Timeout in stylesheet_contents_fuzzer |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5905954137964544 Fuzzer: libFuzzer_stylesheet_contents_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: stylesheet_contents_fuzzer Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5905954137964544 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 1 2017
,
Oct 2 2017
,
Oct 3 2017
Apparently this is happening more than 50% of the time. I'll try and investigate this.
,
Oct 3 2017
I believe this is due to [1]. I landed it to fix a stack-overflow bug, but looks like I introduced a speed regression for nested var() blocks, causing the timeouts. I have a patch ready in [2]. Should be able to land it soon assuming tests pass. [1] https://chromium-review.googlesource.com/c/chromium/src/+/680197 [2] https://chromium-review.googlesource.com/c/chromium/src/+/696824
,
Oct 3 2017
,
Oct 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/47caa4fc1ffac8572425adf8434a86bed87e3fae commit 47caa4fc1ffac8572425adf8434a86bed87e3fae Author: Darren Shen <shend@chromium.org> Date: Tue Oct 03 06:59:06 2017 Fix speed regression for parsing var() blocks. 680197 [1] introduced a speed regression for parsing var() blocks. This caused the stylesheet fuzzer to timeout about 50% of the time. The offending patch made the parsing code run in exponential time due to a hidden recursive call in IsValidVariableReference. This patch fixes this issue by skipping over tokens that we've already validated as part of IsValidVariableReference (which is what the original code did before the offending patch landed). [1] https://chromium-review.googlesource.com/c/chromium/src/+/680197 Bug: 770482 Change-Id: I26c7cde6af88692835b3e445b932ef3d61df8588 Reviewed-on: https://chromium-review.googlesource.com/696824 Commit-Queue: Darren Shen <shend@chromium.org> Reviewed-by: nainar <nainar@chromium.org> Cr-Commit-Position: refs/heads/master@{#505969} [add] https://crrev.com/47caa4fc1ffac8572425adf8434a86bed87e3fae/third_party/WebKit/LayoutTests/css-parser/nested-var-blocks.html [modify] https://crrev.com/47caa4fc1ffac8572425adf8434a86bed87e3fae/third_party/WebKit/Source/core/css/parser/CSSVariableParser.cpp
,
Oct 3 2017
Patch has landed. I'll monitor the crash rates tomorrow and see if it disappears.
,
Oct 5 2017
Closing as no new timeouts since the patch landed.
,
Oct 5 2017
That's awesome! |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mmoroz@chromium.org
, Sep 30 2017Components: Blink>CSS