New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 761711 link

Starred by 1 user
Status: WontFix
Owner:
mmoroz@chromium.org
Closed: Apr 2018
Cc:
msrchandra@chromium.org
u...@chromium.org
hpayer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in v8_serialized_script_value_fuzzer

Project Member Reported by ClusterFuzz, Sep 4 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6485983385354240

Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  v8_serialized_script_value_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6485983385354240

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. If the fix resolved the issue, please close the bug by marking as Fixed.

Comment 1 by msrchandra@chromium.org, Sep 4 2017

Cc: msrchandra@chromium.org
Components: Blink>JavaScript
Labels: Test-Predator-Correct-CLs
Owner: u...@chromium.org
Status: Assigned (was: Untriaged)
Assigning to concern owner from Predator results --
Regression information is not available. The result is the blame information. 

Author: Ulan Degenbaev
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/4af9cfccf601f512b0fa6d9d5042684d66e2e9ca
Time: Thu Aug 10 16:54:55 2017
The CL last changed line 33 of file mark-compact.h, which is stack frame 3. 

Author: Ulan Degenbaev
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/4af9cfccf601f512b0fa6d9d5042684d66e2e9ca
Time: Thu Aug 10 16:54:55 2017
The CL last changed line 74 of file mark-compact.h, which is stack frame 4. 

Author: Ulan Degenbaev
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/4af9cfccf601f512b0fa6d9d5042684d66e2e9ca
Time: Thu Aug 10 16:54:55 2017
The CL last changed line 78 of file mark-compact.h, which is stack frame 5. 

Author: Ulan Degenbaev
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/4af9cfccf601f512b0fa6d9d5042684d66e2e9ca
Time: Thu Aug 10 16:54:55 2017
The CL last changed line 23 of file mark-compact-inl.h, which is stack frame 6. 

Author: Ulan Degenbaev
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/40c34606a7d02287e05f78bf4fcb1081a9cbc33b
Time: Wed Jul 19 13:27:45 2017
The CL last changed line 1141 of file mark-compact.cc, which is stack frame 7. 

Author: Michael Lippautz
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/3dffe2e3adda823c8eb951bd83a9f7a0da1a31cb
Time: Thu Jun 29 14:30:26 2017
The CL last changed line 1116 of file mark-compact.cc, which is stack frame 8. 

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/c59f78f611280240d65ab74a8874ce51161bfcd2
Time: Tue Apr 25 14:18:52 2017
The CL last changed line 62 of file objects-body-descriptors-inl.h, which is stack frame 9.

@ulan -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Oct 1 2017

Components: Blink>JavaScript>GC
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 3 by mmoroz@chromium.org, Oct 24 2017 

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 5 by u...@chromium.org, Nov 21 2017

Cc: u...@chromium.org
Owner: mmoroz@chromium.org
The timeout happens during GC. I general I would close timeouts as "won't fix" but I am not familiar with libFuzzer to make the call.

mmoroz@, should we close this as "won't fix"?

I don't think investigating timeouts is useful.

Comment 6 by mmoroz@chromium.org, Nov 21 2017 

Yeah... for fuzzers targeting V8, most of the timeouts are expected, and there is no need (and probably no way?) to fix those. But some timeouts happen too often and block further progress of the fuzzer. In that case, we are trying to fix the fuzzer in order to avoid triggering those timeouts.

Can you take a very quick look at lines 53-101 of  https://cs.chromium.org/chromium/src/third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp?rcl=61bb5cc5255b50e27da51cd2e0a84e1a0d3dacb0&l=53 ? If you have any idea regarding how we can prevent the timeout, please let me know. Otherwise, I'll probably WontFix this as you suggested.
Project Member

Comment 7 by ClusterFuzz, Jan 8 2018

Labels: OS-Mac

Comment 8 by infe...@chromium.org, Apr 17 2018

Status: WontFix (was: Assigned)
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.

Sign in to add a comment