New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 809311 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Indirect-leak in Bind

Project Member Reported by ClusterFuzz, Feb 6 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6705501384212480

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  Bind
  IPC::MojoBootstrapImpl::Connect
  IPC::ChannelMojo::Connect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=533200:533201

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6705501384212480

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Feb 6 2018

Components: Internals>Core
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Feb 6 2018

Labels: Test-Predator-Auto-Owner
Owner: patricia...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/8c57f37d2a383692a4bfa7e37e55303352258346 (Desktop Page Info: Always show Flash if it has ever been changed for a site.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Cc: patricia...@chromium.org
Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)
I think this is incorrect - my patch did not change anything in Blink, so I'm uncertain why there would be a patch that's reproducible with a HTML file. It also looks like the crashes affect Stable 64.0.3282.140 and Beta 64.0.3282.140, but this change actually only landed in 66.0.3336.0.
Oops, I meant "a crash that's reproducible with a HTML file."
Cc: roc...@chromium.org brajkumar@chromium.org
Labels: M-64 CF-NeedsTriage
Unable to find actual suspect through code search and also from the provided CL, but observing some recent changes for the below file 'ipc_mojo_bootstrap.cc', hence cc'ing to dev for more update on this issue.
https://chromium.googlesource.com/chromium/src/+/3e7284bb4e047557f5fc2b39164a4c9495be2bd5

Thanks!
Seems relevant to  bug 798025 .

Re comment #4, while I'm not sure your CL is relevant, changing Blink is absolutely not a requirement for a CL to relevant here.

Note that the repro test case is not just testing the layout engine, but the entire browser. HTML/JS has side effects in the browser, and changes to any part of the browser can influence those side effects.
Hmm after looking at the report I'm not so sure about the relevance to  bug 798025 . The leak is in the GPU process, and there also appears to be an unrelated renderer crash in the same report?

It is safe to say that the originally blamed CL is definitely not relevant, in any case.
Cc: -patricia...@chromium.org
Thanks brajkumar@ and rockot@ for investigating! I'll keep what you said in #c6 in mind for future bugs.
Project Member

Comment 9 by ClusterFuzz, Mar 3 2018

Labels: -M-64 Fuzz-Blocker M-67 ReleaseBlock-Beta
This crash occurs very frequently on linux platform and is likely preventing the fuzzer mbarbella_js_mutation_layout from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
Friendly ping to get an update on this issue as it is marked as beta blocker.

Thanks..!

Comment 11 Deleted

A friendly reminder that M67 branch is coming soon on 04/12! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP to trunk. This way we branch M67 from a high quality trunk. Thank you.
A friendly reminder that M67 branch is coming soon on 04/12! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP to trunk. This way we branch M67 from a high quality trunk. Thank you.
Gentle ping to get an update on this issue as it is marked as beta blocker fro M67 & M67 branch is coming soon on 04/12

Thanks..!
Project Member

Comment 15 by ClusterFuzz, Apr 10 2018

ClusterFuzz has detected this issue as fixed in range 549377:549379.

Detailed report: https://clusterfuzz.com/testcase?key=6705501384212480

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  Bind
  IPC::MojoBootstrapImpl::Connect
  IPC::ChannelMojo::Connect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=533200:533201
Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=549377:549379

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6705501384212480

Additional requirements: Requires Gestures

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 16 by ClusterFuzz, Apr 10 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 6705501384212480 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment