Data race in base::StatisticsRecorder::FindHistogram |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6701062506676224 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race ATOMIC READ 4 Crash Address: 0x7b280000ae28 Crash State: base::StatisticsRecorder::FindHistogram base::Histogram::Factory::Build base::Histogram::FactoryTimeGet Sanitizer: thread (TSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=448237:448270 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv964cqB-Q8l3HBTieT8aySQ_0ZZOCcj9h_qHSZM5XAV13TmCtwEZRJSgTwkU919gvr6URlXgQcI7tllwxGJY_qBvYr4kHrNghYbqgK5R144Ig_6y0lHAyv6bu7hyb394pH8czvf-S38f0hhpKIk9zmr8LFm_4cBaR03eySa1XrcFqlm9kbUaUNcXrRL4StRFxZVgIvHeMf9wjF-L3Zogehxm4IiScDQigXWOI4DsHoQTFZ6z94fn4yYUCNEAKAM9Y7BcxvcBybWvK8bHztpdugruyeYpHZ-qyxkLVzxjZDPaVLE-n6Bpy2FhEYHD4dqrQnkp9c4xpg8NgdmgdmssNrMJUsF9YGfsFpY3uGD298JoDm25y9_CTkNJh6GBKcs0h-5vtLwoY8oQRqzr_y0B_6E_vH1EMA?testcase_id=6701062506676224 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/471e0a3d9789243b6db151544c8ca9da17b29f36 commit 471e0a3d9789243b6db151544c8ca9da17b29f36 Author: bcwhite <bcwhite@chromium.org> Date: Thu Feb 09 21:10:53 2017 Add acquire/release to global variable. In the case of subprocesses that create this after general initialization, it's possible for the thread that is doing the import is different than and created before the thread that creates the GlobalHistogramAllocator. Using release-store ensures that ctor initialization is complete before the global pointer is written while acquire-load ensures that all accesses to it come after the read of the global pointer. BUG= 689245 Review-Url: https://codereview.chromium.org/2684993008 Cr-Commit-Position: refs/heads/master@{#449407} [modify] https://crrev.com/471e0a3d9789243b6db151544c8ca9da17b29f36/base/metrics/persistent_histogram_allocator.cc
,
Feb 9 2017
,
Feb 16 2017
,
Feb 16 2017
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions. Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3ce527bfb13aed34dacc1f2605222b2b01bd0347 commit 3ce527bfb13aed34dacc1f2605222b2b01bd0347 Author: Brian White <bcwhite@chromium.org> Date: Thu Feb 16 19:47:20 2017 Add acquire/release to global variable. In the case of subprocesses that create this after general initialization, it's possible for the thread that is doing the import is different than and created before the thread that creates the GlobalHistogramAllocator. Using release-store ensures that ctor initialization is complete before the global pointer is written while acquire-load ensures that all accesses to it come after the read of the global pointer. BUG= 689245 Review-Url: https://codereview.chromium.org/2684993008 Cr-Commit-Position: refs/heads/master@{#449407} (cherry picked from commit 471e0a3d9789243b6db151544c8ca9da17b29f36) Review-Url: https://codereview.chromium.org/2699953002 . Cr-Commit-Position: refs/branch-heads/2987@{#554} Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943} [modify] https://crrev.com/3ce527bfb13aed34dacc1f2605222b2b01bd0347/base/metrics/persistent_histogram_allocator.cc |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mummare...@chromium.org
, Feb 6 2017Owner: bcwh...@chromium.org
Status: Assigned (was: Untriaged)