CHECK failure: endpoint->peer_closed() in multiplex_router.cc |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5819142300237824 Fuzzer: libFuzzer_mojo_parse_message_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: endpoint->peer_closed() in multiplex_router.cc SignalHandler mojo::internal::MultiplexRouter::CreateLocalEndpointHandle Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=492040:492103 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5819142300237824 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 7 2017
Note that this happens really frequently and blocks the fuzzer from finding other interesting bugs.
,
Aug 8 2017
,
Aug 9 2017
,
Aug 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31 commit df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31 Author: Yuzhu Shen <yzshen@chromium.org> Date: Thu Aug 10 21:27:40 2017 Check whether incoming interface IDs have correct namespace bit. The previous code could hit CHECK if an interface ID colliding with a locally-generated ID is received. BUG= 752723 Change-Id: I2bca45cbb47e4f423d9ff5e57787a1a433b80143 Reviewed-on: https://chromium-review.googlesource.com/609271 Commit-Queue: Yuzhu Shen <yzshen@chromium.org> Reviewed-by: Ken Rockot <rockot@chromium.org> Cr-Commit-Position: refs/heads/master@{#493551} [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/ipc/ipc_mojo_bootstrap.cc [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/mojo/public/cpp/bindings/interface_id.h [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/mojo/public/cpp/bindings/lib/multiplex_router.cc [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/mojo/public/js/new_bindings/interface_types.js [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/mojo/public/js/new_bindings/router.js [modify] https://crrev.com/df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31/mojo/public/js/router.js
,
Aug 10 2017
,
Aug 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5ae4efa170db895c068bc08da205e60ff9886c5b commit 5ae4efa170db895c068bc08da205e60ff9886c5b Author: Walter Korman <wkorman@chromium.org> Date: Thu Aug 10 21:40:49 2017 Revert "Check whether incoming interface IDs have correct namespace bit." This reverts commit df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31. Reason for revert: Possible broken CrOS build per SoM. Original change's description: > Check whether incoming interface IDs have correct namespace bit. > > The previous code could hit CHECK if an interface ID colliding with a > locally-generated ID is received. > > BUG= 752723 > > Change-Id: I2bca45cbb47e4f423d9ff5e57787a1a433b80143 > Reviewed-on: https://chromium-review.googlesource.com/609271 > Commit-Queue: Yuzhu Shen <yzshen@chromium.org> > Reviewed-by: Ken Rockot <rockot@chromium.org> > Cr-Commit-Position: refs/heads/master@{#493551} TBR=rockot@chromium.org,yzshen@chromium.org Change-Id: I66ba732f3fafc370b902a1fad7fd20b76e09040b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 752723 Reviewed-on: https://chromium-review.googlesource.com/610452 Reviewed-by: Walter Korman <wkorman@chromium.org> Commit-Queue: Walter Korman <wkorman@chromium.org> Cr-Commit-Position: refs/heads/master@{#493554} [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/ipc/ipc_mojo_bootstrap.cc [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/mojo/public/cpp/bindings/interface_id.h [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/mojo/public/cpp/bindings/lib/multiplex_router.cc [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/mojo/public/js/new_bindings/interface_types.js [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/mojo/public/js/new_bindings/router.js [modify] https://crrev.com/5ae4efa170db895c068bc08da205e60ff9886c5b/mojo/public/js/router.js
,
Aug 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9f87fb0499468f7dfbb6a3649c72192963cd5db8 commit 9f87fb0499468f7dfbb6a3649c72192963cd5db8 Author: Yuzhu Shen <yzshen@chromium.org> Date: Fri Aug 11 17:07:06 2017 Reland "Check whether incoming interface IDs have correct namespace bit." This is a reland of df85491e2f5bc74be0dd9bcb0a06ef89c5b73a31 Original change's description: > Check whether incoming interface IDs have correct namespace bit. > > The previous code could hit CHECK if an interface ID colliding with a > locally-generated ID is received. > > BUG= 752723 > > Change-Id: I2bca45cbb47e4f423d9ff5e57787a1a433b80143 > Reviewed-on: https://chromium-review.googlesource.com/609271 > Commit-Queue: Yuzhu Shen <yzshen@chromium.org> > Reviewed-by: Ken Rockot <rockot@chromium.org> > Cr-Commit-Position: refs/heads/master@{#493551} TBR=rockot@chromium.org Bug: 752723 Change-Id: I8d3fe7948760ed2bec11b44605b12fe6c59fbf8d Reviewed-on: https://chromium-review.googlesource.com/610944 Reviewed-by: Yuzhu Shen <yzshen@chromium.org> Commit-Queue: Ken Rockot <rockot@chromium.org> Cr-Commit-Position: refs/heads/master@{#493777} [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/ipc/ipc_mojo_bootstrap.cc [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/mojo/public/cpp/bindings/interface_id.h [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/mojo/public/cpp/bindings/lib/multiplex_router.cc [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/mojo/public/js/new_bindings/interface_types.js [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/mojo/public/js/new_bindings/router.js [modify] https://crrev.com/9f87fb0499468f7dfbb6a3649c72192963cd5db8/mojo/public/js/router.js
,
Aug 12 2017
ClusterFuzz has detected this issue as fixed in range 493750:493811. Detailed report: https://clusterfuzz.com/testcase?key=5819142300237824 Fuzzer: libFuzzer_mojo_parse_message_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: endpoint->peer_closed() in multiplex_router.cc SignalHandler mojo::internal::MultiplexRouter::CreateLocalEndpointHandle Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=492040:492103 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=493750:493811 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5819142300237824 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 12 2017
ClusterFuzz testcase 5819142300237824 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by tjbecker@google.com
, Aug 7 2017