TaskSchedulerPriorityUpdateTest.UpdatePrioritySequenceNotScheduled flakily fails with heap-use-after-free on android/asan |
||||
Issue descriptionhttps://ci.chromium.org/buildbot/chromium.clang/ToTAndroidASan/ e.g. https://ci.chromium.org/buildbot/chromium.clang/ToTAndroidASan/1302 [ RUN ] TaskSchedulerPriorityUpdateTest.UpdatePrioritySequenceNotScheduled ================================================================= ==6975==ERROR: AddressSanitizer: heap-use-after-free on address 0x94f47614 at pc 0x94697685 bp 0x9a4fea40 sp 0x9a4fea3c READ of size 4 at 0x94f47614 thread T255 (TaskSchedulerFo) 0x94f47614 is located 4 bytes inside of 8-byte region [0x94f47610,0x94f47618) freed by thread T172 here: previously allocated by thread T172 here: Thread T255 (TaskSchedulerFo) created by T172 here: Thread T172 created by T0 (st:test_process) here: SUMMARY: AddressSanitizer: heap-use-after-free (/data/app-lib/org.chromium.native_test-1/lib_base_unittests__library.cr.so+0x178b682) Shadow bytes around the buggy address: 0x54690e70: fa fa fd fd fa fa 00 04 fa fa fd fd fa fa 00 04 0x54690e80: fa fa fd fd fa fa 00 04 fa fa fd fd fa fa 00 04 0x54690e90: fa fa fd fd fa fa 04 fa fa fa fd fd fa fa fd fa 0x54690ea0: fa fa 00 00 fa fa 00 04 fa fa fc fa fa fa 00 04 0x54690eb0: fa fa fd fd fa fa 00 04 fa fa fd fa fa fa 00 04 =>0x54690ec0: fa fa[fd]fa fa fa 00 04 fa fa fd fa fa fa 00 04 0x54690ed0: fa fa fd fa fa fa 00 04 fa fa fd fd fa fa 00 04 0x54690ee0: fa fa fd fa fa fa 00 04 fa fa fd fa fa fa 00 04 0x54690ef0: fa fa 00 04 fa fa 00 04 fa fa fd fa fa fa 00 04 0x54690f00: fa fa fd fa fa fa 00 04 fa fa fd fa fa fa 00 04 0x54690f10: fa fa fd fa fa fa 00 04 fa fa fd fd fa fa 00 04 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==6975==ABORTING [ CRASHED ]
,
Jan 3
This is still broken. If it's going to take a while, can we disable the test on android/asan?
,
Jan 3
Looking. This ASAN bot not having symbols makes it rather unusable but I found a helpful related failure on a TSAN bot : https://chromium-swarm.appspot.com/task?id=422b284d62cda410&refresh=10&show_raw=1 Will update shortly. ============= TSAN log ================= [ RUN ] TaskSchedulerPriorityUpdateTest.UpdatePrioritySequenceNotScheduled ================== WARNING: ThreadSanitizer: heap-use-after-free (pid=4104) Read of size 8 at 0x7b1000039ea8 by thread T10: #0 operator-> base/memory/scoped_refptr.h:221:12 (base_unittests+0x15466a0) #1 base::WaitableEvent::TimedWaitUntil(base::TimeTicks const&) base/synchronization/waitable_event_posix.cc:221 (base_unittests+0x15466a0) #2 base::WaitableEvent::Wait() base/synchronization/waitable_event_posix.cc:155:17 (base_unittests+0x154634b) #3 base::internal::test::WaitWithoutBlockingObserver(base::WaitableEvent*) base/task/task_scheduler/test_utils.cc:94:10 (base_unittests+0xf545ea) #4 operator() base/task/task_scheduler/task_scheduler_impl_unittest.cc:1064:15 (base_unittests+0xf26680) #5 base::internal::BindLambdaHelper<base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody()::$_0, void ()>::Run(base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody()::$_0 const&) base/test/bind_test_util.h:19 (base_unittests+0xf26680) #6 Invoke<void (*const &)(const (lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45) &), const (lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45) &> base/bind_internal.h:416:12 (base_unittests+0xf266b5) #7 MakeItSo<void (*const &)(const (lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45) &), const (lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45) &> base/bind_internal.h:616 (base_unittests+0xf266b5) #8 RunImpl<void (*const &)(const (lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45) &), const std::__1::tuple<(lambda at ../../base/task/task_scheduler/task_scheduler_impl_unittest.cc:1062:45)> &, 0> base/bind_internal.h:689 (base_unittests+0xf266b5) #9 base::internal::Invoker<base::internal::BindState<void (*)(base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody()::$_0 const&), base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody()::$_0>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:671 (base_unittests+0xf266b5) #10 Run base/callback.h:99:12 (base_unittests+0x141d71f) #11 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:99 (base_unittests+0x141d71f) #12 base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task*) base/task/task_scheduler/task_tracker.cc:944:19 (base_unittests+0x14dac3c) #13 RunTaskWithShutdownBehavior base/task/task_scheduler/task_tracker.cc:962:7 (base_unittests+0x14da574) #14 base::internal::TaskTracker::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, base::TaskTraits const&, bool) base/task/task_scheduler/task_tracker.cc:649 (base_unittests+0x14da574) #15 base::internal::TaskTrackerPosix::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, base::TaskTraits const&, bool) base/task/task_scheduler/task_tracker_posix.cc:24:16 (base_unittests+0x154a30f) #16 base::internal::TaskTracker::RunAndPopNextTask(scoped_refptr<base::internal::Sequence>, base::internal::CanScheduleSequenceObserver*) base/task/task_scheduler/task_tracker.cc:505:3 (base_unittests+0x14d9873) #17 base::internal::SchedulerWorker::RunWorker() base/task/task_scheduler/scheduler_worker.cc:337:24 (base_unittests+0x14caf34) #18 base::internal::SchedulerWorker::RunPooledWorker() base/task/task_scheduler/scheduler_worker.cc:229:3 (base_unittests+0x14cab51) #19 base::internal::SchedulerWorker::ThreadMain() base/task/task_scheduler/scheduler_worker.cc:208:7 (base_unittests+0x14ca9bf) #20 base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:81:13 (base_unittests+0x154aea4) Previous write of size 8 at 0x7b1000039ea8 by main thread: #0 operator delete(void*) /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/tsan/rtl/tsan_new_delete.cc:127:3 (base_unittests+0x50be8d) #1 operator() buildtools/third_party/libc++/trunk/include/memory:2325:5 (base_unittests+0xf2078b) #2 reset buildtools/third_party/libc++/trunk/include/memory:2638 (base_unittests+0xf2078b) #3 ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2592 (base_unittests+0xf2078b) #4 destroy buildtools/third_party/libc++/trunk/include/memory:1867 (base_unittests+0xf2078b) #5 __destroy<std::__1::unique_ptr<base::internal::TaskSchedulerPriorityUpdateTest::PoolBlockingEvents, std::__1::default_delete<base::internal::TaskSchedulerPriorityUpdateTest::PoolBlockingEvents> > > buildtools/third_party/libc++/trunk/include/memory:1729 (base_unittests+0xf2078b) #6 destroy<std::__1::unique_ptr<base::internal::TaskSchedulerPriorityUpdateTest::PoolBlockingEvents, std::__1::default_delete<base::internal::TaskSchedulerPriorityUpdateTest::PoolBlockingEvents> > > buildtools/third_party/libc++/trunk/include/memory:1597 (base_unittests+0xf2078b) #7 __destruct_at_end buildtools/third_party/libc++/trunk/include/vector:422 (base_unittests+0xf2078b) #8 clear buildtools/third_party/libc++/trunk/include/vector:365 (base_unittests+0xf2078b) #9 ~__vector_base buildtools/third_party/libc++/trunk/include/vector:459 (base_unittests+0xf2078b) #10 ~vector buildtools/third_party/libc++/trunk/include/vector:551 (base_unittests+0xf2078b) #11 base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody() base/task/task_scheduler/task_scheduler_impl_unittest.cc:1099 (base_unittests+0xf2078b) #12 HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc (base_unittests+0x1380a2f) #13 testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2522 (base_unittests+0x1380a2f) #14 testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2703:11 (base_unittests+0x1381aa8) #15 testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2825:28 (base_unittests+0x13823e6) #16 testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5227:43 (base_unittests+0x1392c46) #17 HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc (base_unittests+0x1392517) #18 testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4835 (base_unittests+0x1392517) #19 RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2369:46 (base_unittests+0x156ba42) #20 base::TestSuite::Run() base/test/test_suite.cc:294 (base_unittests+0x156ba42) #21 Invoke<int (base::TestSuite::*)(), base::TestSuite *> base/bind_internal.h:516:12 (base_unittests+0x155a978) #22 MakeItSo<int (base::TestSuite::*const &)(), base::TestSuite *> base/bind_internal.h:616 (base_unittests+0x155a978) #23 RunImpl<int (base::TestSuite::*const &)(), const std::__1::tuple<base::internal::UnretainedWrapper<base::TestSuite> > &, 0> base/bind_internal.h:689 (base_unittests+0x155a978) #24 base::internal::Invoker<base::internal::BindState<int (base::TestSuite::*)(), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:671 (base_unittests+0x155a978) #25 Run base/callback.h:99:12 (base_unittests+0x1579c1d) #26 base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, bool, base::OnceCallback<void ()>) base/test/launcher/unit_test_launcher.cc:225 (base_unittests+0x1579c1d) #27 base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>) base/test/launcher/unit_test_launcher.cc:575:10 (base_unittests+0x1579a80) #28 main base/test/run_all_base_unittests.cc:12:10 (base_unittests+0x155a8b7) Thread T10 'TaskSchedulerFo' (tid=4391, running) created by main thread at: #0 pthread_create /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:980:3 (base_unittests+0x4a1685) #1 base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:120:13 (base_unittests+0x154a8b7) #2 base::PlatformThread::CreateWithPriority(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:238:10 (base_unittests+0x154a7b5) #3 base::internal::SchedulerWorker::Start(base::SchedulerWorkerObserver*) base/task/task_scheduler/scheduler_worker.cc:79:3 (base_unittests+0x14ca50d) #4 base::internal::SchedulerWorkerPoolImpl::SchedulerWorkerStarter::~SchedulerWorkerStarter() base/task/task_scheduler/scheduler_worker_pool_impl.cc:98:25 (base_unittests+0x14ccb2d) #5 base::internal::SchedulerWorkerPoolImpl::Start(base::SchedulerWorkerPoolParams const&, int, scoped_refptr<base::TaskRunner>, base::SchedulerWorkerObserver*, base::internal::SchedulerWorkerPoolImpl::WorkerEnvironment) base/task/task_scheduler/scheduler_worker_pool_impl.cc:339:1 (base_unittests+0x14cc361) #6 base::internal::TaskSchedulerImpl::Start(base::TaskScheduler::InitParams const&, base::SchedulerWorkerObserver*) base/task/task_scheduler/task_scheduler_impl.cc:197:39 (base_unittests+0x14d5993) #7 StartTaskSchedulerWithNumThreadsPerPool base/task/task_scheduler/task_scheduler_impl_unittest.cc:986:16 (base_unittests+0xf1ff16) #8 base::internal::TaskSchedulerPriorityUpdateTest_UpdatePrioritySequenceNotScheduled_Test::TestBody() base/task/task_scheduler/task_scheduler_impl_unittest.cc:1038 (base_unittests+0xf1ff16) #9 HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc (base_unittests+0x1380a2f) #10 testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2522 (base_unittests+0x1380a2f) #11 testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2703:11 (base_unittests+0x1381aa8) #12 testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2825:28 (base_unittests+0x13823e6) #13 testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5227:43 (base_unittests+0x1392c46) #14 HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc (base_unittests+0x1392517) #15 testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4835 (base_unittests+0x1392517) #16 RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2369:46 (base_unittests+0x156ba42) #17 base::TestSuite::Run() base/test/test_suite.cc:294 (base_unittests+0x156ba42) #18 Invoke<int (base::TestSuite::*)(), base::TestSuite *> base/bind_internal.h:516:12 (base_unittests+0x155a978) #19 MakeItSo<int (base::TestSuite::*const &)(), base::TestSuite *> base/bind_internal.h:616 (base_unittests+0x155a978) #20 RunImpl<int (base::TestSuite::*const &)(), const std::__1::tuple<base::internal::UnretainedWrapper<base::TestSuite> > &, 0> base/bind_internal.h:689 (base_unittests+0x155a978) #21 base::internal::Invoker<base::internal::BindState<int (base::TestSuite::*)(), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:671 (base_unittests+0x155a978) #22 Run base/callback.h:99:12 (base_unittests+0x1579c1d) #23 base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, bool, base::OnceCallback<void ()>) base/test/launcher/unit_test_launcher.cc:225 (base_unittests+0x1579c1d) #24 base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>) base/test/launcher/unit_test_launcher.cc:575:10 (base_unittests+0x1579a80) #25 main base/test/run_all_base_unittests.cc:12:10 (base_unittests+0x155a8b7) SUMMARY: ThreadSanitizer: heap-use-after-free base/memory/scoped_refptr.h:221:12 in operator->
,
Jan 3
,
Jan 3
,
Jan 3
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/abf7bfb0a66b9f93684a544dff6a68eb9410c2f7 commit abf7bfb0a66b9f93684a544dff6a68eb9410c2f7 Author: Gabriel Charette <gab@chromium.org> Date: Thu Jan 03 15:14:05 2019 [TaskScheduler] Unflake TaskSchedulerPriorityUpdateTest.UpdatePrioritySequenceNotScheduled R=etiennep@chromium.org TBR=fdoray@chromium.org Bug: 915207 Change-Id: I3283dee3dad0d6f64cc70bb9bb49cebdac49616a Reviewed-on: https://chromium-review.googlesource.com/c/1394589 Reviewed-by: Gabriel Charette <gab@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#619637} [modify] https://crrev.com/abf7bfb0a66b9f93684a544dff6a68eb9410c2f7/base/task/task_scheduler/task_scheduler_impl_unittest.cc
,
Jan 3
base_unittests no longer failing on AndroidASan |
||||
►
Sign in to add a comment |
||||
Comment 1 by fdoray@chromium.org
, Dec 17Components: -Internals Internals>TaskScheduler
Owner: fdoray@chromium.org