New issue
Advanced search Search tips

Issue 697177 link

Starred by 2 users
Status: Fixed
Owner:
dtapu...@chromium.org
Closed: Mar 2017
Cc:
nzolghadr@chromium.org
dtapu...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocking:
issue 697171



Sign in to add a comment

Two touch event related tests failing under msan

Project Member Reported by thakis@chromium.org, Feb 28 2017 
InputRouterImplScaleTouchEventTest.ScaleTouchEventTest , RenderWidgetHostViewAuraOverscrollTest.OverscrollWithTouchEvents

Representative:
https://build.chromium.org/p/chromium.memory.full/builders/Linux%20MSan%20Tests/builds/6001/steps/content_unittests%20on%20Ubuntu-14.04/logs/RenderWidgetHostViewAuraOverscrollTest.OverscrollWithTouchEvents

Uninitialized bytes in __msan_check_mem_is_initialized at offset 140 inside [0x7ffe3ec02908, 1200)
==8383==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0xdd01b80 in WriteBytesCommon base/pickle.cc:477:3
    #1 0xdd01b80 in WriteBytes base/pickle.cc:350:0
    #2 0xdd01b80 in WriteData base/pickle.cc:346:0
    #3 0x5abbd50 in WriteParam\u003Cconst blink::WebInputEvent *> ipc/ipc_message_utils.h:104:3
    #4 0x5abbd50 in Write ipc/ipc_message_utils.h:796:0
    #5 0x5a24c7a in WriteParam\u003Cstd::__1::tuple\u003Cconst blink::WebInputEvent *const &, const std::__1::vector\u003Cconst blink::WebInputEvent *, std::__1::allocator\u003Cconst blink::WebInputEvent *> > &, const ui::LatencyInfo &, const content::InputEventDispatchType &> > ipc/ipc_message_utils.h:104:3
    #6 0x5a24c7a in MessageT ipc/ipc_message_templates_impl.h:29:0
    #7 0xa88fd95 in MessageT\u003Ctrue, false> ipc/ipc_message_templates.h:105:9
    #8 0xa88fd95 in OfferToRenderer content/browser/renderer_host/input/input_router_impl.cc:441:0
    #9 0xa88f8fb in OfferToHandlers content/browser/renderer_host/input/input_router_impl.cc:383:3
    #10 0xa884c03 in FilterAndSendWebInputEvent content/browser/renderer_host/input/input_router_impl.cc:372:3
    #11 0xa8a42e9 in SendTouchEventImmediately content/browser/renderer_host/input/legacy_touch_event_queue.cc:544:12
    #12 0xa8a0242 in ForwardNextEventToRenderer content/browser/renderer_host/input/legacy_touch_event_queue.cc:355:3
    #13 0xa89e0cd in QueueEvent content/browser/renderer_host/input/legacy_touch_event_queue.cc:176:5
    #14 0xa885da3 in SendTouchEvent content/browser/renderer_host/input/input_router_impl.cc:199:23
    #15 0xaab6c9b in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_impl.cc:1187:18
    #16 0x3c69678 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:515:27
    #17 0x3be04a9 in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:969:19
    #18 0x3be04a9 in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3555:0
    #19 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #20 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #21 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #22 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #23 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #24 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #25 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #26 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #27 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #28 0xb5effba in Run base/callback.h:85:12
    #29 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #30 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #31 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #32 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0
    #33 0x6c0228 in _start ??:?

  Uninitialized value was stored to memory at
    #0 0x6e0cb4 in __msan_memcpy ??:?
    #1 0xa89f549 in EventWithLatencyInfo content/common/input/event_with_latency_info.h:21:7
    #2 0xa89f549 in ForwardNextEventToRenderer content/browser/renderer_host/input/legacy_touch_event_queue.cc:294:0
    #3 0xa89e0cd in QueueEvent content/browser/renderer_host/input/legacy_touch_event_queue.cc:176:5
    #4 0xa885da3 in SendTouchEvent content/browser/renderer_host/input/input_router_impl.cc:199:23
    #5 0xaab6c9b in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_impl.cc:1187:18
    #6 0x3c69678 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:515:27
    #7 0x3be04a9 in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:969:19
    #8 0x3be04a9 in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3555:0
    #9 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #10 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #11 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #12 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #13 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #14 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #15 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #16 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #17 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #18 0xb5effba in Run base/callback.h:85:12
    #19 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #20 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #21 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #22 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

  Uninitialized value was stored to memory at
    #0 0x6e0cb4 in __msan_memcpy ??:?
    #1 0xa8a6e0f in EventWithLatencyInfo content/common/input/event_with_latency_info.h:21:7
    #2 0xa8a6e0f in CoalescedWebTouchEvent content/browser/renderer_host/input/legacy_touch_event_queue.cc:58:0
    #3 0xa89dfe3 in MakeUnique\u003Ccontent::CoalescedWebTouchEvent, const content::EventWithLatencyInfo\u003Cblink::WebTouchEvent> &, bool> base/memory/ptr_util.h:56:33
    #4 0xa89dfe3 in QueueEvent content/browser/renderer_host/input/legacy_touch_event_queue.cc:175:0
    #5 0xa885da3 in SendTouchEvent content/browser/renderer_host/input/input_router_impl.cc:199:23
    #6 0xaab6c9b in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_impl.cc:1187:18
    #7 0x3c69678 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:515:27
    #8 0x3be04a9 in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:969:19
    #9 0x3be04a9 in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3555:0
    #10 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #11 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #12 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #13 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #14 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #15 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #16 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #17 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #18 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #19 0xb5effba in Run base/callback.h:85:12
    #20 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #21 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #22 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #23 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

  Uninitialized value was stored to memory at
    #0 0x6e0cb4 in __msan_memcpy ??:?
    #1 0xa885cb6 in EventWithLatencyInfo content/common/input/event_with_latency_info.h:21:7
    #2 0xa885cb6 in SendTouchEvent content/browser/renderer_host/input/input_router_impl.cc:196:0
    #3 0xaab6c9b in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_impl.cc:1187:18
    #4 0x3c69678 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:515:27
    #5 0x3be04a9 in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:969:19
    #6 0x3be04a9 in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3555:0
    #7 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #8 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #9 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #10 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #11 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #12 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #13 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #14 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #15 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #16 0xb5effba in Run base/callback.h:85:12
    #17 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #18 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #19 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #20 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

  Uninitialized value was stored to memory at
    #0 0x6e0cb4 in __msan_memcpy ??:?
    #1 0xaab6a17 in EventWithLatencyInfo content/common/input/event_with_latency_info.h:29:9
    #2 0xaab6a17 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_impl.cc:1176:0
    #3 0x3c69678 in ForwardTouchEventWithLatencyInfo content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:515:27
    #4 0x3be04a9 in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:969:19
    #5 0x3be04a9 in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3555:0
    #6 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #7 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #8 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #9 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #10 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #11 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #12 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #13 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #14 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #15 0xb5effba in Run base/callback.h:85:12
    #16 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #17 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #18 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #19 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

  Uninitialized value was stored to memory at
    #0 0x6e0cb4 in __msan_memcpy ??:?
    #1 0x5b4182d in ResetPoints content/common/input/synthetic_web_input_event_builders.cc:184:20
    #2 0x3bdfebc in SendTouchEvent content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:971:18
    #3 0x3bdfebc in TestBody content/browser/renderer_host/render_widget_host_view_aura_unittest.cc:3551:0
    #4 0xd5ccfbc in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12
    #5 0xd5ccfbc in Run testing/gtest/src/gtest.cc:2474:0
    #6 0xd5cf941 in Run testing/gtest/src/gtest.cc:2656:11
    #7 0xd5d0ea9 in Run testing/gtest/src/gtest.cc:2774:28
    #8 0xd5f13bd in RunAllTests testing/gtest/src/gtest.cc:4647:43
    #9 0xd5f022e in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12
    #10 0xd5f022e in Run testing/gtest/src/gtest.cc:4255:0
    #11 0xb5cd550 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
    #12 0xb5cd550 in Run base/test/test_suite.cc:271:0
    #13 0xb5effba in Run base/callback.h:85:12
    #14 0xb5effba in LaunchUnitTestsInternal base/test/launcher/unit_test_launcher.cc:211:0
    #15 0xb5ef7dd in LaunchUnitTests base/test/launcher/unit_test_launcher.cc:453:10
    #16 0x50dc6ab in main content/test/run_all_unittests.cc:20:10
    #17 0x7fa593255f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

  Uninitialized value was created by an allocation of 'ref.tmp.sroa.6' in the stack frame of function '_ZN7content22SyntheticWebTouchEvent11ResetPointsEv'
    #0 0x5b41680 in ResetPoints content/common/input/synthetic_web_input_event_builders.cc:172:0

Comment 1 by thestig@chromium.org, Feb 28 2017

Cc: nzolghadr@chromium.org
Components: Blink>Input
r445528 touched the IPC send code recently.

Comment 2 by thakis@chromium.org, Feb 28 2017

Cc: dtapu...@chromium.org
I think this is probably due to the WebTouchEvent ctor change in https://codereview.chromium.org/2569273002/diff/140001/third_party/WebKit/public/platform/WebInputEvent.h -- dtapuska, can you take a look? The stack above is fairly explicit, probably fairly easy for someone with domain knowledge.

Comment 3 by thakis@chromium.org, Mar 1 2017 

This is now the last uninitialized read the msan bot complains about.  dtapuska, can you take a look soon, please?

Comment 4 by dtapu...@chromium.org, Mar 1 2017 

I can certainly take a look? Is there a quick primer you can point me at to test locally?

Comment 5 by dtapu...@chromium.org, Mar 1 2017

Labels: Hotlist-Input-Dev
Owner: dtapu...@chromium.org
Status: Assigned (was: Untriaged)

Comment 6 by thakis@chromium.org, Mar 1 2017 

Sure, https://www.chromium.org/developers/testing/memorysanitizer -- but maybe just looking at the report in comment 0 is enough. I was able to fix a bunch of these just by looking at the msan report without any local verification.

Comment 7 by dtapu...@chromium.org, Mar 1 2017 

Looks related to change https://chromium.googlesource.com/chromium/src/+/2fe7948

where movementX, movementY aren't initialized here: https://cs.chromium.org/chromium/src/third_party/WebKit/public/platform/WebPointerProperties.h?l=59

Patch coming soon.

Comment 8 by dtapu...@chromium.org, Mar 1 2017 

Fixed posted here:  https://codereview.chromium.org/2728713002/
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c28d835116eda137a4c299b9b610df32fc5075a4

commit c28d835116eda137a4c299b9b610df32fc5075a4
Author: dtapuska <dtapuska@chromium.org>
Date: Wed Mar 01 20:40:46 2017

Fix msan failure on WebPointerProperties.

Caused by change https://chromium.googlesource.com/chromium/src/+/2fe7948
the movementX/Y fields moved from a memset inialized struct to a struct
that wasn't memset. The fields need to be initialized in the ctor of this
object.

BUG= 697177 
TBR=rbyers@chromium.org

Review-Url: https://codereview.chromium.org/2728713002
Cr-Commit-Position: refs/heads/master@{#454024}

[modify] https://crrev.com/c28d835116eda137a4c299b9b610df32fc5075a4/third_party/WebKit/public/platform/WebPointerProperties.h

Comment 10 by dtapu...@chromium.org, Mar 1 2017

Status: Fixed (was: Assigned)

Sign in to add a comment