New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 754121 link

Starred by 3 users

Issue metadata

Status: Verified
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression



Sign in to add a comment

CHECK failure: net_error_ != OK in fuzzed_socket.cc

Project Member Reported by ClusterFuzz, Aug 10 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4684556224692224

Fuzzer: libFuzzer_net_spdy_session_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  net_error_ != OK in fuzzed_socket.cc
  base::debug::DebugBreak
  net::FuzzedSocket::Connect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=493087:493142

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4684556224692224

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Labels: Test-Predator-Wrong-CLs M-62
Redo Task has been performed for a newer regression range.
Thank You.
Cc: msrchandra@chromium.org kkaluri@chromium.org
Labels: CF-NeedsTriage
Unable to find the possible suspect using Predator, CL and Code Search.
Could some one please look into the issue.

Thank You.
Project Member

Comment 3 by ClusterFuzz, Oct 1 2017

Components: Internals>Network
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
Components: -Internals>Network Internals>Network>HTTP2
Labels: Test-Predator-Wrong-Components
Cc: ckrasic@chromium.org
Labels: -Test-Predator-AutoComponents
I would not classify this as wrong component. If you want more specific component, add the component in https://chromium.googlesource.com/chromium/src/+/661285b9d4dcf79b97c97581dfbe32c3954e7ec4/net/socket/OWNERS
Labels: -Test-Predator-Wrong-Components
Labels: -Type-Bug -M-62 -CF-NeedsTriage M-63 Type-Bug-Regression
Owner: b...@chromium.org
Status: Assigned (was: Untriaged)
Here is the Change Log from above CF report.
https://chromium.googlesource.com/chromium/src/+log/22ff05c7b4e962b6486f0a1aa4c4f80f7b26d45b..661285b9d4dcf79b97c97581dfbe32c3954e7ec4?pretty=fuller&n=10000

bnc@, can you please look into this change (https://chromium.googlesource.com/chromium/src/+/5bf3f4f0a2defd3227f8d960825da523ceb6ddfa) ?

Thank you!

Comment 8 by b...@chromium.org, Oct 4 2017

Status: Started (was: Assigned)
I can reproduce it locally.  I'm working on it.

Comment 9 by b...@chromium.org, Oct 5 2017

Bisect points to https://crrev.com/c/608624.  But it feels like it's a bug in FuzzedSocket.  Still investigating.
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

(bulk edit)
Project Member

Comment 11 by bugdroid1@chromium.org, Jan 8 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e4722c2d6815b73d3b67da3e69eebc7bd3df1a7

commit 2e4722c2d6815b73d3b67da3e69eebc7bd3df1a7
Author: Bence Béky <bnc@chromium.org>
Date: Mon Jan 08 17:05:00 2018

Do not call StreamSocket::Connect from MockSSLClientSocket::Connect().

FuzzedSocket::Connect() does not support multiple calls.  In fact,
MockSSLClientSocket takes a connected socket, so it should not call
Connect() on it.  This CL fixes that, and adds a DCHECK that the socket
is already connected.

Note that HttpNetworkTransactionTest.ProxyTunnelGetHangup fails
the new DCHECK, because ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ
closes down the socket in a weird way that can never happen as a
result of actual network data.  Thus I am removing this MockRead.
Reading the EOF closes the socket anyway and makes sure the test is
doing the right thing.

Bug:  754121 
Change-Id: Iacaa507edf41a611e1595d1e333d93caa285c260
Reviewed-on: https://chromium-review.googlesource.com/852572
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Bence Béky <bnc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#527652}
[modify] https://crrev.com/2e4722c2d6815b73d3b67da3e69eebc7bd3df1a7/net/http/http_network_transaction_unittest.cc
[modify] https://crrev.com/2e4722c2d6815b73d3b67da3e69eebc7bd3df1a7/net/socket/socket_test_util.cc

Comment 12 by b...@chromium.org, Jan 8 2018

Status: Fixed (was: Started)
Locally verified that https://crrev.com/c/852572 fixes issue, closing.
Project Member

Comment 13 by ClusterFuzz, Jan 9 2018

ClusterFuzz has detected this issue as fixed in range 527649:527661.

Detailed report: https://clusterfuzz.com/testcase?key=4684556224692224

Fuzzer: libFuzzer_net_spdy_session_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  net_error_ != OK in fuzzed_socket.cc
  net::FuzzedSocket::Connect
  net::MockSSLClientSocket::Connect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=493087:493142
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=527649:527661

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4684556224692224

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 14 by ClusterFuzz, Jan 9 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 4684556224692224 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment