New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 623413 link

Starred by 1 user
Status: Verified
Owner:
roc...@chromium.org
please use my google.com address
Closed: Jun 2016
Cc:
amistry@chromium.org
euge...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 621972



Sign in to add a comment

MSan now reports uninitialized values in mojo code

Project Member Reported by thakis@chromium.org, Jun 26 2016 
MSan used to not report uninitialized values passed to send() etc ( bug 619972 ). Now it does, and the compiler roll prints many of such uninitialized values from mojo code (all I looked at have the same stack):

https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_msan_rel_ng/builds/394/steps/browser_tests%20%28with%20patch%29%20on%20Ubuntu-12.04/logs/stdio

Uninitialized bytes in read_iovec at offset 20 inside [0x7040000afb80, 24)
==30509==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7214ea in sendmsg ??:0
    #1 0x7b25da8 in ?? mojo/edk/embedder/platform_channel_utils_posix.cc:113:10
    #2 0x19d5b34e in WriteNoLock mojo/edk/system/channel_posix.cc:336:18
    #3 0x19d5416a in Write mojo/edk/system/channel_posix.cc:126:14
    #4 0x19d494bb in SendChannel mojo/edk/system/broker_host_posix.cc:60:13
    #5 0x19cf4c94 in ConnectToChildOnIOThread mojo/edk/system/node_controller.cc:363:16
    #6 0x19d0c4ba in Run<mojo::edk::NodeController *, const int &, mojo::edk::ScopedPlatformHandle, const mojo::edk::ports::NodeName &, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &> base/bind_internal.h:187:12
    #7 0x19d0c4ba in MakeItSo<const base::internal::RunnableAdapter<void (mojo::edk::NodeController::*)(int, mojo::edk::ScopedPlatformHandle, mojo::edk::ports::NodeName, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &)> &, mojo::edk::NodeController *, const int &, mojo::edk::ScopedPlatformHandle, const mojo::edk::ports::NodeName &, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &> base/bind_internal.h:312:0
    #8 0x19d0c4ba in Run base/bind_internal.h:364:0
    #9 0x13794f1f in Run base/callback.h:397:12
    #10 0x13794f1f in RunTask base/debug/task_annotator.cc:51:0
    #11 0x13572c01 in RunTask base/message_loop/message_loop.cc:493:19
    #12 0x13574647 in DeferOrRunPendingTask base/message_loop/message_loop.cc:502:5
    #13 0x13576077 in DoWork base/message_loop/message_loop.cc:624:13
    #14 0x13586963 in Run base/message_loop/message_pump_libevent.cc:217:31
    #15 0x136167ec in Run base/run_loop.cc:35:10
    #16 0x1356fe12 in ?? base/message_loop/message_loop.cc:295:12
    #17 0x634bae4 in IOThreadRun content/browser/browser_thread_impl.cc:223:11
    #18 0x634c416 in Run content/browser/browser_thread_impl.cc:259:14
    #19 0x136bef57 in ThreadMain base/threading/thread.cc:255:3
    #20 0x136adb95 in ThreadFunc base/threading/platform_thread_posix.cc:70:13
    #21 0x7fabf0d6ce99 in start_thread /build/eglibc-oqps9y/eglibc-2.15/nptl/pthread_create.c:308:0
    #22 0x7fabea62636c in ?? /build/eglibc-oqps9y/eglibc-2.15/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:112:0

  Uninitialized value was created by a heap allocation
    #0 0x70b97c in posix_memalign ??:0
    #1 0x1355b9e9 in ?? base/memory/aligned_memory.cc:31:7
    #2 0x19d4f362 in Message mojo/edk/system/channel.cc:75:30
    #3 0x19d490b4 in CreateBrokerMessage mojo/edk/system/broker_messages.h:53:11
    #4 0x19d490b4 in SendChannel mojo/edk/system/broker_host_posix.cc:54:0
    #5 0x19cf4c94 in ConnectToChildOnIOThread mojo/edk/system/node_controller.cc:363:16
    #6 0x19d0c4ba in Run<mojo::edk::NodeController *, const int &, mojo::edk::ScopedPlatformHandle, const mojo::edk::ports::NodeName &, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &> base/bind_internal.h:187:12
    #7 0x19d0c4ba in MakeItSo<const base::internal::RunnableAdapter<void (mojo::edk::NodeController::*)(int, mojo::edk::ScopedPlatformHandle, mojo::edk::ports::NodeName, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &)> &, mojo::edk::NodeController *, const int &, mojo::edk::ScopedPlatformHandle, const mojo::edk::ports::NodeName &, const base::Callback<void (const std::__1::basic_string<char> &), base::internal::CopyMode::Copyable> &> base/bind_internal.h:312:0
    #8 0x19d0c4ba in Run base/bind_internal.h:364:0
    #9 0x13794f1f in Run base/callback.h:397:12
    #10 0x13794f1f in RunTask base/debug/task_annotator.cc:51:0
    #11 0x13572c01 in RunTask base/message_loop/message_loop.cc:493:19
    #12 0x13574647 in DeferOrRunPendingTask base/message_loop/message_loop.cc:502:5
    #13 0x13576077 in DoWork base/message_loop/message_loop.cc:624:13
    #14 0x13586963 in Run base/message_loop/message_pump_libevent.cc:217:31
    #15 0x136167ec in Run base/run_loop.cc:35:10
    #16 0x1356fe12 in ?? base/message_loop/message_loop.cc:295:12
    #17 0x634bae4 in IOThreadRun content/browser/browser_thread_impl.cc:223:11
    #18 0x634c416 in Run content/browser/browser_thread_impl.cc:259:14
    #19 0x136bef57 in ThreadMain base/threading/thread.cc:255:3
    #20 0x136adb95 in ThreadFunc base/threading/platform_thread_posix.cc:70:13
    #21 0x7fabf0d6ce99 in start_thread /build/eglibc-oqps9y/eglibc-2.15/nptl/pthread_create.c:308:0


Not sure if this blocks rolling clang, or if we should suppress it, or fix, or what.

Comment 1 by thakis@chromium.org, Jun 26 2016

Blocking: 621972

Comment 2 by roc...@chromium.org, Jun 26 2016

Owner: amistry@chromium.org
Status: Assigned (was: Untriaged)
Anand would you mind taking a quick look at broker host message allocation? Maybe we aren't initializing some of that data?

Comment 3 by roc...@chromium.org, Jun 26 2016 

Re first comment, we should definitely fix it instead of suppressing it.

Comment 4 by thakis@chromium.org, Jun 27 2016 

Well yeah, but it probably shouldn't block the next compiler update, which means suppressing until it's fixed.

Comment 5 by roc...@chromium.org, Jun 27 2016 

I see. Feel free to add a suppression and we can work to remove it ASAP.

Comment 6 by amistry@chromium.org, Jun 27 2016 

I'm on it!

Comment 7 by amistry@chromium.org, Jun 27 2016 

Looks like it might be the padding field. I'll double-check and send out a CL.
Project Member

Comment 8 by bugdroid1@chromium.org, Jun 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e107d296d9c06165b36c8bc299b9025df094d49e

commit e107d296d9c06165b36c8bc299b9025df094d49e
Author: amistry <amistry@chromium.org>
Date: Mon Jun 27 04:59:26 2016

[mojo-edk] Initialise padding in mojo::edk::BrokerMessageHeader.

BUG= 623413 
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2098273002
Cr-Commit-Position: refs/heads/master@{#402114}

[modify] https://crrev.com/e107d296d9c06165b36c8bc299b9025df094d49e/mojo/edk/system/broker_messages.h

Comment 9 by thakis@chromium.org, Jun 27 2016 

Thanks! This is looking muuuuuch better now. A new try run with that change has just a single failing test, with this stack: (https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_msan_rel_ng/builds/397)

SharedBufferTest.PassHandleBetweenCousins (run #1):
[ RUN      ] SharedBufferTest.PassHandleBetweenCousins
Uninitialized bytes in __interceptor_send at offset 44 inside [0x70600000bf40, 48)
==28076==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0xb6c9b5 in WriteNoLock mojo/edk/system/channel_posix.cc:368:18
    #1 0xb6593a in Write mojo/edk/system/channel_posix.cc:126:14
    #2 0xb782db in WriteChannelMessage mojo/edk/system/node_channel.cc:866:15
    #3 0xb782db in AddBrokerClient mojo/edk/system/node_channel.cc:295:0
    #4 0xb08fd8 in OnAcceptParent mojo/edk/system/node_controller.cc:779:13
    #5 0xb7c04f in OnChannelMessage mojo/edk/system/node_channel.cc:509:20
    #6 0xb63331 in OnReadComplete mojo/edk/system/channel.cc:563:18
    #7 0xb6b381 in OnFileCanReadWithoutBlocking mojo/edk/system/channel_posix.cc:288:14
    #8 0x9a74c0 in OnFileCanReadWithoutBlocking base/message_loop/message_pump_libevent.cc:95:13
    #9 0x9a74c0 in OnLibeventNotification base/message_loop/message_pump_libevent.cc:344:0
    #10 0x8e6dda in event_process_active base/third_party/libevent/event.c:381:4
    #11 0x8e6dda in event_base_loop base/third_party/libevent/event.c:521:0
    #12 0x9a81c3 in Run base/message_loop/message_pump_libevent.cc:244:7
    #13 0x9dd40c in Run base/run_loop.cc:35:10
    #14 0x993602 in ?? base/message_loop/message_loop.cc:295:12
    #15 0xa199f7 in ThreadMain base/threading/thread.cc:255:3
    #16 0xa0d075 in ThreadFunc base/threading/platform_thread_posix.cc:70:13
    #17 0x7f29de3f3e99 in start_thread /build/eglibc-oqps9y/eglibc-2.15/nptl/pthread_create.c:308:0
    #18 0x7f29ddf0b36c in ?? /build/eglibc-oqps9y/eglibc-2.15/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:112:0

  Uninitialized value was created by a heap allocation
    #0 0x45d34c in posix_memalign ??:0
    #1 0xf90859 in ?? base/memory/aligned_memory.cc:31:7
    #2 0xb60b32 in Message mojo/edk/system/channel.cc:75:30
    #3 0xb77f47 in CreateMessage\u003Cmojo::edk::(anonymous namespace)::AddBrokerClientData> mojo/edk/system/node_channel.cc:131:11
    #4 0xb77f47 in AddBrokerClient mojo/edk/system/node_channel.cc:287:0
    #5 0xb08fd8 in OnAcceptParent mojo/edk/system/node_controller.cc:779:13
    #6 0xb7c04f in OnChannelMessage mojo/edk/system/node_channel.cc:509:20
    #7 0xb63331 in OnReadComplete mojo/edk/system/channel.cc:563:18
    #8 0xb6b381 in OnFileCanReadWithoutBlocking mojo/edk/system/channel_posix.cc:288:14
    #9 0x9a74c0 in OnFileCanReadWithoutBlocking base/message_loop/message_pump_libevent.cc:95:13
    #10 0x9a74c0 in OnLibeventNotification base/message_loop/message_pump_libevent.cc:344:0
    #11 0x8e6dda in event_process_active base/third_party/libevent/event.c:381:4
    #12 0x8e6dda in event_base_loop base/third_party/libevent/event.c:521:0
    #13 0x9a81c3 in Run base/message_loop/message_pump_libevent.cc:244:7
    #14 0x9dd40c in Run base/run_loop.cc:35:10
    #15 0x993602 in ?? base/message_loop/message_loop.cc:295:12
    #16 0xa199f7 in ThreadMain base/threading/thread.cc:255:3
    #17 0xa0d075 in ThreadFunc base/threading/platform_thread_posix.cc:70:13
    #18 0x7f29de3f3e99 in start_thread /build/eglibc-oqps9y/eglibc-2.15/nptl/pthread_create.c:308:0

Comment 10 by roc...@chromium.org, Jun 27 2016

Cc: -roc...@chromium.org amistry@chromium.org
Owner: roc...@chromium.org
I'll look at that one
Project Member

Comment 11 by bugdroid1@chromium.org, Jun 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/299a5d16e0b5acdf05fb58790e13113c34016b27

commit 299a5d16e0b5acdf05fb58790e13113c34016b27
Author: rockot <rockot@chromium.org>
Date: Mon Jun 27 17:11:54 2016

[mojo-edk] Fix uninitialized padding in AddBrokerClient message

TBRing this trivial change to unblock a clang roll with better
MSan support.

BUG= 623413 
TBR=amistry@chromium.org

Review-Url: https://codereview.chromium.org/2102443004
Cr-Commit-Position: refs/heads/master@{#402207}

[modify] https://crrev.com/299a5d16e0b5acdf05fb58790e13113c34016b27/mojo/edk/system/node_channel.cc

Comment 12 by roc...@chromium.org, Jun 27 2016

Status: Fixed (was: Assigned)
Should be fixed now

Comment 13 by thakis@chromium.org, Jun 27 2016 

Should be, but I was watching https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20TSan%20Tests/builds/21952 (which has the clang roll) to confirm and I realized it doesn't run mojo_system_unittests even though the try bot does :-/

I'll sync up the test lists between the two bots.

Comment 14 by thakis@chromium.org, Jun 27 2016 

Oh ooops, that's tsan, not msan.

(Maybe the tsan bots should run more mojo tests too, but that's unrelated to this bug.)

msan is still building after the roll: https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20Linux%20MSan%20Builder/builds/21771

Sign in to add a comment