New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 762368 link

Starred by 1 user
Status: WontFix
Owner:
chcunningham@chromium.org
Closed: Apr 2018
Cc:
dalecur...@chromium.org
msrchandra@chromium.org
wolenetz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Timeout in media_pipeline_integration_fuzzer

Project Member Reported by ClusterFuzz, Sep 6 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5870355402194944

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  media_pipeline_integration_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5870355402194944

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.

Comment 1 by msrchandra@chromium.org, Sep 6 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Correct-CLs
Owner: wolenetz@chromium.org
Status: Assigned (was: Untriaged)
This issue looks similar to Bug ID -- 754500. As the mentioned bug is in Verified state assigning to concern owner.

@wolenetz -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Just to update below are the Predator results --
Regression information is not available. The result is the blame information. 

Author: stanisc
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/acf6801129dff3dba81f6f105713aab173a73e2c
Time: Wed Nov 30 19:56:09 2016
The CL last changed line 157 of file waitable_event_posix.cc, which is stack frame 3. 

Author: mmentovai@google.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/b2e972938cc2a0478c33ff094c6f574f39c41997
Time: Tue Sep 02 18:20:34 2008
The CL last changed line 53 of file message_pump_default.cc, which is stack frame 4. 

Author: gab
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/27355196d32f75606b3e43b54bd0d03ef42b4579
Time: Thu May 18 06:01:10 2017
The CL last changed line 123 of file run_loop.cc, which is stack frame 5. 

Author: fdoray
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/b199f1bef099a0b34576f10fd57e713551e39349
Time: Mon May 29 23:00:03 2017
The CL last changed line 156 of file scoped_task_environment.cc, which is stack frame 6. 

Author: Francois Doray
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/26486308a3f4f2443a15f4c5813c0cab0b53c8d8
Time: Mon Jul 31 23:15:23 2017
The CL last changed line 266 of file pipeline_integration_test_base.cc, which is stack frame 7. 

Author: ricea
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/3cdd7ebe8bd324d3174e8ec3253190908e717a36
Time: Thu Aug 25 09:43:39 2016
The CL last changed line 305 of file pipeline_integration_test_base.cc, which is stack frame 8. 

Author: Matt Wolenetz
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/0b378819e3b3925e0eabd34e73d3972a19b4a46d
Time: Thu Aug 24 17:16:08 2017
The CL last changed line 71 of file pipeline_integration_fuzzertest.cc, which is stack frame 9.

Comment 2 by wolenetz@chromium.org, Sep 6 2017

Cc: dalecur...@chromium.org wolenetz@chromium.org
Components: Internals>Media>FFmpeg
Labels: -Pri-1 M-63 Pri-2
Owner: chcunningham@chromium.org
This looks like it's in FFmpeg.
perf record -g -p <PID of local fuzzer running the test case> shows 99.60% time spent in av_read_frame's read_frame_internals's parse_packet; within that:
85.37% time spent in av_parser_parse2
--61.92% in flac_parse.

All for a file < 3KB. Seems like there's something in ffmpeg that isn't advancing the parse cursor sufficiently in this case.

=> chcunningham@ to see about getting this fixed in the ffmpeg roll.
Project Member

Comment 3 by ClusterFuzz, Sep 15 2017

Labels: OS-Mac
Project Member

Comment 4 by ClusterFuzz, Oct 1 2017

Components: Internals>Core
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 5 by mmoroz@chromium.org, Oct 24 2017 

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

Comment 6 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 7 by infe...@chromium.org, Apr 17 2018

Status: WontFix (was: Assigned)
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.

Sign in to add a comment