Version: sync'd to revision 404813
OS: Linux tested, but could be all
What steps will reproduce the problem?
(1) Sync to revision 404813 (hash 4828a631a7c8914d3c175c63c78fbdcee75da9b0)
(2) Build an ASan release version with DCHECKs always enabled
(3) Start chrome
What is the expected output?
Chrome runs normally.
What do you see instead?
Assert is hit in the renderer process and it is killed:
ASSERTION FAILED: header->checkHeader()
../../third_party/WebKit/Source/platform/heap/HeapPage.h(845) : static blink::HeapObjectHeader *blink::HeapObjectHeader::fromPayload(const void *)
1 0x7f4dce3f6079
2 0x7f4dcfbe16a0 blink::InspectorInstrumentation::StyleRecalc::StyleRecalc(blink::Document*)
3 0x7f4dce70673a blink::Document::updateStyleAndLayoutTree()
4 0x7f4dcf98c6ad blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal()
5 0x7f4dcf9896d7 blink::FrameView::updateStyleAndLayoutIfNeededRecursive()
6 0x7f4dcf987d84 blink::FrameView::updateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState)
7 0x7f4dcfdeb5f8 blink::PageAnimator::updateAllLifecyclePhases(blink::LocalFrame&)
8 0x7f4ddc95cc21 blink::WebViewImpl::updateAllLifecyclePhases()
9 0x7f4ddc9644bf blink::WebViewImpl::resizeViewWhileAnchored(blink::FrameView*, float, bool)
10 0x7f4ddc964cac blink::WebViewImpl::resizeWithTopControls(blink::WebSize const&, float, bool)
11 0x7f4de90a5edc content::RenderViewImpl::ResizeWebWidget()
12 0x7f4de90c921c content::RenderWidget::Resize(content::ResizeParams const&)
13 0x7f4de90a6419 content::RenderViewImpl::OnResize(content::ResizeParams const&)
14 0x7f4de90ba721
15 0x7f4de90b6eee content::RenderWidget::OnMessageReceived(IPC::Message const&)
16 0x7f4de907d18c content::RenderViewImpl::OnMessageReceived(IPC::Message const&)
17 0x7f4de517eca3 IPC::MessageRouter::RouteMessage(IPC::Message const&)
18 0x7f4de517ea19 IPC::MessageRouter::OnMessageReceived(IPC::Message const&)
19 0x7f4de68e9a12 content::ChildThreadImpl::OnMessageReceived(IPC::Message const&)
20 0x7f4de51356c8 IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
21 0x7f4deff12b62 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
22 0x7f4dd5ea5706 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*)
23 0x7f4dd5ea180e scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)
24 0x7f4dd5ea811c
25 0x7f4deff12b62 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
26 0x7f4deff9ca96 base::MessageLoop::RunTask(base::PendingTask const&)
27 0x7f4deff9d646 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
28 0x7f4deff9e65f base::MessageLoop::DoWork()
29 0x7f4deffa511f base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
30 0x7f4deff9bcb3 base::MessageLoop::RunHandler()
31 0x7f4df002f8c6 base::RunLoop::Run()
Comment 1 by nasko@chromium.org
, Jul 12 2016In addition, ASan detects a memory corruption: ==1==ERROR: AddressSanitizer: SEGV on unknown address 0x00009f7537dd (pc 0x7f4dce3f6079 bp 0x7ffe90d817f0 sp 0x7ffe90d817e0 T0) ==1==The signal is caused by a READ memory access. ==1==WARNING: invalid path to external symbolizer! ==1==WARNING: Failed to use and restart external symbolizer! #0 0x7f4dce3f6078 in fromPayload ./out/asan/../../third_party/WebKit/Source/platform/heap/HeapPage.h:845:5 #1 0x7f4dce3f6078 in checkPointer ./out/asan/../../third_party/WebKit/Source/platform/heap/Member.h:146:0 #2 0x7f4dcfbe169f in Member ./out/asan/../../third_party/WebKit/Source/platform/heap/Member.h:35:9 #3 0x7f4dcfbe169f in Iterator ./out/asan/gen/blink/core/InstrumentingAgents.h:50:0 #4 0x7f4dcfbe169f in begin ./out/asan/gen/blink/core/InstrumentingAgents.h:58:0 #5 0x7f4dcfbe169f in StyleRecalc ./out/asan/../../third_party/WebKit/Source/core/inspector/InspectorInstrumentation.cpp:132:0 #6 0x7f4dce706739 in updateStyleAndLayoutTree ./out/asan/../../third_party/WebKit/Source/core/dom/Document.cpp:1707:43 #7 0x7f4dcf98c6ac in updateStyleAndLayoutIfNeededRecursiveInternal ./out/asan/../../third_party/WebKit/Source/core/frame/FrameView.cpp:2701:26 #8 0x7f4dcf9896d6 in updateStyleAndLayoutIfNeededRecursive ./out/asan/../../third_party/WebKit/Source/core/frame/FrameView.cpp:2681:5 #9 0x7f4dcf987d83 in updateLifecyclePhasesInternal ./out/asan/../../third_party/WebKit/Source/core/frame/FrameView.cpp:2528:5 #10 0x7f4dcfdeb5f7 in updateAllLifecyclePhases ./out/asan/../../third_party/WebKit/Source/core/page/PageAnimator.cpp:85:11 #11 0x7f4ddc95cc20 in updateAllLifecyclePhases ./out/asan/../../third_party/WebKit/Source/web/WebViewImpl.cpp:2011:5 #12 0x7f4ddc9644be in resizeViewWhileAnchored ./out/asan/../../third_party/WebKit/Source/web/WebViewImpl.cpp:1897:5 #13 0x7f4ddc964cab in resizeWithTopControls ./out/asan/../../third_party/WebKit/Source/web/WebViewImpl.cpp:1941:9 #14 0x7f4de90a5edb in ResizeWebWidget ./out/asan/../../content/renderer/render_view_impl.cc:2561:16 #15 0x7f4de90c921b in Resize ./out/asan/../../content/renderer/render_widget.cc:1023:3 #16 0x7f4de90a6418 in OnResize ./out/asan/../../content/renderer/render_view_impl.cc:2587:17 #17 0x7f4de90ba720 in DispatchToMethodImpl<content::RenderWidget *, void (content::RenderWidget::*)(const content::ResizeParams &), content::ResizeParams, 0> ./out/asan/../../base/tuple.h:140:3 #18 0x7f4de90ba720 in DispatchToMethod<content::RenderWidget *, void (content::RenderWidget::*)(const content::ResizeParams &), content::ResizeParams> ./out/asan/../../base/tuple.h:147:0 #19 0x7f4de90ba720 in DispatchToMethod<content::RenderWidget, void (content::RenderWidget::*)(const content::ResizeParams &), void, std::__1::tuple<content::ResizeParams> > ./out/asan/../../ipc/ipc_message_templates.h:26:0 #20 0x7f4de90ba720 in Dispatch<content::RenderWidget, content::RenderWidget, void, void (content::RenderWidget::*)(const content::ResizeParams &)> ./out/asan/../../ipc/ipc_message_templates.h:121:0 #21 0x7f4de90b6eed in OnMessageReceived ./out/asan/../../content/renderer/render_widget.cc:481:5 #22 0x7f4de907d18b in OnMessageReceived ./out/asan/../../content/renderer/render_view_impl.cc:1352:5 #23 0x7f4de517eca2 in RouteMessage ./out/asan/../../ipc/message_router.cc:52:20 #24 0x7f4de517ea18 in OnMessageReceived ./out/asan/../../ipc/message_router.cc:44:10 #25 0x7f4de68e9a11 in OnMessageReceived ./out/asan/../../content/child/child_thread_impl.cc:696:18 #26 0x7f4de51356c7 in OnDispatchMessage ./out/asan/../../ipc/ipc_channel_proxy.cc:284:14 #27 0x7f4deff12b61 in Run ./out/asan/../../base/callback.h:389:12 #28 0x7f4deff12b61 in RunTask ./out/asan/../../base/debug/task_annotator.cc:51:0 #29 0x7f4dd5ea5705 in ProcessTaskFromWorkQueue ./out/asan/../../components/scheduler/base/task_queue_manager.cc:315:19 #30 0x7f4dd5ea180d in DoWork ./out/asan/../../components/scheduler/base/task_queue_manager.cc:218:13 #31 0x7f4dd5ea811b in Invoke<base::WeakPtr<scheduler::TaskQueueManager>, const base::TimeTicks &, const bool &> ./out/asan/../../base/bind_internal.h:214:12 #32 0x7f4dd5ea811b in MakeItSo<void (scheduler::TaskQueueManager::*const &)(base::TimeTicks, bool), base::WeakPtr<scheduler::TaskQueueManager>, const base::TimeTicks &, const bool &> ./out/asan/../../base/bind_internal.h:303:0 #33 0x7f4dd5ea811b in RunImpl<void (scheduler::TaskQueueManager::*const &)(base::TimeTicks, bool), const std::__1::tuple<base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks, bool> &, 0, 1, 2> ./out/asan/../../base/bind_internal.h:346:0 #34 0x7f4dd5ea811b in Run ./out/asan/../../base/bind_internal.h:324:0 #35 0x7f4deff12b61 in Run ./out/asan/../../base/callback.h:389:12 #36 0x7f4deff12b61 in RunTask ./out/asan/../../base/debug/task_annotator.cc:51:0 #37 0x7f4deff9ca95 in RunTask ./out/asan/../../base/message_loop/message_loop.cc:494:19 #38 0x7f4deff9d645 in DeferOrRunPendingTask ./out/asan/../../base/message_loop/message_loop.cc:503:5 #39 0x7f4deff9e65e in DoWork ./out/asan/../../base/message_loop/message_loop.cc:627:13 #40 0x7f4deffa511e in Run ./out/asan/../../base/message_loop/message_pump_default.cc:35:31 #41 0x7f4deff9bcb2 in RunHandler ./out/asan/../../base/message_loop/message_loop.cc:457:10 #42 0x7f4df002f8c5 in Run ./out/asan/../../base/run_loop.cc:35:10 #43 0x7f4de90f232e in RendererMain ./out/asan/../../content/renderer/renderer_main.cc:198:23 #44 0x7f4de95dd445 in RunZygote ./out/asan/../../content/app/content_main_runner.cc:343:14 #45 0x7f4de95debdf in RunNamedProcessTypeMain ./out/asan/../../content/app/content_main_runner.cc:426:12 #46 0x7f4de95e0742 in Run ./out/asan/../../content/app/content_main_runner.cc:785:12 #47 0x7f4de95dc6ca in ContentMain ./out/asan/../../content/app/content_main.cc:20:28 #48 0x7f4df1b1a948 in ChromeMain ./out/asan/../../chrome/app/chrome_main.cc:84:12 #49 0x7f4dd618ff44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0