New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 711597 link

Starred by 2 users
Status: Verified
Owner:
nhiroki@chromium.org
Closed: May 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: 2017-06-01
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Data race in blink::Document::BaseURLForOverride

Project Member Reported by ClusterFuzz, Apr 14 2017

Comment 1 by tkent@chromium.org, Apr 14 2017

Components: Blink>Workers Blink>Network

Comment 2 by msrchandra@chromium.org, Apr 17 2017

Cc: msrchandra@chromium.org
Components: Blink>DOM
Labels: M-60 Test-Predator-Correct-CLs
Owner: nasko@chromium.org
Status: Assigned (was: Untriaged)
Assigning to concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: nasko
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/25eb1046e8317b6cf33fb0d831857e80c29cffcc
Time: Thu Jan 05 01:41:36 2017
File Document.cpp is changed in this cl (and is part of stack frame #2, "blink::Document::CompleteURL"; frame #3, "non-virtual thunk to blink::Document::VirtualCompleteURL")
Minimum distance from crash line to modified line: 91. (file: Document.cpp, crashed on: 3346, modified: 3437).

@nasko -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 3 by nasko@chromium.org, Apr 19 2017

Owner: ----
Status: Untriaged (was: Assigned)
My CL was just adding a prefix to some code, which does not change behavior at all. I'm going to make it Untriaged and unassign myself.

Comment 4 by tkent@chromium.org, Apr 21 2017

Components: -Blink>DOM

Comment 5 by nhiroki@chromium.org, Apr 21 2017

Components: -Blink>Network
Owner: nhiroki@chromium.org
Status: Assigned (was: Untriaged)

Comment 6 by nhiroki@chromium.org, Apr 21 2017

NextAction: 2017-04-25
Recently I fixed some threading issues in workers, so before taking a close look, I scheduled a fuzzer task to check if this was already fixed.

Comment 7 by falken@chromium.org, May 12 2017

NextAction: 2017-06-01
> I scheduled a fuzzer task to check if this was already fixed.

nhiroki@: NextAction passed. It looks like ClsterFuzz still thinks this is reproducible.
Project Member

Comment 8 by ClusterFuzz, May 24 2017 

ClusterFuzz has detected this issue as fixed in range 473960:473969.

Detailed report: https://clusterfuzz.com/testcase?key=5890376817967104

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 4
Crash Address: 0x7b0800011168
Crash State:
  blink::Document::BaseURLForOverride
  blink::Document::CompleteURL
  blink::Document::VirtualCompleteURL
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=441524:441984
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=473960:473969

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5890376817967104


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 9 by ClusterFuzz, May 24 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5890376817967104 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 10 by monor...@bugs.chromium.org, Jun 1 2017 

The NextAction date has arrived: 2017-06-01

Sign in to add a comment