ASSERT: new_prio == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio) |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4602296563138560 Fuzzer: libFuzzer_sequence_manager_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: new_prio == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio) __pthread_tpp_change_priority __pthread_mutex_lock_full Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=586740:586756 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4602296563138560 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Sep 11
Assigning @farahcharab's clusteruzz issues to the reviewers of the CL. Please help us find an owner!
,
Sep 11
,
Sep 11
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 11
This is definitely not a RB :) The bug is in the fuzzer not chromium.
,
Sep 11
Great, should we remove the security tags and switch this to a normal "Bug"?
,
Sep 11
Dropping as security based on #5.
,
Sep 14
Unable to access the Detailed Report because of access denied Hence adding CF-NeedsTriage label.
,
Oct 18
mmoroz@, just wondering do you have any inputs to find a right owner?
,
Oct 18
Looks like an assertion from glibc. Might be an MSan issue, assigning to eugenis@ to take a look.
,
Oct 23
We think that it is a bug in our fuzzer.
,
Nov 6
ClusterFuzz has detected this issue as fixed in range 605302:605305. Detailed report: https://clusterfuzz.com/testcase?key=4602296563138560 Fuzzer: libFuzzer_sequence_manager_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: new_prio == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio) __pthread_tpp_change_priority __pthread_mutex_lock_full Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=586740:586756 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=605302:605305 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4602296563138560 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 6
ClusterFuzz testcase 4602296563138560 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Sep 10Labels: Test-Predator-Auto-CC