webkit_tests Linux MSAN virtual/display_list_2d_canvas/fast/canvas/canvas-createImageBitmap-invalid-blob-in-workers.html virtual/gpu/fast/canvas/canvas-createImageBitmap-invalid-blob-in-workers.html |
||||||
Issue descriptionBuild is broken: webkit_tests virtual/display_list_2d_canvas/fast/canvas/canvas-createImageBitmap-invalid-blob-in-workers.html https://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=virtual%2Fdisplay_list_2d_canvas%2Ffast%2Fcanvas%2Fcanvas-createImageBitmap-invalid-blob-in-workers.html&testType=webkit_tests webkit_tests virtual/gpu/fast/canvas/canvas-createImageBitmap-invalid-blob-in-workers.html https://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=virtual%2Fgpu%2Ffast%2Fcanvas%2Fcanvas-createImageBitmap-invalid-blob-in-workers.html&testType=webkit_tests Revision range: chromium 416918 : 416929 Failing builders: WebKit Linux MSAN: https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20MSAN STDOUT: [Worker] Test createImageBitmap with invalid blobs in workers. STDOUT: STDOUT: On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". STDOUT: STDOUT: STDOUT: Starting worker: ./resources/canvas-createImageBitmap-invalid-blob-in-workers.js STDOUT: PASS [Worker] Promise rejected: InvalidStateError: The source image cannot be decoded. STDOUT: PASS successfullyParsed is true STDOUT: STDOUT: TEST COMPLETE STDOUT: STDERR: ==4==WARNING: MemorySanitizer: use-of-uninitialized-value STDERR: #0 0xbf8ec5e in mark<blink::Visitor *> third_party/WebKit/Source/platform/heap/TraceTraits.h:74:17 STDERR: #1 0xbf8ec5e in mark<blink::Visitor *> third_party/WebKit/Source/platform/heap/TraceTraits.h:194:0 STDERR: #2 0xbf8ec5e in mark<blink::DOMArrayBuffer> third_party/WebKit/Source/platform/heap/Visitor.h:135:0 STDERR: #3 0xbf8ec5e in tracePersistent<blink::Visitor *> third_party/WebKit/Source/platform/heap/Persistent.h:201:0 STDERR: #4 0xbf8ec5e in trampoline third_party/WebKit/Source/platform/heap/Visitor.h:63:0 STDERR: #5 0x3fdcfd6 in tracePersistentNode third_party/WebKit/Source/platform/heap/PersistentNode.h:56:9 STDERR: #6 0x3fdcfd6 in tracePersistentNodes third_party/WebKit/Source/platform/heap/PersistentNode.cpp:101:0 STDERR: #7 0x3fe477e in visitPersistents third_party/WebKit/Source/platform/heap/ThreadState.cpp:460:25 STDERR: #8 0x3fe3afd in collectGarbageForTerminatingThread third_party/WebKit/Source/platform/heap/ThreadState.cpp:1728:9 STDERR: #9 0x3fe2639 in runTerminationGC third_party/WebKit/Source/platform/heap/ThreadState.cpp:308:9 STDERR: #10 0x3fbbb2e in detach third_party/WebKit/Source/platform/heap/Heap.cpp:278:17 STDERR: #11 0x3fe40e6 in detachCurrentThread third_party/WebKit/Source/platform/heap/ThreadState.cpp:378:19 STDERR: #12 0xfc6169e in shutdown third_party/WebKit/Source/core/workers/WorkerBackingThread.cpp:99:22 STDERR: #13 0xfc9ad79 in performShutdownOnWorkerThread third_party/WebKit/Source/core/workers/WorkerThread.cpp:606:31 STDERR: #14 0x6bb591d in Run base/callback.h:56:12 STDERR: #15 0x6bb591d in RunTask base/debug/task_annotator.cc:54:0 STDERR: #16 0xbcfb96f in ProcessTaskFromWorkQueue third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:311:19 STDERR: #17 0xbcf4864 in DoWork third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:215:13 STDERR: #18 0x6bb591d in Run base/callback.h:56:12 STDERR: #19 0x6bb591d in RunTask base/debug/task_annotator.cc:54:0 STDERR: #20 0x69c3c8b in RunTask base/message_loop/message_loop.cc:488:19 STDERR: #21 0x69c57ca in DeferOrRunPendingTask base/message_loop/message_loop.cc:497:5 STDERR: #22 0x69c734b in DoWork base/message_loop/message_loop.cc:621:13 STDERR: #23 0x69d328a in Run base/message_loop/message_pump_default.cc:35:31 STDERR: #24 0x6a4a04c in Run base/run_loop.cc:35:10 STDERR: #25 0x6ae104c in ThreadMain base/threading/thread.cc:307:3 STDERR: #26 0x6acf5e5 in ThreadFunc base/threading/platform_thread_posix.cc:71:13 STDERR: #27 0x7fed2a7bee99 in start_thread /build/eglibc-rrybNj/eglibc-2.15/nptl/pthread_create.c:308:0 STDERR: #28 0x7fed2a09d38c in ?? /build/eglibc-rrybNj/eglibc-2.15/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:112:0 STDERR: STDERR: Uninitialized value was created by a heap allocation STDERR: #0 0x4acf72 in operator new(unsigned long) ??:0 STDERR: #1 0x3fe0953 in ThreadState third_party/WebKit/Source/platform/heap/ThreadState.cpp:195:18 STDERR: #2 0xb7a2eda in initialize third_party/WebKit/Source/platform/exported/Platform.cpp:86:5 STDERR: #3 0xc0205f1 in initialize third_party/WebKit/Source/web/WebKit.cpp:84:5 STDERR: #4 0xaf64c79 in InitializeWebKit content/renderer/render_thread_impl.cc:1175:3 STDERR: #5 0xaf5e89a in Init content/renderer/render_thread_impl.cc:638:3 STDERR: #6 0xaf5d6cc in RenderThreadImpl content/renderer/render_thread_impl.cc:609:3 STDERR: #7 0xaf5cd75 in Create content/renderer/render_thread_impl.cc:572:14 STDERR: #8 0xb05c64e in RendererMain content/renderer/renderer_main.cc:186:5 STDERR: #9 0x4ee2112 in RunZygote content/app/content_main_runner.cc:343:14 STDERR: #10 0x4ee516c in RunNamedProcessTypeMain content/app/content_main_runner.cc:426:12 STDERR: #11 0x4ee8681 in Run content/app/content_main_runner.cc:786:12 STDERR: #12 0x4ec6b10 in ContentMain content/app/content_main.cc:20:28 STDERR: #13 0x4ad5a0 in main content/shell/app/shell_main.cc:48:10 STDERR: #14 0x7fed29fcb76c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: SUMMARY: MemorySanitizer: use-of-uninitialized-value (/b/c/b/linux_layout/src/out/Release/content_shell+0xbf8ec5e) STDERR: Exiting Suspected change: https://codereview.chromium.org/2303753003
,
Sep 8 2016
So it looks like someone is visiting the ThreadState object and there's a variable that's not allocated there... maybe the heap? asking the platform dev team.
,
Sep 8 2016
,
Sep 8 2016
Looks like a thread shutdown bug?
,
Sep 8 2016
Seems similar to: https://bugs.chromium.org/p/chromium/issues/detail?id=645253
,
Sep 8 2016
Reverting https://codereview.chromium.org/2321223003/.
,
Sep 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/95c96ebccbe105910c18e9c452a24d4c39b533c6 commit 95c96ebccbe105910c18e9c452a24d4c39b533c6 Author: dmurph <dmurph@chromium.org> Date: Thu Sep 08 22:06:37 2016 Revert of Move collectGarbage* methods to ThreadState (patchset #3 id:40001 of https://codereview.chromium.org/2307003002/ ) Reason for revert: Causing weird MSAN and other issues: BUG= 645227 ,645253 Reverting. Original issue's description: > Move collectGarbage* methods to ThreadState > > Move collectGarbage* methods to ThreadState to indicate that these run GC for the current thread heap. > > BUG= > > Committed: https://crrev.com/89d83a49a6c126d91e25e2d3520cb398e8e1f7d5 > Cr-Commit-Position: refs/heads/master@{#417269} TBR=oilpan-reviews@chromium.org,haraken@chromium.org,keishi@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2321223003 Cr-Commit-Position: refs/heads/master@{#417413} [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolverTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/bindings/core/v8/V8GCController.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/AnimationInputHelpersTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/AnimationStackTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/AnimationTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/AnimationTimelineTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/CompositorAnimationsTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/animation/DocumentTimelineTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/css/CSSStyleSheetResourceTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/dom/DocumentStatisticsCollectorTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/dom/DocumentTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/dom/ExecutionContextTaskTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/dom/ScriptRunnerTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/dom/StyleEngineTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/editing/markers/DocumentMarkerControllerTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/frame/ImageBitmapTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/html/AutoplayExperimentTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/core/html/parser/CSSPreloadScannerTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/canvas2d/CanvasRenderingContext2DTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/canvas2d/CanvasRenderingContext2DUsageTrackingTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/csspaint/PaintWorkletTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/fetch/BodyStreamBufferTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/fetch/BytesConsumerForDataConsumerHandleTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/fetch/DataConsumerTeeTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/fetch/FetchBlobDataConsumerHandleTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/modules/indexeddb/IDBTransactionTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/LifecycleContextTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/BlinkGCMemoryDumpProvider.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/Heap.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/Heap.h [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/HeapTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/PersistentTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/RunAllTests.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/ThreadState.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/heap/ThreadState.h [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/mhtml/MHTMLFuzzer.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/scheduler/CancellableTaskFactoryTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/scroll/ScrollAnimatorTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/scroll/ScrollableAreaTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/scroll/ScrollbarThemeAuraTest.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/platform/testing/RunAllTests.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/web/WebHeap.cpp [modify] https://crrev.com/95c96ebccbe105910c18e9c452a24d4c39b533c6/third_party/WebKit/Source/web/tests/WebViewTest.cpp
,
Sep 9 2016
I'm still getting this issue, we're still failing the msan
,
Sep 11 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 21 2018
Please open a new issue if this still reproduces somewhere somehow. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by dmu...@chromium.org
, Sep 8 2016