chrome://settings/syncSetup page crashes |
|||||||
Issue descriptionChrome Version: 68.0.3439.0 (Developer Build) (64-bit) OS: Linux What steps will reproduce the problem? (1) Set chrome://flags/#account-consistency to "Enabled Dice" (2) Set chrome://flags/#unified-consent to "Enabled (with consent bump)" (3) Log into Chrome with a Google account (4) Restart browser (5) Open chrome://settings/syncSetup What is the expected result? The sync setup page is opened. What happens instead? Chrome crashes because of a segmentation fault (there is no stack trace). git bisect found the following commit: 12b411d210a244ae501ca7fae57ce3e47f2bda7e is the first bad commit commit 12b411d210a244ae501ca7fae57ce3e47f2bda7e Author: Colin Blundell <blundell@chromium.org> Date: Wed May 23 09:24:26 2018 +0000 google_apis: Remove RequestLogin() from IdentityProvider This method is not used, and removing it is a nice clarification of the use case of this interface. TBR=jochen@chromium.org Bug: 809927 Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs Change-Id: I2ff8915f93612f029172f4b6478b7ea9eb04b9e6 Reviewed-on: https://chromium-review.googlesource.com/1046847 Commit-Queue: Colin Blundell <blundell@chromium.org> Reviewed-by: Colin Blundell <blundell@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Roger Tawa <rogerta@chromium.org> Cr-Commit-Position: refs/heads/master@{#561016} Assigning to Colin to investigate the issue. Let me know if you found something! Thanks!
,
May 29 2018
,
May 29 2018
I'm able to repro. My initial hunch is that the removal of the dependency from one of the factories onto LoginUIServiceFactory exposed some pre-existing missing dependency of another factory onto LoginUIServiceFactory, which is causing initialization order issues.
,
May 29 2018
Hi, The bug is actually in https://chromium-review.googlesource.com/c/chromium/src/+/974262. That CL adds the possibility of an infinite loop: - LoginUIServiceFactory::GetForProfile() calls the LoginUIService constructor on its first invocation - The LoginUIService constructor calls the ConsentBumpAuditor constructor - The ConsentBumpAuditor checks if there is an active browser and if so calls its own OnBrowserSetLastActive() method - ConsentBumpAuditor::OnBrowserSetLastActive() calls LoginUIServiceFactory::GetForProfile() ... https://chromium-review.googlesource.com/c/chromium/src/+/1046847 exposed this loop by removing calls to LoginUIServiceFactory::GetForProfile() (via LoginUIServiceFactory::GetShowLoginPopupCallbackFor()). Those calls were made early enough that LoginUIService was being constructed before there was an active browser. Without those calls, LoginUIService is now being constructed later when there is already an active browser. My guess is that c#1 is also related to LoginUIService being constructed after there is already an active browser; perhaps there is an implicit assumption on its early construction for correctness of the UI flow here? If so, BrowserContextKeyedBaseFactory::ServiceIsCreatedWithBrowserContext() will likely be useful. Note that LoginUIServiceFactory is also missing several DependsOn() relationships: on all of the KeyedServices that are used by LoginUIService as of https://chromium-review.googlesource.com/c/chromium/src/+/974262. I leave it to Thomas and Mihai to determine the proper fix here. Note that the fix should be cherrypicked to 68, as Thomas indicated with the label on this bug. Let me know if I can be of further help!
,
May 29 2018
Thank you for the analysis and the detailed description Colin! I'm working on a fix.
,
May 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b0b60641b8eeece1ee87fa664ba1109204ca46e5 commit b0b60641b8eeece1ee87fa664ba1109204ca46e5 Author: Thomas Tangl <tangltom@chromium.org> Date: Tue May 29 17:21:53 2018 Fix infinite loop in LoginUIService The call to LoginUIServiceFactory::GetForProfile(profile_) inside ConsentBumpActivator is removed to fix an infinite loop in the LoginUIService. Additional changes: - ConsentBumpActivator is only created when IsUnifiedConsentBumpEnabled() is true - LoginUIService is now created with the browser context - Missing dependencies are added to LoginUIServiceFactory Bug: 847238 Change-Id: I10850be8c3007ed6e68bc89bd64d9c1971d6a22b Reviewed-on: https://chromium-review.googlesource.com/1076067 Commit-Queue: Thomas Tangl <tangltom@chromium.org> Reviewed-by: Mihai Sardarescu <msarda@chromium.org> Cr-Commit-Position: refs/heads/master@{#562480} [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/ui/webui/signin/login_ui_service.cc [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/ui/webui/signin/login_ui_service_factory.cc [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/ui/webui/signin/login_ui_service_factory.h [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/ui/webui/signin/login_ui_service_unittest.cc [modify] https://crrev.com/b0b60641b8eeece1ee87fa664ba1109204ca46e5/chrome/browser/ui/webui/signin/user_manager_ui_browsertest.cc
,
May 30 2018
,
May 31 2018
Your change meets the bar and is auto-approved for M68. Please go ahead and merge the CL to branch 3440 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 31 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3bde22d3887320989762b67fae9c794860bc6b02 commit 3bde22d3887320989762b67fae9c794860bc6b02 Author: Thomas Tangl <tangltom@chromium.org> Date: Thu May 31 11:52:43 2018 Fix infinite loop in LoginUIService The call to LoginUIServiceFactory::GetForProfile(profile_) inside ConsentBumpActivator is removed to fix an infinite loop in the LoginUIService. Additional changes: - ConsentBumpActivator is only created when IsUnifiedConsentBumpEnabled() is true - LoginUIService is now created with the browser context - Missing dependencies are added to LoginUIServiceFactory Bug: 847238 Change-Id: I10850be8c3007ed6e68bc89bd64d9c1971d6a22b Reviewed-on: https://chromium-review.googlesource.com/1076067 Commit-Queue: Thomas Tangl <tangltom@chromium.org> Reviewed-by: Mihai Sardarescu <msarda@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#562480}(cherry picked from commit b0b60641b8eeece1ee87fa664ba1109204ca46e5) Reviewed-on: https://chromium-review.googlesource.com/1079872 Reviewed-by: Thomas Tangl <tangltom@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#58} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/ui/webui/signin/login_ui_service.cc [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/ui/webui/signin/login_ui_service_factory.cc [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/ui/webui/signin/login_ui_service_factory.h [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/ui/webui/signin/login_ui_service_unittest.cc [modify] https://crrev.com/3bde22d3887320989762b67fae9c794860bc6b02/chrome/browser/ui/webui/signin/user_manager_ui_browsertest.cc |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by tangltom@chromium.org
, May 28 201858.7 KB
58.7 KB View Download