New issue
Advanced search Search tips

Issue 644846 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Sep 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

angle_unittests failing on ToT Asan bots

Project Member Reported by h...@chromium.org, Sep 7 2016

Issue description

From https://build.chromium.org/p/chromium.fyi/builders/ClangToTLinuxASan%20tester/builds/1548:

(Same thing on https://build.chromium.org/p/chromium.fyi/builders/ClangToTMacASan%20tester/builds/2936)

Looks like it's a real bug?

I'm guessing https://codereview.chromium.org/2312243003 is to blame.



[ RUN      ] ImageIndexTest.Iterator2DArray
=================================================================
==17389==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f2935c13030 at pc 0x000000c101b1 bp 0x7fff740bd050 sp 0x7fff740bd048
READ of size 4 at 0x7f2935c13030 thread T0
    #0 0xc101b0  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xc101b0)
    #1 0x6cdbb1  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0x6cdbb1)
    #2 0xbb84cb  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbb84cb)
    #3 0xbb9dc8  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbb9dc8)
    #4 0xbbb016  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbbb016)
    #5 0xbcd376  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbcd376)
    #6 0xbcc9d5  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbcc9d5)
    #7 0xb67dfb  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb67dfb)
    #8 0xa4c99c  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xa4c99c)
    #9 0xb6aa84  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb6aa84)
    #10 0xb6b753  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb6b753)
    #11 0xa4c774  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xa4c774)
    #12 0x7f29392a67ec  (/lib/x86_64-linux-gnu/libc.so.6+0x217ec)

Address 0x7f2935c13030 is located in stack of thread T0 at offset 48 in frame
    #0 0x6cd45f  (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0x6cd45f)

  This frame has 33 object(s):
    [32, 48) 'layerCounts' <== Memory access at offset 48 overflows this variable
    [64, 104) 'iter'
    [144, 160) 'gtest_ar'
    [176, 184) 'temp.lvalue'
    [208, 216) 'ref.tmp3'
    [240, 256) 'gtest_ar5'
    [272, 280) 'temp.lvalue12'
    [304, 312) 'ref.tmp14'
    [336, 340) 'mip'
    [352, 356) 'layer'
    [368, 384) 'gtest_ar_'
    [400, 408) 'temp.lvalue29'
    [432, 456) 'temp.lvalue30'
    [496, 504) 'ref.tmp32'
    [528, 540) 'nextIndex'
    [560, 576) 'gtest_ar34'
    [592, 596) 'ref.tmp35'
    [608, 616) 'temp.lvalue39'
    [640, 648) 'ref.tmp41'
    [672, 688) 'gtest_ar43'
    [704, 712) 'temp.lvalue47'
    [736, 744) 'ref.tmp49'
    [768, 784) 'gtest_ar51'
    [800, 808) 'temp.lvalue55'
    [832, 840) 'ref.tmp57'
    [864, 880) 'gtest_ar_59'
    [896, 904) 'temp.lvalue66'
    [928, 952) 'temp.lvalue67'
    [992, 1000) 'ref.tmp69'
    [1024, 1040) 'gtest_ar_76'
    [1056, 1064) 'temp.lvalue83'
    [1088, 1112) 'temp.lvalue84'
    [1152, 1160) 'ref.tmp86'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xc101b0) 
Shadow bytes around the buggy address:
  0x0fe5a6b7a5b0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe5a6b7a5c0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe5a6b7a5d0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe5a6b7a5e0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe5a6b7a5f0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe5a6b7a600: f1 f1 f1 f1 00 00[f2]f2 00 00 00 00 00 f2 f2 f2
  0x0fe5a6b7a610: f2 f2 00 00 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 00
  0x0fe5a6b7a620: f2 f2 00 f2 f2 f2 00 f2 f2 f2 04 f2 04 f2 00 00
  0x0fe5a6b7a630: f2 f2 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 f2
  0x0fe5a6b7a640: f2 f2 00 04 f2 f2 00 00 f2 f2 04 f2 00 f2 f2 f2
  0x0fe5a6b7a650: 00 f2 f2 f2 00 00 f2 f2 00 f2 f2 f2 00 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==17389==ABORTING
[67/5261] ImageIndexTest.Iterator2DArray (CRASHED)
 

Comment 1 by h...@chromium.org, Sep 7 2016

Cc: thakis@chromium.org
Labels: clang
Owner: jmad...@chromium.org
Status: Assigned (was: Untriaged)
jmadill: I'm guessing this is due to your roll.
Thanks. There are no symbols on the bot?
(you'll want to add angle_unittests to https://build.chromium.org/p/chromium.memory/builders/Linux%20ASan%20LSan%20Tests%20%281%29/ too, so that this doesn't show up only on our tot bots. That'll give you trybot coverage as well)
Can anyone share the link to how to repro these failures?
("you" being "someone working on angle", sorry if that wasn't clear)
And yes, we (me) should add these tests to that trybot.
Components: Internals>GPU>ANGLE
https://www.chromium.org/developers/testing/addresssanitizer will probably do the trick. I think disabling nacl is no longer necessary.
Status: Started (was: Assigned)
Fix on the way: https://chromium-review.googlesource.com/#/c/382332/
Project Member

Comment 10 by bugdroid1@chromium.org, Sep 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/124dce0551b8f8e248ba80b0fe99ca963793fbb6

commit 124dce0551b8f8e248ba80b0fe99ca963793fbb6
Author: jmadill <jmadill@chromium.org>
Date: Thu Sep 08 02:08:54 2016

Roll ANGLE 5a7e20e..9df01f8

https://chromium.googlesource.com/angle/angle.git/+log/5a7e20e..9df01f8

BUG= 614178 , chromium:638323 , 644846 

TBR=geofflang@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2320863002
Cr-Commit-Position: refs/heads/master@{#417163}

[modify] https://crrev.com/124dce0551b8f8e248ba80b0fe99ca963793fbb6/DEPS

Status: Fixed (was: Started)
Should be fixed now.
Do you want to use this bug for adding angle_unittests to the normal asan bot, or do you have a separate bug for that?
Status: Assigned (was: Fixed)
Might as well re-use this one. Thanks for the reminder.
Project Member

Comment 14 by bugdroid1@chromium.org, Sep 8 2016

Labels: merge-merged-2854
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/124dce0551b8f8e248ba80b0fe99ca963793fbb6

commit 124dce0551b8f8e248ba80b0fe99ca963793fbb6
Author: jmadill <jmadill@chromium.org>
Date: Thu Sep 08 02:08:54 2016

Roll ANGLE 5a7e20e..9df01f8

https://chromium.googlesource.com/angle/angle.git/+log/5a7e20e..9df01f8

BUG= 614178 , chromium:638323 , 644846 

TBR=geofflang@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2320863002
Cr-Commit-Position: refs/heads/master@{#417163}

[modify] https://crrev.com/124dce0551b8f8e248ba80b0fe99ca963793fbb6/DEPS

Where do I add these tests? I couldn't find it in a couple minutes of using Code Search?
To testing/buildbot/chromium.memory.json in the chromium src repo I think. Add an entry similar to the one in testing/buildbot/chromium.fyi.json
Project Member

Comment 17 by bugdroid1@chromium.org, Sep 13 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ed2f409a8253512a291d883230241b6ff75b985f

commit ed2f409a8253512a291d883230241b6ff75b985f
Author: jmadill <jmadill@chromium.org>
Date: Tue Sep 13 21:14:50 2016

Add angle_unittests to Linux ASAN bot.

BUG= 644846 

Review-Url: https://codereview.chromium.org/2339613002
Cr-Commit-Position: refs/heads/master@{#418371}

[modify] https://crrev.com/ed2f409a8253512a291d883230241b6ff75b985f/testing/buildbot/chromium.memory.json

Status: Fixed (was: Assigned)
Project Member

Comment 19 by bugdroid1@chromium.org, Sep 26 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/48de80b986f8d7a6e27422d882276c9dd0af2cd5

commit 48de80b986f8d7a6e27422d882276c9dd0af2cd5
Author: jmadill <jmadill@chromium.org>
Date: Mon Sep 26 16:28:52 2016

Shard angle_unittests 10 ways on memory bot.

The bot was spending up to 10% of its time on this test. Sharding
should help keep it moving more quickly.

BUG= 644846 
R=thakis@chromium.org

Review-Url: https://codereview.chromium.org/2365353003
Cr-Commit-Position: refs/heads/master@{#420903}

[modify] https://crrev.com/48de80b986f8d7a6e27422d882276c9dd0af2cd5/testing/buildbot/chromium.memory.json

Sign in to add a comment