Issue 691391 link

Starred by 2 users

Issue metadata

Status:	Verified
Owner:	ikilpatrick@chromium.org
Closed:	Mar 2017
Cc:	nyerramilli@chromium.org
Components:	Infra>Client>Chrome
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz M-57 ClusterFuzz-Verified Test-Predator-Wrong-CLs

Crash in blink::MainThreadDebugger::contextCreated

Project Member Reported by ClusterFuzz, Feb 12 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4636849214849024

Fuzzer: inferno_twister
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000010
Crash State:
  blink::MainThreadDebugger::contextCreated
  blink::PaintWorkletGlobalScope::create
  blink::PaintWorklet::PaintWorklet
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=402316:402437

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95j7QbNKs_hDWfrrSVjic0Uqkf-JsiHCIVuy2sftsLTt6sF1QfOykPAf16onWsNotmRBxy_A-nVr-rXqZSJSGv0S-Pm__tK4bQlBmHrBcdFB8419FtTIB34-KZXFzUkNx8k4iYdyNhWEKVTTXturnADjXg574KRLsOf_qM4Lf1kjTaoxfNcGtS59fn4SVyLNXm7HNuXmsp7oJN4jnoJyCiSpVACKDKItJJsX3emfwPsTY_XtHRntfQq2dUlCpUEz4AUeZRS79AAvS2v8GupFL9EfhpEPQdzNexx4ymePoYb8_ygPE8JoGIWCx5j3WtDU0b3GwG2mO66fXqA6_Lc6cYwyD56ULJNDvZeGqrtFwBdacUIr9CGGlL-led64y7NkPI5ORtPL6ahM_THwHSXHtMDBL0PEg?testcase_id=4636849214849024


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@google.com, Feb 13 2017

Cc: nyerramilli@chromium.org
Components: Infra
Labels: Test-Predator-Wrong-CLs M-57
Owner: ikilpatrick@chromium.org
Status: Assigned (was: Untriaged)

Findit did not find any culprit results,

assigning to /src/third_party/WebKit/Source/modules/csspaint/OWNERS

Comment 2 by s...@google.com, Feb 21 2017

Components: -Infra Infra>Client>Chrome

Project Member

Comment 3 by ClusterFuzz, Mar 9 2017

ClusterFuzz has detected this issue as fixed in range 455091:455394.

Detailed report: https://clusterfuzz.com/testcase?key=4636849214849024

Fuzzer: inferno_twister
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000010
Crash State:
  blink::MainThreadDebugger::contextCreated
  blink::PaintWorkletGlobalScope::create
  blink::PaintWorklet::PaintWorklet
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=402316:402437
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95j7QbNKs_hDWfrrSVjic0Uqkf-JsiHCIVuy2sftsLTt6sF1QfOykPAf16onWsNotmRBxy_A-nVr-rXqZSJSGv0S-Pm__tK4bQlBmHrBcdFB8419FtTIB34-KZXFzUkNx8k4iYdyNhWEKVTTXturnADjXg574KRLsOf_qM4Lf1kjTaoxfNcGtS59fn4SVyLNXm7HNuXmsp7oJN4jnoJyCiSpVACKDKItJJsX3emfwPsTY_XtHRntfQq2dUlCpUEz4AUeZRS79AAvS2v8GupFL9EfhpEPQdzNexx4ymePoYb8_ygPE8JoGIWCx5j3WtDU0b3GwG2mO66fXqA6_Lc6cYwyD56ULJNDvZeGqrtFwBdacUIr9CGGlL-led64y7NkPI5ORtPL6ahM_THwHSXHtMDBL0PEg?testcase_id=4636849214849024


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 4 by ClusterFuzz, Mar 9 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 4636849214849024 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 691391 link

Issue metadata

Crash in blink::MainThreadDebugger::contextCreated

Issue description

Comment 1 by nyerramilli@google.com, Feb 13 2017

Comment 1 Deleted

Comment 2 by s...@google.com, Feb 21 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Mar 9 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Mar 9 2017

Comment 4 Deleted

Sign in to add a comment