New issue
Advanced search Search tips

Issue 634988 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
khmel@chromium.org
steve...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

flaky StickyKeysBrowserTest.OpenNewTabs in debug

Project Member Reported by khmel@chromium.org, Aug 5 2016 
gn gen out/Debug --args='target_os="chromeos" is_debug=true'
out/Debug/interactive_ui_tests --gtest_filter=*StickyKeysBrowserTest.OpenNewTabs*

Observed various crashes:
[98396:98396:0805/103119:ERROR:interface_registry.cc(87)] Failed to locate a binder for interface: mojom::ResourceUsageReporter
[98366:98434:0805/103119:WARNING:simple_synchronous_entry.cc(1054)] Could not open platform files for entry.
[0805/103120:ERROR:kill_posix.cc(84)] Unable to terminate process group 98366: No such process
[1/1] StickyKeysBrowserTest.OpenNewTabs (3409 ms)
1 test failed:
    StickyKeysBrowserTest.OpenNewTabs (../../chrome/browser/chromeos/accessibil[98654:98654:0805/103136:WARNING:vaapi_wrapper.cc(1224)] vaInitialize failed: unknown libva error
[98654:98654:0805/103137:ERROR:interface_registry.cc(87)] Failed to locate a binder for interface: mojom::ResourceUsageReporter
[98622:98690:0805/103137:WARNING:simple_synchronous_entry.cc(1054)] Could not open platform files for entry.
[98622:98645:0805/103137:WARNING:http_cache_transaction.cc(1061)] Unable to create cache entry
/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/debug/safe_iterator.h:538:
    error: attempt to compare a past-the-end iterator to a singular iterator  ity/sticky_keys_browsertest.cc:93)

Comment 1 by khmel@chromium.org, Aug 5 2016

Owner: khmel@chromium.org
Status: Started (was: Untriaged)

Comment 2 by khmel@chromium.org, Aug 5 2016 

1. We register some callbacks in interface register here:
https://chromium.googlesource.com/chromium/src/+/master/content/browser/renderer_host/render_process_host_impl.cc#500
   Note, WeakPtr is used to protect callbacks.

2. On Chrome exit following race condition may occur.

3. RenderProcessHostImpl gets released and Cleanup is called. ConnectionFilterImpl is released in this call.

4. In ConnectionFilterImpl DTOR we have io_task_runner->DeleteSoon(FROM_HERE, weak_factory_.release());
 https://chromium.googlesource.com/chromium/src/+/master/content/browser/renderer_host/render_process_host_impl.cc#477

5. We have deleted ConnectionFilterImpl however its weak_factory_ is not released and its releasing is scheduled in the future.

6. Now mojo call arrives and requests an interface which comes to deleted object.
https://chromium.googlesource.com/chromium/src/+/master/content/browser/renderer_host/render_process_host_impl.cc#510

This is crash condition.

I attached stack calls for ConnectionFilterImpl CTOR, DTOR and GetInterface access.
CTOR.txt
7.6 KB View Download
DTOR.txt
8.8 KB View Download
GETINTERFACE.txt
6.5 KB View Download

Comment 3 by khmel@chromium.org, Aug 5 2016

Owner: ----
Status: Available (was: Started)

Comment 4 by khmel@chromium.org, Aug 5 2016

Status: Untriaged (was: Available)

Comment 5 by zalcorn@chromium.org, Apr 6 2018

Components: Tests>Flaky

Sign in to add a comment