angle_unittests failing on ToT Asan bots |
|||||||
Issue descriptionFrom https://build.chromium.org/p/chromium.fyi/builders/ClangToTLinuxASan%20tester/builds/1548: (Same thing on https://build.chromium.org/p/chromium.fyi/builders/ClangToTMacASan%20tester/builds/2936) Looks like it's a real bug? I'm guessing https://codereview.chromium.org/2312243003 is to blame. [ RUN ] ImageIndexTest.Iterator2DArray ================================================================= ==17389==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f2935c13030 at pc 0x000000c101b1 bp 0x7fff740bd050 sp 0x7fff740bd048 READ of size 4 at 0x7f2935c13030 thread T0 #0 0xc101b0 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xc101b0) #1 0x6cdbb1 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0x6cdbb1) #2 0xbb84cb (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbb84cb) #3 0xbb9dc8 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbb9dc8) #4 0xbbb016 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbbb016) #5 0xbcd376 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbcd376) #6 0xbcc9d5 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xbcc9d5) #7 0xb67dfb (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb67dfb) #8 0xa4c99c (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xa4c99c) #9 0xb6aa84 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb6aa84) #10 0xb6b753 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xb6b753) #11 0xa4c774 (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xa4c774) #12 0x7f29392a67ec (/lib/x86_64-linux-gnu/libc.so.6+0x217ec) Address 0x7f2935c13030 is located in stack of thread T0 at offset 48 in frame #0 0x6cd45f (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0x6cd45f) This frame has 33 object(s): [32, 48) 'layerCounts' <== Memory access at offset 48 overflows this variable [64, 104) 'iter' [144, 160) 'gtest_ar' [176, 184) 'temp.lvalue' [208, 216) 'ref.tmp3' [240, 256) 'gtest_ar5' [272, 280) 'temp.lvalue12' [304, 312) 'ref.tmp14' [336, 340) 'mip' [352, 356) 'layer' [368, 384) 'gtest_ar_' [400, 408) 'temp.lvalue29' [432, 456) 'temp.lvalue30' [496, 504) 'ref.tmp32' [528, 540) 'nextIndex' [560, 576) 'gtest_ar34' [592, 596) 'ref.tmp35' [608, 616) 'temp.lvalue39' [640, 648) 'ref.tmp41' [672, 688) 'gtest_ar43' [704, 712) 'temp.lvalue47' [736, 744) 'ref.tmp49' [768, 784) 'gtest_ar51' [800, 808) 'temp.lvalue55' [832, 840) 'ref.tmp57' [864, 880) 'gtest_ar_59' [896, 904) 'temp.lvalue66' [928, 952) 'temp.lvalue67' [992, 1000) 'ref.tmp69' [1024, 1040) 'gtest_ar_76' [1056, 1064) 'temp.lvalue83' [1088, 1112) 'temp.lvalue84' [1152, 1160) 'ref.tmp86' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/b/swarm_slave/w/irLLhrjW/out/Release/angle_unittests+0xc101b0) Shadow bytes around the buggy address: 0x0fe5a6b7a5b0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x0fe5a6b7a5c0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x0fe5a6b7a5d0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x0fe5a6b7a5e0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x0fe5a6b7a5f0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x0fe5a6b7a600: f1 f1 f1 f1 00 00[f2]f2 00 00 00 00 00 f2 f2 f2 0x0fe5a6b7a610: f2 f2 00 00 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 00 0x0fe5a6b7a620: f2 f2 00 f2 f2 f2 00 f2 f2 f2 04 f2 04 f2 00 00 0x0fe5a6b7a630: f2 f2 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 f2 0x0fe5a6b7a640: f2 f2 00 04 f2 f2 00 00 f2 f2 04 f2 00 f2 f2 f2 0x0fe5a6b7a650: 00 f2 f2 f2 00 00 f2 f2 00 f2 f2 f2 00 f2 f2 f2 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==17389==ABORTING [67/5261] ImageIndexTest.Iterator2DArray (CRASHED)
,
Sep 7 2016
Thanks. There are no symbols on the bot?
,
Sep 7 2016
(you'll want to add angle_unittests to https://build.chromium.org/p/chromium.memory/builders/Linux%20ASan%20LSan%20Tests%20%281%29/ too, so that this doesn't show up only on our tot bots. That'll give you trybot coverage as well)
,
Sep 7 2016
Can anyone share the link to how to repro these failures?
,
Sep 7 2016
("you" being "someone working on angle", sorry if that wasn't clear)
,
Sep 7 2016
And yes, we (me) should add these tests to that trybot.
,
Sep 7 2016
,
Sep 7 2016
https://www.chromium.org/developers/testing/addresssanitizer will probably do the trick. I think disabling nacl is no longer necessary.
,
Sep 7 2016
Fix on the way: https://chromium-review.googlesource.com/#/c/382332/
,
Sep 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/124dce0551b8f8e248ba80b0fe99ca963793fbb6 commit 124dce0551b8f8e248ba80b0fe99ca963793fbb6 Author: jmadill <jmadill@chromium.org> Date: Thu Sep 08 02:08:54 2016 Roll ANGLE 5a7e20e..9df01f8 https://chromium.googlesource.com/angle/angle.git/+log/5a7e20e..9df01f8 BUG= 614178 , chromium:638323 , 644846 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2320863002 Cr-Commit-Position: refs/heads/master@{#417163} [modify] https://crrev.com/124dce0551b8f8e248ba80b0fe99ca963793fbb6/DEPS
,
Sep 8 2016
Should be fixed now.
,
Sep 8 2016
Do you want to use this bug for adding angle_unittests to the normal asan bot, or do you have a separate bug for that?
,
Sep 8 2016
Might as well re-use this one. Thanks for the reminder.
,
Sep 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/124dce0551b8f8e248ba80b0fe99ca963793fbb6 commit 124dce0551b8f8e248ba80b0fe99ca963793fbb6 Author: jmadill <jmadill@chromium.org> Date: Thu Sep 08 02:08:54 2016 Roll ANGLE 5a7e20e..9df01f8 https://chromium.googlesource.com/angle/angle.git/+log/5a7e20e..9df01f8 BUG= 614178 , chromium:638323 , 644846 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2320863002 Cr-Commit-Position: refs/heads/master@{#417163} [modify] https://crrev.com/124dce0551b8f8e248ba80b0fe99ca963793fbb6/DEPS
,
Sep 13 2016
Where do I add these tests? I couldn't find it in a couple minutes of using Code Search?
,
Sep 13 2016
To testing/buildbot/chromium.memory.json in the chromium src repo I think. Add an entry similar to the one in testing/buildbot/chromium.fyi.json
,
Sep 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ed2f409a8253512a291d883230241b6ff75b985f commit ed2f409a8253512a291d883230241b6ff75b985f Author: jmadill <jmadill@chromium.org> Date: Tue Sep 13 21:14:50 2016 Add angle_unittests to Linux ASAN bot. BUG= 644846 Review-Url: https://codereview.chromium.org/2339613002 Cr-Commit-Position: refs/heads/master@{#418371} [modify] https://crrev.com/ed2f409a8253512a291d883230241b6ff75b985f/testing/buildbot/chromium.memory.json
,
Sep 14 2016
,
Sep 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/48de80b986f8d7a6e27422d882276c9dd0af2cd5 commit 48de80b986f8d7a6e27422d882276c9dd0af2cd5 Author: jmadill <jmadill@chromium.org> Date: Mon Sep 26 16:28:52 2016 Shard angle_unittests 10 ways on memory bot. The bot was spending up to 10% of its time on this test. Sharding should help keep it moving more quickly. BUG= 644846 R=thakis@chromium.org Review-Url: https://codereview.chromium.org/2365353003 Cr-Commit-Position: refs/heads/master@{#420903} [modify] https://crrev.com/48de80b986f8d7a6e27422d882276c9dd0af2cd5/testing/buildbot/chromium.memory.json |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by h...@chromium.org
, Sep 7 2016Labels: clang
Owner: jmad...@chromium.org
Status: Assigned (was: Untriaged)