Status: Untriaged Owner: [email protected] Labels: Type-Bug Pri-2 OS-Linux Area-Misc Size-Medium
New issue 9323 by [email protected]: Valgrind errors in RedirectTest.ClientEmptyReferer in uitests http://code.google.com/p/chromium/issues/detail?id=9323 I've got ui_tests running under valgrind now with http://codereview.chromium.org/45053 It found a half-dozen invalid reads and writes in just one test, RedirectTest.ClientEmptyReferer, all related to TabContents::NotifyNavigationStateChanged(unsigned int), chrome/browser/tab_contents/tab_contents.cc:236 The code in question seems to have been touched last by Ben G and Brett W, but it was a while ago. It looks like navigation is trying to happen after the browser has started to shut down, and is accessing data that was freed in the Browser destructor. The log also shows something suspicious: after the line [19945:19945:719349652421:ERROR:browser/automation/automation_provider.cc(1632)] AutomationProxy went away, shutting down app. which is present even without valgrind, in the valgrind case, we see [19945:19945:719350306420:FATAL:base/ref_counted.cc(31)] Check failed: !in_dtor_. Here's a more detailed Valgrind log; I bypassed our analysis script for this, since that doesn't handle --track-origins=yes yet. My PID = 21131, parent PID = 21128. Prog and args are: chrome/Hammer/chrome --enable-file-cookies --testing-channel=ChromeTestingInterface:21125.1 --homepage=about:blank --user-data-dir=/home/dkegel/.config/chromium --metrics-recording-only --enable-logging --test-name=RedirectTest.ClientEmptyReferer ... Invalid read of size 4 at TabContents::NotifyNavigationStateChanged(unsigned int) chrome/browser/tab_contents/tab_contents.cc:236 by WebContents::UpdateFeedList(RenderViewHost*, ViewHostMsg_UpdateFeedList_Params const&) chrome/browser/tab_contents/web_contents.cc:875 by RenderViewHost::OnMsgUpdateFeedList(ViewHostMsg_UpdateFeedList_Params const&) chrome/browser/renderer_host/render_view_host.cc:910 by void DispatchToMethod<RenderViewHost, void (RenderViewHost::*) (ViewHostMsg_UpdateFeedList_Params const&), ViewHostMsg_UpdateFeedList_Params>(RenderViewHost*, void (RenderViewHost::*)(ViewHostMsg_UpdateFeedList_Params const&), ViewHostMsg_UpdateFeedList_Params const&) base/tuple.h:388 by bool IPC::MessageWithTuple<ViewHostMsg_UpdateFeedList_Params>::Dispatch<RenderViewHost, void (RenderViewHost::*)(ViewHostMsg_UpdateFeedList_Params const&)>(IPC::Message const*, RenderViewHost*, void (RenderViewHost::*) (ViewHostMsg_UpdateFeedList_Params const&)) chrome/common/ipc_message_utils.h:1130 by RenderViewHost::OnMessageReceived(IPC::Message const&) chrome/browser/renderer_host/render_view_host.cc:769 by BrowserRenderProcessHost::OnMessageReceived(IPC::Message const&) chrome/browser/renderer_host/browser_render_process_host.cc:601 by IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) chrome/common/ipc_channel_proxy.cc:179 by void DispatchToMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), IPC::Message>(IPC::ChannelProxy::Context*, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), Tuple1<IPC::Message> const&) base/tuple.h:393 by RunnableMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), Tuple1<IPC::Message> >::Run() base/task.h:307 by MessageLoop::RunTask(Task*) base/message_loop.cc:308 by MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) base/message_loop.cc:316 by MessageLoop::DoWork() base/message_loop.cc:416 by base::MessagePumpForUI::HandleDispatch() base/message_pump_glib.cc:190 by (anonymous namespace)::WorkSourceDispatch(_GSource*, int (*) (void*), void*) base/message_pump_glib.cc:75 by g_main_context_dispatch (in /usr/lib32/libglib-2.0.so.0.1600.3.bak) by (within /usr/lib32/libglib-2.0.so.0.1600.3.bak) by g_main_context_iteration (in /usr/lib32/libglib-2.0.so.0.1600.3.bak) by base::MessagePumpForUI::Run(base::MessagePump::Delegate*) base/message_pump_glib.cc:149 by MessageLoop::RunInternal() base/message_loop.cc:197 by MessageLoop::RunHandler() base/message_loop.cc:180 by MessageLoop::Run() base/message_loop.cc:154 by (anonymous namespace)::RunUIMessageLoop(BrowserProcess*) chrome/browser/browser_main.cc:180 by BrowserMain(MainFunctionParams const&) chrome/browser/browser_main.cc:571 by ChromeMain chrome/app/chrome_dll_main.cc:410 by main chrome/app/chrome_exe_main_gtk.cc:33 Address 0x1211a8e0 is 8 bytes inside a block of size 284 free'd at operator delete(void*) /home/kcc/depot2-kcc-ts_valgrind-client/google_vendor_src_branch/valgrind/trunk/coregrind/m_replacemalloc/vg_replace_malloc.c:362 by Browser::~Browser() chrome/browser/browser.cc:248 by scoped_ptr<Browser>::~scoped_ptr() base/scoped_ptr.h:72 by BrowserWindowGtk::~BrowserWindowGtk() chrome/browser/gtk/browser_window_gtk.cc:252 by DeleteTask<BrowserWindowGtk>::Run() base/task.h:222 by MessageLoop::RunTask(Task*) base/message_loop.cc:308 by MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) base/message_loop.cc:316 by MessageLoop::DoWork() base/message_loop.cc:416 by base::MessagePumpForUI::HandleDispatch() base/message_pump_glib.cc:190 by (anonymous namespace)::WorkSourceDispatch(_GSource*, int (*) (void*), void*) base/message_pump_glib.cc:75 by g_main_context_dispatch (in /usr/lib32/libglib-2.0.so.0.1600.3.bak) by (within /usr/lib32/libglib-2.0.so.0.1600.3.bak) by g_main_context_iteration (in /usr/lib32/libglib-2.0.so.0.1600.3.bak) by base::MessagePumpForUI::Run(base::MessagePump::Delegate*) base/message_pump_glib.cc:149 by MessageLoop::RunInternal() base/message_loop.cc:197 by MessageLoop::RunHandler() base/message_loop.cc:180 by MessageLoop::Run() base/message_loop.cc:154 by (anonymous namespace)::RunUIMessageLoop(BrowserProcess*) chrome/browser/browser_main.cc:180 by BrowserMain(MainFunctionParams const&) chrome/browser/browser_main.cc:571 by ChromeMain chrome/app/chrome_dll_main.cc:410 by main chrome/app/chrome_exe_main_gtk.cc:33 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
