Use-after-free in several tests in headless_browsertests |
||||||
Issue descriptionFindit has detected flake occurrences for the test TargetDomainCreateAndDeletePageTest.RunAsyncTest Culprit (70.0% confidence): https://chromium-review.googlesource.com/q/Ic98de1070c3cee34a926ee0a95eb05cd62345ce6 Analysis: https://findit-for-me.appspot.com/waterfall/flake?key=ag9zfmZpbmRpdC1mb3ItbWVyswELEhdNYXN0ZXJGbGFrZUFuYWx5c2lzUm9vdCJ9Y2hyb21pdW0ud2luL1dpbjcgVGVzdHMgKGRiZykoMSkvNjk5NDgvaGVhZGxlc3NfYnJvd3NlcnRlc3RzL1ZHRnlaMlYwUkc5dFlXbHVRM0psWVhSbFFXNWtSR1ZzWlhSbFVHRm5aVlJsYzNRdVVuVnVRWE41Ym1OVVpYTjAMCxITTWFzdGVyRmxha2VBbmFseXNpcxgBDA Please revert the culprit, or disable the test and find the appropriate owner. https://bugs.chromium.org/p/chromium/issues/entry?status=Unconfirmed&labels=Pri-1,Test-Findit-Wrong&components=Tools%3ETest%3EFindit%3EFlakiness&summary=%5BFindit%5D%20Flake%20Analyzer%20-%20Wrong%20result%20for%20TargetDomainCreateAndDeletePageTest.RunAsyncTest&comment=Link%20to%20Analysis%3A%20https://findit-for-me.appspot.com/waterfall/flake?key=ag9zfmZpbmRpdC1mb3ItbWVyswELEhdNYXN0ZXJGbGFrZUFuYWx5c2lzUm9vdCJ9Y2hyb21pdW0ud2luL1dpbjcgVGVzdHMgKGRiZykoMSkvNjk5NDgvaGVhZGxlc3NfYnJvd3NlcnRlc3RzL1ZHRnlaMlYwUkc5dFlXbHVRM0psWVhSbFFXNWtSR1ZzWlhSbFVHRm5aVlJsYzNRdVVuVnVRWE41Ym1OVVpYTjAMCxITTWFzdGVyRmxha2VBbmFseXNpcxgBDA
,
Jun 27 2018
This is a use-after-free. HeadlessContentMainDelegate::RunProcess frees the HeadlessBrowserImplForTest, which destroys the net::NetLog instance in HeadlessBrowserImpl. Meanwhile, URLRequestJob::NotifyDone is run on the IO thread and tries to add to the absent NetLog. Assigning to skyostil@, who added HeadlessContentMainDelegate. CC jam@ who added the NetLog to the HBI. See https://chromium-swarm.appspot.com/task?id=3e55cb4477d24e10&refresh=10&show_raw=1 for nice logs.
,
Jun 27 2018
Removing Sheriff-Chromium and disabling the test.
,
Jun 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4337fd48039ae9958ebcabcefa514f6a5b1dca4b commit 4337fd48039ae9958ebcabcefa514f6a5b1dca4b Author: Greg Thompson <grt@chromium.org> Date: Wed Jun 27 11:42:59 2018 Disable TargetDomainCreateAndDeletePageTest due to flakes. BUG= 856720 TBR=skyostil@chromium.org Change-Id: If7de573f6c64d4f04ff08e1a82793fc3fc021ed7 Reviewed-on: https://chromium-review.googlesource.com/1116786 Reviewed-by: Greg Thompson <grt@chromium.org> Commit-Queue: Greg Thompson <grt@chromium.org> Cr-Commit-Position: refs/heads/master@{#570731} [modify] https://crrev.com/4337fd48039ae9958ebcabcefa514f6a5b1dca4b/headless/lib/headless_devtools_client_browsertest.cc
,
Jun 27 2018
+caseq@ who now owns headless.
,
Jun 27 2018
FYI: this same UAF is happening in many tests. Fixing this will have a nice impact on test deflakage. https://test-results.appspot.com/dashboards/flakiness_dashboard.html#testType=headless_browsertests&builder=chromium.memory%3ALinux%20MSan%20Tests
,
Jun 27 2018
,
Dec 20
Closing this as this particular test has been removed, majority of tests has been rewritten into JS, and the net/ is no longer used by headless directly. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by Findit
, Jun 26 2018