RenderProcessHost::AllHostsIterator() returning null/deleted RPHs? |
|||||||
Issue descriptionThis appeared between CLs r387843 and r387853 inclusive on lots of bots, but I don't see a guilty-looking CL in there. https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20Tests%20%28valgrind%29%283%29/builds/50614/steps/memory_test%3A%20unit_tests_1_of_3/logs/stdio shows: InvalidRead Invalid read of size 8 ExtensionService::NotifyExtensionLoaded(extensions::Extension const*) (chrome/browser/extensions/extension_service.cc:1035) ExtensionService::AddExtension(extensions::Extension const*) (chrome/browser/extensions/extension_service.cc:1521) BackgroundApplicationListModelTest_AddRemovePermissionsTest_Test::TestBody() (chrome/browser/background/background_application_list_model_unittest.cc:240) Address 0xc0 is not stack'd, malloc'd or (recently) free'd https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%285%29/builds/38023/steps/memory%20test%3A%20unit/logs/stdio shows the same, but at a wild address, not null: InvalidRead Invalid read of size 4 std::__atomic2::__atomic_base<int>::fetch_add(int, std::memory_order) volatile (/mnt/data/b/build/slave/chromium-rel-chromeos-valgrind-tests-5/build/src/out/Release/unit_tests) base::subtle::Barrier_AtomicIncrement(int volatile*, int) (/mnt/data/b/build/slave/chromium-rel-chromeos-valgrind-tests-5/build/src/out/Release/unit_tests) base::AtomicRefCountDecN(int volatile*, int) (base/atomic_ref_count.h:29) base::AtomicRefCountDec(int volatile*) (/mnt/data/b/build/slave/chromium-rel-chromeos-valgrind-tests-5/build/src/out/Release/unit_tests) base::subtle::RefCountedThreadSafeBase::Release() const (base/memory/ref_counted.cc:42) base::RefCountedThreadSafe<base::Flag, base::DefaultRefCountedThreadSafeTraits<base::Flag> >::Release() const (base/memory/ref_counted.h:183) scoped_refptr<base::Flag>::Release(base::Flag*) (base/memory/ref_counted.h:419) scoped_refptr<base::Flag>::~scoped_refptr() (base/memory/ref_counted.h:304) base::AsyncWaiter::~AsyncWaiter() (/mnt/data/b/build/slave/chromium-rel-chromeos-valgrind-tests-5/build/src/out/Release/unit_tests) base::AsyncWaiter::~AsyncWaiter() (/mnt/data/b/build/slave/chromium-rel-chromeos-valgrind-tests-5/build/src/out/Release/unit_tests) ExtensionService::NotifyExtensionLoaded(extensions::Extension const*) (chrome/browser/extensions/extension_service.cc:1035) ExtensionService::AddExtension(extensions::Extension const*) (chrome/browser/extensions/extension_service.cc:1521) BackgroundApplicationListModelTest_AddRemovePermissionsTest_Test::TestBody() (chrome/browser/background/background_application_list_model_unittest.cc:240) Address 0x1c7d3c18 is 8 bytes inside a block of size 24 free'd https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%29/builds/4627/steps/memory%20test%3A%20unit/logs/stdio reports ~~Dr.M~~ ~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x106b5c20-0x106b5c24 4 byte(s) ~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded [chrome\browser\extensions\extension_service.cc:1035] ~~Dr.M~~ # 1 ExtensionService::AddExtension [chrome\browser\extensions\extension_service.cc:1521] ~~Dr.M~~ # 2 BackgroundApplicationListModelTest_ExplicitTest_Test::TestBody [chrome\browser\background\background_application_list_model_unittest.cc:167] ~~Dr.M~~ # 3 testing::internal::HandleExceptionsInMethodIfSupported<> [testing\gtest\src\gtest.cc:2458] ~~Dr.M~~ Note: @0:11:20.752 in thread 3236 ~~Dr.M~~ Note: prev lower malloc: 0x106b5be8-0x106b5c18 ~~Dr.M~~ Note: instruction: mov (%edi) -> %edx ~~Dr.M~~ ~~Dr.M~~ Error #2: UNADDRESSABLE ACCESS: reading 0xf1fdf15c-0xf1fdf160 4 byte(s) ~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded [chrome\browser\extensions\extension_service.cc:1035] ~~Dr.M~~ # 1 ExtensionService::AddExtension [chrome\browser\extensions\extension_service.cc:1521] ~~Dr.M~~ # 2 BackgroundApplicationListModelTest_ExplicitTest_Test::TestBody [chrome\browser\background\background_application_list_model_unittest.cc:167] ~~Dr.M~~ # 3 testing::internal::HandleExceptionsInMethodIfSupported<> [testing\gtest\src\gtest.cc:2458] ~~Dr.M~~ Note: @0:11:20.767 in thread 3236 ~~Dr.M~~ Note: instruction: call 0x5c(%edx) %esp -> %esp 0xfffffffc(%esp) https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%20full%29%20%284%29/builds/10081/steps/memory%20test%3A%20unit/logs/stdio and https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%20full%29%20%284%29/builds/10081/steps/memory%20test%3A%20unit_1/logs/stdio show different tests: ~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x0f8a34d0-0x0f8a34d4 4 byte(s) ~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded [chrome\browser\extensions\extension_service.cc:1035] ~~Dr.M~~ # 1 ExtensionService::AddExtension [chrome\browser\extensions\extension_service.cc:1521] ~~Dr.M~~ # 2 extensions::TestExtensionEnvironment::MakeExtension [chrome\browser\extensions\test_extension_environment.cc:148] ~~Dr.M~~ # 3 SavedFilesServiceUnitTest::SetUp [apps\saved_files_service_unittest.cc:40] ~~Dr.M~~ # 4 testing::internal::HandleExceptionsInMethodIfSupported<> [testing\gtest\src\gtest.cc:2458] ~~Dr.M~~ Note: @0:17:27.025 in thread 2448 ~~Dr.M~~ Note: next higher malloc: 0x0f8a34d8-0x0f8a351c ~~Dr.M~~ Note: prev lower malloc: 0x0f8a3488-0x0f8a34b8 ~~Dr.M~~ Note: instruction: mov (%edi) -> %edx ~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x0a1c7848-0x0a1c784c 4 byte(s) ~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded [chrome\browser\extensions\extension_service.cc:1035] ~~Dr.M~~ # 1 ExtensionService::AddExtension [chrome\browser\extensions\extension_service.cc:1521] ~~Dr.M~~ # 2 ExtensionService::FinishInstallation [chrome\browser\extensions\extension_service.cc:1937] ~~Dr.M~~ # 3 ExtensionService::AddNewOrUpdatedExtension [chrome\browser\extensions\extension_service.cc:1866] ~~Dr.M~~ # 4 ExtensionService::OnExtensionInstalled [chrome\browser\extensions\extension_service.cc:1816] ~~Dr.M~~ # 5 extensions::UnpackedInstaller::InstallExtension [chrome\browser\extensions\unpacked_installer.cc:361] ~~Dr.M~~ # 6 extensions::UnpackedInstaller::OnInstallChecksComplete [chrome\browser\extensions\unpacked_installer.cc:250] ~~Dr.M~~ # 7 base::internal::Invoker<>::Run [base\bind_internal.h:372] ~~Dr.M~~ # 8 extensions::ExtensionInstallChecker::MaybeInvokeCallback [chrome\browser\extensions\extension_install_checker.cc:170] ~~Dr.M~~ # 9 extensions::ExtensionInstallChecker::OnRequirementsCheckDone [chrome\browser\extensions\extension_install_checker.cc:111] ~~Dr.M~~ #10 base::internal::Invoker<>::Run [base\bind_internal.h:372] ~~Dr.M~~ #11 base::internal::Invoker<>::Run [base\bind_internal.h:372] ~~Dr.M~~ #12 base.dll!base::debug::TaskAnnotator::RunTask [base\debug\task_annotator.cc:51] ~~Dr.M~~ #13 base.dll!base::MessageLoop::RunTask [base\message_loop\message_loop.cc:479] ~~Dr.M~~ #14 base.dll!base::MessageLoop::DeferOrRunPendingTask [base\message_loop\message_loop.cc:488] ~~Dr.M~~ #15 base.dll!base::MessageLoop::DoWork [base\message_loop\message_loop.cc:600] ~~Dr.M~~ #16 base.dll!base::MessagePumpForIO::DoRunLoop [base\message_loop\message_pump_win.cc:493] ~~Dr.M~~ #17 base.dll!base::MessageLoop::RunHandler [base\message_loop\message_loop.cc:443] ~~Dr.M~~ #18 extensions::`anonymous namespace'::KeywordExtensionsDelegateImplTest::RunTest [chrome\browser\autocomplete\keyword_extensions_delegate_impl_unittest.cc:106] ~~Dr.M~~ #19 extensions::`anonymous namespace'::KeywordExtensionsDelegateImplTest_IsEnabledExtension_Test::TestBody [chrome\browser\autocomplete\keyword_extensions_delegate_impl_unittest.cc:139] ~~Dr.M~~ #20 testing::Test::Run [testing\gtest\src\gtest.cc:2474] AddressSanitizer is not reporting anything: https://chromium-swarm.appspot.com/user/task/2e43eaea5360dc10
,
Apr 19 2016
I'll take a look.
,
Apr 19 2016
`tools/valgrind/chrome_tests.sh -b out_valgrind/Release/ -t unit` does reproduce the error, but running the specific tests at the root of the failure stacks doesn't on their own. Something in the process before they run is corrupting things.
,
Apr 19 2016
,
Jun 1 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 13 2016
This issue is Pri-1 but has already been moved once. Lowering the priority and moving to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 21 2016
,
Jul 21 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by jyasskin@chromium.org
, Apr 18 2016