Issue 702950 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Apr 2017
Cc:	yhirano@chromium.org █ ananta@chromium.org scottmg@chromium.org
Components:	Internals>Network
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Test-Predator-Wrong

Crash in [vdso]

Project Member Reported by ClusterFuzz, Mar 19 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5748619367153664

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x000000000020
Crash State:
  [vdso]
  net::URLRequestContext::CreateRequest
  content::ResourceDispatcherHostImpl::ContinuePendingBeginRequest
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=457981:457983

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94RQveIhZ3wMjDZYxK7wCX8P72Fpw1TYXW4pZycNs8XwNH-GxRgfodieqxiy3akuC_qyPQo-spcj8GzqHwcojZbsQjJ4TbTD0TGm-L1wNC1wjyXC3JHZLDZO49cOTk5RxNwsy1p0_ikvsFVfIuddnionQ9byQNJb-We0Z7QTUYhpDijlxtwZSMKyLAPVC1M49ch3_dQBor6yAiTLA5m7iG-MRAXcUGYGnZHup-KKo_Ok48jEGjS0qRZzZxqfYtBVW9FsSwt1mB-cGmMEKJvOnk2prFvQV-wL5OgqyYSUY_lFaGRKyGwg2iCy1hOAVkQEz1pYwFaOcxRt16i3ds8cVIEbplz6atMDRw_iMeV3OyJAD8KK1azE1PWQlgOGNORwJG6hjTxlbkubar0ILZzBmjNmmNfyg?testcase_id=5748619367153664


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Mar 25 2017

Cc: ananta@chromium.org yhirano@chromium.org scottmg@chromium.org
Components: Internals>Network
Labels: Test-Predator-Wrong

Predator and regressing range did not given any suspected CL. could someone please take a look?.
Thank you.

Comment 2 by pauljensen@chromium.org, Mar 28 2017

A unreproducible crash in a one-line function (that doesn't appear to have any syscalls) in a VDSO...I'm unsure how to start investigating.

I find this GN config weird:
target_cpu = "x86"
v8_target_cpu = "arm"

Comment 3 by csharrison@chromium.org, Apr 5 2017

I'm redoing the task for clarity. I think [vdso] is a red herring due to clusterfuzz instrumentation (though I'm not sure *why*). I see it also in  issue 708438  which is a real crasher. 

That being said, it not being reproducible is not a great sign.

Comment 4 by csharrison@chromium.org, Apr 5 2017

Looking at the error, I think it is likely that this is crashing accessing network_delegate_, which is at 32 byte offset (0x20) from URLRequestContext. It is also unclear that this object will always be non-null.

I couldn't find any crashers on the dashboard though. Maybe we should add a CHECK?

Comment 5 by csharrison@chromium.org, Apr 5 2017

Mergedinto: 624888
Status: Duplicate (was: Untriaged)

Hey whadayaknow, this is a dupe of issue 624888

►

Issue 702950 link

Issue metadata

Crash in [vdso]

Issue description

Comment 1 by mummare...@chromium.org, Mar 25 2017

Comment 1 Deleted

Comment 2 by pauljensen@chromium.org, Mar 28 2017

Comment 2 Deleted

Comment 3 by csharrison@chromium.org, Apr 5 2017

Comment 3 Deleted

Comment 4 by csharrison@chromium.org, Apr 5 2017

Comment 4 Deleted

Comment 5 by csharrison@chromium.org, Apr 5 2017

Comment 5 Deleted

Sign in to add a comment