New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 591962 link

Starred by 1 user
Status: Fixed
Owner:
sh...@chromium.org
ex-Googler
Closed: Mar 2016
Cc:
dvyukov@chromium.org
kcc@chromium.org
michaeln@chromium.org
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Regression



Sign in to add a comment

ThreadSanitizer reports data races in pcache1Create()

Project Member Reported by glider@chromium.org, Mar 4 2016 
See https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20TSan%20Tests/builds/17734/steps/content_browsertests%20on%20Ubuntu-12.04/logs/stdio:

[ RUN      ] IndexedDBBrowserTestSingleProcess.RenderThreadShutdownTest
[3056:3056:0304/013148:29990498880:ERROR:browser_main_loop.cc(220)] Running without the SUID sandbox! See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the sandbox on.
Xlib:  extension "RANDR" missing on display ":9".
[3056:3056:0304/013149:29991882064:INFO:indexed_db_browsertest.cc(85)] Navigating to URL and blocking.
[3056:3201:0304/013149:29991894621:WARNING:histograms.cc(40)] Started multiple compositor clients (Browser, Renderer) in one process. Some metrics will be disabled.
==================
WARNING: ThreadSanitizer: data race (pid=3056)
  Read of size 1 at 0x000007d6e5be by thread T7 (mutexes: write M8085):
    #0 pcache1Create third_party/sqlite/amalgamation/sqlite3.c:42373:21 (content_browsertests+0x000003520dc2)
    #1 sqlite3PcacheSetPageSize third_party/sqlite/amalgamation/sqlite3.c:41121:12 (content_browsertests+0x0000033dc1b9)
    #2 sqlite3PcacheOpen third_party/sqlite/amalgamation/sqlite3.c:41110 (content_browsertests+0x0000033dc1b9)
    #3 sqlite3PagerOpen third_party/sqlite/amalgamation/sqlite3.c:48289 (content_browsertests+0x0000033dc1b9)
    #4 sqlite3BtreeOpen third_party/sqlite/amalgamation/sqlite3.c:57542 (content_browsertests+0x0000033dc1b9)
    #5 openDatabase third_party/sqlite/amalgamation/sqlite3.c:135059:8 (content_browsertests+0x0000033ced52)
    #6 sqlite3_open third_party/sqlite/amalgamation/sqlite3.c:135230:10 (content_browsertests+0x0000033ce6c7)
    #7 sql::Connection::OpenInternal(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, sql::Connection::Retry) sql/connection.cc:1679:13 (content_browsertests+0x000005126991)
    #8 sql::Connection::Open(base::FilePath const&) sql/connection.cc:444:10 (content_browsertests+0x0000051264ba)
    #9 storage::QuotaDatabase::LazyOpen(bool) storage/browser/quota/quota_database.cc:569:14 (content_browsertests+0x0000051b4f09)
    #10 storage::QuotaDatabase::SetOriginLastAccessTime(GURL const&, storage::StorageType, base::Time) storage/browser/quota/quota_database.cc:210:8 (content_browsertests+0x0000051b53e2)
    #11 storage::(anonymous namespace)::UpdateAccessTimeOnDBThread(GURL const&, storage::StorageType, base::Time, storage::QuotaDatabase*) storage/browser/quota/quota_manager.cc:235:10 (content_browsertests+0x000005172180)
    #12 Run<const GURL &, const storage::StorageType &, const base::Time &, storage::QuotaDatabase *const &> base/bind_internal.h:159:12 (content_browsertests+0x00000517783d)
    #13 MakeItSo<const GURL &, const storage::StorageType &, const base::Time &, storage::QuotaDatabase *const &> base/bind_internal.h:293 (content_browsertests+0x00000517783d)
    #14 base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<bool (*)(GURL const&, storage::StorageType, base::Time, storage::QuotaDatabase*)>, bool (GURL const&, storage::StorageType, base::Time, storage::QuotaDatabase*), GURL const&, storage::StorageType&, base::Time&>, base::internal::InvokeHelper<false, bool, base::internal::RunnableAdapter<bool (*)(GURL const&, storage::StorageType, base::Time, storage::QuotaDatabase*)> >, bool (storage::QuotaDatabase* const&)>::Run(base::internal::BindStateBase*, storage::QuotaDatabase* const&) base/bind_internal.h:351 (content_browsertests+0x00000517783d)
    #15 Run base/callback.h:394:12 (content_browsertests+0x000005178be2)
...

  Previous write of size 1 at 0x000007d6e5be by thread T8 (mutexes: write M8080):
    #0 pcache1Create third_party/sqlite/amalgamation/sqlite3.c:42374:28 (content_browsertests+0x000003520dd9)
    #1 sqlite3PcacheSetPageSize third_party/sqlite/amalgamation/sqlite3.c:41121:12 (content_browsertests+0x0000033dc1b9)
    #2 sqlite3PcacheOpen third_party/sqlite/amalgamation/sqlite3.c:41110 (content_browsertests+0x0000033dc1b9)
    #3 sqlite3PagerOpen third_party/sqlite/amalgamation/sqlite3.c:48289 (content_browsertests+0x0000033dc1b9)
    #4 sqlite3BtreeOpen third_party/sqlite/amalgamation/sqlite3.c:57542 (content_browsertests+0x0000033dc1b9)
    #5 openDatabase third_party/sqlite/amalgamation/sqlite3.c:135059:8 (content_browsertests+0x0000033ced52)
    #6 sqlite3_open third_party/sqlite/amalgamation/sqlite3.c:135230:10 (content_browsertests+0x0000033ce6c7)
    #7 sql::Connection::OpenInternal(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, sql::Connection::Retry) sql/connection.cc:1679:13 (content_browsertests+0x000005126991)
    #8 sql::Connection::Open(base::FilePath const&) sql/connection.cc:444:10 (content_browsertests+0x0000051264ba)
    #9 storage::DatabaseTracker::LazyInit() storage/browser/database/database_tracker.cc:486:11 (content_browsertests+0x00000513bac3)
    #10 storage::DatabaseTracker::GetAllOriginIdentifiers(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*) storage/browser/database/database_tracker.cc:315:8 (content_browsertests+0x00000513d77d)
    #11 storage::(anonymous namespace)::GetOriginsOnDBThread(storage::DatabaseTracker*, std::__1::set<GURL, std::__1::less<GURL>, std::__1::allocator<GURL> >*) storage/browser/database/database_quota_client.cc:42:7 (content_browsertests+0x000005184875)
    #12 Run<storage::DatabaseTracker *, std::__1::set<GURL, std::__1::less<GURL>, std::__1::allocator<GURL> > *> base/bind_internal.h:159:12 (content_browsertests+0x000005185412)
...

  Location is global 'pcache1_g' of size 144 at 0x000007d6e590 (content_browsertests+0x000007d6e5be)

  Mutex M8085 (0x7d0c00027720) created at:
    #0 pthread_mutex_init <null> (content_browsertests+0x00000049c583)
    #1 pthreadMutexAlloc third_party/sqlite/amalgamation/sqlite3.c:20854:9 (content_browsertests+0x0000033d432d)
    #2 sqlite3MutexAlloc third_party/sqlite/amalgamation/sqlite3.c:20387:10 (content_browsertests+0x0000033ce85f)
    #3 openDatabase third_party/sqlite/amalgamation/sqlite3.c:134975 (content_browsertests+0x0000033ce85f)
    #4 sqlite3_open third_party/sqlite/amalgamation/sqlite3.c:135230:10 (content_browsertests+0x0000033ce6c7)
    #5 sql::Connection::OpenInternal(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, sql::Connection::Retry) sql/connection.cc:1679:13 (content_browsertests+0x000005126991)
    #6 sql::Connection::Open(base::FilePath const&) sql/connection.cc:444:10 (content_browsertests+0x0000051264ba)
    #7 storage::QuotaDatabase::LazyOpen(bool) storage/browser/quota/quota_database.cc:569:14 (content_browsertests+0x0000051b4f09)
    #8 storage::QuotaDatabase::SetOriginLastAccessTime(GURL const&, storage::StorageType, base::Time) storage/browser/quota/quota_database.cc:210:8 (content_browsertests+0x0000051b53e2)
    #9 storage::(anonymous namespace)::UpdateAccessTimeOnDBThread(GURL const&, storage::StorageType, base::Time, storage::QuotaDatabase*) storage/browser/quota/quota_manager.cc:235:10 (content_browsertests+0x000005172180)
    #10 Run<const GURL &, const storage::StorageType &, const base::Time &, storage::QuotaDatabase *const &> base/bind_internal.h:159:12 (content_browsertests+0x00000517783d)
...

  Mutex M8080 (0x7d0c0004a850) created at:
    #0 pthread_mutex_init <null> (content_browsertests+0x00000049c583)
    #1 pthreadMutexAlloc third_party/sqlite/amalgamation/sqlite3.c:20854:9 (content_browsertests+0x0000033d432d)
    #2 sqlite3MutexAlloc third_party/sqlite/amalgamation/sqlite3.c:20387:10 (content_browsertests+0x0000033ce85f)
    #3 openDatabase third_party/sqlite/amalgamation/sqlite3.c:134975 (content_browsertests+0x0000033ce85f)
    #4 sqlite3_open third_party/sqlite/amalgamation/sqlite3.c:135230:10 (content_browsertests+0x0000033ce6c7)
    #5 sql::Connection::OpenInternal(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, sql::Connection::Retry) sql/connection.cc:1679:13 (content_browsertests+0x000005126991)
    #6 sql::Connection::Open(base::FilePath const&) sql/connection.cc:444:10 (content_browsertests+0x0000051264ba)
    #7 storage::DatabaseTracker::LazyInit() storage/browser/database/database_tracker.cc:486:11 (content_browsertests+0x00000513bac3)
    #8 storage::DatabaseTracker::GetAllOriginIdentifiers(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*) storage/browser/database/database_tracker.cc:315:8 (content_browsertests+0x00000513d77d)
    #9 storage::(anonymous namespace)::GetOriginsOnDBThread(storage::DatabaseTracker*, std::__1::set<GURL, std::__1::less<GURL>, std::__1::allocator<GURL> >*) storage/browser/database/database_quota_client.cc:42:7 (content_browsertests+0x000005184875)
    #10 Run<storage::DatabaseTracker *, std::__1::set<GURL, std::__1::less<GURL>, std::__1::allocator<GURL> > *> base/bind_internal.h:159:12 (content_browsertests+0x000005185412)
...

  Thread T7 'Chrome_DBThread' (tid=3105, running) created by main thread at:
    #0 pthread_create <null> (content_browsertests+0x00000049b375)
    #1 base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:107:13 (content_browsertests+0x00000104f59a)
    #2 base::PlatformThread::CreateWithPriority(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:188:10 (content_browsertests+0x00000104f4a5)
    #3 base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:116:10 (content_browsertests+0x000001054fce)
...

  Thread T8 'Chrome_FileThread' (tid=3159, running) created by main thread at:
    #0 pthread_create <null> (content_browsertests+0x00000049b375)
    #1 base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:107:13 (content_browsertests+0x00000104f59a)
    #2 base::PlatformThread::CreateWithPriority(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:188:10 (content_browsertests+0x00000104f4a5)
    #3 base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:116:10 (content_browsertests+0x000001054fce)
...

SUMMARY: ThreadSanitizer: data race third_party/sqlite/amalgamation/sqlite3.c:42373:21 in pcache1Create
==================
[3056:3056:0304/013150:29992659980:INFO:indexed_db_browsertest.cc(87)] Navigation done.
[       OK ] IndexedDBBrowserTestSingleProcess.RenderThreadShutdownTest (2361 ms)

Note that the threads are using different mutexes when calling pcache1Create().

Scott, can you please take a look?

Comment 1 by sh...@chromium.org, Mar 7 2016

Labels: -Type-Bug ReleaseBlock-Stable M-50 Type-Bug-Regression OS-All
I was getting no repro with the specific test, but it looks like this is related to a global.  The test which saw the problem moves around depending on what's being run.

https://codereview.chromium.org/1769213002/ fixes it.  This is a regression with the recent SQLite import.  The import's first build was 2629, so this is part of M-50, which is why I'm marking it a blocker.  I'll nominate for merge once the CL lands.
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/32fefb99eaec8394ece520cea141c2b7a4fd1ef4

commit 32fefb99eaec8394ece520cea141c2b7a4fd1ef4
Author: shess <shess@chromium.org>
Date: Fri Mar 11 17:49:13 2016

[sqlite] Fix seperate-page-cache page merge issue.

The previous version set a local variable which was picked up by the
SQLite code to set the global.  SQLite stopped using that local
variable, I apparently didn't notice.

BUG= 591962 

Review URL: https://codereview.chromium.org/1769213002

Cr-Commit-Position: refs/heads/master@{#380665}

[modify] https://crrev.com/32fefb99eaec8394ece520cea141c2b7a4fd1ef4/third_party/sqlite/amalgamation/sqlite3.c
[modify] https://crrev.com/32fefb99eaec8394ece520cea141c2b7a4fd1ef4/third_party/sqlite/patches/0002-Use-seperate-page-cache-pools-for-each-sqlite-connec.patch
[modify] https://crrev.com/32fefb99eaec8394ece520cea141c2b7a4fd1ef4/third_party/sqlite/src/src/pcache1.c

Comment 3 by sh...@chromium.org, Mar 11 2016

Status: Fixed (was: Assigned)
When I tested with tsan, I was able to repro the original report before this patch, not after.  So I think this is it.

Sign in to add a comment