Detailed report: https://clusterfuzz.com/testcase?key=5323642042056704 Fuzzer: inferno_twister Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x7fc2a7492198 Crash State: blink::TreeScope::adoptIfNeeded blink::Element::ensureAttr blink::NamedNodeMap::item Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=456295:456297 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97NSLyYaNtrzLaYHS6ULcdtnqX4CMnZQCKnG9gJ5LMwwF_MkaTLY2L85H3BjcowwL0b23pmnRF0_dxvJmBs_iRYnDIcYEdnrJX_pqPbTBuuM_6ag-MoMBYZlJWkfPcrVGm-u9Mdn4xgWIGfU24eoSsDptMsMnlXUWS3J8JSGBobdq65Ucy3stGoOeoFXOj86XUGHNgrBEdG2JmPhBrRctymcJsAXJzWjEEoQ-6TSE3LKkQynikbt0iDTAtCOzBxuLlvOhhK0kPotvMjAci62Nh2hG2xRoFNeR8VMnM-qIE7GPIGpU9nXnzwyNzwL-gPO4snDiJzQgjTLx6CIfNMplkcbF-k-vQ0GY11d4t1B3xMdol-E4c?testcase_id=5323642042056704 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Comment 1 by tkent@chromium.org
, Mar 13 2017Status: Duplicate (was: Untriaged)