New issue
Advanced search Search tips

Issue 764069 link

Starred by 1 user
Status: Fixed
Owner:
xing...@intel.com
Closed: Sep 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

viz_unittests using stack after return

Project Member Reported by brucedaw...@chromium.org, Sep 11 2017 
viz_unittests failed here:

https://uberchromegw.corp.google.com/i/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/23580

FindIt found https://chromium-review.googlesource.com/c/chromium/src/+/654444 with 94% accuracy and the failure does match. Here is the failure output:

==9683==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fc435808398 at pc 0x000000736f66 bp 0x7ffe2cd694a0 sp 0x7ffe2cd69498
READ of size 8 at 0x7fc435808398 thread T0
    #0 0x736f65 in end buildtools/third_party/libc++/trunk/include/vector:1481:30
    #1 0x736f65 in viz::(anonymous namespace)::CollectResources(std::__1::vector<viz::ReturnedResource, std::__1::allocator<viz::ReturnedResource> >*, std::__1::vector<viz::ReturnedResource, std::__1::allocator<viz::ReturnedResource> > const&, cc::BlockingTaskRunner*) components/viz/service/display/gl_renderer_unittest.cc:1925
    #2 0x3680f76 in Run base/callback.h:92:12
    #3 0x3680f76 in cc::DisplayResourceProvider::DeleteAndReturnUnusedResourcesToChild(std::__1::__hash_map_iterator<std::__1::__hash_iterator<std::__1::__hash_node<std::__1::__hash_value_type<int, cc::DisplayResourceProvider::Child>, void*>*> >, cc::ResourceProvider::DeleteStyle, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&) cc/resources/display_resource_provider.cc:255
    #4 0x367dfbf in cc::DisplayResourceProvider::DestroyChildInternal(std::__1::__hash_map_iterator<std::__1::__hash_iterator<std::__1::__hash_node<std::__1::__hash_value_type<int, cc::DisplayResourceProvider::Child>, void*>*> >, cc::ResourceProvider::DeleteStyle) cc/resources/display_resource_provider.cc:145:3
    #5 0x367d6d0 in cc::DisplayResourceProvider::~DisplayResourceProvider() cc/resources/display_resource_provider.cc:35:5
    #6 0x367e10d in cc::DisplayResourceProvider::~DisplayResourceProvider() cc/resources/display_resource_provider.cc:33:53
    #7 0x773e07 in operator() buildtools/third_party/libc++/trunk/include/memory:2272:5
    #8 0x773e07 in reset buildtools/third_party/libc++/trunk/include/memory:2585
    #9 0x773e07 in ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2539
    #10 0x773e07 in viz::(anonymous namespace)::GLRendererTest_DCLayerOverlaySwitch_Test::TestBody() components/viz/service/display/gl_renderer_unittest.cc:2450
    #11 0xa91bcc in HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc:2456:12
    #12 0xa91bcc in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2472
    #13 0xa939d4 in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2654:11
    #14 0xa94d36 in testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2772:28
    #15 0xaaa7f6 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4677:43
    #16 0xaa9d78 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc:2456:12
    #17 0xaa9d78 in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4285
    #18 0x1739465 in RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2237:46
    #19 0x1739465 in base::TestSuite::Run() base/test/test_suite.cc:270
    #20 0x173d5c0 in Run base/callback.h:92:12
    #21 0x173d5c0 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) base/test/launcher/unit_test_launcher.cc:216
    #22 0x173d1c9 in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) base/test/launcher/unit_test_launcher.cc:475:10
    #23 0x531ff0 in main components/viz/test/run_all_unittests.cc:15:10
    #24 0x7fc439684f44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287

Address 0x7fc435808398 is located in stack of thread T0 at offset 920 in frame
    #0 0x7707df in viz::(anonymous namespace)::GLRendererTest_DCLayerOverlaySwitch_Test::TestBody() components/viz/service/display/gl_renderer_unittest.cc:2343

Comment 1 by brucedaw...@chromium.org, Sep 11 2017 

The CL was reverted but didn't get tagged with this bug. Here's the relevant information:

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0c00467d673f5f21d2d87cb0df06a8efcfcf13e

commit e0c00467d673f5f21d2d87cb0df06a8efcfcf13e
Author: Bruce Dawson <brucedawson@chromium.org>
Date: Mon Sep 11 21:38:26 2017

Revert "viz: Move CreateResourceFromTextureMailbox from Display to LayerTree in GLRendererTest"

This reverts commit aa28a986ec23a5fca6ca69ee7466fccc9370ae50.

Reason for revert: viz_unittests failure, details in  crbug.com/764069 

Original change's description:
> viz: Move CreateResourceFromTextureMailbox from Display to LayerTree in GLRendererTest
> 
> As a step of moving SingleReleaseCallbackImpl/CreateResourceFromTextureMailbox
> into LayerTreeREsourceProvider, move the call of
> DisplayResourceProvider::CreateResourceFromTextureMailbox
> into LayerTreeResourceProvider::CreateResourceFromTextureMailbox.
> 
> The usage of CreateResourceFromTextureMailbox is listed here:
> https://docs.google.com/spreadsheets/d/1lnyONBganHkiQKw8J-3e3xC7STZkYvSh7dkzxSUFmPw/edit
> 
> BUG= 757291 
> 
> Change-Id: I41e5d44c5f2ac03b3a5b3da1951a5ca09b3b4529
> Reviewed-on: https://chromium-review.googlesource.com/654444
> Commit-Queue: Xing Xu <xing.xu@intel.com>
> Reviewed-by: danakj <danakj@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#500974}

TBR=danakj@chromium.org,sunnyps@chromium.org,xing.xu@intel.com

Change-Id: I195041642f58de7568922029642b8c2640d0319f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  757291 
Reviewed-on: https://chromium-review.googlesource.com/661457
Reviewed-by: Bruce Dawson <brucedawson@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#501048}
[modify] https://crrev.com/e0c00467d673f5f21d2d87cb0df06a8efcfcf13e/components/viz/service/display/gl_renderer_unittest.cc

Comment 2 by xing...@intel.com, Sep 13 2017

Status: Fixed (was: Assigned)
This is fixed by Reland "viz: Move CreateResourceFromTextureMailbox from Display to LayerTree in GLRendererTest". https://chromium-review.googlesource.com/c/chromium/src/+/662437

Sign in to add a comment