As per the  Issue 752194  owner assigning this issue to @shend.
@shend -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thanks.

Hi Max, I'm guessing this is the same as [1] but refiled correctly as MSAN? I'll unassign myself in that case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=752194

Yes, this is from MSan, also it's non reproducible. However, I believe that we can make it happen less often by reducing input length: https://chromium-review.googlesource.com/c/chromium/src/+/703775

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/18eefba87484ffcd4cb3e826d653da5c9c01fe58

commit 18eefba87484ffcd4cb3e826d653da5c9c01fe58
Author: Darren Shen <shend@chromium.org>
Date: Tue Oct 10 08:00:29 2017

Use a smaller input length for stylesheet_contents_fuzzer.

Currently the maximum input length for the CSS stylesheet fuzzer is
2048. However, CSS as a format is quite repetitive, so it's rare that
a bug requires 2048 characters to trigger. Looking through [1], the
test cases are usually less than 1000 characters. So to improve the
speed and coverage of the fuzzer, we reduce the maximum input length
to be 1024. This will also hopefully reduce memory usage and ameliorate
the OOM issues we've been having.

[1] https://bugs.chromium.org/p/chromium/issues/list?can=1&q=component%3ABlink%3ECSS+inferno_twister+status%3AFixed&colspec=ID+Pri+M+Stars+ReleaseBlock+Component+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=ids

Bug:  772612 

Change-Id: Ica1b1fa373362023bf5c741f6375666b72342fc7
Reviewed-on: https://chromium-review.googlesource.com/703775
Reviewed-by: meade_UTC10 <meade@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Darren Shen <shend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#507615}
[modify] https://crrev.com/18eefba87484ffcd4cb3e826d653da5c9c01fe58/third_party/WebKit/Source/core/BUILD.gn

We should consider limiting the repeat() count in the fuzzer. 5 should be sufficient. Large values like "repeat(3000000000, ...)" and "repeat(2000000000, ...) repeat(1000000000, ...)" can be covered by test cases.

That's certainly a good idea, but it'll be hard to do since the fuzzer just generates random strings. Another possibility is to reduce our memory usage for grids [1]. Marking this as available as per [2] and also lowering the priority since the ASAN build is working fine.

[1] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/style/GridArea.h?rcl=07d92b832e636397f113353dc9413c247996e250&l=48
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=752194

Assigning to shend@ to monitor.

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

I'm no longer working on Blink. Since the test case is related to grids, going to redirect to layout team. Perhaps reducing the memory usage of grids will help with this [1].

[1] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/style/GridArea.h?rcl=07d92b832e636397f113353dc9413c247996e250&l=48

We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.