Detailed report: https://clusterfuzz.com/testcase?key=6278858069508096 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x7f7dcbbbfb78 Crash State: blink::Node::setNeedsStyleInvalidation blink::StyleInvalidator::scheduleInvalidationSetsForNode blink::StyleEngine::attributeChangedForElement Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=456256:456287 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95KLjaI_WRTQ_pqckU-oTDoA8u_rjuNh_XMKnqcDGWXIuwSaeOCKCUhojz7FefudmtAZnIi9B7C1AeXieJM2-KzgOy6lx8mfoO8-acYB0UlfMgEhY8QdPuvwYzA0bJ9ietAM1WVNjNM4mimvAca38qS2E35ulx3QNwFsdvpYJlwMBDj8tYoJSxTUtKgaWBLYSBedxbPeBrrGkne81qiQEniCMNRpTIknAURFzcuiw2x5wZK8ibbAqsdQZbj3dpDKilRf9bnOOn5jhPAQ3epucPdA_IQCoaH8pBDGMOCfkLvqzwroQxkji1czY13ZFlyfLVbxc9MqaH-EuwMpjHDEM617yYh8_n3ZdleuEHtVHr7Pt35sWO_yB3g-nFQWvD9BZ9FSlrWVd-lI47EwDR0_7G7OpPDDg?testcase_id=6278858069508096 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Through code search on file StyleEngine.cpp, suspected CL is https://chromium.googlesource.com/chromium/src/+/2b9e4d03756be0ca4867bc1a03f8bd69f3eed43b rune@, could you please take a look? Thank you
ClusterFuzz has detected this issue as fixed in range 458081:458090. Detailed report: https://clusterfuzz.com/testcase?key=6278858069508096 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x7f7dcbbbfb78 Crash State: blink::Node::setNeedsStyleInvalidation blink::StyleInvalidator::scheduleInvalidationSetsForNode blink::StyleEngine::attributeChangedForElement Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=456256:456287 Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=458081:458090 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95KLjaI_WRTQ_pqckU-oTDoA8u_rjuNh_XMKnqcDGWXIuwSaeOCKCUhojz7FefudmtAZnIi9B7C1AeXieJM2-KzgOy6lx8mfoO8-acYB0UlfMgEhY8QdPuvwYzA0bJ9ietAM1WVNjNM4mimvAca38qS2E35ulx3QNwFsdvpYJlwMBDj8tYoJSxTUtKgaWBLYSBedxbPeBrrGkne81qiQEniCMNRpTIknAURFzcuiw2x5wZK8ibbAqsdQZbj3dpDKilRf9bnOOn5jhPAQ3epucPdA_IQCoaH8pBDGMOCfkLvqzwroQxkji1czY13ZFlyfLVbxc9MqaH-EuwMpjHDEM617yYh8_n3ZdleuEHtVHr7Pt35sWO_yB3g-nFQWvD9BZ9FSlrWVd-lI47EwDR0_7G7OpPDDg?testcase_id=6278858069508096 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 6278858069508096 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Probably introduced by: https://chromium.googlesource.com/chromium/src/+/3b4b07ced6315a25960ca5a51dd1b7ba88de53db which got reverted in the fixed range.
Comment 1 by mummare...@chromium.org
, Mar 21 2017Labels: Test-Predator-Wrong M-59
Owner: r...@opera.com
Status: Assigned (was: Untriaged)