Abrt in rtc::webrtc_checks_impl::FatalLog |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4835783887028224 Fuzzer: libFuzzer_audio_processing_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x053900002ba9 Crash State: rtc::webrtc_checks_impl::FatalLog CallCheckOp<rtc::webrtc_checks_impl::Val<rtc::webrtc_checks_impl::CheckArgType:: CallCheckOp<rtc::webrtc_checks_impl::Val<rtc::webrtc_checks_impl::CheckArgType:: Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=575836:575837 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4835783887028224 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jul 24
This is purely a BUILD change, unlikely to affect this.
,
Jul 26
Predator and CL could not provide any possible suspects. Using Code Search for the file, "rtc_base/checks.cc" suspecting the below Cl might have caused this issue Suspect CL: https://webrtc.googlesource.com/src.git/+/f8e5c110ee806992f4092220339939fe5c2d3cc9 jonasolsson@ -- Could you please look into this issue. Thanks!
,
Jul 30
Looks like this DCHECK fails in pitch_search_internal.cc:
const auto pitch_gain = [](float xy, float yy, float xx) {
RTC_DCHECK_LE(0.f, xx * yy);
xx * yy is -nan.
I'm reassigning this to Allesio, who knows that code.
,
Jul 30
I've found the cause, -nan is generated by the transient suppressor with valid input. I'll start working on fixing that sub-module.
,
Jul 31
The following revision refers to this bug: https://webrtc.googlesource.com/src.git/+/2a99c0bf6765d9c4615236ba4e00886678b2ef76 commit 2a99c0bf6765d9c4615236ba4e00886678b2ef76 Author: Alessio Bazzica <alessiob@webrtc.org> Date: Tue Jul 31 15:08:12 2018 Fix MovingMoments::CalculateMoments. Protect from negative second moments, which are unexpected in TransientDetector::Detect and may lead to invalid results. Bug: chromium:866925 Change-Id: Id1d5b2ebb51e54d9d332b869c6f63dcd03cc461c Reviewed-on: https://webrtc-review.googlesource.com/91164 Commit-Queue: Alessio Bazzica <alessiob@webrtc.org> Reviewed-by: Sam Zackrisson <saza@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24153} [modify] https://crrev.com/2a99c0bf6765d9c4615236ba4e00886678b2ef76/modules/audio_processing/transient/moving_moments.cc
,
Jul 31
,
Jul 31
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cd023c2c6984890c57d5444b1115e12b06ca522f commit cd023c2c6984890c57d5444b1115e12b06ca522f Author: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue Jul 31 17:37:23 2018 Roll src/third_party/webrtc 304da796abc6..2a99c0bf6765 (3 commits) https://webrtc.googlesource.com/src.git/+log/304da796abc6..2a99c0bf6765 git log 304da796abc6..2a99c0bf6765 --date=short --no-merges --format='%ad %ae %s' 2018-07-31 alessiob@webrtc.org Fix MovingMoments::CalculateMoments. 2018-07-31 ssilkin@webrtc.org Increase RtpFrameReferenceFinder's frame buffer length to 100 frames. 2018-07-31 buildbot@webrtc.org Roll chromium_revision fb3a9711ab..36ff521efe (579262:579363) Created with: gclient setdep -r src/third_party/webrtc@2a99c0bf6765 The AutoRoll server is located here: https://webrtc-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_archive_rel_ng;master.tryserver.chromium.mac:mac_chromium_archive_rel_ng BUG= chromium:866925 ,chromium:None TBR=webrtc-chromium-sheriffs-robots@google.com Change-Id: I7829d349a5886e7cd5dfa9877f07e1848d09cf1f Reviewed-on: https://chromium-review.googlesource.com/1156905 Reviewed-by: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#579461} [modify] https://crrev.com/cd023c2c6984890c57d5444b1115e12b06ca522f/DEPS
,
Aug 1
ClusterFuzz has detected this issue as fixed in range 579441:579462. Detailed report: https://clusterfuzz.com/testcase?key=4835783887028224 Fuzzer: libFuzzer_audio_processing_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x053900002ba9 Crash State: rtc::webrtc_checks_impl::FatalLog CallCheckOp<rtc::webrtc_checks_impl::Val<rtc::webrtc_checks_impl::CheckArgType:: CallCheckOp<rtc::webrtc_checks_impl::Val<rtc::webrtc_checks_impl::CheckArgType:: Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=575836:575837 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=579441:579462 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4835783887028224 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 1
ClusterFuzz testcase 4835783887028224 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Jul 24Labels: Test-Predator-Auto-CC