Issue metadata
Sign in to add a comment
|
ASSERT: GTK_IS_WIDGET (widget) |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5755085569916928 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: GTK_IS_WIDGET (widget) mojo::internal::InterfacePtrState<ukm::mojom::UkmRecorderInterface>::ConfigurePr instance Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5755085569916928 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 12 2018
,
Mar 12 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 12 2018
,
Mar 13 2018
,
Mar 14 2018
timbrown, can you please take a look? https://chromium-review.googlesource.com/822160 is in the regression range and looks possibly relevant.
,
Mar 14 2018
,
Mar 14 2018
I haven't been able to reproduce the issue locally yet. Also I very strongly doubt that the linked CL has anything to do with this issue. Most of the changes in that CL are comment changes, and the rest simply delete dead code. Any executed code paths should not have been changed by that CL. I will continue to investigate to see what I can find.
,
Mar 28 2018
Friendly ping from Chrome Security Sheriff. This is a high severity security issue affecting Beta branch. timbrown@, could you please take another look, or should we try to find another owner?
,
Mar 29 2018
I looked at this again yesterday. My thoughts so far: 1. In terms of my CL being the culprit, the only code (not comments) that were changed were: - removing 2 unused files (and an unused build config) - changing some enums, mainly in mojo The enums that were changed don't even exist in the code base anymore. So it's not even possible to revert the change. In summary, I'm very confident the referenced CL isn't the cause of any issues. 2. The clusterfuzz output is not reproducible locally. I'm trying to reproduce as close as possible (from the information I have) the environment that the clusterfuzz bots actually use, but this is starting to really get outside of my experience. Note that have been 4 clusterfuzz found bugs which have been blamed on this cl (this one, 824616, 817595, and another that I've already unassigned from myself and can't find now).
,
Apr 2 2018
Just a heads up, M66 Stable cut is on April 12th, 10 days away. This issue is marked as RB-Stable for 66. Please make sure to address this issue prior to stable cut. Thanks!
,
Apr 2 2018
,
Apr 3 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 3 2018
This is a non-regression issue. That is, a production environment already had this problem and we're merely seeing it in our tests now. Please feel free to remove ReleaseBlock-Stable if sheriffbot adds it back again.
,
Apr 5 2018
Hi thomasanderson@, I have to add back a couple of security labels so that it can get off security sheriff's queue.
,
Apr 6 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 9 2018
,
Apr 12 2018
Seems flaky and we haven't hit this crash in a while. Closing this out to let CF file a new bug if we start hitting it again, but I don't think there's anything actionable here.
,
Apr 19 2018
ClusterFuzz testcase 5755085569916928 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Jul 20
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Mar 11 2018Labels: Test-Predator-Auto-Components