New issue
Advanced search Search tips

Issue 718105 link

Starred by 2 users
Status: Fixed
Owner:
toniki...@chromium.org
Closed: Jul 2017
Cc:
mustash-bugs@google.com
kylec...@chromium.org
sky@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Display::UpdateTextInputState crashing mus_browser_tests

Project Member Reported by jonr...@chromium.org, May 3 2017 
A new crash has shown up in mus_browser_tests. Ran via: out/${OUT_DIR}/browser_tests --run-in-mus

Example stack trace:
[2/163] BrowsingDataRemoverTransportSecurityStateBrowserTest.ClearTransportSecurityState (1334 ms)
Received signal 11 SEGV_MAPERR 000000000050
#0 0x00000304dfac base::debug::StackTrace::StackTrace()
#1 0x00000304db11 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fcce3232330 <unknown>
#3 0x000006ce4103 ui::ws::Display::UpdateTextInputState()
#4 0x000006cec8b4 ui::ws::ServerWindow::SetTextInputState()
#5 0x000006cde833 ui::ws::WindowTree::SetImeVisibility()
#6 0x000001de701c ui::mojom::WindowTreeStubDispatch::Accept()
#7 0x000003f0775b mojo::internal::MultiplexRouter::ProcessIncomingMessage()
#8 0x000003f07179 mojo::internal::MultiplexRouter::Accept()
#9 0x000003f012b8 mojo::Connector::ReadSingleMessage()
#10 0x000003f01761 mojo::Connector::ReadAllAvailableMessages()
#11 0x000003f0ecb4 mojo::SimpleWatcher::OnHandleReady()
#12 0x0000030d6422 base::debug::TaskAnnotator::RunTask()
#13 0x00000306684b base::MessageLoop::RunTask()
#14 0x000003066b6b base::MessageLoop::DeferOrRunPendingTask()
#15 0x0000030670ad base::MessageLoop::DoWork()
#16 0x000003068849 base::MessagePumpLibevent::Run()
#17 0x00000306657e base::MessageLoop::RunHandler()
#18 0x000003086aa3 base::RunLoop::Run()
#19 0x000003041e92 (anonymous namespace)::StartEmbeddedService()
#20 0x0000020bdaad _ZN4base8internal7InvokerINS0_9BindStateIPFvN4mojo16InterfaceRequestIN5blink5mojom19KeyboardLockServiceEEEEJEEES9_E3RunEPNS0_13BindStateBaseEOS8_
#21 0x000001e6055c service_manager::RunStandaloneService()
#22 0x000003041b5d RunMashBrowserTests()
#23 0x0000030419d7 main
#24 0x7fccdf8a7f45 __libc_start_main
#25 0x00000061b04e <unknown>
  r8: 0000000000000000  r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000001
 r12: 00007ffe07343260 r13: 00007ffe073432d8 r14: 00007ffe073432d8 r15: 00002ecae54fb780
  di: 0000000000000000  si: 00002ecae54fb780  bp: 00007ffe07343250  bx: 0000000000000000
  dx: 00007ffe073432d8  ax: 0000000000000000  cx: 0000000000000000  sp: 00007ffe07343230
  ip: 0000000006ce4103 efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000050
[end of stack trace]

However this log also has a bunch of manifest failures for mash_session:
[0503/102452.555035:ERROR:instance.cc(71)] Unable to locate service manifest for mash_session
[0503/102452.555063:ERROR:service_manager.cc(1024)] Failed to resolve service name: mash_session

I've seen these recently locally in mash_browser_tests, it seems to be from subsequent tests having an invalid manifest. But I haven't finished debugging locally. We may just be in an invalid state.

Trybot log:
https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium.chromiumos%2FLinux_ChromiumOS_Ozone_Tests__1_%2F46513%2F%2B%2Frecipes%2Fsteps%2Fmus_browser_tests%2F0%2Fstdout

Comment 1 by jonr...@chromium.org, May 3 2017

Components: MUS

Comment 2 by kylec...@chromium.org, May 3 2017

Status: Available (was: Untriaged)
mus_browser_tests are passing on "linux_chromium_chromeos_ozone_rel_ng" where it's built/isolated on the same bot. The test is failing on "Linux ChromiumOS Ozone Tests (1)" where it's isolated but it gets built on "Linux ChromiumOS Ozone Builder". Is it possible that some manifest isn't getting copied between the two trybots?

Comment 3 by jonr...@chromium.org, May 3 2017 

Maybe? We don't currently report successful manifest connections. Only failures.

With the first test passing I think at least one of the parallel runs has access to the manifest.

Comment 4 by jonr...@chromium.org, Jul 13 2017

Status: Untriaged (was: Available)

Comment 5 by sky@chromium.org, Jul 13 2017 

I think it's crashing because the TextInputState mojom doesn't match the enum. If this is in fact causing the crash, then https://chromium-review.googlesource.com/c/570056/ should fix it.
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1bd7abc4753464b2af466ba95eb6ccd9327f76f0

commit 1bd7abc4753464b2af466ba95eb6ccd9327f76f0
Author: Antonio Gomes <tonikitoo@igalia.com>
Date: Mon Jul 17 04:44:48 2017

Add entries for content editable and date/time field in Mojo's text input state

Both chrome --mash and chrome --mus --use-ime-service use
InputMethodMus for IME. In such cases, pages with 'content editable'
elements simply hang with the following error and stack trace:

  [ERROR:validation_errors.cc(90)] Invalid message: VALIDATION_ERROR_UNKNOWN_ENUM_VALUE

  #1 0x56228f4e5a9e mojo::internal::ReportValidationError()
  #2 0x56228c7ee648 mojo::internal::TextInputState_Data::Validate()
  #3 0x56228c7e2da9 ui::mojom::internal::WindowTree_SetImeVisibility_Params_Data::Validate()
  #4 0x56228c9dfbe2 ui::mojom::WindowTreeRequestValidator::Accept()
  #5 0x56228f4d423c mojo::FilterChain::Accept()
  #6 0x56228f4d5755 mojo::InterfaceEndpointClient::HandleIncomingMessage()
  #7 0x56228f4dc84c mojo::internal::MultiplexRouter::ProcessIncomingMessage()
  #8 0x56228f4dc03f mojo::internal::MultiplexRouter::Accept()
  #9 0x56228f4d4256 mojo::FilterChain::Accept()
  (...)

This happens because in InputMethodMus::UpdateTextInputType,
ui::TextInputType::TEXT_INPUT_TYPE_CONTENT_EDITABLE is the value
(correctly) used to construct the mojo::TextInputState instance
to be sent to Mus.
Down the road, WindowTreeClient::SetImeVisibility calls out to Mus
passing the mojo::TextInputState instance created previously.

At the mojo validation step, it fails (see stack above) because
text_input_state.mojom does not declare CONTENT_EDITABLE
(see IsKnownValue impl in <out>/gen/ui/platform_window/mojo/text_input_state.mojom-shared-internal.h).

Patch fixes this by syncing up ui::TextInputType, blink::WebTextInputType
and mojo::TextInputType.

PS: For the sake of completeness, DATE_TIME_FIELD enum item was added,
    and mojo::TextInputType::LAST is renamed to ::MAX in order to be able to
    compile assert it against ui::TEXT_INPUT_TYPE_MAX.

TEST=load any page with 'contenteditable' attr, in chrome --mash.

BUG= 718105 , 742491 

Change-Id: Icbea847e7fc655ca3c04243fefb8d67abaaa9239
Reviewed-on: https://chromium-review.googlesource.com/570056
Commit-Queue: Antonio Gomes <tonikitoo@igalia.com>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487025}
[modify] https://crrev.com/1bd7abc4753464b2af466ba95eb6ccd9327f76f0/ui/platform_window/mojo/OWNERS
[modify] https://crrev.com/1bd7abc4753464b2af466ba95eb6ccd9327f76f0/ui/platform_window/mojo/ime_type_converters.cc
[modify] https://crrev.com/1bd7abc4753464b2af466ba95eb6ccd9327f76f0/ui/platform_window/mojo/text_input_state.mojom

Comment 7 by sky@chromium.org, Jul 17 2017

Owner: toniki...@chromium.org
Status: Fixed (was: Untriaged)

Comment 8 by lafo...@chromium.org, Feb 26 2018

Components: -MUS Internals>Services>WindowService

Sign in to add a comment