Windows ASAN builds crash on startup |
||
Issue descriptionI'm not sure how to report ASAN issues, hopefully you can route to the right place. ASAN builds of Chrome on Windows are crashing on startup for me. I've included the crash below, it's a null pointer dereference, but when I look at the code it seems impossible, so I'm suspecting a compiler issue when ASAN is enabled. The last bit of the stack trace points here: https://cs.chromium.org/chromium/src/third_party/angle/src/libANGLE/Context.h?l=1227&rcl=8a02d3b57b304c8af703518007f40675e3b06dc6 But the actual crash seems to be coming from here: https://cs.chromium.org/chromium/src/third_party/angle/src/libANGLE/params.h?l=41&rcl=8a02d3b57b304c8af703518007f40675e3b06dc6 mSelfClass and mParentTypeInfo are both null pointers. The code shouldn't crash because there's a null check, but perhaps it is optimized out? Received fatal exception EXCEPTION_ILLEGAL_INSTRUCTION Backtrace: (No symbol) [0x00007FFE1407C714] (No symbol) [0x0000000041B58AB3] (No symbol) [0x00007FFE1398FA2F] (No symbol) [0x00007FFE1407C508] (No symbol) [0x00007FFE14213328] (No symbol) [0x00007FFE1399D1C0] (No symbol) [0x00000002000004CB] (No symbol) [0x00007FFE1392C4A8] (No symbol) [0x00007FFE1392C4B0] (No symbol) [0x000011813D471690] (No symbol) [0x000011813D471690] (No symbol) [0x0000002A031F7EE0] (No symbol) [0x0000002A031F7EE8] ================================================================= ==15924==ERROR: AddressSanitizer: illegal-instruction on unknown address 0x000000000000 (pc 0x7ffe1407c714 bp 0x002a031f8040 sp 0x002a031f7ea0 T0) ==15924==The signal is caused by a READ memory access. ==15924==Hint: address points to the zero page. ==15924==*** WARNING: Failed to initialize DbgHelp! *** ==15924==*** Most likely this means that the app is already *** ==15924==*** using DbgHelp, possibly with incompatible flags. *** ==15924==*** Due to technical reasons, symbolization might crash *** ==15924==*** or produce wrong results. *** #0 0x7ffe1407c713 in gl::Context::getParams<gl::DrawCallParams> C:\src\chrome\src\third_party\angle\src\libANGLE\Context.h:1227 #1 0x7ffe1458ef4b in rx::Context11::drawElements C:\src\chrome\src\third_party\angle\src\libANGLE\renderer\d3d\d3d11\Context11.cpp:251 #2 0x7ffe13f1d501 in gl::Context::drawElements C:\src\chrome\src\third_party\angle\src\libANGLE\Context.cpp:1836 #3 0x7ffe13ec8520 in gl::DrawElements C:\src\chrome\src\third_party\angle\src\libGLESv2\entry_points_gles_2_0_autogen.cpp:784 #4 0x7ffe406b5d8c in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawElements C:\src\chrome\src\gpu\command_buffer\service\gles2_cmd_decoder_passthrough_doers.cc:1033 #5 0x7ffe406f2e7f in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawElements C:\src\chrome\src\gpu\command_buffer\service\gles2_cmd_decoder_passthrough_handlers.cc:137 #6 0x7ffe4068424c in gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<0> C:\src\chrome\src\gpu\command_buffer\service\gles2_cmd_decoder_passthrough.cc:547 #7 0x7ffe40683604 in gpu::gles2::GLES2DecoderPassthroughImpl::DoCommands C:\src\chrome\src\gpu\command_buffer\service\gles2_cmd_decoder_passthrough.cc:485 #8 0x7ffe54234b9e in gpu::CommandBufferService::Flush C:\src\chrome\src\gpu\command_buffer\service\command_buffer_service.cc:90 #9 0x7ffe17e89775 in gpu::CommandBufferStub::OnAsyncFlush C:\src\chrome\src\gpu\ipc\service\command_buffer_stub.cc:634 #10 0x7ffe17e89030 in IPC::MessageT<GpuCommandBufferMsg_AsyncFlush_Meta,std::tuple<int,unsigned int,bool>,void>::Dispatch<gpu::CommandBufferStub,gpu::CommandBufferStub,void,void (gpu::CommandBufferStub::*)(int, unsigned int, bool)> C:\src\chrome\src\ipc\ipc_message_templates.h:146 #11 0x7ffe17e84c8d in gpu::CommandBufferStub::OnMessageReceived C:\src\chrome\src\gpu\ipc\service\command_buffer_stub.cc:296 #12 0x7ffe17eae0a2 in gpu::GpuChannel::HandleMessageHelper C:\src\chrome\src\gpu\ipc\service\gpu_channel.cc:523 #13 0x7ffe17ea8093 in gpu::GpuChannel::HandleMessage C:\src\chrome\src\gpu\ipc\service\gpu_channel.cc:499 #14 0x7ffe54233212 in base::OnceCallback<void ()>::Run C:\src\chrome\src\base\callback.h:95 #15 0x7ffe5424fd13 in gpu::Scheduler::RunNextTask C:\src\chrome\src\gpu\command_buffer\service\scheduler.cc:526 #16 0x7ffe57c15358 in base::debug::TaskAnnotator::RunTask C:\src\chrome\src\base\debug\task_annotator.cc:61 #17 0x7ffe57cfb42c in base::internal::IncomingTaskQueue::RunTask C:\src\chrome\src\base\message_loop\incoming_task_queue.cc:124 #18 0x7ffe57d1147b in base::MessageLoop::RunTask C:\src\chrome\src\base\message_loop\message_loop.cc:391 #19 0x7ffe57d12cd5 in base::MessageLoop::DeferOrRunPendingTask C:\src\chrome\src\base\message_loop\message_loop.cc:403 #20 0x7ffe57d135ae in base::MessageLoop::DoWork C:\src\chrome\src\base\message_loop\message_loop.cc:447 #21 0x7ffe57d16b62 in base::MessagePumpDefault::Run C:\src\chrome\src\base\message_loop\message_pump_default.cc:37 #22 0x7ffe57d0fbaa in base::MessageLoop::Run C:\src\chrome\src\base\message_loop\message_loop.cc:342 #23 0x7ffe57e1b063 in base::RunLoop::Run C:\src\chrome\src\base\run_loop.cc:130 #24 0x7ffe45ef4c2b in content::GpuMain C:\src\chrome\src\content\gpu\gpu_main.cc:355 #25 0x7ffe4a72f30c in content::RunNamedProcessTypeMain c:\src\chrome\src\content\app\content_main_runner.cc:427 #26 0x7ffe4a7306b4 in content::ContentMainRunnerImpl::Run c:\src\chrome\src\content\app\content_main_runner.cc:706 #27 0x7ffe1dbfee15 in service_manager::Main C:\src\chrome\src\services\service_manager\embedder\main.cc:453 #28 0x7ffe4a72ef9c in content::ContentMain C:\src\chrome\src\content\app\content_main.cc:19 #29 0x7ffe3218f47e in ChromeMain C:\src\chrome\src\chrome\app\chrome_main.cc:101 #30 0x7ff7ce7e3ae3 in MainDllLoader::Launch C:\src\chrome\src\chrome\app\main_dll_loader_win.cc:198 #31 0x7ff7ce7dc814 in main C:\src\chrome\src\chrome\app\chrome_exe_main_win.cc:230 #32 0x7ff7ceaaff48 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:283 #33 0x7ffe8ee18363 in BaseThreadInitThunk+0x13 (C:\WINDOWS\System32\KERNEL32.DLL+0x180008363) #34 0x7ffe90cf7090 in RtlUserThreadStart+0x20 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x180067090) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: illegal-instruction C:\src\chrome\src\third_party\angle\src\libANGLE\Context.h:1227 in gl::Context::getParams<gl::DrawCallParams> ==15924==ABORTING
,
Mar 30 2018
Which Chrome test binary is this? What version of Windows are you running? It's possible there are GPU codepaths that aren't exercised on the existing Windows ASan bot.
,
Mar 30 2018
This is the main browser binary, built locally by me at HEAD with no changes. The GPU process crashes instantly on startup. I am on Windows 10.
,
Apr 10 2018
I haven't forgotten about this, but I was not able to find time to reproduce it, and now my Windows workstation has died, so it will take even longer to investigate. If you are interested, I have two theories: 1. EH is involved somehow. Windows EH and ASan fight and are generally incompatible. 2. There is UB in the program somewhere. In particular, if the faulting instruction is ud2 or ud2a, LLVM occasionally generates that in impossible cases like falling off the end of a function or returning from a noreturn function. It often happens when ASan and EH fight as well. Feel free to investigate along those lines, but if you do not have time, I'll try to look into it in a few weeks.
,
May 25 2018
|
||
►
Sign in to add a comment |
||
Comment 1 by kcc@chromium.org
, Mar 30 2018Owner: r...@chromium.org