Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Hm. I'm not sure what to do here since this does not reproduce:

  UnreproducibleError: The crash cannot be reproduced after trying 3 times.

I wonder if this is possibly related to 

  https://chromium-review.googlesource.com/c/chromium/src/+/767057

which adds a certificate to the mock crypto client stream factory.

mmoroz: I notice that the fuzzer has some global variables and some per-run variables. It's possible that my CL is doing the wrong thing with the global certificate. Is there a way to run multiple ... runs? with the same global state? I'm not sure if my question is well-formed, but hopefully it makes sense.

I think we want to do this: https://chromium.googlesource.com/chromium/src/+/9d72b93a1d661c092c883db10baa2181269dfafc

I'm really excited to start exploring more code once this all comes together! I fuzzed locally in release mode with the idea that debug failures could accumulate and lead to a security-relevant bug. All the debug checks that have popped up, esp. the cert-related stuff, makes me think we might be able to explore more than I ever did once this is resolved.

Oops sorry forgot to post an answer here yesterday, even though I've tried to reproduce it locally as well.

That's weird, as it doesn't crash for me either.

To run multiple runs, there is "-runs=N" argument. We actually use N=100 when testing a single testcase:

Running command: <...>/net_quic_stream_factory_fuzzer -timeout=25 -rss_limit_mb=2048 -runs=100 /mnt/scratch0/clusterfuzz/slave-bot/inputs/fuzzer-testcases/181eef4483011fcfb50784205ccaf6b12-net_quic_stream_factory_fuzzer

I can reproduce it locally using the build downloaded from the CF page: https://clusterfuzz.com/v2/testcase-detail/6181653969108992?noredirect=1


$ ~/Downloads/libfuzzer-linux-debug-516217/net_quic_stream_factory_fuzzer ./clusterfuzz-testcase-minimized-6181653969108992
<...>
[1115/084153.260124:FATAL:scoped_refptr.h(182)] Check failed: ptr_. 
<...>

Tried using the local build again, cannot reproduce :(

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e3e592e12cd54ba26fb2576bced629bdf88f09c0

commit e3e592e12cd54ba26fb2576bced629bdf88f09c0
Author: Ryan Hamilton <rch@chromium.org>
Date: Thu Nov 16 04:49:09 2017

Bundle the test certificate in the QUIC fuzzer at compile time.

Also rename the SPDY script and build target since it's now
shared with QUIC.

BUG= 784865 , 785216 

Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: Iab78013b32e3a7df8109370877a59a6c1427aa8b
Reviewed-on: https://chromium-review.googlesource.com/772781
Commit-Queue: Ryan Hamilton <rch@chromium.org>
Reviewed-by: Bence Béky <bnc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#516992}
[modify] https://crrev.com/e3e592e12cd54ba26fb2576bced629bdf88f09c0/net/BUILD.gn
[modify] https://crrev.com/e3e592e12cd54ba26fb2576bced629bdf88f09c0/net/data/ssl/certificates/BUILD.gn
[rename] https://crrev.com/e3e592e12cd54ba26fb2576bced629bdf88f09c0/net/data/ssl/scripts/generate-fuzzer-cert-include.py
[modify] https://crrev.com/e3e592e12cd54ba26fb2576bced629bdf88f09c0/net/quic/chromium/quic_stream_factory_fuzzer.cc

ClusterFuzz has detected this issue as fixed in range 516987:516997.

Detailed report: https://clusterfuzz.com/testcase?key=6181653969108992

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  ptr_ in scoped_refptr.h
  scoped_refptr<net::X509Certificate>::operator->
  net::MockCryptoClientStream::CryptoConnect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=516120:516144
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=516987:516997

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6181653969108992

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6181653969108992 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.