Issue 624778 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Dec 2016
Cc:	tzik@chromium.org thakis@chromium.org
Components:	Internals
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	1
Type:	Bug
Te-Logged Stability-Crash Reproducible Findit-for-crash findit-wrong M-54 Hotlist-SyzyASAN Clusterfuzz MovedFrom-53

Crash in content::DeviceOrientationEventPump::SendFakeDataForTesting

Project Member Reported by ClusterFuzz, Jun 30 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4802944826605568

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  content::DeviceOrientationEventPump::SendFakeDataForTesting
  base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapte
  base::debug::TaskAnnotator::RunTask
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=402831:402879

Minimized Testcase (0.31 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96wVyhyo7eYzE3U82VuOaHVHHEbZ43dU8MzerjZ_dZQeSyGBCtncd6G2E1N5LmZB7-hdkLP9eY0q56gT66iurTuClkX_LhMCqZvSbV1W0d5B_b9_S1KP5O_DRd3TZb4zfN1XSpJ58zwWIgBrbG8LO84G7CRlg?testcase_id=4802944826605568
<script>

function __f_37() {

   		document.writeln();
}
</script>
  <body onload="__f_218();">
  <script>
    testRunner.setMockDeviceOrientation();
'This test can not be run without the TestRunner';
window.addEventListener('deviceorientation', function() {
});
function __f_218() {
 __f_37(); 
}
</script>


Filer: tkonchada

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by tkonch...@chromium.org, Jun 30 2016

Cc: thakis@chromium.org
Components: Internals
Labels: findit-for-crash Te-Logged M-53
Owner: tzik@chromium.org
Status: Assigned (was: Available)

No CL in the regression range changes the crashed files. The result is the blame information.

Author: mlamouri@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9c41b461969a64f3990ccf84534db8513614e2b8
Time: Tue Aug 19 15:51:34 2014
The CL last changed line 91 of file device_orientation_event_pump.cc, which is stack frame 0.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4435e804b6344b27942c68fd3c5b195daebacddb
Time: Wed May 11 23:05:05 2016
The CL last changed line 171 of file bind_internal.h, which is stack frame 1.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 296 of file bind_internal.h, which is stack frame 2.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 363 of file bind_internal.h, which is stack frame 3.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/caf1d84bb83aaf5369eb508027a685e2bf9859b4
Time: Tue Jun 28 12:22:21 2016
The CL last changed line 346 of file bind_internal.h, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/77d41139d261342a429d2775c59d8e8a386d4c81
Time: Wed Mar 09 09:47:03 2016
The CL last changed line 389 of file callback.h, which is stack frame 5.

Author: skyostil@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ad8fb459e07068582588d72fd5dabdb72e70b689
Time: Thu Aug 14 14:26:09 2014
The CL last changed line 51 of file task_annotator.cc, which is stack frame 6.

Possible suspect : https://chromium.googlesource.com/chromium/src//+/caf1d84bb83aaf5369eb508027a685e2bf9859b4

Please reassign if this is not related to your change.

Project Member

Comment 2 by sheriffbot@chromium.org, Jul 1 2016

Labels: -M-53 M-54 MovedFrom-53

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by tzik@chromium.org, Jul 4 2016

Cc: tzik@chromium.org
Labels: findit-wrong
Owner: ----
Status: Available (was: Assigned)

Project Member

Comment 4 by ClusterFuzz, Jul 7 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6419273979527168

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  content::DeviceOrientationEventPump::SendFakeDataForTesting
  base::debug::TaskAnnotator::RunTask
  scheduler::TaskQueueManager::ProcessTaskFromWorkQueue
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=290109:290723

Minimized Testcase (0.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94aEZmQKUyIgtlyG-Q8s3l0pziwwwE0UKm_AHa7V_sdOJv8w-PHcARzVKDSKTx5IlHzfnCoOgUWexuFaK4H4LkaSPBOSasJqroWmIsqTA1B8qZHOpfFs8FkqkD0bEC18R7qQsGGqPYVLPJxe8wN9NRqeimU9A?testcase_id=6419273979527168

Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by manoranj...@chromium.org, Dec 5 2016

Status: WontFix (was: Available)

Not a reproducible CF failure, hence closing this out.

Project Member

Comment 7 by ClusterFuzz, Mar 9 2017

ClusterFuzz has detected this issue as fixed in range 455091:455394.

Detailed report: https://clusterfuzz.com/testcase?key=6419273979527168

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  content::DeviceOrientationEventPump::SendFakeDataForTesting
  base::debug::TaskAnnotator::RunTask
  scheduler::TaskQueueManager::ProcessTaskFromWorkQueue
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=290109:290723
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94aEZmQKUyIgtlyG-Q8s3l0pziwwwE0UKm_AHa7V_sdOJv8w-PHcARzVKDSKTx5IlHzfnCoOgUWexuFaK4H4LkaSPBOSasJqroWmIsqTA1B8qZHOpfFs8FkqkD0bEC18R7qQsGGqPYVLPJxe8wN9NRqeimU9A?testcase_id=6419273979527168


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 624778 link

Issue metadata

Crash in content::DeviceOrientationEventPump::SendFakeDataForTesting

Issue description

Comment 1 by tkonch...@chromium.org, Jun 30 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jul 1 2016

Comment 2 Deleted

Comment 3 by tzik@chromium.org, Jul 4 2016

Comment 3 Deleted

Comment 4 by ClusterFuzz, Jul 7 2016

Comment 4 Deleted

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Comment 5 Deleted

Comment 6 by manoranj...@chromium.org, Dec 5 2016

Comment 6 Deleted

Comment 7 by ClusterFuzz, Mar 9 2017

Comment 7 Deleted

Sign in to add a comment