New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 802223 link

Starred by 2 users
Status: WontFix
Owner:
morlovich@chromium.org
Closed: Apr 2018
Cc:
brajkumar@chromium.org
morlovich@chromium.org
metzman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Timeout in net_http_server_fuzzer

Project Member Reported by ClusterFuzz, Jan 16 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6184749919109120

Fuzzer: libFuzzer_net_http_server_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  net_http_server_fuzzer
  
Sanitizer: memory (MSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6184749919109120

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.

Comment 1 by brajkumar@chromium.org, Jan 17 2018

Cc: metzman@chromium.org brajkumar@chromium.org
Components: Internals>Network
Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also no regressed revision range is seen in the detailed report, hence adding appropriate label and marking it as untriaged.

Note: Observing similar stack trace in issue 796680 related to net fuzzers hang, so adding  metzman@ for more updates on this issue

Thanks!

Comment 2 by morlovich@chromium.org, Jan 17 2018

Cc: morlovich@chromium.org
Project Member

Comment 3 by ClusterFuzz, Jan 19 2018

Labels: OS-Mac

Comment 4 by eroman@chromium.org, Jan 29 2018

Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
Majority of time is being spent in net::HttpServer::ParseHeaders.


-   98.83%     3.76%  net_http_server  net_http_server_fuzzer   [.] net::HttpServer::ParseHeaders                                                  
   - 95.07% net::HttpServer::ParseHeaders                                                                                                          
      + 31.99% std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::append                                       
      + 23.07% base::TrimWhitespaceASCII                                                                                                           
      + 17.52% base::ToLowerASCII                                                                                                                  
      + 9.77% std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::reserve                                       
      + 3.77% std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::_
      + 3.54% net::(anonymous namespace)::charToInput                                                                                              
        1.88% __sanitizer_cov_trace_pc_guard                                                                                                       
      + 1.37% std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::append                                        
   + 3.76% 0xf23e258d4c544155

Comment 5 by mmenke@chromium.org, Feb 28 2018

Owner: morlovich@chromium.org
Status: Assigned (was: Available)

Comment 6 by morlovich@chromium.org, Mar 1 2018 

Well, this seems to reparse headers every time, until it gets a full HTTP message?

Comment 7 by infe...@chromium.org, Apr 17 2018

Status: WontFix (was: Assigned)
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.

Sign in to add a comment