Data race in blink::FontFaceCache::IncrementVersion |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5359043787620352 Fuzzer: inferno_twister Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x55cbdca96968 Crash State: blink::FontFaceCache::IncrementVersion blink::OffscreenFontSelector::FontCacheInvalidated blink::FontCache::Invalidate Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=564329:564331 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5359043787620352 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 28 2018
Predator and CL could not provide any possible suspects. Using the code search for the file, “offscreen_font_selector.cc” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/2b00cd1d09d010cb6a2a72fc803c2e1778bf58da @fserb -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Aug 13
,
Aug 20
,
Aug 31
ClusterFuzz has detected this issue as fixed in range 587950:587951. Detailed report: https://clusterfuzz.com/testcase?key=5359043787620352 Fuzzer: inferno_twister Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race WRITE 4 Crash Address: 0x55cbdca96968 Crash State: blink::FontFaceCache::IncrementVersion blink::OffscreenFontSelector::FontCacheInvalidated blink::FontCache::Invalidate Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=564329:564331 Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=587950:587951 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5359043787620352 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 31
ClusterFuzz testcase 5359043787620352 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/08ea871bf55cef78ea25316a94d3a3555ddfea3a commit 08ea871bf55cef78ea25316a94d3a3555ddfea3a Author: Aaron Krajeski <aaronhk@google.com> Date: Wed Oct 10 17:47:51 2018 Fix race condition in font_face_cache If two workers tried to change font sets, a race condition would result in an invalid cache. Keep a separate counter for each thread. Bug: 856804 Change-Id: I4274cc99ed1ef2e3a995b5d319cbb1187c87d328 Reviewed-on: https://chromium-review.googlesource.com/c/1184976 Reviewed-by: Jeremy Roman <jbroman@chromium.org> Reviewed-by: Fernando Serboncini <fserb@chromium.org> Commit-Queue: Aaron Krajeski <aaronhk@chromium.org> Cr-Commit-Position: refs/heads/master@{#598390} [modify] https://crrev.com/08ea871bf55cef78ea25316a94d3a3555ddfea3a/third_party/blink/renderer/core/css/font_face_cache.cc |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Jun 26 2018Labels: Test-Predator-Auto-Components