================================================================= ==313866==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x75dae8601820 at pc 0x75db943d8973 bp 0x7ffd38907dd0 sp 0x7ffd38907dc8 WRITE of size 2 at 0x75dae8601820 thread T0 (chrome) ==313866==WARNING: invalid path to external symbolizer! ==313866==WARNING: Failed to use and restart external symbolizer! #0 0x75db943d8972 in (anonymous namespace)::MeshOp::onPrepareDraws(GrMeshDrawTarget*) ./../../third_party/skia/src/gpu/ganesh/ops/DrawMeshOp.cpp:1162:36 #1 0x75db94430ac0 in GrOp::prepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/ops/GrOp.h:197:15 #2 0x75db9443033c in skgpu::ganesh::OpsTask::onPrepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/ops/OpsTask.cpp:548:27 #3 0x75db942378d9 in GrRenderTask::prepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/GrRenderTask.cpp:111:11 #4 0x75db941dbe50 in GrDrawingManager::executeRenderTasks(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:260:21 #5 0x75db941da829 in GrDrawingManager::flush(SkSpan, SkSurfaces::BackendSurfaceAccess, GrFlushInfo const&, skgpu::MutableTextureState const*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:203:34 #6 0x75db941dcf7c in GrDrawingManager::flushSurfaces(SkSpan, SkSurfaces::BackendSurfaceAccess, GrFlushInfo const&, skgpu::MutableTextureState const*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:530:27 #7 0x75db5e590394 in flushAndSubmit ./../../third_party/skia/include/gpu/GrDirectContext.h:333:15 #8 0x75db5e590394 in gpu::SharedContextState::FlushAndSubmit(bool) ./../../gpu/command_buffer/service/shared_context_state.cc:764:19 #9 0x75db5e54188c in DoFinish ./../../gpu/command_buffer/service/raster_decoder.cc:1846:26 #10 0x75db5e54188c in gpu::raster::RasterDecoderImpl::HandleFinish(unsigned int, void const volatile*) ./../../gpu/command_buffer/service/raster_decoder_autogen.h:22:3 #11 0x75db5e54e321 in gpu::error::Error gpu::raster::RasterDecoderImpl::DoCommandsImpl(unsigned int, void const volatile*, int, int*) ./../../gpu/command_buffer/service/raster_decoder.cc:1539:18 #12 0x75db88cd3826 in gpu::CommandBufferService::Flush(int, gpu::AsyncAPIInterface*) ./../../gpu/command_buffer/service/command_buffer_service.cc:231:35 #13 0x75db60728e5c in gpu::CommandBufferStub::OnAsyncFlush(int, unsigned int, std::__Cr::vector> const&) ./../../gpu/ipc/service/command_buffer_stub.cc:502:22 #14 0x75db60728101 in gpu::CommandBufferStub::ExecuteDeferredRequest(gpu::mojom::DeferredCommandBufferRequestParams&) ./../../gpu/ipc/service/command_buffer_stub.cc:153:7 #15 0x75db60748655 in gpu::GpuChannel::ExecuteDeferredRequest(mojo::StructPtr, unsigned long) ./../../gpu/ipc/service/gpu_channel.cc:932:13 #16 0x75db60756e8e in void base::internal::DecayedFunctorTraits, unsigned long), base::WeakPtr&&, mojo::StructPtr&&, unsigned long&&>::Invoke, unsigned long), base::WeakPtr const&, mojo::StructPtr, unsigned long>(void (gpu::GpuChannel::*)(mojo::StructPtr, unsigned long), base::WeakPtr const&, mojo::StructPtr&&, unsigned long&&) ./../../base/functional/bind_internal.h:738:12 #17 0x75db60756c74 in MakeItSo, unsigned long), std::__Cr::tuple, mojo::StructPtr, unsigned long> > ./../../base/functional/bind_internal.h:954:5 #18 0x75db60756c74 in RunImpl, unsigned long), std::__Cr::tuple, mojo::StructPtr, unsigned long>, 0UL, 1UL, 2UL> ./../../base/functional/bind_internal.h:1067:14 #19 0x75db60756c74 in base::internal::Invoker, unsigned long), base::WeakPtr&&, mojo::StructPtr&&, unsigned long&&>, base::internal::BindState, unsigned long), base::WeakPtr, mojo::StructPtr, unsigned long>, void ()>::RunOnce(base::internal::BindStateBase*) ./../../base/functional/bind_internal.h:980:12 #20 0x75db88d1076e in Run ./../../base/functional/callback.h:156:12 #21 0x75db88d1076e in gpu::SchedulerDfs::ExecuteSequence(base::IdType) ./../../gpu/command_buffer/service/scheduler_dfs.cc:598:24 #22 0x75db88d0e155 in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:522:3 #23 0x75db88d11f40 in Invoke ./../../base/functional/bind_internal.h:738:12 #24 0x75db88d11f40 in MakeItSo > > ./../../base/functional/bind_internal.h:930:12 #25 0x75db88d11f40 in RunImpl >, 0UL> ./../../base/functional/bind_internal.h:1067:14 #26 0x75db88d11f40 in base::internal::Invoker, base::internal::BindState>, void ()>::RunOnce(base::internal::BindStateBase*) ./../../base/functional/bind_internal.h:980:12 #27 0x75db97fbee6a in Run ./../../base/functional/callback.h:156:12 #28 0x75db97fbee6a in base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ./../../base/task/common/task_annotator.cc:203:34 #29 0x75db98030793 in RunTask<(lambda at ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:486:11)> ./../../base/task/common/task_annotator.h:90:5 #30 0x75db98030793 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:484:23 #31 0x75db9802f69e in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:346:40 #32 0x75db980314b4 in non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:0:0 #33 0x75db981c2cb3 in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ./../../base/message_loop/message_pump_glib.cc:694:48 #34 0x75db98032084 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:654:12 #35 0x75db97f43a12 in base::RunLoop::Run(base::Location const&) ./../../base/run_loop.cc:134:14 #36 0x75db8c171fdb in content::GpuMain(content::MainFunctionParams) ./../../content/gpu/gpu_main.cc:431:14 #37 0x75db8fd7ad5a in content::RunZygote(content::ContentMainDelegate*) ./../../content/app/content_main_runner_impl.cc:703:14 #38 0x75db8fd7bb29 in content::RunOtherNamedProcessTypeMain(std::__Cr::basic_string, std::__Cr::allocator> const&, content::MainFunctionParams, content::ContentMainDelegate*) ./../../content/app/content_main_runner_impl.cc:807:12 #39 0x75db8fd7dfd2 in content::ContentMainRunnerImpl::Run() ./../../content/app/content_main_runner_impl.cc:1175:10 #40 0x75db8fd7902c in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) ./../../content/app/content_main.cc:333:36 #41 0x75db8fd7985a in content::ContentMain(content::ContentMainParams) ./../../content/app/content_main.cc:346:10 #42 0x5c5dfd43f8b5 in ChromeMain ./../../chrome/app/chrome_main.cc:230:12 #43 0x75db38429d8f in __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16 0x75dae8601820 is located 0 bytes after 25165856-byte region [0x75dae6e01800,0x75dae8601820) allocated by thread T0 (chrome) here: #0 0x5c5dfd43d0bd in operator new(unsigned long) _asan_rtl_:3 #1 0x75db9419bc9d in Make ./../../third_party/skia/src/gpu/ganesh/GrCpuBuffer.h:29:20 #2 0x75db9419bc9d in GrBufferAllocPool::CpuBufferCache::makeBuffer(unsigned long, bool) ./../../third_party/skia/src/gpu/ganesh/GrBufferAllocPool.cpp:56:30 #3 0x75db9419cb9c in GrBufferAllocPool::resetCpuData(unsigned long) ./../../third_party/skia/src/gpu/ganesh/GrBufferAllocPool.cpp:389:60 #4 0x75db9419e51a in GrBufferAllocPool::createBlock(unsigned long) ./../../third_party/skia/src/gpu/ganesh/GrBufferAllocPool.cpp:362:15 #5 0x75db9419da01 in GrBufferAllocPool::makeSpace(unsigned long, unsigned long, sk_sp*, unsigned long*) ./../../third_party/skia/src/gpu/ganesh/GrBufferAllocPool.cpp:229:16 #6 0x75db941a00be in GrIndexBufferAllocPool::makeSpace(int, sk_sp*, int*) ./../../third_party/skia/src/gpu/ganesh/GrBufferAllocPool.cpp:496:28 #7 0x75db943d7ba2 in (anonymous namespace)::MeshOp::onPrepareDraws(GrMeshDrawTarget*) ./../../third_party/skia/src/gpu/ganesh/ops/DrawMeshOp.cpp:1151:27 #8 0x75db94430ac0 in GrOp::prepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/ops/GrOp.h:197:15 #9 0x75db9443033c in skgpu::ganesh::OpsTask::onPrepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/ops/OpsTask.cpp:548:27 #10 0x75db942378d9 in GrRenderTask::prepare(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/GrRenderTask.cpp:111:11 #11 0x75db941dbe50 in GrDrawingManager::executeRenderTasks(GrOpFlushState*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:260:21 #12 0x75db941da829 in GrDrawingManager::flush(SkSpan, SkSurfaces::BackendSurfaceAccess, GrFlushInfo const&, skgpu::MutableTextureState const*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:203:34 #13 0x75db941dcf7c in GrDrawingManager::flushSurfaces(SkSpan, SkSurfaces::BackendSurfaceAccess, GrFlushInfo const&, skgpu::MutableTextureState const*) ./../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:530:27 #14 0x75db5e590394 in flushAndSubmit ./../../third_party/skia/include/gpu/GrDirectContext.h:333:15 #15 0x75db5e590394 in gpu::SharedContextState::FlushAndSubmit(bool) ./../../gpu/command_buffer/service/shared_context_state.cc:764:19 #16 0x75db5e54188c in DoFinish ./../../gpu/command_buffer/service/raster_decoder.cc:1846:26 #17 0x75db5e54188c in gpu::raster::RasterDecoderImpl::HandleFinish(unsigned int, void const volatile*) ./../../gpu/command_buffer/service/raster_decoder_autogen.h:22:3 #18 0x75db5e54e321 in gpu::error::Error gpu::raster::RasterDecoderImpl::DoCommandsImpl(unsigned int, void const volatile*, int, int*) ./../../gpu/command_buffer/service/raster_decoder.cc:1539:18 #19 0x75db88cd3826 in gpu::CommandBufferService::Flush(int, gpu::AsyncAPIInterface*) ./../../gpu/command_buffer/service/command_buffer_service.cc:231:35 #20 0x75db60728e5c in gpu::CommandBufferStub::OnAsyncFlush(int, unsigned int, std::__Cr::vector> const&) ./../../gpu/ipc/service/command_buffer_stub.cc:502:22 #21 0x75db60728101 in gpu::CommandBufferStub::ExecuteDeferredRequest(gpu::mojom::DeferredCommandBufferRequestParams&) ./../../gpu/ipc/service/command_buffer_stub.cc:153:7 #22 0x75db60748655 in gpu::GpuChannel::ExecuteDeferredRequest(mojo::StructPtr, unsigned long) ./../../gpu/ipc/service/gpu_channel.cc:932:13 #23 0x75db60756e8e in void base::internal::DecayedFunctorTraits, unsigned long), base::WeakPtr&&, mojo::StructPtr&&, unsigned long&&>::Invoke, unsigned long), base::WeakPtr const&, mojo::StructPtr, unsigned long>(void (gpu::GpuChannel::*)(mojo::StructPtr, unsigned long), base::WeakPtr const&, mojo::StructPtr&&, unsigned long&&) ./../../base/functional/bind_internal.h:738:12 #24 0x75db60756c74 in MakeItSo, unsigned long), std::__Cr::tuple, mojo::StructPtr, unsigned long> > ./../../base/functional/bind_internal.h:954:5 #25 0x75db60756c74 in RunImpl, unsigned long), std::__Cr::tuple, mojo::StructPtr, unsigned long>, 0UL, 1UL, 2UL> ./../../base/functional/bind_internal.h:1067:14 #26 0x75db60756c74 in base::internal::Invoker, unsigned long), base::WeakPtr&&, mojo::StructPtr&&, unsigned long&&>, base::internal::BindState, unsigned long), base::WeakPtr, mojo::StructPtr, unsigned long>, void ()>::RunOnce(base::internal::BindStateBase*) ./../../base/functional/bind_internal.h:980:12 #27 0x75db88d1076e in Run ./../../base/functional/callback.h:156:12 #28 0x75db88d1076e in gpu::SchedulerDfs::ExecuteSequence(base::IdType) ./../../gpu/command_buffer/service/scheduler_dfs.cc:598:24 #29 0x75db88d0e155 in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:522:3 #30 0x75db88d11f40 in Invoke ./../../base/functional/bind_internal.h:738:12 #31 0x75db88d11f40 in MakeItSo > > ./../../base/functional/bind_internal.h:930:12 #32 0x75db88d11f40 in RunImpl >, 0UL> ./../../base/functional/bind_internal.h:1067:14 #33 0x75db88d11f40 in base::internal::Invoker, base::internal::BindState>, void ()>::RunOnce(base::internal::BindStateBase*) ./../../base/functional/bind_internal.h:980:12 #34 0x75db97fbee6a in Run ./../../base/functional/callback.h:156:12 #35 0x75db97fbee6a in base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ./../../base/task/common/task_annotator.cc:203:34 #36 0x75db98030793 in RunTask<(lambda at ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:486:11)> ./../../base/task/common/task_annotator.h:90:5 #37 0x75db98030793 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:484:23 #38 0x75db9802f69e in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:346:40 #39 0x75db980314b4 in non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ./../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:0:0 #40 0x75db981c2cb3 in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ./../../base/message_loop/message_pump_glib.cc:694:48 SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/hyhy100/chromium2/src/out/asan/libskia.so+0xbd8972) (BuildId: 739a908ae5387373) Shadow bytes around the buggy address: 0x75dae8601580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x75dae8601600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x75dae8601680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x75dae8601700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x75dae8601780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x75dae8601800: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa 0x75dae8601880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x75dae8601900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x75dae8601980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x75dae8601a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x75dae8601a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==313866==ADDITIONAL INFO ==313866==Note: Please include this section with the ASan report. Task trace: #0 0x75db88d0e73a in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:538:27 #1 0x75db88d0e73a in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:538:27 #2 0x75db88d0e73a in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:538:27 #3 0x75db88d0e73a in gpu::SchedulerDfs::RunNextTask() ./../../gpu/command_buffer/service/scheduler_dfs.cc:538:27 Command line: `/proc/self/exe --type=gpu-process --string-annotations --crashpad-handler-pid=313830 --enable-crash-reporter=, --no-subproc-heap-profiling --change-stack-guard-on-fork=enable --gpu-preferences=UAAAAAAAAAAgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --shared-files --metrics-shmem-handle=4,i,16581570323834033834,77918272202421519,262144 --field-trial-handle=3,i,92242694934241997,11301705734952245836,262144 --variations-seed-version` ==313866==END OF ADDITIONAL INFO ==313866==ABORTING