New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 749111 link

Starred by 1 user
Status: Duplicate
Merged: issue 748856
Owner:
roc...@chromium.org
please use my google.com address
Closed: Jul 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security



Sign in to add a comment

MSAN crash on startup

Project Member Reported by infe...@chromium.org, Jul 26 2017 
linux_msan_chrome (r489562)
/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome --user-data-dir=/mnt/scratch0/tmp/user_profile_0 --log-net-log=/mnt/scratch0/tmp/net_log_0 --ignore-gpu-blacklist --allow-file-access-from-files --disable-gesture-requirement-for-media-playback --disable-click-to-play --disable-hang-monitor --dns-prefetch-disable --disable-default-apps --disable-component-update --safebrowsing-disable-auto-update --metrics-recording-only --disable-gpu-watchdog --disable-metrics --disable-popup-blocking --disable-prompt-on-repost --enable-experimental-extension-apis --enable-extension-apps --js-flags="--expose-gc" --new-window --no-default-browser-check --no-first-run --no-process-singleton-dialog --enable-shadow-dom --enable-media-stream --use-gl=osmesa --disable-gl-drawing-for-tests --use-fake-device-for-media-stream --use-fake-ui-for-media-stream --disable-namespace-sandbox 

Xlib: extension "RANDR" missing on display ":1".
Uninitialized bytes in __interceptor_send at offset 276 inside [0x72100007f800, 520)
==11249:11281==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7efc3c36a461 in mojo::edk::(anonymous namespace)::ChannelPosix::WriteNoLock(mojo::edk::(anonymous namespace)::MessageView) mojo/edk/system/channel_posix.cc:404:18
#1 0x7efc3c3640e7 in mojo::edk::(anonymous namespace)::ChannelPosix::Write(std::__1::unique_ptr<mojo::edk::Channel::Message, std::__1::default_delete<mojo::edk::Channel::Message> >) mojo/edk/system/channel_posix.cc:127:14
#2 0x7efc3c372dad in WriteChannelMessage mojo/edk/system/node_channel.cc:914:15
#3 0x7efc3c372dad in mojo::edk::NodeChannel::SendChannelMessage(std::__1::unique_ptr<mojo::edk::Channel::Message, std::__1::default_delete<mojo::edk::Channel::Message> >) mojo/edk/system/node_channel.cc:388
#4 0x7efc3c324f30 in mojo::edk::NodeController::SendPeerEvent(mojo::edk::ports::NodeName const&, std::__1::unique_ptr<mojo::edk::ports::Event, std::__1::default_delete<mojo::edk::ports::Event> >) mojo/edk/system/node_controller.cc:647:11
#5 0x7efc3c326f0a in mojo::edk::NodeController::ForwardEvent(mojo::edk::ports::NodeName const&, std::__1::unique_ptr<mojo::edk::ports::Event, std::__1::default_delete<mojo::edk::ports::Event> >) mojo/edk/system/node_controller.cc:724:5
#6 0x7efc31e3d043 in mojo::edk::ports::Node::ForwardUserMessagesFromProxy(mojo::edk::ports::PortRef const&) mojo/edk/system/ports/node.cc:1190:16
#7 0x7efc31e3d7e3 in mojo::edk::ports::Node::BeginProxying(mojo::edk::ports::PortRef const&) mojo/edk/system/ports/node.cc:1137:12
#8 0x7efc31e3687c in OnPortAccepted mojo/edk/system/ports/node.cc:515:10
#9 0x7efc31e3687c in mojo::edk::ports::Node::AcceptEvent(std::__1::unique_ptr<mojo::edk::ports::Event, std::__1::default_delete<mojo::edk::ports::Event> >) mojo/edk/system/ports/node.cc:346
#10 0x7efc3c32cbc1 in mojo::edk::NodeController::OnEventMessage(mojo::edk::ports::NodeName const&, std::__1::unique_ptr<mojo::edk::Channel::Message, std::__1::default_delete<mojo::edk::Channel::Message> >) mojo/edk/system/node_controller.cc:1001:10
#11 0x7efc3c375273 in mojo::edk::NodeChannel::OnChannelMessage(void const*, unsigned long, std::__1::unique_ptr<std::__1::vector<mojo::edk::PlatformHandle, std::__1::allocator<mojo::edk::PlatformHandle> >, mojo::edk::PlatformHandleVectorDeleter>) mojo/edk/system/node_channel.cc:624:18
#12 0x7efc3c3620d7 in mojo::edk::Channel::OnReadComplete(unsigned long, unsigned long*) mojo/edk/system/channel.cc:699:18
#13 0x7efc3c3683e9 in mojo::edk::(anonymous namespace)::ChannelPosix::OnFileCanReadWithoutBlocking(int) mojo/edk/system/channel_posix.cc:320:14
#14 0x7efc37e4966f in base::MessagePumpLibevent::OnLibeventNotification(int, short, void*) base/message_loop/message_pump_libevent.cc:0:13
#15 0x7efc380a025c in event_process_active base/third_party/libevent/event.c:381:4
#16 0x7efc380a025c in event_base_loop base/third_party/libevent/event.c:521
#17 0x7efc37e49e58 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_libevent.cc:224:5
#18 0x7efc37ed9923 in base::RunLoop::Run() base/run_loop.cc:111:14
#19 0x7efc327a2f83 in content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) content/browser/browser_thread_impl.cc:278:11
#20 0x7efc327a3618 in content::BrowserThreadImpl::Run(base::RunLoop*) content/browser/browser_thread_impl.cc:313:14
#21 0x7efc37f7e26b in base::Thread::ThreadMain() base/threading/thread.cc:338:3
#22 0x7efc37f67521 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:71:13
#23 0x7efc2f122183 in start_thread /build/eglibc-SvCtMH/eglibc-2.19/nptl/pthread_create.c:312
#24 0x7efc2fd5dffc in clone /build/eglibc-SvCtMH/eglibc-2.19/sysdeps/unix/sysv/linux/x86_64/clone.S:111
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe0b461)
Exiting
SanitizerCoverage: /mnt/scratch0/tmp/libc++.so.11249.sancov: 493 PCs written
SanitizerCoverage: /mnt/scratch0/tmp/chrome.11249.sancov: 79005 PCs written
[15:15:0100/000000.677214:ERROR:broker_posix.cc(43)] Invalid node channel message
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/libosmesa.so.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/libosmesa.so.11291.sancov: 1894 PCs written
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/libc++.so.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/libc++.so.11291.sancov: 300 PCs written
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/chrome.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/chrome.11291.sancov: 9152 PCs written


Xlib: extension "RANDR" missing on display ":1".
Uninitialized bytes in __interceptor_send at offset 276 inside [0x72100007f800, 520)
==11249:11281==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7efc3c36a461 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe0b461)
#1 0x7efc3c3640e7 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe050e7)
#2 0x7efc3c372dad (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe13dad)
#3 0x7efc3c324f30 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbdc5f30)
#4 0x7efc3c326f0a (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbdc7f0a)
#5 0x7efc31e3d043 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x18de043)
#6 0x7efc31e3d7e3 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x18de7e3)
#7 0x7efc31e3687c (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x18d787c)
#8 0x7efc3c32cbc1 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbdcdbc1)
#9 0x7efc3c375273 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe16273)
#10 0x7efc3c3620d7 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe030d7)
#11 0x7efc3c3683e9 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe093e9)
#12 0x7efc37e4966f (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x78ea66f)
#13 0x7efc380a025c (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x7b4125c)
#14 0x7efc37e49e58 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x78eae58)
#15 0x7efc37ed9923 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x797a923)
#16 0x7efc327a2f83 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x2243f83)
#17 0x7efc327a3618 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x2244618)
#18 0x7efc37f7e26b (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x7a1f26b)
#19 0x7efc37f67521 (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0x7a08521)
#20 0x7efc2f122183 (/lib/x86_64-linux-gnu/libpthread.so.0+0x8183)
#21 0x7efc2fd5dffc (/lib/x86_64-linux-gnu/libc.so.6+0xfdffc)
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-msan_linux-release_f0f2293113719a4112901bbc60e753785f9ad484/revisions/msan-no-origins-linux-release-489562/chrome+0xbe0b461)
Exiting
SanitizerCoverage: /mnt/scratch0/tmp/libc++.so.11249.sancov: 493 PCs written
SanitizerCoverage: /mnt/scratch0/tmp/chrome.11249.sancov: 79005 PCs written
[15:15:0100/000000.677214:ERROR:broker_posix.cc(43)] Invalid node channel message
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/libosmesa.so.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/libosmesa.so.11291.sancov: 1894 PCs written
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/libc++.so.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/libc++.so.11291.sancov: 300 PCs written
==11291:11291==SanitizerCoverage: failed to open /mnt/scratch0/tmp/chrome.11291.sancov for writing (reason: 1)
SanitizerCoverage: /mnt/scratch0/tmp/chrome.11291.sancov: 9152 PCs written

Comment 1 by infe...@chromium.org, Jul 26 2017

Owner: roc...@chromium.org
Status: Assigned (was: Unconfirmed)
Ken, can you please take a look. MSAN builds crashing on startup is blocking all of our fuzzing using MSan.

Comment 2 by infe...@chromium.org, Jul 26 2017

Mergedinto: 748856
Status: Duplicate (was: Assigned)
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 3 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment