FindIt result:
==============
Suspected CLs	Findit failed to find any stack trace. Is it in a new format?


From the regression range in the report, suspecting: https://codereview.chromium.org/2150803003 for 'fuzzer_main.cc' related change.

piman@: Could you please take a look at this.

Thank you!

The libfuzzer_options in BUILD.gn specify max_len=16384
This CHECK triggers when the fuzzer infrastructure doesn't respect that. This testcase is slightly over the limit. Sounds like an infra issue?

Cc'ing Abhishek to help in routing this to appropriate owner.

Kostya, looks like we can't enforce max_len with AFL, a testcase is created with higher length and then it crashes in libfuzzer's check.

fuzzer_main.cc is not part of libFuzzer. 
https://cs.chromium.org/chromium/src/gpu/command_buffer/tests/fuzzer_main.cc?q=padded_size+buffer_size&sq=package:chromium&dr=C&l=102

Piman@, do we really need these checks inside fuzzer itself, we should probably bail out silently, as otherwise we will storing crashes for these.

Well, I don't want the fuzzer to keep wasting time trying longer and longer chains to see if something sticks (nothing will), so shouldn't it respect that limit?

It shouldn't CHECK fail, simply returning would be enough. 

Again, shouldn't the fuzzer respect the limit? If I just accept any arbitrary input, what's to prevent it from wasting time trying longer and longer input?

if you add "if (size >= kLimit) return 0"  
the fuzzer may occasionally create inputs larger than kLimit but since
they will not produce any interesting coverage and they will not be added to 
the corpus, very little time will be wasted. 

libFuzzer does respect the limit (-max_len=n) and will not generate large inputs,
but AFL does not have such a flag. 

(shouldn't the page at https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/efficient_fuzzer.md#Fuzzer-Speed be fixed to mention that -max_len doesn't actually work?)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3cc8e9f779033422cbc75ba8e4a3414e1e2ccb00

commit 3cc8e9f779033422cbc75ba8e4a3414e1e2ccb00
Author: piman <piman@chromium.org>
Date: Wed Aug 24 01:25:41 2016

gpu_fuzzer: gracefully handle over-the-limit input

The fuzzer doesn't respect the max_len option and gives us data that's too big.
Bail ASAP when that's the case.

BUG= 638836 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2272903002
Cr-Commit-Position: refs/heads/master@{#413925}

[modify] https://crrev.com/3cc8e9f779033422cbc75ba8e4a3414e1e2ccb00/gpu/command_buffer/tests/fuzzer_main.cc

piman@, thanks for catching this! I will add a note about that to the documentation and/or will think about ways to implement max_len restriction for our AFL builds.

ClusterFuzz has detected this issue as fixed in range 413723:414068.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5681091564535808

Fuzzer: afl_gpu_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  padded_size <= buffer_size in fuzzer_main.cc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=405610:405709
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=413723:414068

Minimized Testcase (16.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96jpctCD1QCdN9vDbD1A0pmj7MxXSSqdPDsVMnPmgaQ9oUjHPjPyreMeG6KTfe7lSbeR65LvCH7SnupM5MMHm7q0MzWQDUpsuyRO00ul8Hp-axmRJ3Hm29MwiU_XFpo4FEb3HdjUzFjWYu9WVDPqjc4dDLf3m28kGylHkB-nkAd7baNmvY?testcase_id=5681091564535808

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The documentation has been updated in bug 640627. Thanks again for raising that issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot