Issue 850091 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	█ roc...@chromium.org please use my google.com address
Closed:	Jun 2018
Cc:	█ yzshen@chromium.org sa...@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

ThreadSanitizer reports a data race between mojo::Connector::Accept() and mojo::Connector::HandleError()

Project Member Reported by glider@chromium.org, Jun 6 2018

Issue description

See https://logs.chromium.org/v/?s=chromium%2Fbuildbucket%2Fcr-buildbucket.appspot.com%2F8944462701668877232%2F%2B%2Fsteps%2Fcontent_browsertests%2F0%2Fstdout:

[ RUN      ] SitePerProcessBrowserTest.RecreateMainFrameAfterCancelPending
Xlib:  extension "RANDR" missing on display ":99".
DevTools listening on ws://127.0.0.1:32986/devtools/browser/9372b828-7968-4074-b4d5-bee5735197b4
==================
WARNING: ThreadSanitizer: data race (pid=1736)
  Read of size 1 at 0x7b5800035538 by main thread:
    #0 mojo::Connector::Accept(mojo::Message*) mojo/public/cpp/bindings/lib/connector.cc:269:7 (content_browsertests+0x4b922eb)
    #1 mojo::PipeControlMessageProxy::NotifyPeerEndpointClosed(unsigned int, base::Optional<mojo::DisconnectReason> const&) mojo/public/cpp/bindings/lib/pipe_control_message_proxy.cc:42:28 (content_browsertests+0x4ba0791)
    #2 mojo::internal::MultiplexRouter::CloseEndpointHandle(unsigned int, base::Optional<mojo::DisconnectReason> const&) mojo/public/cpp/bindings/lib/multiplex_router.cc:448:28 (content_browsertests+0x4b99d0e)
    #3 non-virtual thunk to mojo::internal::MultiplexRouter::CloseEndpointHandle(unsigned int, base::Optional<mojo::DisconnectReason> const&) mojo/public/cpp/bindings/lib/multiplex_router.cc (content_browsertests+0x4b9a79d)
    #4 mojo::ScopedInterfaceEndpointHandle::State::Close(base::Optional<mojo::DisconnectReason> const&) mojo/public/cpp/bindings/lib/scoped_interface_endpoint_handle.cc:89:32 (content_browsertests+0x4f028eb)
    #5 mojo::ScopedInterfaceEndpointHandle::~ScopedInterfaceEndpointHandle() mojo/public/cpp/bindings/lib/scoped_interface_endpoint_handle.cc:308:11 (content_browsertests+0x4f02780)
    #6 ~AssociatedInterfaceRequest mojo/public/cpp/bindings/associated_interface_request.h:19:7 (content_browsertests+0x8fd6869)
    #7 void base::internal::FunctorTraits<void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), void>::Invoke<void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), base::WeakPtr<content::FrameInputHandlerImpl>, mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost> >(void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), base::WeakPtr<content::FrameInputHandlerImpl>&&, mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>&&, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>&&) base/bind_internal.h:507 (content_browsertests+0x8fd6869)
    #8 MakeItSo<void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), base::WeakPtr<content::FrameInputHandlerImpl>, mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost> > base/bind_internal.h:627:5 (content_browsertests+0x8fd6742)
    #9 RunImpl<void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), std::__1::tuple<base::WeakPtr<content::FrameInputHandlerImpl>, mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost> >, 0, 1, 2> base/bind_internal.h:681 (content_browsertests+0x8fd6742)
    #10 base::internal::Invoker<base::internal::BindState<void (content::FrameInputHandlerImpl::*)(mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost>), base::WeakPtr<content::FrameInputHandlerImpl>, mojo::AssociatedInterfaceRequest<content::mojom::WidgetInputHandler>, mojo::InterfacePtr<content::mojom::WidgetInputHandlerHost> >, void ()>::RunOnce(base::internal::BindStateBase*) base/bind_internal.h:649 (content_browsertests+0x8fd6742)
    #11 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #12 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #13 base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) third_party/blink/renderer/platform/scheduler/base/thread_controller_impl.cc:166:21 (content_browsertests+0x3db5c2c)
    #14 Invoke<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:507:12 (content_browsertests+0x3db71f1)
    #15 MakeItSo<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:627 (content_browsertests+0x3db71f1)
    #16 RunImpl<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const std::__1::tuple<base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType> &, 0, 1> base/bind_internal.h:681 (content_browsertests+0x3db71f1)
    #17 base::internal::Invoker<base::internal::BindState<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:663 (content_browsertests+0x3db71f1)
    #18 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #19 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #20 base::internal::IncomingTaskQueue::RunTask(base::PendingTask*) base/message_loop/incoming_task_queue.cc:126:19 (content_browsertests+0x4f3bc6b)
    #21 base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25 (content_browsertests+0x4f3a25d)
    #22 DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5 (content_browsertests+0x4f3a920)
    #23 base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373 (content_browsertests+0x4f3a920)
    #24 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31 (content_browsertests+0x4f3ed51)
    #25 Run base/message_loop/message_loop.cc:271:12 (content_browsertests+0x4f39c80)
    #26 non-virtual thunk to base::MessageLoop::Run(bool) base/message_loop/message_loop.cc (content_browsertests+0x4f39c80)
    #27 base::RunLoop::Run() base/run_loop.cc:102:14 (content_browsertests+0x4f6ac4a)
    #28 content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:218:23 (content_browsertests+0x97373da)
    #29 content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:567:14 (content_browsertests+0x3f0367b)
    #30 content::RunOtherNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:657:12 (content_browsertests+0x3f042b7)
    #31 content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:969:10 (content_browsertests+0x3f05120)
    #32 content::ContentServiceManagerMainDelegate::RunEmbedderProcess() content/app/content_service_manager_main_delegate.cc:53:32 (content_browsertests+0x3068c8f)
    #33 service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:459:29 (content_browsertests+0x6bab122)
    #34 content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10 (content_browsertests+0x306943e)
    #35 content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:615:12 (content_browsertests+0x4a937b7)
    #36 main content/test/content_test_launcher.cc:138:10 (content_browsertests+0x4a6200d)
  Previous write of size 1 at 0x7b5800035538 by thread T6:
    #0 mojo::Connector::HandleError(bool, bool) mojo/public/cpp/bindings/lib/connector.cc:535:12 (content_browsertests+0x4b919a2)
    #1 mojo::Connector::ReadSingleMessage(unsigned int*) mojo/public/cpp/bindings/lib/connector.cc (content_browsertests+0x4b91d5f)
    #2 mojo::Connector::ReadAllAvailableMessages() mojo/public/cpp/bindings/lib/connector.cc:472:10 (content_browsertests+0x4b927fa)
    #3 OnHandleReadyInternal mojo/public/cpp/bindings/lib/connector.cc:373:3 (content_browsertests+0x4b92685)
    #4 mojo::Connector::OnWatcherHandleReady(unsigned int) mojo/public/cpp/bindings/lib/connector.cc:350 (content_browsertests+0x4b92685)
    #5 Invoke<void (mojo::Connector::*)(unsigned int), mojo::Connector *, unsigned int> base/bind_internal.h:507:12 (content_browsertests+0x4b92d9f)
    #6 MakeItSo<void (mojo::Connector::*const &)(unsigned int), mojo::Connector *, unsigned int> base/bind_internal.h:607 (content_browsertests+0x4b92d9f)
    #7 RunImpl<void (mojo::Connector::*const &)(unsigned int), const std::__1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > &, 0> base/bind_internal.h:681 (content_browsertests+0x4b92d9f)
    #8 base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int), base::internal::UnretainedWrapper<mojo::Connector> >, void (unsigned int)>::Run(base::internal::BindStateBase*, unsigned int) base/bind_internal.h:663 (content_browsertests+0x4b92d9f)
    #9 Run base/callback.h:125:12 (content_browsertests+0x23f5ea2)
    #10 mojo::SimpleWatcher::DiscardReadyState(base::RepeatingCallback<void (unsigned int)> const&, unsigned int, mojo::HandleSignalsState const&) mojo/public/cpp/system/simple_watcher.h:194 (content_browsertests+0x23f5ea2)
    #11 Invoke<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &> base/bind_internal.h:407:12 (content_browsertests+0x23f5ee5)
    #12 MakeItSo<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &> base/bind_internal.h:607 (content_browsertests+0x23f5ee5)
    #13 RunImpl<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const std::__1::tuple<base::RepeatingCallback<void (unsigned int)> > &, 0> base/bind_internal.h:681 (content_browsertests+0x23f5ee5)
    #14 base::internal::Invoker<base::internal::BindState<void (*)(base::RepeatingCallback<void (unsigned int)> const&, unsigned int, mojo::HandleSignalsState const&), base::RepeatingCallback<void (unsigned int)> >, void (unsigned int, mojo::HandleSignalsState const&)>::Run(base::internal::BindStateBase*, unsigned int, mojo::HandleSignalsState const&) base/bind_internal.h:663 (content_browsertests+0x23f5ee5)
    #15 Run base/callback.h:125:12 (content_browsertests+0x5013686)
    #16 mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) mojo/public/cpp/system/simple_watcher.cc:274 (content_browsertests+0x5013686)
    #17 Invoke<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &), const base::WeakPtr<mojo::SimpleWatcher> &, const int &, const unsigned int &, const mojo::HandleSignalsState &> base/bind_internal.h:507:12 (content_browsertests+0x5013a7c)
    #18 MakeItSo<void (mojo::SimpleWatcher::*const &)(int, unsigned int, const mojo::HandleSignalsState &), const base::WeakPtr<mojo::SimpleWatcher> &, const int &, const unsigned int &, const mojo::HandleSignalsState &> base/bind_internal.h:627 (content_browsertests+0x5013a7c)
    #19 RunImpl<void (mojo::SimpleWatcher::*const &)(int, unsigned int, const mojo::HandleSignalsState &), const std::__1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> &, 0, 1, 2, 3> base/bind_internal.h:681 (content_browsertests+0x5013a7c)
    #20 base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:663 (content_browsertests+0x5013a7c)
    #21 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #22 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #23 base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) third_party/blink/renderer/platform/scheduler/base/thread_controller_impl.cc:166:21 (content_browsertests+0x3db5c2c)
    #24 Invoke<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:507:12 (content_browsertests+0x3db71f1)
    #25 MakeItSo<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:627 (content_browsertests+0x3db71f1)
    #26 RunImpl<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const std::__1::tuple<base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType> &, 0, 1> base/bind_internal.h:681 (content_browsertests+0x3db71f1)
    #27 base::internal::Invoker<base::internal::BindState<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:663 (content_browsertests+0x3db71f1)
    #28 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #29 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #30 base::internal::IncomingTaskQueue::RunTask(base::PendingTask*) base/message_loop/incoming_task_queue.cc:126:19 (content_browsertests+0x4f3bc6b)
    #31 base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25 (content_browsertests+0x4f3a25d)
    #32 DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5 (content_browsertests+0x4f3a920)
    #33 base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373 (content_browsertests+0x4f3a920)
    #34 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31 (content_browsertests+0x4f3ed51)
    #35 Run base/message_loop/message_loop.cc:271:12 (content_browsertests+0x4f39c80)
    #36 non-virtual thunk to base::MessageLoop::Run(bool) base/message_loop/message_loop.cc (content_browsertests+0x4f39c80)
    #37 base::RunLoop::Run() base/run_loop.cc:102:14 (content_browsertests+0x4f6ac4a)
    #38 base::Thread::Run(base::RunLoop*) base/threading/thread.cc:255:13 (content_browsertests+0x4faf999)
    #39 base::Thread::ThreadMain() base/threading/thread.cc:337:3 (content_browsertests+0x4fafbfc)
    #40 base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13 (content_browsertests+0x4fffe0d)
  Location is heap block of size 720 at 0x7b5800035400 allocated by thread T6:
    #0 operator new(unsigned long) /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/tsan/rtl/tsan_new_delete.cc:57:3 (content_browsertests+0x19376e9)
    #1 mojo::internal::BindingStateBase::BindInternal(mojo::ScopedHandleBase<mojo::MessagePipeHandle>, scoped_refptr<base::SingleThreadTaskRunner>, char const*, std::__1::unique_ptr<mojo::MessageReceiver, std::__1::default_delete<mojo::MessageReceiver> >, bool, bool, mojo::MessageReceiverWithResponderStatus*, unsigned int) mojo/public/cpp/bindings/lib/binding_state.cc:102:7 (content_browsertests+0x4b906f3)
    #2 mojo::internal::BindingState<content::mojom::FrameInputHandler, mojo::RawPtrImplRefTraits<content::mojom::FrameInputHandler> >::Bind(mojo::ScopedHandleBase<mojo::MessagePipeHandle>, scoped_refptr<base::SingleThreadTaskRunner>) mojo/public/cpp/bindings/lib/binding_state.h:112:23 (content_browsertests+0x8fd6acd)
    #3 Bind mojo/public/cpp/bindings/binding.h:101:21 (content_browsertests+0x8fd1952)
    #4 content::FrameInputHandlerImpl::BindNow(mojo::InterfaceRequest<content::mojom::FrameInputHandler>) content/renderer/input/frame_input_handler_impl.cc:412 (content_browsertests+0x8fd1952)
    #5 Invoke<void (content::FrameInputHandlerImpl::*)(mojo::InterfaceRequest<content::mojom::FrameInputHandler>), content::FrameInputHandlerImpl *, mojo::InterfaceRequest<content::mojom::FrameInputHandler> > base/bind_internal.h:507:12 (content_browsertests+0x8fd54ca)
    #6 MakeItSo<void (content::FrameInputHandlerImpl::*)(mojo::InterfaceRequest<content::mojom::FrameInputHandler>), content::FrameInputHandlerImpl *, mojo::InterfaceRequest<content::mojom::FrameInputHandler> > base/bind_internal.h:607 (content_browsertests+0x8fd54ca)
    #7 RunImpl<void (content::FrameInputHandlerImpl::*)(mojo::InterfaceRequest<content::mojom::FrameInputHandler>), std::__1::tuple<base::internal::UnretainedWrapper<content::FrameInputHandlerImpl>, mojo::InterfaceRequest<content::mojom::FrameInputHandler> >, 0, 1> base/bind_internal.h:681 (content_browsertests+0x8fd54ca)
    #8 base::internal::Invoker<base::internal::BindState<void (content::FrameInputHandlerImpl::*)(mojo::InterfaceRequest<content::mojom::FrameInputHandler>), base::internal::UnretainedWrapper<content::FrameInputHandlerImpl>, mojo::InterfaceRequest<content::mojom::FrameInputHandler> >, void ()>::RunOnce(base::internal::BindStateBase*) base/bind_internal.h:649 (content_browsertests+0x8fd54ca)
    #9 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #10 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #11 base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) third_party/blink/renderer/platform/scheduler/base/thread_controller_impl.cc:166:21 (content_browsertests+0x3db5c2c)
    #12 Invoke<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:507:12 (content_browsertests+0x3db71f1)
    #13 MakeItSo<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl> &, const base::sequence_manager::internal::ThreadControllerImpl::WorkType &> base/bind_internal.h:627 (content_browsertests+0x3db71f1)
    #14 RunImpl<void (base::sequence_manager::internal::ThreadControllerImpl::*const &)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), const std::__1::tuple<base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType> &, 0, 1> base/bind_internal.h:681 (content_browsertests+0x3db71f1)
    #15 base::internal::Invoker<base::internal::BindState<void (base::sequence_manager::internal::ThreadControllerImpl::*)(base::sequence_manager::internal::ThreadControllerImpl::WorkType), base::WeakPtr<base::sequence_manager::internal::ThreadControllerImpl>, base::sequence_manager::internal::ThreadControllerImpl::WorkType>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:663 (content_browsertests+0x3db71f1)
    #16 Run base/callback.h:96:12 (content_browsertests+0x4f0c95a)
    #17 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101 (content_browsertests+0x4f0c95a)
    #18 base::internal::IncomingTaskQueue::RunTask(base::PendingTask*) base/message_loop/incoming_task_queue.cc:126:19 (content_browsertests+0x4f3bc6b)
    #19 base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25 (content_browsertests+0x4f3a25d)
    #20 DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5 (content_browsertests+0x4f3a920)
    #21 base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373 (content_browsertests+0x4f3a920)
    #22 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31 (content_browsertests+0x4f3ed51)
    #23 Run base/message_loop/message_loop.cc:271:12 (content_browsertests+0x4f39c80)
    #24 non-virtual thunk to base::MessageLoop::Run(bool) base/message_loop/message_loop.cc (content_browsertests+0x4f39c80)
    #25 base::RunLoop::Run() base/run_loop.cc:102:14 (content_browsertests+0x4f6ac4a)
    #26 base::Thread::Run(base::RunLoop*) base/threading/thread.cc:255:13 (content_browsertests+0x4faf999)
    #27 base::Thread::ThreadMain() base/threading/thread.cc:337:3 (content_browsertests+0x4fafbfc)
    #28 base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13 (content_browsertests+0x4fffe0d)
  Thread T6 'Compositor' (tid=1762, running) created by main thread at:
    #0 pthread_create /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:965:3 (content_browsertests+0x18cdfb5)
    #1 base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:115:13 (content_browsertests+0x4fff997)
    #2 base::PlatformThread::CreateWithPriority(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:200:10 (content_browsertests+0x4fff895)
    #3 base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:112:15 (content_browsertests+0x4faf4be)
    #4 blink::scheduler::WebThreadImplForWorkerScheduler::WebThreadImplForWorkerScheduler(blink::WebThreadCreationParams const&) third_party/blink/renderer/platform/scheduler/child/webthread_impl_for_worker_scheduler.cc:30:27 (content_browsertests+0x3dbd7cd)
    #5 WebThreadForCompositor third_party/blink/renderer/platform/scheduler/child/webthread_base.cc:113:9 (content_browsertests+0x3dbd190)
    #6 make_unique<blink::scheduler::(anonymous namespace)::WebThreadForCompositor, const blink::WebThreadCreationParams &> buildtools/third_party/libc++/trunk/include/memory:3114 (content_browsertests+0x3dbd190)
    #7 blink::scheduler::WebThreadBase::CreateCompositorThread(blink::WebThreadCreationParams const&) third_party/blink/renderer/platform/scheduler/child/webthread_base.cc:139 (content_browsertests+0x3dbd190)
    #8 content::RenderThreadImpl::InitializeCompositorThread() content/renderer/render_thread_impl.cc:1213:7 (content_browsertests+0x968221c)
    #9 content::RenderThreadImpl::InitializeWebKit(scoped_refptr<base::SingleThreadTaskRunner> const&, service_manager::BinderRegistryWithArgs<>*) content/renderer/render_thread_impl.cc:1258:5 (content_browsertests+0x967edd0)
    #10 content::RenderThreadImpl::Init(scoped_refptr<base::SingleThreadTaskRunner> const&) content/renderer/render_thread_impl.cc:793:3 (content_browsertests+0x967c705)
    #11 content::RenderThreadImpl::RenderThreadImpl(std::__1::unique_ptr<base::MessageLoop, std::__1::default_delete<base::MessageLoop> >, std::__1::unique_ptr<blink::scheduler::WebThreadScheduler, std::__1::default_delete<blink::scheduler::WebThreadScheduler> >) content/renderer/render_thread_impl.cc:749:3 (content_browsertests+0x967b4ea)
    #12 content::RenderThreadImpl::Create(std::__1::unique_ptr<base::MessageLoop, std::__1::default_delete<base::MessageLoop> >, std::__1::unique_ptr<blink::scheduler::WebThreadScheduler, std::__1::default_delete<blink::scheduler::WebThreadScheduler> >) content/renderer/render_thread_impl.cc:656:14 (content_browsertests+0x967ac85)
    #13 content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:204:5 (content_browsertests+0x9737336)
    #14 content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:567:14 (content_browsertests+0x3f0367b)
    #15 content::RunOtherNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:657:12 (content_browsertests+0x3f042b7)
    #16 content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:969:10 (content_browsertests+0x3f05120)
    #17 content::ContentServiceManagerMainDelegate::RunEmbedderProcess() content/app/content_service_manager_main_delegate.cc:53:32 (content_browsertests+0x3068c8f)
    #18 service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:459:29 (content_browsertests+0x6bab122)
    #19 content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10 (content_browsertests+0x306943e)
    #20 content::LaunchTests(content::TestLauncherDelegate*, unsigned long, int, char**) content/public/test/test_launcher.cc:615:12 (content_browsertests+0x4a937b7)
    #21 main content/test/content_test_launcher.cc:138:10 (content_browsertests+0x4a6200d)
SUMMARY: ThreadSanitizer: data race mojo/public/cpp/bindings/lib/connector.cc:269:7 in mojo::Connector::Accept(mojo::Message*)
==================
ThreadSanitizer: reported 1 warnings
[       OK ] SitePerProcessBrowserTest.RecreateMainFrameAfterCancelPending (5583 ms)

According to the source:

  // It shouldn't hurt even if |error_| may be changed by a different sequence
  // at the same time. The outcome is that we may write into |message_pipe_|
  // after encountering an error, which should be fine.
  if (error_)
    return false;

However this hurts, because touching |error_| from two different threads is undefined behavior in C++.
If you believe it's fine to write into |message_pipe_| after encountering an error, please consider switching |error_| to std::atomic.

Project Member

Comment 1 by bugdroid1@chromium.org, Jun 19 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a7129ce393ffad8d05103179afb0f9bb257cded6

commit a7129ce393ffad8d05103179afb0f9bb257cded6
Author: Ken Rockot <rockot@chromium.org>
Date: Tue Jun 19 01:30:09 2018

Mojo bindings: Fix data race in Connector

Fixes a data race on the boolean |error_| field. This is almost
certainly innocuous in practice but is technically UB, and TSan
complains.

Bug:  850091 
Change-Id: Icc6bfbc0a2e2bda6a87c455856ff5f3153568a02
Reviewed-on: https://chromium-review.googlesource.com/1105340
Reviewed-by: Jay Civelli <jcivelli@chromium.org>
Commit-Queue: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#568283}
[modify] https://crrev.com/a7129ce393ffad8d05103179afb0f9bb257cded6/mojo/public/cpp/bindings/connector.h
[modify] https://crrev.com/a7129ce393ffad8d05103179afb0f9bb257cded6/mojo/public/cpp/bindings/lib/connector.cc

Comment 2 by roc...@chromium.org, Jun 19 2018

Status: Fixed (was: Assigned)

►

Issue 850091 link

Issue metadata

ThreadSanitizer reports a data race between mojo::Connector::Accept() and mojo::Connector::HandleError()

Issue description

Comment 1 by bugdroid1@chromium.org, Jun 19 2018

Comment 1 Deleted

Comment 2 by roc...@chromium.org, Jun 19 2018

Comment 2 Deleted

Sign in to add a comment