New issue
Advanced search Search tips

Issue 686936 link

Starred by 2 users
Status: Verified
Owner:
msw@chromium.org
Closed: Feb 2017
Cc:
jamescook@chromium.org
sky@chromium.org
mustash-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

mash: Crash opening Files app

Project Member Reported by msw@chromium.org, Jan 31 2017 
mash: Crash opening Files app
(1) build chrome and mash:all on linux on ToT @ #447052
    (revert ceb64f73f7bf1e1ae1914970c9adc455f564a1e9 locally for  Issue 686856 )
(2) run "chrome --mash"
(3) Click the app list shelf item (circle) to open the app list.
(3) Click the Files app
Expected: Files app opens and works.
Actual: Crash! Callstack below (related to app icon property conversion).

#0  gfx::internal::ImageSkiaStorage::CanRead (this=0xcdcdcdcdcdcdcdcd) at ../../ui/gfx/image/image_skia.cc:165
#1  0x00007f0106616c39 in gfx::ImageSkia::CanRead (this=0x35791b6a7a60) at ../../ui/gfx/image/image_skia.cc:515
#2  0x00007f010661727b in gfx::ImageSkia::GetRepresentation (this=0x35791b6a7a60, scale=1) at ../../ui/gfx/image/image_skia.cc:412
#3  0x00007f00fb35b088 in aura::PropertyConverter::ConvertPropertyForTransport (this=0x3579195aa220, window=0x35791b1ce260, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>, transport_name=0x35791ac0ad98, 
    transport_value=0x35791ac0ada0) at ../../ui/aura/mus/property_converter.cc:73
#4  0x00007f00fb37921a in aura::WindowTreeClient::OnWindowMusWillChangeProperty (this=0x3579195d8020, window=0x357919271648, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>)
    at ../../ui/aura/mus/window_tree_client.cc:723
#5  0x00007f00fb36c7cc in aura::WindowPortMus::OnWillChangeProperty (this=0x357919271640, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>) at ../../ui/aura/mus/window_port_mus.cc:431
#6  0x00007f00fb3b1694 in aura::Window::BeforePropertyChange (this=0x35791b1ce260, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>) at ../../ui/aura/window.cc:652
#7  0x00007f00fb3b16e6 in non-virtual thunk to aura::Window::BeforePropertyChange(void const*) () at ../../build/linux/ubuntu_precise_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/tuple:168
#8  0x00007f010551bad6 in ui::PropertyHandler::SetPropertyInternal (this=0x35791b1ce310, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>, name=0x7f00fb563991 "kAppIconKey", 
    deallocator=0x7f00fb325ed0 <aura::client::(anonymous namespace)::DeallocatorkAppIconKey(long)>, value=58794268354016, default_value=0) at ../../ui/base/class_property.cc:24
#9  0x00007f00fb3267f7 in ui::subtle::PropertyHelper::Set<gfx::ImageSkia*> (handler=0x35791b1ce310, property=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>, value=0x35791b7ae5e0)
    at ../../ui/base/class_property.h:157
#10 0x00007f00fb325955 in ui::PropertyHandler::SetProperty<gfx::ImageSkia*> (this=0x35791b1ce310, property=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>, value=0x35791b7ae5e0)
    at ../../ui/aura/client/aura_constants.cc:14
#11 0x00007f00fcf97a19 in views::(anonymous namespace)::SetIcon (window=0x35791b1ce260, key=0x7f00fb634d68 <aura::client::(anonymous namespace)::kAppIconKey_Value>, value=...) at ../../ui/views/widget/native_widget_aura.cc:94
#12 0x00007f00fcf9797d in views::NativeWidgetAura::AssignIconToAuraWindow (window=0x35791b1ce260, window_icon=..., app_icon=...) at ../../ui/views/widget/native_widget_aura.cc:129
#13 0x00007f00fcf91048 in views::DesktopNativeWidgetAura::SetWindowIcons (this=0x35791b2a4820, window_icon=..., app_icon=...) at ../../ui/views/widget/desktop_aura/desktop_native_widget_aura.cc:659
#14 0x00007f00fcf4af7e in views::Widget::UpdateWindowIcon (this=0x35791d05b460) at ../../ui/views/widget/widget.cc:830
#15 0x00007f010eb8934c in native_app_window::NativeAppWindowViews::UpdateWindowIcon (this=0x35791d172420) at ../../extensions/components/native_app_window/native_app_window_views.cc:350
#16 0x00007f0109a9a85a in extensions::AppWindow::NavigationStateChanged (this=0x35791bf52f20, source=0x35791af91e20, changed_flags=6) at ../../extensions/browser/app_window/app_window.cc:942
#17 0x00007f010266c5d6 in content::WebContentsImpl::NotifyNavigationStateChanged (this=0x35791af91e20, changed_flags=6) at ../../content/browser/web_contents/web_contents_impl.cc:1305
#18 0x00007f0102675b51 in content::WebContentsImpl::LoadStateChanged (this=0x35791af91e20, url=..., load_state=..., upload_position=0, upload_size=0) at ../../content/browser/web_contents/web_contents_impl.cc:3004
#19 0x00007f01020d1167 in content::LoaderDelegateImpl::LoadStateChanged (this=0x3579196a66a0, web_contents=0x35791af91e20, url=..., load_state=..., upload_position=0, upload_size=0)
    at ../../content/browser/loader_delegate_impl.cc:44
#20 0x00007f010207f80f in content::ResourceDispatcherHostImpl::UpdateLoadStateOnUI (loader_delegate=0x3579196a66a0, 
    infos=std::unique_ptr<std::__debug::vector<content::ResourceDispatcherHostImpl::LoadInfo, std::allocator<content::ResourceDispatcherHostImpl::LoadInfo> >> containing 0x0)
    at ../../content/browser/loader/resource_dispatcher_host_impl.cc:2514

Comment 1 by jamescook@chromium.org, Jan 31 2017 

use-after-free on an ImageSkia?

Comment 2 by msw@chromium.org, Feb 2 2017

Status: Fixed (was: Assigned)
This should be fixed by two CLs:
  https://codereview.chromium.org/2667743003
  https://codereview.chromium.org/2664113004
Project Member

Comment 3 by bugdroid1@chromium.org, Feb 2 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8329bfa3d93c3e5cd84a82268500af6989f157f3

commit 8329bfa3d93c3e5cd84a82268500af6989f157f3
Author: msw <msw@chromium.org>
Date: Thu Feb 02 19:34:53 2017

Reland: mash: Fix MusPropertyMirrorAsh for owned properties; add test.

The original CL (PS1) was reverted for test failures, which I fixed here.
Differences from the the original CL:
-Make ash/public/cpp a component to support exporting symbols
(this allows ash and clients to share window property keys)
(rename cpp component to ash_public_cpp to avoid name conflict)
-Move ShelfItem back to ash/common/shelf (shouldn't be used externally)
-Move the shelf item types into ash/public/cpp/shelf_types.h
-TODO: rename ash/common/shelf/shelf_item_types.* to shelf_item.*

Modified Original Description:

mash: Fix MusPropertyMirrorAsh for owned properties; add test.

I fixed gfx::ImageSkia in: https://codereview.chromium.org/2667743003
This CL fixes the owned string properties similarly.
Move the ash mirror to it's own file; add mash_unittest fixtures.
Remove the ShelfID mirroring (this prop hopefully shouldn't be needed)

Fallout from move to ash/public/cpp:
-Move some shelf_item_types.h to ash/public/cpp/shelf_types.h
-Move kInvalidShelfID to avoid moving shelf_constants.h (better home)
-Move two mirrored ash window properties to ash/public/cpp

BUG= 686936 
TEST=automated; no crashes running apps on chrome --mash.
R=sky@chromium.org

Review-Url: https://codereview.chromium.org/2669633003
Cr-Commit-Position: refs/heads/master@{#447455}
Committed: https://chromium.googlesource.com/chromium/src/+/612e45de4250e73fa0df767121d7d6ae4f2c9c83

patch from issue 2669633003 at patchset 100001 (http://crrev.com/2669633003#ps100001)

Review-Url: https://codereview.chromium.org/2664113004
Cr-Commit-Position: refs/heads/master@{#447819}

[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/autoclick/mus/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/BUILD.gn
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/mus_property_mirror_ash_unittest.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/shelf/shelf_constants.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/shelf/shelf_item_types.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/test/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/common/wm_window.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/mus/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/mus/window_manager.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/BUILD.gn
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/ash_public_export.h
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/mus_property_mirror_ash.cc
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/mus_property_mirror_ash.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/shelf_types.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/shell_window_ids.h
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/window_properties.cc
[add] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/cpp/window_properties.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/interfaces/session_controller.typemap
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/interfaces/shelf.typemap
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/public/interfaces/wallpaper.typemap
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/shell/panel_window.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/test/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/touch_hud/mus/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/wm/dock/docked_window_resizer_unittest.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/wm/panels/panel_window_resizer_unittest.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/wm/window_properties.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/ash/wm/window_properties.h
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/ash/launcher/chrome_launcher_controller_impl_browsertest.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/ash/launcher/settings_window_observer.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/views/apps/chrome_native_app_window_views_aura_ash.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/views/ash/chrome_browser_main_extra_parts_ash.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/chrome/browser/ui/views/task_manager_view.cc
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/components/exo/BUILD.gn
[modify] https://crrev.com/8329bfa3d93c3e5cd84a82268500af6989f157f3/components/exo/wayland/BUILD.gn

Comment 4 by rookrishna@chromium.org, Mar 29 2017

Labels: mash

Comment 5 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 6 by sdantul...@chromium.org, May 11 2017

Labels: Needs-Feedback
Trying to verify this bug and other bugs related to mash.

When I enable Mojo UI Service (mash) flag from chrome://flags, my device goes crazy and I cannot use anything. Screen blinks continuosly and user is signed out. I need to powerwash my device to work on it again.

Comment 7 by sdantul...@chromium.org, May 11 2017

Status: Verified (was: Fixed)

Sign in to add a comment