Mac ASan failures related to MacMDDownloadShelf |
||
Issue descriptionFiled by sheriff-o-matic@appspot.gserviceaccount.com on behalf of huangs@google.com Mac ASan failures related to MacMDDownloadShelf Builders failed on: - Mac ASan 64 Tests (1): https://build.chromium.org/p/chromium.memory/builders/Mac%20ASan%2064%20Tests%20%281%29
,
Jan 29 2018
Sample stack trace from test DownloadTest.SavePageNonHTMLViaPost:
==43660==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000653a4 at pc 0x0001128a341c bp 0x7fff575cf150 sp 0x7fff575cf148
READ of size 4 at 0x6110000653a4 thread T0
#0 0x1128a341b in base::FieldTrial::FinalizeGroupChoiceImpl(bool) ??:0:0
#1 0x1128a191a in base::FieldTrial::group() ??:0:0
#2 0x1127fa2ec in base::FeatureList::IsFeatureEnabled(base::Feature const&) ??:0:0
#3 0x11cb7520e in -[DownloadShelfView adjustHeightForDivider] ??:0:0
#4 0x7fff9074c18f in -[NSView _setWindow:] ??:0:0
#5 0x7fff9806d2f8 in __53-[__NSArrayM enumerateObjectsWithOptions:usingBlock:]_block_invoke ??:0:0
#6 0x7fff9806ca9e in -[__NSArrayM enumerateObjectsWithOptions:usingBlock:] ??:0:0
#7 0x7fff90e8fc71 in __21-[NSView _setWindow:]_block_invoke712 ??:0:0
#8 0x7fff9074c15e in -[NSView _setWindow:] ??:0:0
#9 0x7fff9806d2f8 in __53-[__NSArrayM enumerateObjectsWithOptions:usingBlock:]_block_invoke ??:0:0
#10 0x7fff9806ca9e in -[__NSArrayM enumerateObjectsWithOptions:usingBlock:] ??:0:0
#11 0x7fff90e8fc71 in __21-[NSView _setWindow:]_block_invoke712 ??:0:0
#12 0x7fff9074c15e in -[NSView _setWindow:] ??:0:0
#13 0x7fff9806d2f8 in __53-[__NSArrayM enumerateObjectsWithOptions:usingBlock:]_block_invoke ??:0:0
#14 0x7fff9806ca9e in -[__NSArrayM enumerateObjectsWithOptions:usingBlock:] ??:0:0
#15 0x7fff90e8fc71 in __21-[NSView _setWindow:]_block_invoke712 ??:0:0
#16 0x7fff9074c15e in -[NSView _setWindow:] ??:0:0
#17 0x7fff907550ec in -[NSThemeFrame _setWindow:] ??:0:0
#18 0x7fff909a2ed8 in -[NSWindow dealloc] ??:0:0
#19 0x11cbda6eb in -[FramedBrowserWindow dealloc] ??:0:0
#20 0x7fff907545e9 in -[NSWindow release] ??:0:0
#21 0x7fff8d265659 in (anonymous namespace)::AutoreleasePoolPage::pop(void*) ??:0:0
#22 0x7fff98023931 in _CFAutoreleasePoolPop ??:0:0
#23 0x7fff97d01436 in -[NSAutoreleasePool drain] ??:0:0
#24 0x1190c4f49 in service_manager::Main(service_manager::MainParams const&) ??:0:0
#25 0x112720e0f in content::ContentMain(content::ContentMainParams const&) ??:0:0
#26 0x113f15fa7 in content::BrowserTestBase::SetUp() ??:0:0
#27 0x112aaedf4 in InProcessBrowserTest::SetUp() ??:0:0
#28 0x10bee064f in testing::Test::Run() ??:0:0
#29 0x10bee28a3 in testing::TestInfo::Run() ??:0:0
#30 0x10bee3be6 in testing::TestCase::Run() ??:0:0
#31 0x10befbb96 in testing::internal::UnitTestImpl::RunAllTests() ??:0:0
#32 0x10befb129 in testing::UnitTest::Run() ??:0:0
#33 0x112afff08 in base::TestSuite::Run() ??:0:0
#34 0x1127c3f35 in ChromeTestSuiteRunner::RunTestSuite(int, char**) ??:0:0
#35 0x113ffd363 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) ??:0:0
#36 0x1127c4bb2 in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) ??:0:0
#37 0x1127c3d8c in main ??:0:0
#38 0x7fff8ceda5fc in start ??:0:0
0x6110000653a4 is located 164 bytes inside of 200-byte region [0x611000065300,0x6110000653c8)
freed by thread T0 here:
#0 0x1323298c2 in __sanitizer_finish_switch_fiber ??:0:0
#1 0x1128a3f65 in base::FieldTrialList::~FieldTrialList() ??:0:0
#2 0x112c5087a in ChromeBrowserMainParts::~ChromeBrowserMainParts() ??:0:0
#3 0x112c60bbd in ChromeBrowserMainPartsMac::~ChromeBrowserMainPartsMac() ??:0:0
#4 0x10dfa101e in content::BrowserMainLoop::~BrowserMainLoop() ??:0:0
#5 0x10dfa151d in content::BrowserMainLoop::~BrowserMainLoop() ??:0:0
#6 0x10dfb5ee2 in content::BrowserMainRunnerImpl::Shutdown() ??:0:0
#7 0x10df9fccd in content::BrowserMain(content::MainFunctionParams const&) ??:0:0
#8 0x11272140d in content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ??:0:0
#9 0x112722f29 in content::ContentMainRunnerImpl::Run() ??:0:0
#10 0x1190c4962 in service_manager::Main(service_manager::MainParams const&) ??:0:0
#11 0x112720e0f in content::ContentMain(content::ContentMainParams const&) ??:0:0
#12 0x113f15fa7 in content::BrowserTestBase::SetUp() ??:0:0
#13 0x112aaedf4 in InProcessBrowserTest::SetUp() ??:0:0
#14 0x10bee064f in testing::Test::Run() ??:0:0
#15 0x10bee28a3 in testing::TestInfo::Run() ??:0:0
#16 0x10bee3be6 in testing::TestCase::Run() ??:0:0
#17 0x10befbb96 in testing::internal::UnitTestImpl::RunAllTests() ??:0:0
#18 0x10befb129 in testing::UnitTest::Run() ??:0:0
#19 0x112afff08 in base::TestSuite::Run() ??:0:0
#20 0x1127c3f35 in ChromeTestSuiteRunner::RunTestSuite(int, char**) ??:0:0
#21 0x113ffd363 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) ??:0:0
#22 0x1127c4bb2 in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) ??:0:0
#23 0x1127c3d8c in main ??:0:0
#24 0x7fff8ceda5fc in start ??:0:0
previously allocated by thread T0 here:
#0 0x1323292e2 in __sanitizer_finish_switch_fiber ??:0:0
#1 0x1128aa17a in base::FieldTrialList::CreateFieldTrial(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) ??:0:0
#2 0x119c07611 in variations::AssociateParamsFromFieldTrialConfig(variations::FieldTrialTestingConfig const&, base::FeatureList*) ??:0:0
#3 0x119bf1ae7 in variations::VariationsFieldTrialCreator::SetupFieldTrials(char const*, char const*, char const*, std::__1::set<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::unique_ptr<base::FieldTrial::EntropyProvider const, std::__1::default_delete<base::FieldTrial::EntropyProvider const> >, std::__1::unique_ptr<base::FeatureList, std::__1::default_delete<base::FeatureList> >, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*, variations::PlatformFieldTrials*, variations::SafeSeedManager*) ??:0:0
#4 0x119bfa3cf in variations::VariationsService::SetupFieldTrials(char const*, char const*, char const*, std::__1::set<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::unique_ptr<base::FeatureList, std::__1::default_delete<base::FeatureList> >, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*, variations::PlatformFieldTrials*) ??:0:0
#5 0x112c50e05 in ChromeBrowserMainParts::SetupFieldTrials() ??:0:0
#6 0x112c5707f in ChromeBrowserMainParts::PreCreateThreadsImpl() ??:0:0
#7 0x112c54d81 in ChromeBrowserMainParts::PreCreateThreads() ??:0:0
#8 0x10dfa5098 in content::BrowserMainLoop::PreCreateThreads() ??:0:0
#9 0x10ef025ee in content::StartupTaskRunner::RunAllTasksNow() ??:0:0
#10 0x10dfa664e in content::BrowserMainLoop::CreateStartupTasks() ??:0:0
#11 0x10dfb4c9b in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ??:0:0
#12 0x10df9fc5b in content::BrowserMain(content::MainFunctionParams const&) ??:0:0
#13 0x11272140d in content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ??:0:0
#14 0x112722f29 in content::ContentMainRunnerImpl::Run() ??:0:0
#15 0x1190c4962 in service_manager::Main(service_manager::MainParams const&) ??:0:0
#16 0x112720e0f in content::ContentMain(content::ContentMainParams const&) ??:0:0
#17 0x113f15fa7 in content::BrowserTestBase::SetUp() ??:0:0
#18 0x112aaedf4 in InProcessBrowserTest::SetUp() ??:0:0
#19 0x10bee064f in testing::Test::Run() ??:0:0
#20 0x10bee28a3 in testing::TestInfo::Run() ??:0:0
#21 0x10bee3be6 in testing::TestCase::Run() ??:0:0
#22 0x10befbb96 in testing::internal::UnitTestImpl::RunAllTests() ??:0:0
#23 0x10befb129 in testing::UnitTest::Run() ??:0:0
#24 0x112afff08 in base::TestSuite::Run() ??:0:0
#25 0x1127c3f35 in ChromeTestSuiteRunner::RunTestSuite(int, char**) ??:0:0
#26 0x113ffd363 in content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) ??:0:0
#27 0x1127c4bb2 in LaunchChromeTests(unsigned long, content::TestLauncherDelegate*, int, char**) ??:0:0
#28 0x1127c3d8c in main ??:0:0
#29 0x7fff8ceda5fc in start ??:0:0
SUMMARY: AddressSanitizer: heap-use-after-free (/b/swarm_slave/w/ir/out/Release/./browser_tests:x86_64+0x10a27841b)
,
Jan 29 2018
Issue 806900 has been merged into this issue.
,
Feb 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/601eae93239b6783acdd953636d75d96e975e940 commit 601eae93239b6783acdd953636d75d96e975e940 Author: Sidney San Martín <sdy@chromium.org> Date: Mon Feb 05 19:21:55 2018 Early-out *before* looking up an enabled feature if being removed from a window. This fixes a crash (caught by ASAN) when the feature list gets torn down before the window containing the download shelf. Bug: 806901 Change-Id: I00ddc55d183f2b29bf23ad3304b7c700f747894f Reviewed-on: https://chromium-review.googlesource.com/899735 Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org> Commit-Queue: Sidney San Martín <sdy@chromium.org> Cr-Commit-Position: refs/heads/master@{#534452} [modify] https://crrev.com/601eae93239b6783acdd953636d75d96e975e940/chrome/browser/ui/cocoa/download/download_shelf_view_cocoa.mm
,
Feb 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/717ed5fc88626e600b2511e71abc7fcbdb1a56fb commit 717ed5fc88626e600b2511e71abc7fcbdb1a56fb Author: Sidney San Martín <sdy@chromium.org> Date: Mon Feb 05 23:52:51 2018 Reland "Add MacMDDownloadShelf to fieldtrial_testing_config.json" This is a reland of 22e3eede4abe0e2a2e90ef86818bfd0f062766ef. TBR=isherman@chromium.org,shimazu@chromium.org Original change's description: > Add MacMDDownloadShelf to fieldtrial_testing_config.json > > Change-Id: I00799bf180fc94b3a8b30e0a77bdc7473cf58ca4 > Bug: 589943 > Reviewed-on: https://chromium-review.googlesource.com/887385 > Reviewed-by: Ilya Sherman <isherman@chromium.org> > Commit-Queue: Sidney San Martín <sdy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#532044} Bug: 589943 , 806901 Change-Id: I5e96a60a73806c6e2016db806c559976ec120901 Reviewed-on: https://chromium-review.googlesource.com/899115 Commit-Queue: Sidney San Martín <sdy@chromium.org> Reviewed-by: Sidney San Martín <sdy@chromium.org> Cr-Commit-Position: refs/heads/master@{#534539} [modify] https://crrev.com/717ed5fc88626e600b2511e71abc7fcbdb1a56fb/testing/variations/fieldtrial_testing_config.json
,
Feb 5 2018
|
||
►
Sign in to add a comment |
||
Comment 1 by huangs@google.com
, Jan 29 2018Status: Assigned (was: Available)