New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 761323 link

Starred by 2 users
Status: Fixed
Owner:
yzshen@chromium.org
Last visit > 30 days ago
Closed: Oct 2017
Cc:
msrchandra@chromium.org
och...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in mojo_parse_message_fuzzer

Project Member Reported by ClusterFuzz, Sep 1 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5525018141523968

Fuzzer: libFuzzer_mojo_parse_message_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  mojo_parse_message_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5525018141523968

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. If the fix resolved the issue, please close the bug by marking as Fixed.

Comment 1 by msrchandra@chromium.org, Sep 1 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Correct-CLs
Owner: yzshen@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
Regression information is not available. The result is the blame information. 

Author: yzshen
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/9ac6e6466cc0df7e1a3ad4488c5c8bdc2db4da36
Time: Fri Feb 17 23:07:50 2017
The CL last changed line 449 of file multiplex_router.cc, which is stack frame 3. 

Author: yzshen
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/2859a2ac06ab5d9df6706cc45525dc4a2085051c
Time: Tue Feb 14 22:24:25 2017
The CL last changed line 89 of file scoped_interface_endpoint_handle.cc, which is stack frame 4. 

Author: yzshen
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/2859a2ac06ab5d9df6706cc45525dc4a2085051c
Time: Tue Feb 14 22:24:25 2017
The CL last changed line 308 of file scoped_interface_endpoint_handle.cc, which is stack frame 5.

@yzhshen -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Oct 1 2017

Components: Internals>Mojo
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 3 by yzshen@chromium.org, Oct 16 2017 

I believe this one is a dup of  Issue 757187 .
The call stack doesn't have MessageWrapper::~MessageWrapper() but it may be caused by release build inlining it.

Let's see whether the fix for 757187 also addresses this one.

Comment 4 by yzshen@chromium.org, Oct 17 2017

Cc: och...@chromium.org
Hi, Oliver.

Is there an easy way for me to verify whether the fix for 757187 also fixes this issue? (This bug itself is marked as unreproducible.)

Thanks!

Comment 5 by och...@chromium.org, Oct 17 2017 

https://clusterfuzz.com/v2/crash-stats?block=hour&days=3&end=418960&fuzzer=libFuzzer_mojo_parse_message_fuzzer&group=platform&number=count&sort=total_count shows how often we are hitting crashes in the fuzzer. 

It looks like it might have been fixed since it has stopped happening since around 11pm last night.

Comment 6 by yzshen@chromium.org, Oct 17 2017

Status: Fixed (was: Assigned)
Great!

Thanks for your help Oliver! And sorry for the delay!

Comment 7 by mmoroz@chromium.org, Oct 17 2017 

Ah, I wrote almost the same comment but it didn't get posted due to switch between @chromium / @google accounts :)

It seems to be fixed indeed, based on the crash stats at the testcase details page: https://clusterfuzz.com/v2/testcase-detail/5525018141523968?noredirect=1

Thanks Yuzhu and Oliver!

Comment 8 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Sign in to add a comment