The test is crashing. But is this site-per-process related...?

STDOUT: #CRASHED - renderer
STDERR: [26932:775:1119/134531.817297:ERROR:validation_errors.cc(76)] Invalid message: VALIDATION_ERROR_UNEXPECTED_NULL_POINTER (null field 1)
STDERR: [26932:13571:1119/134531.817470:ERROR:render_process_host_impl.cc(4660)] Terminating render process for bad Mojo message: Received bad user message: Validation failed for LayoutTestControl ResponseValidator [VALIDATION_ERROR_UNEXPECTED_NULL_POINTER (null field 1)
STDERR: [26932:13571:1119/134531.817494:ERROR:bad_message.cc(27)] Terminating renderer for bad IPC message, reason 123

 Issue 906949  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d9f62a2e64871f4a2275f2f39abc61aa33995607

commit d9f62a2e64871f4a2275f2f39abc61aa33995607
Author: Yuta Kitamura <yutak@chromium.org>
Date: Tue Nov 20 06:59:07 2018

Update layout test expectations.

Bug: 906952, 906879 
Change-Id: I0c7bec172a28b37c8b8c3c8e33c7e2f1630d8404
Tbr: kolos@chromium.org
Tbr: pavely@chromium.org
Tbr: hongjunchoi@chromium.org
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1343475
Reviewed-by: Yuta Kitamura <yutak@chromium.org>
Commit-Queue: Yuta Kitamura <yutak@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609616}
[modify] https://crrev.com/d9f62a2e64871f4a2275f2f39abc61aa33995607/third_party/WebKit/LayoutTests/TestExpectations

Not bleeding anymore, down to P2.

I can't repro a crash at r609726 in either
    editing/pasteboard/file-drag-to-editable.html
or
    fast/events/before-unload-return-value-from-listener.html
:-(

Looking at out/Debug/gen/content/shell/common/layout_test.mojom-shared.cc, I see that there are multiple validations that match "null field 1" error message:
- ShellTestConfiguration_Data::Validate - current_working_directory
- LayoutTestControl_CaptureDump_ResponseParams_Data - result
- LayoutTestControl_DumpFrameLayout_ResponseParams_Data - frame_layout_dump
- LayoutTestControl_ReplicateTestConfiguration_Params_Data - config
- LayoutTestControl_SetTestConfiguration_Params_Data - config

rockot@, is it possible to provide more information in the validation messages, to help with identifying the messages that was malformed?  Is it possible to catch malformed messages earlier / on the sender side?  Isn't the fact that such malformed messages are possible to be sent/received (*) a bug in mojo?

(*) Without a compromised renderer^H^H^Hprocess in the picture.

Tentatively adding Internals>Sandbox>SiteIsolation - in case the flakiness is really caused by r609379.

Also adding Internals>Mojo...

Not sure if this still needs to be tracked in the sheriff queue (since the tests have been disabled and we are working on understanding the root cause of the flakiness).

The problem with providing more information in production is that it generally means increasing code size. DCHECKing on malformed messages sender-side is generally how we try to improve debugging in situations like this.

But in fact we *do* already DCHECK[1] if someone tries to encode a null value for a non-nullable field. Soooo... I don't know what to do with this.

[1] Specifically, https://cs.chromium.org/chromium/src/mojo/public/cpp/bindings/lib/validation_errors.h?rcl=2fa7d005593711746afda291d6eb4252ce423cb6&l=164 is used in all relevant places in generated code

If the sender is JS then that would be another story, but I don't think that's the case here, right?

RE: If the sender is JS then that would be another story, but I don't think that's the case here, right?

Right - all the senders are C++ AFAICT:

- content/shell/browser/layout_test/blink_test_controller.cc:
  ShellTestConfiguration / SetTestConfiguration / ReplicateTestConfiguration

- content/shell/renderer/layout_test/layout_test_render_frame_observer.cc:
  response to DumpFrameLayout and CaptureDump (with some help from
  BlinkTestRunner::dump_callback_)

I assume 1) that bots run layout tests with DCHECK enabled and 2) a DCHECK would somehow register in the test output (just like the bad message detection+kill does show up).  Not sure how to verify these assumptions.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ab69fdf75f0c97e60fffc56a6cdc066dc21810b7

commit ab69fdf75f0c97e60fffc56a6cdc066dc21810b7
Author: Robert Flack <flackr@chromium.org>
Date: Mon Dec 03 17:50:30 2018

Disable virtual test also crashing with same reason.

before-unload-return-value-from-listener.html is also crashing on the
virtual test suite virtual/mouseevent_fractional with the same reason.

TBR=yutak@chromium.org

Bug: 906952
Change-Id: Ie778939ed40f13d6e1b6e263a6c3266a9427826f
Reviewed-on: https://chromium-review.googlesource.com/c/1358915
Reviewed-by: Robert Flack <flackr@chromium.org>
Commit-Queue: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#613146}
[modify] https://crrev.com/ab69fdf75f0c97e60fffc56a6cdc066dc21810b7/third_party/blink/web_tests/TestExpectations

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/40ed6c995d45d4c9d97d37f36cd47dd1c327fc3a

commit 40ed6c995d45d4c9d97d37f36cd47dd1c327fc3a
Author: Friedrich Horschig <fhorschig@chromium.org>
Date: Wed Dec 12 14:14:42 2018

[WPT][Flaky] Mark before-unload-return-value-from-listener.html flaky

Like other before-unload-return-value-from-listener.html, this one also
crashes flakily with the "bad mojo message" reason.

It also has a history of flakiness:
https://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=virtual%2Fuser-activation-v2%2Ffast%2Fevents%2Fbefore-unload-return-value-from-listener.html&testType=webkit_layout_tests

TBR=yutak@chromium.org

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 906952
Change-Id: I13b618385de5a49f83638229b05454ef38092fad
Reviewed-on: https://chromium-review.googlesource.com/c/1373762
Reviewed-by: Friedrich Horschig [CET] <fhorschig@chromium.org>
Commit-Queue: Friedrich Horschig [CET] <fhorschig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#615879}
[modify] https://crrev.com/40ed6c995d45d4c9d97d37f36cd47dd1c327fc3a/third_party/blink/web_tests/TestExpectations

Findit identified the culprit r617922 as introducing flaky test(s)
summarized in https://findit-for-me.appspot.com/waterfall/flake/flake-culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyQwsSDEZsYWtlQ3VscHJpdCIxY2hyb21pdW0vNWE2YjUyNzM0ZThkYjQ1ZGZhMmIwZjcxYzE3MjBiZDEyN2Q5MjEzOQw

Please revert the culprit or disable the test(s) asap. If you are the owner,
please fix!

If the culprit above is wrong, please file a bug using this link:
https://bugs.chromium.org/p/chromium/issues/entry?status=Unconfirmed&labels=Pri-1,Test-Findit-Wrong&components=Tools%3ETest%3EFindit%3EFlakiness&summary=%5BFindit%5D%20Flake%20Analyzer%20-%20Wrong%20culprit%20r617922&comment=Link%20to%20Culprit%3A%20https://findit-for-me.appspot.com/waterfall/flake/flake-culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyQwsSDEZsYWtlQ3VscHJpdCIxY2hyb21pdW0vNWE2YjUyNzM0ZThkYjQ1ZGZhMmIwZjcxYzE3MjBiZDEyN2Q5MjEzOQw

Automatically posted by the findit-for-me app (https://goo.gl/Ot9f7N).

Findit identified the culprit r617922 as introducing flaky test(s)
summarized in https://findit-for-me.appspot.com/waterfall/flake/flake-culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyQwsSDEZsYWtlQ3VscHJpdCIxY2hyb21pdW0vNWE2YjUyNzM0ZThkYjQ1ZGZhMmIwZjcxYzE3MjBiZDEyN2Q5MjEzOQw

Please revert the culprit or disable the test(s) asap. If you are the owner,
please fix!

If the culprit above is wrong, please file a bug using this link:
https://bugs.chromium.org/p/chromium/issues/entry?status=Unconfirmed&labels=Pri-1,Test-Findit-Wrong&components=Tools%3ETest%3EFindit%3EFlakiness&summary=%5BFindit%5D%20Flake%20Analyzer%20-%20Wrong%20culprit%20r617922&comment=Link%20to%20Culprit%3A%20https://findit-for-me.appspot.com/waterfall/flake/flake-culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyQwsSDEZsYWtlQ3VscHJpdCIxY2hyb21pdW0vNWE2YjUyNzM0ZThkYjQ1ZGZhMmIwZjcxYzE3MjBiZDEyN2Q5MjEzOQw

Automatically posted by the findit-for-me app (https://goo.gl/Ot9f7N).