https://uberchromegw.corp.google.com/i/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/17675/steps/ash_unittests%20on%20Ubuntu-12.04/logs/AshTestHelperTest.AshTestHelper

[ RUN      ] AshTestHelperTest.AshTestHelper
Xlib:  extension "RANDR" missing on display ":9".
=================================================================
==22358==ERROR: AddressSanitizer: heap-use-after-free on address 0x61100003cbe9 at pc 0x000001b87f1c bp 0x7ffe0b422c20 sp 0x7ffe0b422c18
WRITE of size 1 at 0x61100003cbe9 thread T0
    #0 0x1b87f1b in ash::TabletPowerButtonController::OnGotInitialBacklightsForcedOff(bool) ash/system/chromeos/power/tablet_power_button_controller.cc:188:26
    #1 0x2f2fb23 in Run base/callback.h:64:12
    #2 0x2f2fb23 in Invoke<const base::Callback<void (bool), base::internal::CopyMode::Copyable, base::internal::RepeatMode::Repeating> &, const bool &> base/bind_internal.h:264
    #3 0x2f2fb23 in MakeItSo<const base::Callback<void (bool), base::internal::CopyMode::Copyable, base::internal::RepeatMode::Repeating> &, const bool &> base/bind_internal.h:285
    #4 0x2f2fb23 in RunImpl<const base::Callback<void (bool), base::internal::CopyMode::Copyable, base::internal::RepeatMode::Repeating> &, const std::tuple<bool> &, 0> base/bind_internal.h:361
    #5 0x2f2fb23 in base::internal::Invoker<base::internal::BindState<base::Callback<void (bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, bool>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:339
    #6 0x1e530b0 in Run base/callback.h:47:12
    #7 0x1e530b0 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:52
    #8 0x1d45f22 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:413:19
    #9 0x1d46deb in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) base/message_loop/message_loop.cc:422:5
    #10 0x1d47e53 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:515:13
    #11 0x1d52156 in HandleDispatch base/message_loop/message_pump_glib.cc:267:25
    #12 0x1d52156 in base::(anonymous namespace)::WorkSourceDispatch(_GSource*, int (*)(void*), void*) base/message_loop/message_pump_glib.cc:109
    #13 0x7fcbd4b45d12 in g_main_dispatch /build/buildd/glib2.0-2.32.4/./glib/gmain.c:2539
    #14 0x7fcbd4b45d12 in g_main_context_dispatch /build/buildd/glib2.0-2.32.4/./glib/gmain.c:3075

0x61100003cbe9 is located 105 bytes inside of 232-byte region [0x61100003cb80,0x61100003cc68)
freed by thread T0 here:
    #0 0x62d9ab in operator delete(void*) (/b/swarm_slave/w/iruwB0o2/out/Release/ash_unittests+0x62d9ab)
    #1 0x1bb89c8 in operator() build/linux/ubuntu_precise_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:63:2
    #2 0x1bb89c8 in reset build/linux/ubuntu_precise_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:245
    #3 0x1bb89c8 in ash::PowerButtonController::~PowerButtonController() ash/wm/power_button_controller.cc:58
    #4 0x1bb8b0d in ash::PowerButtonController::~PowerButtonController() ash/wm/power_button_controller.cc:54:49
    #5 0x1b7ad75 in operator() build/linux/ubuntu_precise_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:63:2
    #6 0x1b7ad75 in reset build/linux/ubuntu_precise_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:245
    #7 0x1b7ad75 in ash::Shell::~Shell() ash/shell.cc:517
    #8 0x1b7de1d in ash::Shell::~Shell() ash/shell.cc:414:17
    #9 0x4c8e736 in ash::test::AshTestHelper::TearDown() ash/test/ash_test_helper.cc:165:3
    #10 0xd7b675 in ash::AshTestHelperTest::TearDown() ash/test/ash_test_helper_unittest.cc:31:23
    #11 0x2a150bb in testing::TestInfo::Run() testing/gtest/src/gtest.cc:2656:11
    #12 0x2a15e76 in testing::TestCase::Run() testing/gtest/src/gtest.cc:2774:28
    #13 0x2a2a2b6 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/src/gtest.cc:4647:43
    #14 0x2a298f7 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #15 0x2a298f7 in testing::UnitTest::Run() testing/gtest/src/gtest.cc:4255
    #16 0x1eb4148 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #17 0x1eb4148 in base::TestSuite::Run() base/test/test_suite.cc:246
    #18 0x1eb7564 in Run base/callback.h:64:12
    #19 0x1eb7564 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:211
    #20 0x1eb71be in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:453:10
    #21 0xd7baaa in main ash/test/ash_unittests.cc:14:10
    #22 0x7fcbcfe707ec in __libc_start_main /build/eglibc-oqps9y/eglibc-2.15/csu/libc-start.c:226

previously allocated by thread T0 here:
    #0 0x62cd6b in operator new(unsigned long) (/b/swarm_slave/w/iruwB0o2/out/Release/ash_unittests+0x62cd6b)
    #1 0x1bb870c in ash::PowerButtonController::PowerButtonController(ash::LockStateController*) ash/wm/power_button_controller.cc:48:7
    #2 0x1b75c4c in ash::Shell::Init(ash::ShellInitParams const&) ash/shell.cc:730:11
    #3 0x1b74136 in ash::Shell::CreateInstance(ash::ShellInitParams const&) ash/shell.cc:188:14
    #4 0x4c8de78 in ash::test::AshTestHelper::SetUp(bool, ash::MaterialDesignController::Mode) ash/test/ash_test_helper.cc:136:3
    #5 0xd7b59e in ash::AshTestHelperTest::SetUp() ash/test/ash_test_helper_unittest.cc:26:23
    #6 0x2a12e76 in HandleExceptionsInMethodIfSupported<testing::Test, void> testing/gtest/src/gtest.cc:2458:12
    #7 0x2a12e76 in testing::Test::Run() testing/gtest/src/gtest.cc:2470
    #8 0x2a150bb in testing::TestInfo::Run() testing/gtest/src/gtest.cc:2656:11
    #9 0x2a15e76 in testing::TestCase::Run() testing/gtest/src/gtest.cc:2774:28
    #10 0x2a2a2b6 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/src/gtest.cc:4647:43
    #11 0x2a298f7 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #12 0x2a298f7 in testing::UnitTest::Run() testing/gtest/src/gtest.cc:4255
    #13 0x1eb4148 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #14 0x1eb4148 in base::TestSuite::Run() base/test/test_suite.cc:246
    #15 0x1eb7564 in Run base/callback.h:64:12
    #16 0x1eb7564 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:211
    #17 0x1eb71be in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:453:10
    #18 0xd7baaa in main ash/test/ash_unittests.cc:14:10
    #19 0x7fcbcfe707ec in __libc_start_main /build/eglibc-oqps9y/eglibc-2.15/csu/libc-start.c:226

SUMMARY: AddressSanitizer: heap-use-after-free ash/system/chromeos/power/tablet_power_button_controller.cc:188:26 in ash::TabletPowerButtonController::OnGotInitialBacklightsForcedOff(bool)
Shadow bytes around the buggy address:
  0x0c227ffff920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c227ffff930: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c227ffff940: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c227ffff950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c227ffff960: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa
=>0x0c227ffff970: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
  0x0c227ffff980: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c227ffff990: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c227ffff9a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c227ffff9b0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227ffff9c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22358==ABORTING

TabletPowerButtonController was introduced by this CL.
https://codereview.chromium.org/2474913004
"Tablet-like power button behavior on Convertible/Tablet ChromeOS devices"

I will revert this cl.

Created a revert patch: https://codereview.chromium.org/2496043004/

 Issue 665281  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2b31faaf2a38e64e3950e40f9558ece3fdef4307

commit 2b31faaf2a38e64e3950e40f9558ece3fdef4307
Author: horo <horo@chromium.org>
Date: Tue Nov 15 03:57:54 2016

Revert of Tablet-like power button behavior on Convertible/Tablet ChromeOS devices (patchset #12 id:300001 of https://codereview.chromium.org/2474913004/ )

Reason for revert:
Caused failures of AshTestHelperTest.AshTestHelper in ash_unittests.
See  http://crbug.com/665278 

BUG= 665278 

Original issue's description:
> Tablet-like power button behavior on Convertible/Tablet ChromeOS devices
>
> Changes:
> device consistency: convertible/tablet chromeos devices follow the behavior described in go/touchview-power convertible behavior; other devices follow clamshell behavior.
>
> BUG= 633304 
> TEST=manually test; add unitttest
>
> Committed: https://crrev.com/72135ade1aacb9f9fcfe61f8a704567a98cc3178
> Cr-Commit-Position: refs/heads/master@{#431931}

TBR=derat@chromium.org,warx@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 633304 

Review-Url: https://codereview.chromium.org/2496043004
Cr-Commit-Position: refs/heads/master@{#432089}

[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/ash/BUILD.gn
[delete] https://crrev.com/8c16443d571c056044eece9afb1066308fb0c593/ash/system/chromeos/power/tablet_power_button_controller.cc
[delete] https://crrev.com/8c16443d571c056044eece9afb1066308fb0c593/ash/system/chromeos/power/tablet_power_button_controller.h
[delete] https://crrev.com/8c16443d571c056044eece9afb1066308fb0c593/ash/system/chromeos/power/tablet_power_button_controller_unittest.cc
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/ash/wm/lock_state_controller.h
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/ash/wm/lock_state_controller_unittest.cc
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/ash/wm/power_button_controller.cc
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/ash/wm/power_button_controller.h
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/chromeos/dbus/fake_power_manager_client.cc
[modify] https://crrev.com/2b31faaf2a38e64e3950e40f9558ece3fdef4307/chromeos/dbus/fake_power_manager_client.h

Reland fixed cl for 633304