Issue 600157 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Jul 2017
Cc:	brucedaw...@chromium.org r...@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug
Stability-Memory-AddressSanitizer clang

Blocking:
issue 82385
issue 440500

SearchByImageBrowserTest.ImageSearchWithCorruptImage faling on CrWinAsan(dll) tester

Project Member Reported by thakis@chromium.org, Apr 2 2016

Issue description

Has been happening for a while now; started here:


[ RUN      ] SearchByImageBrowserTest.ImageSearchWithCorruptImage
[3672:4140:0324/180436:WARNING:shell.cc(299)] Instance: exe:chrome attempting to register an instance for a process it created for target: exe:chrome_renderer without the mojo:shell{client_process} capability class.
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2525)] NOT IMPLEMENTED
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2466)] NOT IMPLEMENTED
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2525)] NOT IMPLEMENTED
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2466)] NOT IMPLEMENTED
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2525)] NOT IMPLEMENTED
[4364:4680:0324/180437:ERROR:HTMLTreeBuilder.cpp(2466)] NOT IMPLEMENTED
Backtrace:
	(No symbol) [0x22988BFF]
	blink::RotateTransformOperation::RotateTransformOperation [0x56235DDF+5763904]
	wk_png_read_init_3 [0x68623D14+9745]
	wk_png_read_init_3 [0x6862B1A4+39585]
	wk_png_read_init_3 [0x68628F43+30784]
	wk_png_read_init_3 [0x68626FFB+22776]
	blink::RotateTransformOperation::RotateTransformOperation [0x562356E9+5762122]
	blink::RotateTransformOperation::RotateTransformOperation [0x562328D5+5750326]
	blink::RotateTransformOperation::RotateTransformOperation [0x562009B0+5545745]
	blink::RotateTransformOperation::RotateTransformOperation [0x562016CC+5549101]
	blink::RotateTransformOperation::RotateTransformOperation [0x560F27C2+4439331]
	blink::RotateTransformOperation::RotateTransformOperation [0x560F06BA+4430875]
	blink::RotateTransformOperation::RotateTransformOperation [0x560EFC45+4428198]
	blink::RotateTransformOperation::RotateTransformOperation [0x56067A59+3870650]
	SkBaseDevice::surfaceProps [0x68ECDEBA+2796285]
	SkBaseDevice::surfaceProps [0x68ECA1EC+2780719]
	SkBaseDevice::surfaceProps [0x691A8C45+5789832]
	SkBaseDevice::surfaceProps [0x691A33CE+5767185]
	cc::ResourceProvider::ScopedSamplerGL::~ScopedSamplerGL [0x622C5109+692217]
	cc::ResourceProvider::ScopedSamplerGL::~ScopedSamplerGL [0x622C2DF9+683241]
	cc::ResourceProvider::ScopedSamplerGL::~ScopedSamplerGL [0x622D273C+747052]
	IPC::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void>::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void> [0x5B576750+45725731]
	IPC::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void>::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void> [0x5B5725A8+45708923]
	IPC::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void>::MessageT<ResourceMsg_DataReceivedDebug2_Meta,std::tuple<int,int,int,int>,void> [0x5B577134+45728263]
	base::RefCountedStaticMemory::~RefCountedStaticMemory [0x6CB7B76A+1774666]
	base::RefCountedStaticMemory::~RefCountedStaticMemory [0x6CB4A88E+1574254]
	_sanitizer_get_unmapped_bytes [0x6C36A66E+4014]
	_sanitizer_get_unmapped_bytes [0x6C36AA5E+5022]
	BaseThreadInitThunk [0x7640338A+18]
	RtlInitializeExceptionChain [0x77399F72+99]
	RtlInitializeExceptionChain [0x77399F45+54]
=================================================================
==4364==ERROR: AddressSanitizer: access-violation on unknown address 0x22988bff (pc 0x22988bff bp 0x2feee41c sp 0x2feee40c T7)
    #0 0x22988bfe  (<unknown module>)
==4364==*** WARNING: Failed to initialize DbgHelp!              ***
==4364==*** Most likely this means that the app is already      ***
==4364==*** using DbgHelp, possibly with incompatible flags.    ***
==4364==*** Due to technical reasons, symbolization might crash ***
==4364==*** or produce wrong results.                           ***
    #28 0x76403389 in BaseThreadInitThunk+0x11 (C:\Windows\syswow64\kernel32.dll+0x13389)
    #29 0x77399f71 in RtlInitializeExceptionChain+0x62 (C:\Windows\SysWOW64
tdll.dll+0x39f71)
    #30 0x77399f44 in RtlInitializeExceptionChain+0x35 (C:\Windows\SysWOW64
tdll.dll+0x39f44)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (<unknown module>)
Thread T7 created by T0 here:
    #15 0x13ed0bdf in __scrt_common_main_seh f:\ddctools\crtcstartup\src\startup\exe_common.inl:264
    #16 0x76403389 in BaseThreadInitThunk+0x11 (C:\Windows\syswow64\kernel32.dll+0x13389)
    #17 0x77399f71 in RtlInitializeExceptionChain+0x62 (C:\Windows\SysWOW64
tdll.dll+0x39f71)
    #18 0x77399f44 in RtlInitializeExceptionChain+0x35 (C:\Windows\SysWOW64
tdll.dll+0x39f44)

==4364==ABORTING
[3672:4140:0324/180442:WARNING:sad_tab_view.cc(111)] Tab Killed:
  Actual: 2
Expected: ThumbnailResponseWatcher::THUMBNAIL_RECEIVED
Which is: 1
[  FAILED  ] SearchByImageBrowserTest.ImageSearchWithCorruptImage, where TypeParam =  and GetParam() =  (6481 ms)


https://build.chromium.org/p/chromium.fyi/builders/CrWinAsan%28dll%29%20tester/builds/1358
clang r264336
chrome #383139

Last good:
https://build.chromium.org/p/chromium.fyi/builders/CrWinAsan%28dll%29%20tester/builds/1357
clang r263270
chrome #380673


VS2015 switch was #380711, so my money's on that (otoh, I blame that for ~everything atm, so not sure how good that guess is).


The "Failed to initialize DbgHelp" diag reminds me a bit of  bug 596201 . SymInitialize() probably loads msdia*.dll internally somewhere, and the 2015 msdia seems to not be registered on the bots (while the 2013 msdia is?). SymInitialize() probably doesn't have a flag to do a hack like http://reviews.llvm.org/D18707. But that's just a guess, maybe it's something different altogether.

Comment 1 by r...@chromium.org, Apr 8 2016

I built browser_tests (takes at least an hour) and got our favorite ASan error:

==5768==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==5768==ASan shadow was supposed to be located in the [0x2fff0000-0x4fffffff] range.

Comment 2 by h...@chromium.org, Dec 16 2016

Labels: -Clang clang

This particular browser test doesn't seem to be failing anymore. Should we close?

Comment 3 by thakis@chromium.org, Dec 16 2016

We can. This used to be the only failing test on that bot; looks like base_unittests started failing Dec 2 and we didn't really notice :-/

Comment 4 by thakis@chromium.org, Jul 31 2017

Status: Fixed (was: Untriaged)

https://build.chromium.org/p/chromium.fyi/builders/CrWinAsan(dll)%20tester has been green recently.

►

Issue 600157 link

Issue metadata

SearchByImageBrowserTest.ImageSearchWithCorruptImage faling on CrWinAsan(dll) tester

Issue description

Comment 1 by r...@chromium.org, Apr 8 2016

Comment 1 Deleted

Comment 2 by h...@chromium.org, Dec 16 2016

Comment 2 Deleted

Comment 3 by thakis@chromium.org, Dec 16 2016

Comment 3 Deleted

Comment 4 by thakis@chromium.org, Jul 31 2017

Comment 4 Deleted

Sign in to add a comment