New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 591806 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
dim...@chromium.org
EstimatedDays: ----
NextAction: 2019-07-09
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Disable flaky BrowserCloseManagerWithBackgroundModeBrowserTest.CloseSingleBrowserWithBackgroundMode

Project Member Reported by dim...@chromium.org, Mar 3 2016 
It flakes on ASAN bots frequently. Might be a significant issue.

Example of failed run: https://build.chromium.org/p/chromium.memory/builders/Linux%20ASan%20Tests%20%28sandboxed%29/builds/23742

Snippet form the log:
BrowserCloseManagerWithBackgroundModeBrowserTest/BrowserCloseManagerWithBackgroundModeBrowserTest.CloseSingleBrowserWithBackgroundMode/0 (run #1):
[ RUN      ] BrowserCloseManagerWithBackgroundModeBrowserTest/BrowserCloseManagerWithBackgroundModeBrowserTest.CloseSingleBrowserWithBackgroundMode/0
Xlib:  extension "RANDR" missing on display ":9".
Xlib:  extension "RANDR" missing on display ":9".
[7371:7371:0303/132436:WARNING:password_store_factory.cc(250)] Using basic (unencrypted) store for password storage. See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_password_storage.md for more information about password storage options.
[7455:7455:0303/132436:WARNING:ipc_message_attachment_set.cc(57)] MessageAttachmentSet destroyed with unconsumed descriptors: 0/1
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(242)] Failed to initialize GLES2CmdHelper.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(210)] CommandBufferProxy::Initialize failed.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(229)] Failed to initialize command buffer.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(210)] CommandBufferProxy::Initialize failed.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(229)] Failed to initialize command buffer.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(210)] CommandBufferProxy::Initialize failed.
[1:1:0303/132437:ERROR:webgraphicscontext3d_command_buffer_impl.cc(229)] Failed to initialize command buffer.
=================================================================
==7371==ERROR: AddressSanitizer: heap-use-after-free on address 0x6130000606c8 at pc 0x00000355e089 bp 0x7fc564a56270 sp 0x7fc564a56268
READ of size 8 at 0x6130000606c8 thread T15 (Chrome_IOThread)
    #0 0x355e088 in empty buildtools/third_party/libc++/trunk/include/deque:1322:42
    #1 0x355e088 in empty buildtools/third_party/libc++/trunk/include/queue:272:0
    #2 0x355e088 in InvokeQueue net/cookies/cookie_monster.cc:1443:0
    #3 0x355cf4d in OnLoaded net/cookies/cookie_monster.cc:1345:3
    #4 0x356d70f in Run\u003Cconst base::TimeTicks &, const std::__1::vector\u003Cnet::CanonicalCookie *, std::__1::allocator\u003Cnet::CanonicalCookie *> > &> base/bind_internal.h:181:12
    #5 0x356d70f in MakeItSo\u003Cbase::WeakPtr\u003Cnet::CookieMonster>, const base::TimeTicks &, const std::__1::vector\u003Cnet::CanonicalCookie *, std::__1::allocator\u003Cnet::CanonicalCookie *> > &> base/bind_internal.h:314:0
    #6 0x356d70f in Run base/bind_internal.h:351:0
    #7 0xb88ed0d in Run base/callback.h:394:12
    #8 0xb88ed0d in OnLoad content/browser/net/quota_policy_cookie_store.cc:107:0
    #9 0xc2efb67 in Run base/callback.h:394:12
    #10 0xc2efb67 in Notify net/extras/sqlite/sqlite_persistent_cookie_store.cc:593:0
    #11 0xc2ed5c3 in ?? net/extras/sqlite/sqlite_persistent_cookie_store.cc:576:3
    #12 0x31f8a54 in Run base/callback.h:394:12
    #13 0x31f8a54 in RunTask base/debug/task_annotator.cc:51:0
    #14 0x30e6bb9 in RunTask base/message_loop/message_loop.cc:476:3
    #15 0x30e7675 in DeferOrRunPendingTask base/message_loop/message_loop.cc:485:5
    #16 0x30e7fcc in DoWork base/message_loop/message_loop.cc:597:13
    #17 0x307fea0 in Run base/message_loop/message_pump_libevent.cc:229:21
    #18 0x312b6c5 in Run base/run_loop.cc:35:3
    #19 0x30e534e in ?? base/message_loop/message_loop.cc:293:3
    #20 0xb682672 in IOThreadRun content/browser/browser_thread_impl.cc:215:3
    #21 0xb682c36 in Run content/browser/browser_thread_impl.cc:251:14
    #22 0x31858d4 in ThreadMain base/threading/thread.cc:254:3
    #23 0x3179654 in ThreadFunc base/threading/platform_thread_posix.cc:68:3
    #24 0x7fc584076e99 in start_thread /build/eglibc-rrybNj/eglibc-2.15/nptl/pthread_create.c:308:0

0x6130000606c8 is located 200 bytes inside of 360-byte region [0x613000060600,0x613000060768)
freed by thread T15 (Chrome_IOThread) here:
    #0 0x6b627b in operator delete(void*) ??:0
    #1 0x2b29e5e in DeleteInternal base/memory/ref_counted.h:193:44
    #2 0x2b29e5e in Destruct base/memory/ref_counted.h:156:0
    #3 0x2b29e5e in Release base/memory/ref_counted.h:184:0
    #4 0x2b29e5e in Release base/memory/ref_counted.h:419:0
    #5 0x2b29e5e in ~scoped_refptr base/memory/ref_counted.h:304:0
    #6 0x2b29e5e in ~SessionDataDeleter chrome/browser/sessions/session_data_deleter.cc:94:0
    #7 0x2b29e5e in DeleteInternal base/memory/ref_counted.h:193:0
    #8 0x2b29e5e in Destruct base/memory/ref_counted.h:156:0
    #9 0x2b29e5e in Release base/memory/ref_counted.h:184:0
    #10 0x2b29e5e in Release base/memory/ref_counted.h:419:0
    #11 0x2b29e5e in ~scoped_refptr base/memory/ref_counted.h:304:0
    #12 0x2b2ae86 in ~__tuple_leaf buildtools/third_party/libc++/trunk/include/tuple:183:7
    #13 0x2b2ae86 in ~tuple buildtools/third_party/libc++/trunk/include/tuple:503:0
    #14 0x2b2ae86 in ~BindState base/bind_internal.h:432:0
    #15 0x2b2ae86 in Destroy base/bind_internal.h:435:0
    #16 0x35658db in ~GetAllCookiesTask net/cookies/cookie_monster.cc:474:34
    #17 0x35658db in ~GetAllCookiesTask net/cookies/cookie_monster.cc:474:0
    #18 0x355df03 in DeleteInternal base/memory/ref_counted.h:193:44
    #19 0x355df03 in Destruct base/memory/ref_counted.h:156:0
    #20 0x355df03 in Release base/memory/ref_counted.h:184:0
    #21 0x355df03 in Release base/memory/ref_counted.h:419:0
    #22 0x355df03 in ~scoped_refptr base/memory/ref_counted.h:304:0
    #23 0x355df03 in InvokeQueue net/cookies/cookie_monster.cc:1447:0
    #24 0x355cf4d in OnLoaded net/cookies/cookie_monster.cc:1345:3
    #25 0x356d70f in Run\u003Cconst base::TimeTicks &, const std::__1::vector\u003Cnet::CanonicalCookie *, std::__1::allocator\u003Cnet::CanonicalCookie *> > &> base/bind_internal.h:181:12
    #26 0x356d70f in MakeItSo\u003Cbase::WeakPtr\u003Cnet::CookieMonster>, const base::TimeTicks &, const std::__1::vector\u003Cnet::CanonicalCookie *, std::__1::allocator\u003Cnet::CanonicalCookie *> > &> base/bind_internal.h:314:0
    #27 0x356d70f in Run base/bind_internal.h:351:0
    #28 0xb88ed0d in Run base/callback.h:394:12
    #29 0xb88ed0d in OnLoad content/browser/net/quota_policy_cookie_store.cc:107:0
    #30 0xc2efb67 in Run base/callback.h:394:12
    #31 0xc2efb67 in Notify net/extras/sqlite/sqlite_persistent_cookie_store.cc:593:0
    #32 0xc2ed5c3 in ?? net/extras/sqlite/sqlite_persistent_cookie_store.cc:576:3
    #33 0x31f8a54 in Run base/callback.h:394:12
    #34 0x31f8a54 in RunTask base/debug/task_annotator.cc:51:0
    #35 0x30e6bb9 in RunTask base/message_loop/message_loop.cc:476:3
    #36 0x30e7675 in DeferOrRunPendingTask base/message_loop/message_loop.cc:485:5
    #37 0x30e7fcc in DoWork base/message_loop/message_loop.cc:597:13
    #38 0x307fea0 in Run base/message_loop/message_pump_libevent.cc:229:21
    #39 0x312b6c5 in Run base/run_loop.cc:35:3
    #40 0x30e534e in ?? base/message_loop/message_loop.cc:293:3
    #41 0xb682672 in IOThreadRun content/browser/browser_thread_impl.cc:215:3
    #42 0xb682c36 in Run content/browser/browser_thread_impl.cc:251:14
    #43 0x31858d4 in ThreadMain base/threading/thread.cc:254:3
    #44 0x3179654 in ThreadFunc base/threading/platform_thread_posix.cc:68:3
    #45 0x7fc584076e99 in start_thread /build/eglibc-rrybNj/eglibc-2.15/nptl/pthread_create.c:308:0

previously allocated by thread T15 (Chrome_IOThread) here:
    #0 0x6b5cbb in operator new(unsigned long) ??:0
    #1 0xb890476 in CreateCookieStore content/browser/net/quota_policy_cookie_store.cc:175:9
    #2 0x268e5e9 in InitializeInternal chrome/browser/profiles/profile_impl_io_data.cc:499:20
    #3 0x26c0234 in Init chrome/browser/profiles/profile_io_data.cc:1139:3
    #4 0x2aff264 in Create chrome/browser/net/chrome_url_request_context_getter.cc:55:5
    #5 0x2afe151 in GetURLRequestContext chrome/browser/net/chrome_url_request_context_getter.cc:192:28
    #6 0x25fc3a5 in FinalizeInitializationOnIOThread chrome/browser/net/predictor.cc:691:7
    #7 0x31f8a54 in Run base/callback.h:394:12
    #8 0x31f8a54 in RunTask base/debug/task_annotator.cc:51:0
    #9 0x30e6bb9 in RunTask base/message_loop/message_loop.cc:476:3
    #10 0x30e7675 in DeferOrRunPendingTask base/message_loop/message_loop.cc:485:5
    #11 0x30e7fcc in DoWork base/message_loop/message_loop.cc:597:13
    #12 0x307fea0 in Run base/message_loop/message_pump_libevent.cc:229:21
    #13 0x312b6c5 in Run base/run_loop.cc:35:3
    #14 0x30e534e in ?? base/message_loop/message_loop.cc:293:3
    #15 0xb682672 in IOThreadRun content/browser/browser_thread_impl.cc:215:3
    #16 0xb682c36 in Run content/browser/browser_thread_impl.cc:251:14
    #17 0x31858d4 in ThreadMain base/threading/thread.cc:254:3
    #18 0x3179654 in ThreadFunc base/threading/platform_thread_posix.cc:68:3
    #19 0x7fc584076e99 in start_thread /build/eglibc-rrybNj/eglibc-2.15/nptl/pthread_create.c:308:0

Thread T15 (Chrome_IOThread) created by T0 (browser_tests) here:
    #0 0x675496 in pthread_create ??:0
    #1 0x3178dfa in CreateThread base/threading/platform_thread_posix.cc:107:13
    #2 0x3184fc6 in StartWithOptions base/threading/thread.cc:116:10
    #3 0xb68351a in StartWithOptions content/browser/browser_thread_impl.cc:316:10
    #4 0xb675aa3 in CreateThreads content/browser/browser_main_loop.cc:901:12
    #5 0xbad1058 in Run base/callback.h:394:12
    #6 0xbad1058 in RunAllTasksNow content/browser/startup_task_runner.cc:45:0
    #7 0xb674dce in CreateStartupTasks content/browser/browser_main_loop.cc:808:3
    #8 0xbd57a56 in Initialize content/browser/browser_main_runner.cc:137:5
    #9 0x1167038f in BrowserMain content/browser/browser_main.cc:40:19
    #10 0xe9b71bd in Run content/app/content_main_runner.cc:766:12
    #11 0xe9b39ea in ContentMain content/app/content_main.cc:19:15
    #12 0x328540b in SetUp content/public/test/browser_test_base.cc:277:3
    #13 0x30693bb in SetUp chrome/test/base/in_process_browser_test.cc:255:3
    #14 0x3bc5b46 in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #15 0x3bc5b46 in Run testing/gtest/src/gtest.cc:2470:0
    #16 0x3bc76d4 in Run testing/gtest/src/gtest.cc:2656:5
    #17 0x3bc8964 in Run testing/gtest/src/gtest.cc:2774:5
    #18 0x3bdb0d8 in RunAllTests testing/gtest/src/gtest.cc:4647:11
    #19 0x3bda6c9 in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #20 0x3bda6c9 in Run testing/gtest/src/gtest.cc:4255:0
    #21 0x322ac54 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:10
    #22 0x322ac54 in Run base/test/test_suite.cc:231:0
    #23 0x1fddbc9 in ?? chrome/test/base/browser_tests_main.cc:14:12
    #24 0xea33811 in LaunchTests content/public/test/test_launcher.cc:499:12
    #25 0x3020a33 in LaunchChromeTests chrome/test/base/chrome_test_launcher.cc:128:10
    #26 0x1fdda99 in main chrome/test/base/browser_tests_main.cc:21:10
    #27 0x7fc57d89376c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226:0

SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/runEA4Un7/out/Release/browser_tests+0x355e088)
Shadow bytes around the buggy address:
  0x0c2680004080: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2680004090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800040a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800040b0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa
  0x0c26800040c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c26800040d0: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
  0x0c26800040e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c26800040f0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c2680004100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2680004110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2680004120: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7371==ABORTING
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 3 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/981e50f65b63f960783c8318c2fbc5ad02dc71b7

commit 981e50f65b63f960783c8318c2fbc5ad02dc71b7
Author: dimich <dimich@chromium.org>
Date: Thu Mar 03 23:39:16 2016

Disable flaky BrowserCloseManagerWithBackgroundModeBrowserTest.CloseSingleBrowserWithBackgroundMode

Example of failed run: https://build.chromium.org/p/chromium.memory/builders/Linux%20ASan%20Tests%20%28sandboxed%29/builds/23742

See bug for more details.
TBR=sammc@chromium.org
BUG=591806

Review URL: https://codereview.chromium.org/1758233003

Cr-Commit-Position: refs/heads/master@{#379136}

[modify] https://crrev.com/981e50f65b63f960783c8318c2fbc5ad02dc71b7/chrome/browser/lifetime/browser_close_manager_browsertest.cc

Comment 3 by dim...@chromium.org, Mar 4 2016 

Disabled the second test as well: https://codereview.chromium.org/1765763002

BrowserCloseManagerWithBackgroundModeBrowserTest.CloseAllBrowsersWithNoOpenBrowsersWithBackgroundMode

Fails same exact way.
Project Member

Comment 4 by bugdroid1@chromium.org, Mar 4 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8148afc2a7d077175f18902e52a1e359b9fac171

commit 8148afc2a7d077175f18902e52a1e359b9fac171
Author: dimich <dimich@chromium.org>
Date: Fri Mar 04 01:57:03 2016

Disable flaky BrowserCloseManagerWithBackgroundModeBrowserTest.CloseAllBrowsersWithNoOpenBrowsersWithBackgroundMode
Sample failure: https://build.chromium.org/p/chromium.memory/builders/Linux%20ASan%20Tests%20%28sandboxed%29/builds/23745

TBR=sammc@chromium.org
BUG=591806

Review URL: https://codereview.chromium.org/1765763002

Cr-Commit-Position: refs/heads/master@{#379176}

[modify] https://crrev.com/8148afc2a7d077175f18902e52a1e359b9fac171/chrome/browser/lifetime/browser_close_manager_browsertest.cc

Comment 5 by sa...@chromium.org, Feb 8 2018

Owner: ----
Status: Available (was: Assigned)

Comment 6 by benhenry@google.com, Jan 10

Labels: Pri-3
NextAction: 2019-07-09
Downgrading P2s that haven't been modified in more than 6 months, which have no component or owner.

Comment 7 by benhenry@google.com, Jan 11

Status: Untriaged (was: Available)
Available, but no owner or component? Please find a component, as no one will ever find this without one.

Sign in to add a comment