New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 776976 link

Starred by 1 user
Status: Fixed
Owner:
alexclarke@chromium.org
Last visit > 30 days ago
Closed: Nov 2017
Cc:
rdsmith@chromium.org
mmenke@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Data race in content::ResourceDispatcherHostImpl::OnInit

Project Member Reported by ClusterFuzz, Oct 20 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5284873295364096

Fuzzer: inferno_flicker
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7b4400005848
Crash State:
  content::ResourceDispatcherHostImpl::OnInit
  base::internal::Invoker<base::internal::BindState<void
  base::internal::IncomingTaskQueue::RunTask
  
Sanitizer: thread (TSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5284873295364096

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
Project Member

Comment 1 by ClusterFuzz, Oct 20 2017

Components: Internals>Core Internals>Network
Labels: Test-Predator-AutoComponents
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by mattm@chromium.org, Oct 20 2017

Cc: rdsmith@chromium.org
Owner: alexclarke@chromium.org
Status: Assigned (was: Untriaged)
Data race on ResourceDispatcherHostImpl::delegate_ between 
content::ResourceDispatcherHostImpl::OnInit and content::ResourceDispatcherHostImpl::SetDelegate

Looks like this was introduced in 9155a3460f7ed0f8040de6ca762dbed459d1164f: 
https://chromium-review.googlesource.com/c/chromium/src/+/645426/14/content/browser/loader/resource_dispatcher_host_impl.cc

Comment 3 by mattm@chromium.org, Oct 20 2017

Labels: M-63

Comment 4 by alexclarke@chromium.org, Oct 23 2017

Status: Started (was: Assigned)

Comment 5 by rdsmith@chromium.org, Oct 23 2017

Cc: mmenke@chromium.org

Comment 6 by alexclarke@chromium.org, Oct 25 2017 

I've got a patch which seems to fix this: https://chromium-review.googlesource.com/c/chromium/src/+/733094
Project Member

Comment 7 by bugdroid1@chromium.org, Nov 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07

commit ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07
Author: Alex Clarke <alexclarke@chromium.org>
Date: Fri Nov 03 09:46:13 2017

Fix ResourceDispatcherHostImpl::delegate_ data race

Bug:  776976 ,  766884 
Change-Id: Ia5aaf992a2a3f5d1b6e5c00cdb5ea10452b782f4
Reviewed-on: https://chromium-review.googlesource.com/733094
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Alex Clarke <alexclarke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#513730}
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/browser/browser_main_loop.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/browser/loader/navigation_url_loader_unittest.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/browser/loader/resource_dispatcher_host_impl.h
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/browser/loader/resource_dispatcher_host_unittest.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/public/browser/resource_dispatcher_host_delegate.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/public/browser/resource_dispatcher_host_delegate.h
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/public/common/content_switches.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/content/public/common/content_switches.h
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/headless/lib/browser/headless_content_browser_client.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/headless/lib/browser/headless_resource_dispatcher_host_delegate.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/headless/lib/browser/headless_resource_dispatcher_host_delegate.h
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/headless/lib/headless_content_main_delegate.cc
[modify] https://crrev.com/ea4ffdbbaf7bb8d64247e0b143ba81e00b2c7d07/headless/lib/headless_web_contents_browsertest.cc

Comment 8 by alexclarke@chromium.org, Nov 3 2017

Status: Fixed (was: Started)

Comment 9 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Sign in to add a comment