New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 748499 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Aug 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in content::BackgroundTracingManagerImpl::OnHistogramTrigger

Project Member Reported by ClusterFuzz, Jul 25 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5365777581735936

Fuzzer: ipc_fuzzer_gen
Job Type: windows_asan_chrome_ipc
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x0000000c
Crash State:
  content::BackgroundTracingManagerImpl::OnHistogramTrigger
  base::internal::Invoker<struct base::internal::BindState<void
  base::debug::TaskAnnotator::RunTask
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=488146:488166

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5365777581735936


Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Cc: msrchandra@chromium.org
Components: Internals>Core
Labels: Test-Predator-Wrong-CLs M-62
Owner: chiniforooshan@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "background_tracing_manager_impl.cc" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/a09fc88fe135ccfd5dc13d07788f263986186f27

@chiniforooshan -- Could you please look into the issue, please re-assign if it has nothing to do with your changes.
Thank You.
Cc: chiniforooshan@chromium.org calamity@chromium.org
Owner: ----
Status: Available (was: Assigned)
I cannot think of any good reason why my CL may cause this. The CL is really a no-op except at chrome shutdown.

Also, the hourly graph of number of crashes suggests that the crash is started around July 20th 8AM. My CL landed on July 15th. The suggested regression revision range does not include my CL, neither:

https://chromium.googlesource.com/chromium/src/+log/8a1b35653c161feedd2c5a66b1fef8e276b641e4..4617edbe854722f25754ff6d5dc739fad1ca8aea

Since this looks like a win-related issue, I suspect maybe https://codereview.chromium.org/2952133002 has something to do with it?

calamity@: could you please take a look? Thanks!
Project Member

Comment 3 by ClusterFuzz, Aug 19 2017

ClusterFuzz has detected this issue as fixed in range 495542:495573.

Detailed report: https://clusterfuzz.com/testcase?key=5365777581735936

Fuzzer: ipc_fuzzer_gen
Job Type: windows_asan_chrome_ipc
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x0000000c
Crash State:
  content::BackgroundTracingManagerImpl::OnHistogramTrigger
  base::internal::Invoker<struct base::internal::BindState<void
  base::debug::TaskAnnotator::RunTask
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=488146:488166
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=495542:495573

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5365777581735936

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Aug 19 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 5365777581735936 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment