New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 814308 link

Starred by 3 users
Status: Verified
Owner:
blundell@chromium.org
Closed: Feb 2018
Cc:
blundell@chromium.org
pneubeck@chromium.org
brajkumar@chromium.org
mattm@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocking:
issue 815183



Sign in to add a comment

WindowActivityWatcherTest.Incognito fails on UBSanVptr bot

Project Member Reported by thakis@chromium.org, Feb 21 2018 
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fchromium.clang%2FToTLinuxUBSanVptr%2F1862%2F%2B%2Frecipes%2Fsteps%2Funit_tests%2F0%2Flogs%2FWindowActivityWatcherTest.Incognito%2F0

[ RUN      ] WindowActivityWatcherTest.Incognito
Received signal 11 SEGV_MAPERR 000000000000
#0 0x00000d90300d base::debug::StackTrace::StackTrace()
#1 0x00000d902963 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fb541566330 <unknown>
#3 0x00000e61dff5 IdentityManagerFactory::GetForProfile()
#4 0x000011a57da4 autofill::AutofillManager::AutofillManager()
#5 0x000011a57b35 autofill::AutofillManager::AutofillManager()
#6 0x000012b0e944 autofill::ContentAutofillDriver::ContentAutofillDriver()
#7 0x000012b16577 autofill::(anonymous namespace)::CreateDriver()
#8 0x000012b16a13 _ZN4base8internal7InvokerINS0_9BindStateIPFNSt3__110unique_ptrIN8autofill14AutofillDriverENS3_14default_deleteIS6_EEEEPN7content15RenderFrameHostEPNS5_14AutofillClientERKNS3_12basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS5_15AutofillHandler28AutofillDownloadManagerStateEPNS5_16AutofillProviderEEJSC_SE_SK_SO_SQ_EEEFS9_vEE3RunEPNS0_13BindStateBaseE
#9 0x000012b1742b autofill::AutofillDriverFactory::AddForKey()
#10 0x000012b1641a autofill::ContentAutofillDriverFactory::RenderFrameCreated()
#11 0x0000098e2265 content::WebContentsImpl::RenderFrameCreated()
#12 0x00000913fc51 content::RenderFrameHostImpl::SetRenderFrameCreated()
#13 0x00000c06944f content::TestRenderViewHost::CreateRenderView()
#14 0x00000c073882 content::TestWebContents::CreateRenderViewForRenderManager()
#15 0x00000c07395d content::TestWebContents::CreateRenderViewForRenderManager()
#16 0x0000091adec7 content::RenderFrameHostManager::InitRenderView()
#17 0x00000919eab1 content::RenderFrameHostManager::ReinitializeRenderFrame()
#18 0x00000919a4ca content::RenderFrameHostManager::GetFrameHostForNavigation()
#19 0x000009198840 content::RenderFrameHostManager::DidCreateNavigationRequest()
#20 0x000009075651 content::FrameTreeNode::CreatedNavigationRequest()
#21 0x00000910190d content::NavigatorImpl::RequestNavigation()
#22 0x0000091001b1 content::NavigatorImpl::NavigateToEntry()
#23 0x000009102236 content::NavigatorImpl::NavigateToPendingEntry()
#24 0x0000090b712c content::NavigationControllerImpl::NavigateToPendingEntryInternal()
#25 0x00000909cd5e content::NavigationControllerImpl::NavigateToPendingEntry()
#26 0x00000909dbf1 content::NavigationControllerImpl::LoadEntry()
#27 0x0000090a3b51 content::NavigationControllerImpl::LoadURLWithParams()
#28 0x0000090a2398 content::NavigationControllerImpl::LoadURL()
#29 0x00000c039674 content::NavigationSimulator::SimulateBrowserInitiatedStart()
#30 0x00000c038848 content::NavigationSimulator::Start()
#31 0x00000c03ce73 content::NavigationSimulator::ReadyToCommit()
#32 0x00000c03e1a7 content::NavigationSimulator::Commit()
#33 0x00001a3e94db TabActivitySimulator::Navigate()
#34 0x00001a3e9971 TabActivitySimulator::AddWebContentsAndNavigate()
#35 0x000004ee4461 WindowActivityWatcherTest::AddTab()
#36 0x000004ee9a28 WindowActivityWatcherTest_Incognito_Test::TestBody()
#37 0x00000777d2b6 testing::Test::Run()


Started in this build https://ci.chromium.org/buildbot/chromium.clang/ToTLinuxUBSanVptr/1862


https://chromium-review.googlesource.com/904992 looks pretty related?

Comment 1 by blundell@chromium.org, Feb 21 2018

Cc: -blundell@chromium.org
Owner: blundell@chromium.org
Status: Started (was: Untriaged)

Comment 2 by blundell@chromium.org, Feb 21 2018

Cc: brajkumar@chromium.org blundell@chromium.org
 Issue 814020  has been merged into this issue.
Project Member

Comment 3 by ClusterFuzz, Feb 21 2018

Components: Services>SignIn UI>Browser>Autofill
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 5 by thakis@chromium.org, Feb 23 2018

Blocking: 815183
That change landed, but the test is still red, see e.g. https://ci.chromium.org/buildbot/chromium.clang/ToTLinuxUBSanVptr/1901

Comment 6 by mattm@chromium.org, Feb 24 2018

Cc: pneubeck@chromium.org mattm@chromium.org
 Issue 815192  has been merged into this issue.

Comment 7 by thakis@chromium.org, Feb 26 2018 

blundell: https://ci.chromium.org/buildbot/chromium.clang/ToTLinuxUBSanVptr/?limit=200 has been red for close to a week now, how are things looking here?

Comment 8 by blundell@chromium.org, Feb 27 2018 

The CL didn't land yet. I was OOO Friday and Monday, and I forgot that the CL needed an //ios/chrome stamp to go through. I'll land it today.
Project Member

Comment 9 by bugdroid1@chromium.org, Feb 27 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4fe42077fff1897f316568daa2f7381f331b7402

commit 4fe42077fff1897f316568daa2f7381f331b7402
Author: Colin Blundell <blundell@chromium.org>
Date: Tue Feb 27 16:30:17 2018

Fixup of how AutofillClient impls get IdentityManager after r537790

https://chromium-review.googlesource.com/904992 added a new
AutofillClient::GetIdentityManager() interface. That CL mistakenly
had the ChromeAutofillClient and ChromeAutofillClientIOS implementations
return the IdentityManager instance associated with the current Profile.
It should actually be the IdentityManager instance associated with the
*original Profile* (/ChromeBrowserState) to be parallel with those
clients' constructions of the ProfileIdentityProvider instances whose
usage IdentityManager is replacing in //components/autofill.

Note that I verified that these are the only client implementations that
need this fix:

- AWAutofillClient returns nullptr for both the IdentityProvider and the
IdentityManager.
- WebViewAutofillClient (in //ios) doesn't use the original
  ChromeBrowserState for anything, I assume because it doesn't have
  incognito.

This bug was uncovered by the UBSanVptr bot. Thanks, UBSanVptr bot!

Bug:  798413 ,  814308 
Cq-Include-Trybots: master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs
Change-Id: I3e87888bc622204a29b4f9d3990fa39e8b165eb3
Reviewed-on: https://chromium-review.googlesource.com/928654
Reviewed-by: Mathieu Perreault <mathp@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Reviewed-by: Jared Saul <jsaul@google.com>
Commit-Queue: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#539451}
[modify] https://crrev.com/4fe42077fff1897f316568daa2f7381f331b7402/chrome/browser/ui/autofill/chrome_autofill_client.cc
[modify] https://crrev.com/4fe42077fff1897f316568daa2f7381f331b7402/ios/chrome/browser/ui/autofill/chrome_autofill_client_ios.mm

Comment 10 by blundell@chromium.org, Feb 28 2018 

Bot is green again.
Project Member

Comment 11 by ClusterFuzz, Feb 28 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5809080590139392 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 12 by thakis@chromium.org, Feb 28 2018 

Thanks!

Sign in to add a comment