Data race in blink::PerformanceEntry::PerformanceEntry |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5351512934187008 Fuzzer: attekett_surku_fuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 8 Crash Address: 0x7ff053420090 Crash State: blink::PerformanceEntry::PerformanceEntry blink::PerformanceResourceTiming::PerformanceResourceTiming blink::PerformanceBase::AddResourceTiming Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=507774:507837 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5351512934187008 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 20 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7fb55819ecaa95bde564db20cec8063d18c669c1 (Sort performance-entry-list by index in addition to starttime). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 20 2017
It's likely caused by the race condition for the variable max_index when multiple threads are creating PerformanceEntries at the same time. I will fix it. Thanks!
,
Oct 21 2017
,
Oct 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e3b99c66b90b9dbc5370c6a41469b84912196b7d commit e3b99c66b90b9dbc5370c6a41469b84912196b7d Author: Liquan (Max) Gu <maxlg@chromium.org> Date: Fri Oct 27 21:08:03 2017 [PerformanceEntry] Resolve race condition in indexing ClusterFuzz has detected a data race in blink::PerformanceEntry::PerformanceEntry(crbug/776813). By observation, the original design has race condition when multiple threads create PerformanceEntry at the same time, with max_index being a shared variable. The new impl use atomic int which applies an atomic lock to the shared variable, to avoid the race condition. Bug: 776813 Change-Id: Ibd251a020ddbb6c9e4496b0e5d197ed19b40658f Reviewed-on: https://chromium-review.googlesource.com/730773 Commit-Queue: Liquan Gu <maxlg@chromium.org> Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Reviewed-by: Timothy Dresser <tdresser@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#512281} [modify] https://crrev.com/e3b99c66b90b9dbc5370c6a41469b84912196b7d/third_party/WebKit/Source/core/DEPS [modify] https://crrev.com/e3b99c66b90b9dbc5370c6a41469b84912196b7d/third_party/WebKit/Source/core/timing/PerformanceEntry.cpp [modify] https://crrev.com/e3b99c66b90b9dbc5370c6a41469b84912196b7d/third_party/WebKit/Source/core/timing/PerformanceEntry.h
,
Oct 28 2017
ClusterFuzz has detected this issue as fixed in range 512266:512297. Detailed report: https://clusterfuzz.com/testcase?key=5351512934187008 Fuzzer: attekett_surku_fuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 8 Crash Address: 0x7ff053420090 Crash State: blink::PerformanceEntry::PerformanceEntry blink::PerformanceResourceTiming::PerformanceResourceTiming blink::PerformanceBase::AddResourceTiming Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=507774:507837 Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=512266:512297 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5351512934187008 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 28 2017
ClusterFuzz testcase 5351512934187008 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Oct 20 2017Labels: Test-Predator-AutoComponents