New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 641339 link

Starred by 1 user
Status: Verified
Owner:
grunell@chromium.org
Closed: Aug 2016
Cc:
anatolid@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Data race in content::WebRtcAudioRenderer::Stop

Project Member Reported by ClusterFuzz, Aug 26 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5208641252884480

Fuzzer: phoglund_webrtc_peerconnection
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7d4800007340
Crash State:
  content::WebRtcAudioRenderer::Stop
  content::WebRtcAudioRenderer::Stop
  content::SharedAudioRenderer::Stop
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=414382:414438

Minimized Testcase (2.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95PEeIH1lo-GUjGbvA2hO2BBaivEBktmnkZDpn4lnCFkghmcxBq2mHideMUORFZB8kHx8P4DYVpGPxwnJlmwUD8Kcqf3tOdA8cWarAeiBL_Xjy1Pkff_SX7TooF-6Y1Phb6FzbM0kaQk6KNEfZSyKRSbKGguQ?testcase_id=5208641252884480

Additional requirements: Requires HTTP

Issue manually filed by: durga.behera

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by durga.behera@chromium.org, Aug 26 2016

Components: Tools>Test>FindIt>CorrectResult Blink>WebRTC
Labels: M-54 Te-Logged
Owner: grunell@chromium.org
Status: Assigned (was: Untriaged)
Suspected CLs
============
The result is a list of CLs that change the crashed files.

Author: grunell
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/af11e92e56cc47146ad87e641e48dcc967fea513
Time: Thu Aug 25 11:10:11 2016
Lines 305-313 of file webrtc_audio_renderer.cc which potentially caused crash are changed in this cl (frame #1, "non-virtual thunk to content::WebRtcAudioRenderer::Stop").
Minimum distance from crash line to modified line: 0. (file: webrtc_audio_renderer.cc, crashed on: 305, modified: 305).

=======================
Suspected Project: chromium
Suspected Component: Blink>Webrtc

Possible suspect as found by findit tool.
grunell@ : Could you please take a look into this if its related to your change.
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 31 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c0a322db0a71e6d63f4905d4b55f27d83f55726d

commit c0a322db0a71e6d63f4905d4b55f27d83f55726d
Author: grunell <grunell@chromium.org>
Date: Wed Aug 31 12:30:14 2016

Fix data race in WebRtcAudioRenderer.

Accessing |max_render_time_| under |lock_| in Stop(). It's already accessed under the lock in the other place.

BUG= 641339 

Review-Url: https://codereview.chromium.org/2292053002
Cr-Commit-Position: refs/heads/master@{#415617}

[modify] https://crrev.com/c0a322db0a71e6d63f4905d4b55f27d83f55726d/content/renderer/media/webrtc_audio_renderer.cc
[modify] https://crrev.com/c0a322db0a71e6d63f4905d4b55f27d83f55726d/content/renderer/media/webrtc_audio_renderer.h

Comment 3 by grunell@chromium.org, Aug 31 2016

Status: Fixed (was: Assigned)

Comment 4 by grunell@chromium.org, Aug 31 2016

Labels: Merge-Request-54

Comment 5 by dimu@chromium.org, Sep 1 2016

Labels: -Merge-Request-54 Merge-Approved-54 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M54 (branch: 2840)
Project Member

Comment 6 by bugdroid1@chromium.org, Sep 1 2016

Labels: -merge-approved-54 merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7d219e2c368bbae0a376f11f72d8bc46564a6c30

commit 7d219e2c368bbae0a376f11f72d8bc46564a6c30
Author: Henrik Grunell <grunell@chromium.org>
Date: Thu Sep 01 11:48:19 2016

Fix data race in WebRtcAudioRenderer.

Accessing |max_render_time_| under |lock_| in Stop(). It's already accessed under the lock in the other place.

BUG= 641339 

Review-Url: https://codereview.chromium.org/2292053002
Cr-Commit-Position: refs/heads/master@{#415617}
(cherry picked from commit c0a322db0a71e6d63f4905d4b55f27d83f55726d)

Review URL: https://codereview.chromium.org/2300723003 .

Cr-Commit-Position: refs/branch-heads/2840@{#96}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}

[modify] https://crrev.com/7d219e2c368bbae0a376f11f72d8bc46564a6c30/content/renderer/media/webrtc_audio_renderer.cc
[modify] https://crrev.com/7d219e2c368bbae0a376f11f72d8bc46564a6c30/content/renderer/media/webrtc_audio_renderer.h

Comment 7 by anatolid@chromium.org, Oct 18 2016

Cc: anatolid@chromium.org
Can the owner please double check that the milestone is set correctly for this issue?

FYI, the last CL associated with this issue has been added after the M54 branch was created and before the M55 branch was created, so perhaps this issue should be marked as M55?

Comment 8 by grunell@chromium.org, Oct 18 2016 

M54 is correct. The fix has been merged to M54.

Comment 9 by grunell@chromium.org, Oct 18 2016

Status: Verified (was: Fixed)
No new reports on this from ClusterFuzz since marked as fixed (6 weeks), considered to be verified.
Project Member

Comment 10 by bugdroid1@chromium.org, Oct 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7d219e2c368bbae0a376f11f72d8bc46564a6c30

commit 7d219e2c368bbae0a376f11f72d8bc46564a6c30
Author: Henrik Grunell <grunell@chromium.org>
Date: Thu Sep 01 11:48:19 2016

Fix data race in WebRtcAudioRenderer.

Accessing |max_render_time_| under |lock_| in Stop(). It's already accessed under the lock in the other place.

BUG= 641339 

Review-Url: https://codereview.chromium.org/2292053002
Cr-Commit-Position: refs/heads/master@{#415617}
(cherry picked from commit c0a322db0a71e6d63f4905d4b55f27d83f55726d)

Review URL: https://codereview.chromium.org/2300723003 .

Cr-Commit-Position: refs/branch-heads/2840@{#96}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}

[modify] https://crrev.com/7d219e2c368bbae0a376f11f72d8bc46564a6c30/content/renderer/media/webrtc_audio_renderer.cc
[modify] https://crrev.com/7d219e2c368bbae0a376f11f72d8bc46564a6c30/content/renderer/media/webrtc_audio_renderer.h
Project Member

Comment 11 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment