads/main@{#1148114}
blueboxd pushed a commit that referenced this issue Dec 10, 2023
Change-Id: I7167c2c57ddd27a50d5df6c15d6d99e537c3bdb2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5090288
Bot-Commit: Chrome Release Bot (LUCI) <chrome-official-brancher@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/6099_56@{#12}
Cr-Branched-From: 6c113a6-refs/branch-heads/6099@{#1192}
Cr-Branched-From: e6ee450-refs/heads/main@{#1217362}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants