New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 712641 link

Starred by 0 users
Status: Fixed
Owner:
nrpeter@chromium.org
Closed: Apr 2017
Cc:
rdevlin....@chromium.org
dcheng@chromium.org
picksi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 3
Type: Bug
Hotlist-MemoryInfra



Sign in to add a comment

MSan bots on Linux and CrOS are failing with "exception"

Project Member Reported by vabr@chromium.org, Apr 18 2017 
Bots failing:
 * https://build.chromium.org/p/chromium.memory/builders/Linux%20ChromiumOS%20MSan%20Tests
 * https://build.chromium.org/p/chromium.memory/builders/Linux%20MSan%20Tests

The failure is consistent, and started with builds https://build.chromium.org/p/chromium.memory/builders/Linux%20ChromiumOS%20MSan%20Tests/builds/68 and https://build.chromium.org/p/chromium.memory/builders/Linux%20MSan%20Tests/builds/120, which have intersecting blamelist. The ranges are:
r464948 - r464956 and r464953 - r464981, and hence the intersection is: r464954, r464955 or r464956. The latter two are only relevant to Android, however, so they are unlikely culprits. The first one seems related (see comments below).

It looks like a huge number of browser_tests, extensions_browsertests and interactive_ui_tests are failing, as well as a small group of extensions-related unit tests.

The reported error usually contains something like:
"Uninitialized bytes in __msan_check_mem_is_initialized at offset 0 inside [0x7ffc933b55bc, 4)"
around the code for writing IPCs.

Detailed logs attached. The stack traces look similar enough that this might be a real issue, but I'm not sure at the moment.
logs.tar.bz2
674 KB Download

Comment 1 by vabr@chromium.org, Apr 18 2017

Cc: rdevlin....@chromium.org nrperter@google.com dcheng@chromium.org
Components: -Internals>Core Platform>Extensions
Status: Available (was: Untriaged)
One of the errors says:

"
Uninitialized value was created by an allocation of 'params_in' in the stack frame of function '_ZN10extensions47ExtensionMessageTypesTest_TestLoadedParams_Test8TestBodyEv'
    #0 0xc9f950 in extensions::ExtensionMessageTypesTest_TestLoadedParams_Test::TestBody() extensions/common/extension_messages_unittest.cc:41:0
"

params_in is a variable of type ExtensionMsg_Loaded_Params defined as:

ExtensionMsg_Loaded_Params params_in(extension.get(), true);

That particular constructor seems to initialize all fields in the struct.


I am not able to tell whether the MSan warning is real or false positive, but actually r464954, which is almost in the blamelist intersection, seems to have touched those files. I'll spend some more time looking into this as a sheriff, but already Cc-ing the CL's author and approvers to allow them have a look.

Comment 2 by vabr@chromium.org, Apr 18 2017

Cc: -nrperter@google.com
Labels: -Sheriff-Chromium
Owner: nrpeter@chromium.org
Status: Assigned (was: Available)
I left a comment on the CL https://codereview.chromium.org/2499493004/#msg124 but I'm not really sure whether that suggestion is what MSan points out.

I need to move on with sheriffing, so would appreciate a hand from some of you. Thanks!

Comment 3 by vabr@chromium.org, Apr 18 2017 

Actually, the CL is new enough that a speculative revert might be in order. I'll do that.
Project Member

Comment 4 by bugdroid1@chromium.org, Apr 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/645e0abfe9d2c10a3a79756566e48f5440af70c7

commit 645e0abfe9d2c10a3a79756566e48f5440af70c7
Author: vabr <vabr@chromium.org>
Date: Tue Apr 18 14:27:46 2017

Revert of Communicate ExtensionSettings policy to renderers (patchset #19 id:500001 of https://codereview.chromium.org/2499493004/ )

Reason for revert:
This likely broke MSan. Details in
BUG= 712641 

Original issue's description:
> Communicate ExtensionSettings policy to renderers
>
> -Communicate which hosts are runtime blocked to all renderers
> -Blocks host permissions for specific hosts by specific extensions
> -Tests via blocking content script injection
> -Introduces new test class for use with ExtensionSettings policy
>
> BUG=624649
>
> Review-Url: https://codereview.chromium.org/2499493004
> Cr-Commit-Position: refs/heads/master@{#464954}
> Committed: https://chromium.googlesource.com/chromium/src/+/c2f02148125c69bdce012802d9a467d725965a93

TBR=dcheng@chromium.org,nrpeter@chromium.org,rdevlin.cronin@chromium.org,zmin@chromium.org,pastarmovj@chromium.org,nrpeter@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=624649

Review-Url: https://codereview.chromium.org/2820333003
Cr-Commit-Position: refs/heads/master@{#465230}

[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/api/permissions/permissions_apitest.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/content_script_apitest.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_management.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_management.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_management_constants.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_management_constants.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_management_internal.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/extension_service.cc
[delete] https://crrev.com/eeeb0d0ec28227aba875195e0f20076414fc4596/chrome/browser/extensions/extension_with_management_policy_apitest.cc
[delete] https://crrev.com/eeeb0d0ec28227aba875195e0f20076414fc4596/chrome/browser/extensions/extension_with_management_policy_apitest.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/permissions_updater.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/permissions_updater.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/browser/extensions/permissions_updater_unittest.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/common/extensions/permissions/permissions_data_unittest.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/chrome/test/BUILD.gn
[delete] https://crrev.com/eeeb0d0ec28227aba875195e0f20076414fc4596/chrome/test/data/extensions/api_test/content_scripts/policy/background.js
[delete] https://crrev.com/eeeb0d0ec28227aba875195e0f20076414fc4596/chrome/test/data/extensions/api_test/content_scripts/policy/manifest.json
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/browser/renderer_startup_helper.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/constants.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/constants.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/extension.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/extension_messages.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/extension_messages.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/permissions/permissions_data.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/permissions/permissions_data.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/url_pattern.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/url_pattern.h
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/common/url_pattern_unittest.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/renderer/dispatcher.cc
[modify] https://crrev.com/645e0abfe9d2c10a3a79756566e48f5440af70c7/extensions/renderer/dispatcher.h

Comment 5 by vabr@chromium.org, Apr 18 2017 

And looking better, the reverted CL was actually in the blamelist intersection, I must have gotten the blame ranges wrong on first looking.

Comment 6 by vabr@chromium.org, Apr 18 2017

Description: Show this description

Comment 7 by nrpeter@google.com, Apr 18 2017 

Thanks, looking into the issue.

Comment 8 by vabr@chromium.org, Apr 18 2017 

Thank you for the quick response!
I'm not even sure yet whether your CL is really the culprit, because the bots are so slow they did not even started building with the revert yet.

I am now at the end of my sheriff shift, so won't be able to look further. Feel free to address this as you see fit, including relanding your CL as it was in case the bots (linked from #0) don't get better after processing the revert.

Comment 9 by nrpeter@google.com, Apr 18 2017 

My CL is likely the cause, and I think I've got a fix. I'm compiling now and will will test it on the msan try bots.

Comment 10 by nrpeter@google.com, Apr 24 2017 

CL with fix under review at https://codereview.chromium.org/2833843004/

Tested locally with MSAN build which passes. I don't access to submit jobs to chromium.memory try servers however.

Sign in to add a comment