CHECK failure: len > 0 in zygote_linux.cc |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5186403605151744 Fuzzer: marty_html_twiddler Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: len > 0 in zygote_linux.cc base::WaitableEvent::WaitableEvent content::ChildProcess::ChildProcess Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5186403605151744 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 24 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "ygote_linux.cc" observing there are few recent changes done by @tsepez https://chromium.googlesource.com/chromium/src/+log/8839d302691536f5cdb93c0931e0b6a8eeb2a9ab/content/zygote/zygote_linux.cc tsepez@ -- Unable to pinpoint actual CL, could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Apr 24 2018
,
Apr 26 2018
Looks to be a case where the child is exiting before the host can read the status. We should just handle this failure cleanly and continue.
,
Apr 26 2018
,
Apr 26 2018
cl athttps://chromium-review.googlesource.com/c/chromium/src/+/1030876
,
Apr 26 2018
Looks like this broke about 4 yrs ago at https://codereview.chromium.org/269543014 where an early "goto error" got postponed due to the refactoring at old line 338 of zygote_linux.cc
,
May 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/86ed44e053ece378ccbb0c2425e4163c65164f9f commit 86ed44e053ece378ccbb0c2425e4163c65164f9f Author: Tom Sepez <tsepez@chromium.org> Date: Tue May 01 01:03:33 2018 Handle error return from zygote recvmsg call. This trips a check far away from the actual issue. The CHECK is too strong and prevents executing the error handling path beneath it. Shuffle a few blocks and comments around so that the flow makes more sense and is easier to read, and initial fork failures are caught earlier. Bug: 835778 Change-Id: I46b960f9fd1095f5fc5224bf9cc80703e8fc325f Reviewed-on: https://chromium-review.googlesource.com/1030876 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#554949} [modify] https://crrev.com/86ed44e053ece378ccbb0c2425e4163c65164f9f/services/service_manager/zygote/zygote_linux.cc
,
May 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/11ab394e56836cf983a58de8626c8ec63e2198ec commit 11ab394e56836cf983a58de8626c8ec63e2198ec Author: Matt Giuca <mgiuca@chromium.org> Date: Tue May 01 05:24:25 2018 Revert "Handle error return from zygote recvmsg call." This reverts commit 86ed44e053ece378ccbb0c2425e4163c65164f9f. Reason for revert: Blocking revert of r554902. Original change's description: > Handle error return from zygote recvmsg call. > > This trips a check far away from the actual issue. The CHECK is too > strong and prevents executing the error handling path beneath it. > > Shuffle a few blocks and comments around so that the flow makes > more sense and is easier to read, and initial fork failures are > caught earlier. > > Bug: 835778 > Change-Id: I46b960f9fd1095f5fc5224bf9cc80703e8fc325f > Reviewed-on: https://chromium-review.googlesource.com/1030876 > Commit-Queue: Tom Sepez <tsepez@chromium.org> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Cr-Commit-Position: refs/heads/master@{#554949} TBR=dcheng@chromium.org,jln@chromium.org,jam@chromium.org,tsepez@chromium.org Change-Id: I877d3610bd75eaa1176189319923bcc75b794781 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 835778 , 838498 Reviewed-on: https://chromium-review.googlesource.com/1036983 Reviewed-by: Matt Giuca <mgiuca@chromium.org> Commit-Queue: Matt Giuca <mgiuca@chromium.org> Cr-Commit-Position: refs/heads/master@{#554999} [modify] https://crrev.com/11ab394e56836cf983a58de8626c8ec63e2198ec/services/service_manager/zygote/zygote_linux.cc
,
May 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c37c846a541a66217558ae56beeaac0b070dbe9a commit c37c846a541a66217558ae56beeaac0b070dbe9a Author: Tom Sepez <tsepez@chromium.org> Date: Wed May 02 17:58:26 2018 Re-land "Handle error return from zygote recvmsg call."" This reverts commit 11ab394e56836cf983a58de8626c8ec63e2198ec. TBR=dcheng@chromium.org Bug: 835778 Change-Id: Iffac66c75702b353625aff03873ff89a993a731b Reviewed-on: https://chromium-review.googlesource.com/1040110 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/master@{#555464} [modify] https://crrev.com/c37c846a541a66217558ae56beeaac0b070dbe9a/content/zygote/zygote_linux.cc
,
May 3 2018
,
May 10 2018
ClusterFuzz testcase 5186403605151744 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Apr 23 2018Labels: Test-Predator-Auto-Components