Data race in close |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4960981645262848 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 8 Crash Address: 0x7ba000004810 Crash State: close libasound.so.2 midi::MidiManager::ShutdownOnSessionThread Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=484025:484263 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4960981645262848 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 7 2017
,
Jul 18 2017
cc: agoode for code review
,
Jul 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6ada1228cab216200b10d43871266639f9db9ac8 commit 6ada1228cab216200b10d43871266639f9db9ac8 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Wed Jul 19 09:54:14 2017 Web MIDI: fix a data race on close in ShutdownOnSessionThread This patch reintroduce lazy_init_member_lock_ to avoid a potential data race on close. It protects members that are initialized before other thread usages and are finalized after all other usages. Also this patch add new dedicated lock for out_client_ so to fix another potential race of SendMidiData. out_client_ is exceptionally destructed to notify the event loop running on another thread to quit. Bug: 739695 Test: clusterfuzz reproduce 4960981645262848 --current Change-Id: Ied8cd0d10dc9fcd4881dbe5f17c05276b67d28d8 Reviewed-on: https://chromium-review.googlesource.com/571211 Reviewed-by: Adam Goode <agoode@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#487809} [modify] https://crrev.com/6ada1228cab216200b10d43871266639f9db9ac8/media/midi/midi_manager_alsa.cc [modify] https://crrev.com/6ada1228cab216200b10d43871266639f9db9ac8/media/midi/midi_manager_alsa.h
,
Jul 20 2017
ClusterFuzz has detected this issue as fixed in range 487805:487810. Detailed report: https://clusterfuzz.com/testcase?key=4960981645262848 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 8 Crash Address: 0x7ba000004810 Crash State: close libasound.so.2 midi::MidiManager::ShutdownOnSessionThread Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=484025:484263 Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=487805:487810 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4960981645262848 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 20 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Jul 6 2017Labels: M-61 Test-Predator-Wrong
Owner: toyoshim@chromium.org
Status: Assigned (was: Untriaged)