Data race in webrtc::XErrorTrap::XErrorTrap |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6702841405374464 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x7f327b59b8f8 Crash State: webrtc::XErrorTrap::XErrorTrap webrtc::MouseCursorMonitorX11::Capture webrtc::DesktopAndCursorComposer::CaptureFrame Sanitizer: thread (TSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6702841405374464 Additional requirements: Requires HTTP Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Nov 6 2017
,
Nov 7 2017
miu@ can you help with triage?
,
Nov 17 2017
Testcase 6702841405374464 is a top crash on ClusterFuzz for linux platform. Please prioritize fixing this crash. Marking this crash as a Beta release blocker. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 20 2017
Cc'ing zijiehe@ as well from Issue 778035 for inputs on this. This is marked as Beta blocker and M-64 will be branched in ~1 week time. If possible, please plan the fix before branch point. Thank you!
,
Nov 20 2017
This looks like a very old bug; I do not think this should be a release blocker. (see the comment in the source code https://cs.chromium.org/chromium/src/third_party/webrtc/modules/desktop_capture/x11/x_error_trap.cc?rcl=2707fb2782e7a47d0f53cf8e561bef0bc00fad66&l=26) The fix is straightforward: since X connection is single-threaded, adding thread_local to both g_xserver_error_trap_enabled and g_last_xserver_error_code is sufficient.
,
Nov 20 2017
,
Nov 27 2017
This is marked as Beta blocker for M-64 and would be good to have all the Beta blockers resolved before branch point. M-64 will be branched in few days. zijiehe@,Could you please have a look and help in further investigation. Thanks..!
,
Nov 27 2017
I would remove release-blocker if you do not have other concern.
,
Nov 30 2017
,
Nov 30 2017
Sorry for the late response. thread_local is forbidden within Chromium because of the weird behavior on Mac OSX. Though this file is for Linux only, I do not want to break the rule. Except for the thread_local, I have not seen a very good solution. (base/threading/thread_local.h is not available in webrtc) Since I am not working on Chrome anymore, investing more time on this long-term but tiny issue seems not worthy. Assign this bug back to Jamie. I am happy to help on this issue, but cannot make critical decision anymore. So feel free to talk to me for the background or my proposal.
,
Jul 19
ClusterFuzz testcase 6723242164486144 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by kkaluri@chromium.org
, Nov 6 2017Components: Blink>WebRTC
Labels: M-64 Test-Predator-Wrong CF-NeedsTriage