New issue
Advanced search Search tips

Issue 835072 link

Starred by 3 users
Status: Available
Owner: ----
Cc:
dsinclair@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocked on:
issue 830659


Sign in to add a comment

GpuOESEGLImageTest.EGLImageToTexture fails on Linux ASAN

Project Member Reported by kbr@chromium.org, Apr 20 2018 
In  Issue 830659  the gl_tests were run on the Linux ASAN configuration on physical hardware. Doing so uncovered a legitimate bug in GpuOESEGLImageTest.EGLImageToTexture :

https://ci.chromium.org/buildbot/tryserver.chromium.linux/linux_chromium_asan_rel_ng/584109

https://chromium-swarm.appspot.com/task?id=3cda6390a730d510&refresh=10&show_raw=1

[ RUN      ] GpuOESEGLImageTest.EGLImageToTexture
=================================================================
==28670==ERROR: AddressSanitizer: heap-use-after-free on address 0x62100006c19c at pc 0x000000e8b0e6 bp 0x7ffef3736e30 sp 0x7ffef37365b8
READ of size 16 at 0x62100006c19c thread T0
    #0 0xe8b0e5  (/b/swarm_slave/w/ir/out/Release/gl_tests+0xe8b0e5)
    #1 0x28bb33b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x28bb33b)
    #2 0x28bad5d  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x28bad5d)
    #3 0x10aed57  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10aed57)
    #4 0x1b095dc  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b095dc)
    #5 0x1b0b514  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0b514)
    #6 0x1b0c8c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0c8c6)
    #7 0x1b325c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b325c6)
    #8 0x1b31813  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b31813)
    #9 0x26c3628  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26c3628)
    #10 0x10ea94b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea94b)
    #11 0x26cb14b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cb14b)
    #12 0x26cc1dc  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cc1dc)
    #13 0x10ea586  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea586)
    #14 0x7fb50a06fec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

0x62100006c19c is located 2204 bytes inside of 4592-byte region [0x62100006b900,0x62100006caf0)
freed by thread T0 here:
    #0 0xf437a2  (/b/swarm_slave/w/ir/out/Release/gl_tests+0xf437a2)
    #1 0x10e6065  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10e6065)
    #2 0x10ae8cb  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ae8cb)
    #3 0x1b0944c  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0944c)
    #4 0x1b0b514  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0b514)
    #5 0x1b0c8c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0c8c6)
    #6 0x1b325c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b325c6)
    #7 0x1b31813  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b31813)
    #8 0x26c3628  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26c3628)
    #9 0x10ea94b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea94b)
    #10 0x26cb14b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cb14b)
    #11 0x26cc1dc  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cc1dc)
    #12 0x10ea586  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea586)
    #13 0x7fb50a06fec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

previously allocated by thread T0 here:
    #0 0xf42b62  (/b/swarm_slave/w/ir/out/Release/gl_tests+0xf42b62)
    #1 0x297a0db  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x297a0db)
    #2 0x2979dcf  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x2979dcf)
    #3 0x10e5dc6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10e5dc6)
    #4 0x10ae8cb  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ae8cb)
    #5 0x1b0944c  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0944c)
    #6 0x1b0b514  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0b514)
    #7 0x1b0c8c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b0c8c6)
    #8 0x1b325c6  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b325c6)
    #9 0x1b31813  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x1b31813)
    #10 0x26c3628  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26c3628)
    #11 0x10ea94b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea94b)
    #12 0x26cb14b  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cb14b)
    #13 0x26cc1dc  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x26cc1dc)
    #14 0x10ea586  (/b/swarm_slave/w/ir/out/Release/gl_tests+0x10ea586)
    #15 0x7fb50a06fec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

SUMMARY: AddressSanitizer: heap-use-after-free (/b/swarm_slave/w/ir/out/Release/gl_tests+0xe8b0e5) 
Shadow bytes around the buggy address:
  0x0c42800057e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42800057f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4280005830: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280005880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28670==ABORTING
[28575:28580:0413/173433.293318:10538582721:ERROR:kill_posix.cc(83)] Unable to terminate process group 28670: No such process (3)
[80/267] GpuOESEGLImageTest.EGLImageToTexture (CRASHED)


Temporarily skipping this test on ASAN in order to run the rest of the tests on that configuration.
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 20 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/345ea06924f373f6e20ac042a55f758acfbc401f

commit 345ea06924f373f6e20ac042a55f758acfbc401f
Author: Kenneth Russell <kbr@chromium.org>
Date: Fri Apr 20 03:35:51 2018

Run ASAN/MSAN/TSAN gl_tests on physical hardware.

We should add a better way to define mixins like these, but for the
time being, add exceptions to trigger these jobs on physical hardware.

Bug:  830659 , 835072
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_asan_rel_ng;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng
Change-Id: I30c377d28e6c2ea1202d0d64f86de9665c0266ad
Reviewed-on: https://chromium-review.googlesource.com/1013127
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552253}
[modify] https://crrev.com/345ea06924f373f6e20ac042a55f758acfbc401f/gpu/command_buffer/tests/gl_oes_egl_image_unittest.cc
[modify] https://crrev.com/345ea06924f373f6e20ac042a55f758acfbc401f/testing/buildbot/chromium.memory.json
[modify] https://crrev.com/345ea06924f373f6e20ac042a55f758acfbc401f/testing/buildbot/test_suite_exceptions.pyl
Project Member

Comment 2 by bugdroid1@chromium.org, Apr 20 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/615a8d0f9b333be87ff27a884aec29880bef281a

commit 615a8d0f9b333be87ff27a884aec29880bef281a
Author: Morten Stenshorne <mstensho@chromium.org>
Date: Fri Apr 20 12:19:21 2018

Revert "Run ASAN/MSAN/TSAN gl_tests on physical hardware."

This reverts commit 345ea06924f373f6e20ac042a55f758acfbc401f.

Reason for revert: Probably what turned Linux MSan Tests red.  crbug.com/835261 

Original change's description:
> Run ASAN/MSAN/TSAN gl_tests on physical hardware.
> 
> We should add a better way to define mixins like these, but for the
> time being, add exceptions to trigger these jobs on physical hardware.
> 
> Bug:  830659 , 835072
> Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_asan_rel_ng;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng
> Change-Id: I30c377d28e6c2ea1202d0d64f86de9665c0266ad
> Reviewed-on: https://chromium-review.googlesource.com/1013127
> Commit-Queue: Kenneth Russell <kbr@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#552253}

TBR=thakis@chromium.org,kbr@chromium.org

Change-Id: I2c4a5fdfeaf2b0948e4d256b151915d988204124
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  830659 , 835072
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_asan_rel_ng;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1021571
Reviewed-by: Morten Stenshorne <mstensho@chromium.org>
Commit-Queue: Morten Stenshorne <mstensho@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552307}
[modify] https://crrev.com/615a8d0f9b333be87ff27a884aec29880bef281a/gpu/command_buffer/tests/gl_oes_egl_image_unittest.cc
[modify] https://crrev.com/615a8d0f9b333be87ff27a884aec29880bef281a/testing/buildbot/chromium.memory.json
[modify] https://crrev.com/615a8d0f9b333be87ff27a884aec29880bef281a/testing/buildbot/test_suite_exceptions.pyl
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 28 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a515be834afd445b40b0d6bcd64568b08e32262

commit 1a515be834afd445b40b0d6bcd64568b08e32262
Author: Kenneth Russell <kbr@chromium.org>
Date: Sat Apr 28 03:54:45 2018

Reland: Run ASAN/TSAN gl_tests on physical hardware.

We should add a better way to define mixins like these, but for the
time being, add exceptions to trigger these jobs on physical hardware.

It's not feasible to run these tests on MSAN right now.

Tbr: thakis@chromium.org
Bug:  830659 , 835072
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_asan_rel_ng;master.tryserver.chromium.linux:linux_chromium_msan_rel_ng;master.tryserver.chromium.linux:linux_chromium_tsan_rel_ng;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng
Change-Id: Ifbc4d86262dfd203dd8b57670aac989e433b1f46
Reviewed-on: https://chromium-review.googlesource.com/1023333
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554625}
[modify] https://crrev.com/1a515be834afd445b40b0d6bcd64568b08e32262/gpu/command_buffer/tests/gl_oes_egl_image_unittest.cc
[modify] https://crrev.com/1a515be834afd445b40b0d6bcd64568b08e32262/testing/buildbot/chromium.memory.json
[modify] https://crrev.com/1a515be834afd445b40b0d6bcd64568b08e32262/testing/buildbot/test_suite_exceptions.pyl

Sign in to add a comment