Issue metadata
Sign in to add a comment
|
Data race in blink::StringCacheMapTraits::Dispose |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4558499862544384 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race READ 4 Crash Address: 0x7d2400035dc0 Crash State: blink::StringCacheMapTraits::Dispose v8::PersistentValueMapBase<WTF::StringImpl*, v8::String, blink::StringCacheMapTr blink::StringCache::dispose Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=396083:396125 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97CHaVVHBdvHLG3O9pyijC7i9EPR08j3FPSW_YbgOg4Vl_gqjnhKE4Wnkj3lcrRr69vBmB9FljwQ2trozx0Vk1YS-qOWdf3pNw9KXcwqjPvsmdOGpID8Lnzv7WGYhysOAbp8eiKhl5tBT79MNjanMnzECW60w Filer: ajha See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 31 2016
This should not be related, since it is a revert of a CL that was introduced a couple of days earlier and both CLs don't do anything except renaming RELEASE_ASSERTS. Unfortunately, I don't have access to clusterfuzz, so I cannot se the testcase and investigate it further.
,
Jun 1 2016
Indeed kotenkov's change has nothing to do with this. This appears worker-related.
,
Jun 1 2016
,
Jun 2 2016
ClusterFuzz has detected this issue as fixed in range 397130:397162. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4558499862544384 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race READ 4 Crash Address: 0x7d2400035dc0 Crash State: blink::StringCacheMapTraits::Dispose v8::PersistentValueMapBase<WTF::StringImpl*, v8::String, blink::StringCacheMapTr blink::StringCache::dispose Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=396083:396125 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=397130:397162 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97CHaVVHBdvHLG3O9pyijC7i9EPR08j3FPSW_YbgOg4Vl_gqjnhKE4Wnkj3lcrRr69vBmB9FljwQ2trozx0Vk1YS-qOWdf3pNw9KXcwqjPvsmdOGpID8Lnzv7WGYhysOAbp8eiKhl5tBT79MNjanMnzECW60w See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ajha@chromium.org
, May 31 2016Components: Tools>Test>FindIt>NoResult
Labels: -Type-Bug -Pri-2 Te-Logged M-53 Pri-1 Type-Bug-Regression
Owner: koten...@yandex-team.ru
Status: Assigned (was: Available)