New issue
Advanced search Search tips

Issue 734021 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jan 14
Cc:
a...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

ChooserDialogCocoaControllerTest fail, while running unit_tests with ASAN

Reported by dyaros...@yandex-team.ru, Jun 16 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 YaBrowser/17.7.0.1004 Yowser/2.5 Safari/537.36

Steps to reproduce the problem:
Run unit_tests, build with ASAN on mac

What is the expected behavior?

What went wrong?
====================================================
[ RUN      ] ChooserDialogCocoaControllerTest.AddOption
[41610:775:0616/140011.129883:302860983931476:FATAL:lock_impl_posix.cc(65)] Check failed: rv == 0 (22 vs. 0). Invalid argument
0   unit_tests                          0x000000011717557c base::debug::StackTrace::StackTrace(unsigned long) + 28
1   unit_tests                          0x00000001171d2aca logging::LogMessage::~LogMessage() + 666
2   unit_tests                          0x00000001172f1af6 base::internal::LockImpl::Lock() + 438
3   unit_tests                          0x00000001172b194c base::SequenceCheckerImpl::CalledOnValidSequence() const + 172
4   unit_tests                          0x00000001172eb00d base::SupportsUserData::GetUserData(void const*) const + 205
5   unit_tests                          0x0000000110e69480 content::BrowserContext::GetConnectorFor(content::BrowserContext*) + 16
6   unit_tests                          0x000000011184f16a content::RenderProcessHostImpl::InitializeChannelProxy() + 314
7   unit_tests                          0x000000011186c6ea content::RenderProcessHostImpl::ProcessDied(bool, content::RenderProcessHost::RendererClosedDetails*) + 2778
8   unit_tests                          0x0000000117176e19 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 889
9   unit_tests                          0x000000011720f5a8 base::MessageLoop::RunTask(base::PendingTask*) + 1096
10  unit_tests                          0x000000011721074c base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 508
11  unit_tests                          0x0000000117211406 base::MessageLoop::DoWork() + 1462
12  unit_tests                          0x000000011721f7a3 base::MessagePumpCFRunLoopBase::RunWork() + 339
13  unit_tests                          0x00000001171d8d1a base::mac::CallWithEHFrame(void () block_pointer) + 10
14  unit_tests                          0x000000011721d131 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 369
15  CoreFoundation                      0x00007fffc1b2b321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
16  CoreFoundation                      0x00007fffc1b0c21d __CFRunLoopDoSources0 + 557
17  CoreFoundation                      0x00007fffc1b0b716 __CFRunLoopRun + 934
18  CoreFoundation                      0x00007fffc1b0b114 CFRunLoopRunSpecific + 420
19  HIToolbox                           0x00007fffc106cebc RunCurrentEventLoopInMode + 240
20  HIToolbox                           0x00007fffc106ccf1 ReceiveNextEventCommon + 432
21  HIToolbox                           0x00007fffc106cb26 _BlockUntilNextEventMatchingListInModeWithFilter + 71
22  AppKit                              0x00007fffbf605a54 _DPSNextEvent + 1120
23  AppKit                              0x00007fffbfd817ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796
24  unit_tests                          0x0000000117a7da0c __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + 396
25  unit_tests                          0x00000001171d8d1a base::mac::CallWithEHFrame(void () block_pointer) + 10
26  unit_tests                          0x0000000117a7d5eb -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 763
27  AppKit                              0x00007fffbf5fa3db -[NSApplication run] + 926
28  unit_tests                          0x000000011722158f base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 1007
29  unit_tests                          0x000000011721b485 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 389
30  unit_tests                          0x000000011720e9de base::MessageLoop::Run() + 542
31  unit_tests                          0x00000001172ac4d2 base::RunLoop::Run() + 434
32  unit_tests                          0x00000001172ad270 base::RunLoop::RunUntilIdle() + 304
33  unit_tests                          0x000000010f68caa7 CocoaProfileTest::~CocoaProfileTest() + 407
34  unit_tests                          0x000000010f22f420 ChooserDialogCocoaControllerTest_AddOption_Test::~ChooserDialogCocoaControllerTest_AddOption_Test() + 128
35  unit_tests                          0x000000010fbdece4 testing::TestInfo::Run() + 1172
36  unit_tests                          0x000000010fbdff17 testing::TestCase::Run() + 967
37  unit_tests                          0x000000010fbf3467 testing::internal::UnitTestImpl::RunAllTests() + 2471
38  unit_tests                          0x000000010fbf2a19 testing::UnitTest::Run() + 297
39  unit_tests                          0x0000000114d7e04f base::TestSuite::Run() + 479
40  unit_tests                          0x0000000114daaf78 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 728
41  unit_tests                          0x0000000114daac04 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 404
42  unit_tests                          0x0000000114d5ada2 main + 626
43  libdyld.dylib                       0x00007fffd7285235 start + 1
===================================================

[ RUN      ] ChooserDialogCocoaControllerTest.AddAndRemoveOption
[41611:775:0616/140011.358558:302861212662295:FATAL:lock_impl_posix.cc(65)] Check failed: rv == 0 (22 vs. 0). Invalid argument
0   unit_tests                          0x0000000118dc057c base::debug::StackTrace::StackTrace(unsigned long) + 28
1   unit_tests                          0x0000000118e1daca logging::LogMessage::~LogMessage() + 666
2   unit_tests                          0x0000000118f3caf6 base::internal::LockImpl::Lock() + 438
3   unit_tests                          0x0000000118efc94c base::SequenceCheckerImpl::CalledOnValidSequence() const + 172
4   unit_tests                          0x0000000118f3600d base::SupportsUserData::GetUserData(void const*) const + 205
5   unit_tests                          0x0000000112ab4480 content::BrowserContext::GetConnectorFor(content::BrowserContext*) + 16
6   unit_tests                          0x000000011349a16a content::RenderProcessHostImpl::InitializeChannelProxy() + 314
7   unit_tests                          0x00000001134b76ea content::RenderProcessHostImpl::ProcessDied(bool, content::RenderProcessHost::RendererClosedDetails*) + 2778
8   unit_tests                          0x0000000118dc1e19 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 889
9   unit_tests                          0x0000000118e5a5a8 base::MessageLoop::RunTask(base::PendingTask*) + 1096
10  unit_tests                          0x0000000118e5b74c base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 508
11  unit_tests                          0x0000000118e5c406 base::MessageLoop::DoWork() + 1462
12  unit_tests                          0x0000000118e6a7a3 base::MessagePumpCFRunLoopBase::RunWork() + 339
13  unit_tests                          0x0000000118e23d1a base::mac::CallWithEHFrame(void () block_pointer) + 10
14  unit_tests                          0x0000000118e68131 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 369
15  CoreFoundation                      0x00007fffc1b2b321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
16  CoreFoundation                      0x00007fffc1b0c21d __CFRunLoopDoSources0 + 557
17  CoreFoundation                      0x00007fffc1b0b716 __CFRunLoopRun + 934
18  CoreFoundation                      0x00007fffc1b0b114 CFRunLoopRunSpecific + 420
19  HIToolbox                           0x00007fffc106cebc RunCurrentEventLoopInMode + 240
20  HIToolbox                           0x00007fffc106ccf1 ReceiveNextEventCommon + 432
21  HIToolbox                           0x00007fffc106cb26 _BlockUntilNextEventMatchingListInModeWithFilter + 71
22  AppKit                              0x00007fffbf605a54 _DPSNextEvent + 1120
23  AppKit                              0x00007fffbfd817ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796
24  unit_tests                          0x00000001196c8a0c __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + 396
25  unit_tests                          0x0000000118e23d1a base::mac::CallWithEHFrame(void () block_pointer) + 10
26  unit_tests                          0x00000001196c85eb -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 763
27  AppKit                              0x00007fffbf5fa3db -[NSApplication run] + 926
28  unit_tests                          0x0000000118e6c58f base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 1007
29  unit_tests                          0x0000000118e66485 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 389
30  unit_tests                          0x0000000118e599de base::MessageLoop::Run() + 542
31  unit_tests                          0x0000000118ef74d2 base::RunLoop::Run() + 434
32  unit_tests                          0x0000000118ef8270 base::RunLoop::RunUntilIdle() + 304
33  unit_tests                          0x00000001112d7aa7 CocoaProfileTest::~CocoaProfileTest() + 407
34  unit_tests                          0x0000000110e7a840 ChooserDialogCocoaControllerTest_AddAndRemoveOption_Test::~ChooserDialogCocoaControllerTest_AddAndRemoveOption_Test() + 128
35  unit_tests                          0x0000000111829ce4 testing::TestInfo::Run() + 1172
36  unit_tests                          0x000000011182af17 testing::TestCase::Run() + 967
37  unit_tests                          0x000000011183e467 testing::internal::UnitTestImpl::RunAllTests() + 2471
38  unit_tests                          0x000000011183da19 testing::UnitTest::Run() + 297
39  unit_tests                          0x00000001169c904f base::TestSuite::Run() + 479
40  unit_tests                          0x00000001169f5f78 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 728
41  unit_tests                          0x00000001169f5c04 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 404
42  unit_tests                          0x00000001169a5da2 main + 626
43  libdyld.dylib                       0x00007fffd7285235 start + 1

===================================================

[ RUN      ] ChooserDialogCocoaControllerTest.SelectAnOptionAndPressConnectButton
[41612:775:0616/140012.357902:302862212008280:FATAL:lock_impl_posix.cc(65)] Check failed: rv == 0 (22 vs. 0). Invalid argument
0   unit_tests                          0x000000011be7a57c base::debug::StackTrace::StackTrace(unsigned long) + 28
1   unit_tests                          0x000000011bed7aca logging::LogMessage::~LogMessage() + 666
2   unit_tests                          0x000000011bff6af6 base::internal::LockImpl::Lock() + 438
3   unit_tests                          0x000000011bfb694c base::SequenceCheckerImpl::CalledOnValidSequence() const + 172
4   unit_tests                          0x000000011bff000d base::SupportsUserData::GetUserData(void const*) const + 205
5   unit_tests                          0x0000000115b6e480 content::BrowserContext::GetConnectorFor(content::BrowserContext*) + 16
6   unit_tests                          0x000000011655416a content::RenderProcessHostImpl::InitializeChannelProxy() + 314
7   unit_tests                          0x00000001165716ea content::RenderProcessHostImpl::ProcessDied(bool, content::RenderProcessHost::RendererClosedDetails*) + 2778
8   unit_tests                          0x000000011be7be19 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 889
9   unit_tests                          0x000000011bf145a8 base::MessageLoop::RunTask(base::PendingTask*) + 1096
10  unit_tests                          0x000000011bf1574c base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 508
11  unit_tests                          0x000000011bf16406 base::MessageLoop::DoWork() + 1462
12  unit_tests                          0x000000011bf247a3 base::MessagePumpCFRunLoopBase::RunWork() + 339
13  unit_tests                          0x000000011beddd1a base::mac::CallWithEHFrame(void () block_pointer) + 10
14  unit_tests                          0x000000011bf22131 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 369
15  CoreFoundation                      0x00007fffc1b2b321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
16  CoreFoundation                      0x00007fffc1b0c21d __CFRunLoopDoSources0 + 557
17  CoreFoundation                      0x00007fffc1b0b716 __CFRunLoopRun + 934
18  CoreFoundation                      0x00007fffc1b0b114 CFRunLoopRunSpecific + 420
19  HIToolbox                           0x00007fffc106cebc RunCurrentEventLoopInMode + 240
20  HIToolbox                           0x00007fffc106ccf1 ReceiveNextEventCommon + 432
21  HIToolbox                           0x00007fffc106cb26 _BlockUntilNextEventMatchingListInModeWithFilter + 71
22  AppKit                              0x00007fffbf605a54 _DPSNextEvent + 1120
23  AppKit                              0x00007fffbfd817ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796
24  unit_tests                          0x000000011c782a0c __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + 396
25  unit_tests                          0x000000011beddd1a base::mac::CallWithEHFrame(void () block_pointer) + 10
26  unit_tests                          0x000000011c7825eb -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 763
27  AppKit                              0x00007fffbf5fa3db -[NSApplication run] + 926
28  unit_tests                          0x000000011bf2658f base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 1007
29  unit_tests                          0x000000011bf20485 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 389
30  unit_tests                          0x000000011bf139de base::MessageLoop::Run() + 542
31  unit_tests                          0x000000011bfb14d2 base::RunLoop::Run() + 434
32  unit_tests                          0x000000011bfb2270 base::RunLoop::RunUntilIdle() + 304
33  unit_tests                          0x0000000114391aa7 CocoaProfileTest::~CocoaProfileTest() + 407
34  unit_tests                          0x0000000113f35600 ChooserDialogCocoaControllerTest_SelectAnOptionAndPressConnectButton_Test::~ChooserDialogCocoaControllerTest_SelectAnOptionAndPressConnectButton_Test() + 128
35  unit_tests                          0x00000001148e3ce4 testing::TestInfo::Run() + 1172
36  unit_tests                          0x00000001148e4f17 testing::TestCase::Run() + 967
37  unit_tests                          0x00000001148f8467 testing::internal::UnitTestImpl::RunAllTests() + 2471
38  unit_tests                          0x00000001148f7a19 testing::UnitTest::Run() + 297
39  unit_tests                          0x0000000119a8304f base::TestSuite::Run() + 479
40  unit_tests                          0x0000000119aaff78 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 728
41  unit_tests                          0x0000000119aafc04 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) + 404
42  unit_tests                          0x0000000119a5fda2 main + 626
43  libdyld.dylib                       0x00007fffd7285235 start + 1

===================================================

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: master  Channel: n/a
OS Version: OS X 10.12.5
Flash Version: Shockwave Flash 26.0 r0

Comment 1 by ranjitkan@chromium.org, Jun 19 2017

Labels: TE-NeedsTriageHelp

Comment 2 by shrike@chromium.org, Jul 6 2017

Owner: shrike@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 3 by shrike@chromium.org, Sep 20 2017 

[ RUN      ] ChooserDialogCocoaControllerTest.SelectAndDeselectAnOption
=================================================================
==78514==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000081bd0 at pc 0x000110319e93 bp 0x7fff5b8ab830 sp 0x7fff5b8ab828
READ of size 8 at 0x613000081bd0 thread T0
    #0 0x110319e92 in base::SupportsUserData::GetUserData(void const*) const __tree:1089
    #1 0x10adc722f in content::BrowserContext::GetConnectorFor(content::BrowserContext*) browser_context.cc:543
    #2 0x10b60f4fd in content::RenderProcessHostImpl::InitializeChannelProxy() render_process_host_impl.cc:1543
    #3 0x10b62d63e in content::RenderProcessHostImpl::ProcessDied(bool, content::RenderProcessHost::RendererClosedDetails*) render_process_host_impl.cc:3704
    #4 0x1101f7d12 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) callback.h:64
    #5 0x1102678b6 in base::MessageLoop::RunTask(base::PendingTask*) message_loop.cc:406
    #6 0x11026913f in base::MessageLoop::DoWork() message_loop.cc:417
    #7 0x110272798 in base::MessagePumpCFRunLoopBase::RunWork() message_pump_mac.mm:421
    #8 0x110245f29 in base::mac::CallWithEHFrame(void () block_pointer) (unit_tests:x86_64+0x10bef5f29)
    #9 0x110270130 in base::MessagePumpCFRunLoopBase::RunWorkSource(void*) message_pump_mac.mm:397
    #10 0x7fff840213e0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (CoreFoundation:x86_64+0xa43e0)
    #11 0x7fff8400265b in __CFRunLoopDoSources0 (CoreFoundation:x86_64+0x8565b)
    #12 0x7fff84001b45 in __CFRunLoopRun (CoreFoundation:x86_64+0x84b45)
    #13 0x7fff84001543 in CFRunLoopRunSpecific (CoreFoundation:x86_64+0x84543)
    #14 0x7fff83560ebb in RunCurrentEventLoopInMode (HIToolbox:x86_64+0x30ebb)
    #15 0x7fff83560cf0 in ReceiveNextEventCommon (HIToolbox:x86_64+0x30cf0)
    #16 0x7fff83560b25 in _BlockUntilNextEventMatchingListInModeWithFilter (HIToolbox:x86_64+0x30b25)
    #17 0x7fff81af9a53 in _DPSNextEvent (AppKit:x86_64+0x46a53)
    #18 0x7fff822757ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (AppKit:x86_64+0x7c27ed)
    #19 0x110a20e5c in __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke chrome_browser_application_mac.mm:187
    #20 0x110245f29 in base::mac::CallWithEHFrame(void () block_pointer) (unit_tests:x86_64+0x10bef5f29)
    #21 0x110a20a3a in -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] chrome_browser_application_mac.mm:186
    #22 0x7fff81aee3da in -[NSApplication run] (AppKit:x86_64+0x3b3da)
    #23 0x11027456e in base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) message_pump_mac.mm:749
    #24 0x11026e454 in base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) message_pump_mac.mm:141
    #25 0x1102e3a0a in base::RunLoop::Run() run_loop.cc:123
    #26 0x10954a7bf in CocoaProfileTest::~CocoaProfileTest() cocoa_profile_test.mm:42
    #27 0x1090da0bf in ChooserDialogCocoaControllerTest_SelectAndDeselectAnOption_Test::~ChooserDialogCocoaControllerTest_SelectAndDeselectAnOption_Test() chooser_dialog_cocoa_controller_unittest.mm:50
    #28 0x109a6f603 in testing::TestInfo::Run() gtest.h:453
    #29 0x109a70816 in testing::TestCase::Run() gtest.cc:2772
    #30 0x109a85266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #31 0x109a84829 in testing::UnitTest::Run() gtest.cc:4285
    #32 0x10e293806 in base::TestSuite::Run() test_suite.cc:270
    #33 0x10e2bc6ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #34 0x10e2bc34b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #35 0x10e272fbc in main run_all_unittests.cc:30
    #36 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

0x613000081bd0 is located 16 bytes inside of 368-byte region [0x613000081bc0,0x613000081d30)
freed by thread T0 here:
    #0 0x128e4f232  (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x64232)
    #1 0x110e220eb in ProfileDestroyer::DestroyProfileWhenAppropriate(Profile*) profile_destroyer.cc:65
    #2 0x110e86409 in std::__1::__tree<std::__1::__value_type<base::FilePath, std::__1::unique_ptr<ProfileManager::ProfileInfo, std::__1::default_delete<ProfileManager::ProfileInfo> > >, std::__1::__map_value_compare<base::FilePath, std::__1::__value_type<base::FilePath, std::__1::unique_ptr<ProfileManager::ProfileInfo, std::__1::default_delete<ProfileManager::ProfileInfo> > >, std::__1::less<base::FilePath>, true>, std::__1::allocator<std::__1::__value_type<base::FilePath, std::__1::unique_ptr<ProfileManager::ProfileInfo, std::__1::default_delete<ProfileManager::ProfileInfo> > > > >::destroy(std::__1::__tree_node<std::__1::__value_type<base::FilePath, std::__1::unique_ptr<ProfileManager::ProfileInfo, std::__1::default_delete<ProfileManager::ProfileInfo> > >, void*>*) profile_manager.cc:1661
    #3 0x110e6ed84 in ProfileManager::~ProfileManager() __tree:1821
    #4 0x10e271acd in testing::ProfileManager::~ProfileManager() testing_profile_manager.cc:31
    #5 0x10954a7a5 in CocoaProfileTest::~CocoaProfileTest() cocoa_profile_test.mm:39
    #6 0x1090da0bf in ChooserDialogCocoaControllerTest_SelectAndDeselectAnOption_Test::~ChooserDialogCocoaControllerTest_SelectAndDeselectAnOption_Test() chooser_dialog_cocoa_controller_unittest.mm:50
    #7 0x109a6f603 in testing::TestInfo::Run() gtest.h:453
    #8 0x109a70816 in testing::TestCase::Run() gtest.cc:2772
    #9 0x109a85266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #10 0x109a84829 in testing::UnitTest::Run() gtest.cc:4285
    #11 0x10e293806 in base::TestSuite::Run() test_suite.cc:270
    #12 0x10e2bc6ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #13 0x10e2bc34b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #14 0x10e272fbc in main run_all_unittests.cc:30
    #15 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

previously allocated by thread T0 here:
    #0 0x128e4ec32  (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x63c32)
    #1 0x10e26d758 in TestingProfile::Builder::Build() testing_profile.cc:1092
    #2 0x10e27001f in TestingProfileManager::CreateTestingProfile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::unique_ptr<sync_preferences::PrefServiceSyncable, std::__1::default_delete<sync_preferences::PrefServiceSyncable> >, std::__1::basic_string<unsigned short, base::string16_internals::string16_char_traits, std::__1::allocator<unsigned short> > const&, int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<std::__1::pair<BrowserContextKeyedServiceFactory*, std::__1::unique_ptr<KeyedService, std::__1::default_delete<KeyedService> > (*)(content::BrowserContext*)>, std::__1::allocator<std::__1::pair<BrowserContextKeyedServiceFactory*, std::__1::unique_ptr<KeyedService, std::__1::default_delete<KeyedService> > (*)(content::BrowserContext*)> > > const&) testing_profile_manager.cc:99
    #3 0x10954b0dc in CocoaProfileTest::SetUp() cocoa_profile_test.mm:57
    #4 0x1090d9113 in ChooserDialogCocoaControllerTest::SetUp() chooser_dialog_cocoa_controller_unittest.mm:53
    #5 0x109a6d52f in testing::Test::Run() gtest.cc:2468
    #6 0x109a6f4e3 in testing::TestInfo::Run() gtest.cc:2654
    #7 0x109a70816 in testing::TestCase::Run() gtest.cc:2772
    #8 0x109a85266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #9 0x109a84829 in testing::UnitTest::Run() gtest.cc:4285
    #10 0x10e293806 in base::TestSuite::Run() test_suite.cc:270
    #11 0x10e2bc6ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #12 0x10e2bc34b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #13 0x10e272fbc in main run_all_unittests.cc:30
    #14 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

SUMMARY: AddressSanitizer: heap-use-after-free __tree:1089 in base::SupportsUserData::GetUserData(void const*) const
Shadow bytes around the buggy address:
  0x1c2600010320: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600010330: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x1c2600010340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2600010350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2600010360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x1c2600010370: fa fa fa fa fa fa fa fa fd fd[fd]fd fd fd fd fd
  0x1c2600010380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600010390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c26000103a0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
  0x1c26000103b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c26000103c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==78514==ABORTING
Received signal 6
 [0x0001101f66ac]
 [0x0001101f63c5]
 [0x7fff99dd3b3a]
 [0x000000000003]
 [0x7fff99c58420]
 [0x000128e632e6]
 [0x000128e62224]
 [0x000128e488d7]
 [0x000128e48342]
 [0x000128e4907b]
 [0x000110319e93]
 [0x00010adc7230]
 [0x00010b60f4fe]
 [0x00010b62d63f]
 [0x0001101f7d13]
 [0x0001102678b7]
 [0x000110269140]
 [0x000110272799]
 [0x000110245f2a]
 [0x000110270131]
 [0x7fff840213e1]
 [0x7fff8400265c]
 [0x7fff84001b46]
 [0x7fff84001544]
 [0x7fff83560ebc]
 [0x7fff83560cf1]
 [0x7fff83560b26]
 [0x7fff81af9a54]
 [0x7fff822757ee]
 [0x000110a20e5d]
 [0x000110245f2a]
 [0x000110a20a3b]
 [0x7fff81aee3db]
 [0x00011027456f]
 [0x00011026e455]
 [0x0001102e3a0b]
 [0x00010954a7c0]
 [0x0001090da0c0]
 [0x000109a6f604]
 [0x000109a70817]
 [0x000109a85267]
 [0x000109a8482a]
 [0x00010e293807]
 [0x00010e2bc6ae]
 [0x00010e2bc34c]
 [0x00010e272fbd]
 [0x7fff99bc4235]
[end of stack trace]

Comment 4 by shrike@chromium.org, Sep 20 2017

Cc: a...@chromium.org
CocoaProfileTest::~CocoaProfileTest() in cocoa_profile_test.mm calls TestingBrowserProcess::GetGlobal()->SetProfileManager(NULL), which frees the profile manager, thereby freeing the profiles it contains. However, with the subsequent call to base::RunLoop().RunUntilIdle() the RenderProcessHostImpl receives a ProcessDied() message, in which it apparently attempts to use the freed profile. So it seems we need to shutdown this remaining machinery before freeing the profile manager.

avi@ - any thoughts?

Comment 5 by shrike@chromium.org, Jan 23 2018

Labels: -Pri-2 Pri-3
Owner: ----
Status: Available (was: Assigned)

Comment 6 by benhenry@google.com, Jan 11

Status: Untriaged (was: Available)
Available, but no owner or component? Please find a component, as no one will ever find this without one.

Comment 7 by rsesek@chromium.org, Jan 14

Status: WontFix (was: Untriaged)
ChooserDialogCocoaControllerTest was deleted with the switch to MacViews.

Sign in to add a comment