Detailed report: https://clusterfuzz.com/testcase?key=5358944592855040 Fuzzer: inferno_twister_custom_bundle Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race READ 8 Crash Address: 0x7f5fc9c17dc8 Crash State: blink::ThreadState::runScheduledGC blink::ThreadState::safePoint blink::GCTaskObserver::didProcessTask Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=457965:457966 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97rcKuvNsyNxLqkNYa2CQgGsU9nuW8Oa60ouWy6xVw3qwA57BtAeSouOEMWPRX8aLYX23XtCogD9Q8c85BkcMxKG1_V2KPV0pM4NTc6-kiyoMsscXurkfdCG5Pb0GsR-Wn86ykR5h8_fUf33UvcbCjN5Tg5thUAim1VRJKLKSHM80A8uN1sb8AdV1jm4I171oyYSB3sZ_DQMjfC9xWezz3tWEkwOfsCbiXoe63vud7PkxVhKYwMN1NEj2e6YWb75-OKpun158MbrQZsuDhe3Ov3wAZd_CSwJD0VK2CCaz4o2ZzYgMuovcoWvPSmSfyJLRdBk3jY-ulgrxNEPpbDDivHFY8_ovhG2DbijBUIVo3sQZL0-VX3E29BPD0DbfIBuPg-Bvmlygt2L-Loz69oqRVELo_Opw?testcase_id=5358944592855040 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Through code search on file ThreadState.cpp, suspected CL is https://chromium.googlesource.com/chromium/src/+/05567589ab894a0524ac8263250905484fc3845e sigbjornf@
sigbjornf@, could you please take a look?. Thank you.
The report says it start repro'ing on 03/17 + revision range is also earlier than that r458405. I suspect this is due to https://codereview.chromium.org/2761463002 , which was reverted earlier today ( https://codereview.chromium.org/2768683004 ) for other reasons. So, let's wait & see.
ClusterFuzz has detected this issue as fixed in range 458620:458734. Detailed report: https://clusterfuzz.com/testcase?key=5358944592855040 Fuzzer: inferno_twister_custom_bundle Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race READ 8 Crash Address: 0x7f5fc9c17dc8 Crash State: blink::ThreadState::runScheduledGC blink::ThreadState::safePoint blink::GCTaskObserver::didProcessTask Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=457965:457966 Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=458620:458734 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97rcKuvNsyNxLqkNYa2CQgGsU9nuW8Oa60ouWy6xVw3qwA57BtAeSouOEMWPRX8aLYX23XtCogD9Q8c85BkcMxKG1_V2KPV0pM4NTc6-kiyoMsscXurkfdCG5Pb0GsR-Wn86ykR5h8_fUf33UvcbCjN5Tg5thUAim1VRJKLKSHM80A8uN1sb8AdV1jm4I171oyYSB3sZ_DQMjfC9xWezz3tWEkwOfsCbiXoe63vud7PkxVhKYwMN1NEj2e6YWb75-OKpun158MbrQZsuDhe3Ov3wAZd_CSwJD0VK2CCaz4o2ZzYgMuovcoWvPSmSfyJLRdBk3jY-ulgrxNEPpbDDivHFY8_ovhG2DbijBUIVo3sQZL0-VX3E29BPD0DbfIBuPg-Bvmlygt2L-Loz69oqRVELo_Opw?testcase_id=5358944592855040 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Yes, that was it - r458716 is in that fix range.
Comment 1 by mummare...@chromium.org
, Mar 22 2017Components: Blink>MemoryAllocator>GarbageCollection
Labels: Test-Predator-Wrong M-59
Owner: sigbjo...@opera.com
Status: Assigned (was: Untriaged)