New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 804291 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Apr 2018
Cc:
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Timeout in net_url_request_ftp_fuzzer

Project Member Reported by ClusterFuzz, Jan 22 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6288859389493248

Fuzzer: libFuzzer_net_url_request_ftp_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  net_url_request_ftp_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6288859389493248

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.

Comment 1 by brajkumar@chromium.org, Jan 23 2018

Cc: metzman@chromium.org brajkumar@chromium.org
Components: Internals>Network
Labels: Test-Predator-Wrong
Unable to find actual suspect through code search and also from the provided CL, hence adding appropriate label and marking it as untriaged.

metzman@: Could you please confirm is this issue is similar to bug 796680 or not ?

Thanks!

Comment 2 by metzman@chromium.org, Jan 23 2018 

I think bug 796680 is unrelated. This bug was found by libFuzzer whereas bug 796680 only concerns AFL.

Comment 3 by brajkumar@chromium.org, Jan 25 2018

Cc: -metzman@chromium.org
Labels: CF-NeedsTriage
Could some one from network team can look in to this issue?

Thanks!

Comment 4 by eroman@chromium.org, Jan 26 2018

Components: -Internals>Network Internals>Network>FTP
Owner: eroman@chromium.org
Status: Assigned (was: Untriaged)
I'll try to repro this later today.

Comment 5 by eroman@chromium.org, Jan 29 2018

Labels: -Pri-1 Pri-2
Owner: ----
Status: Available (was: Assigned)
This looks like a distinct timeout from  Issue 802258  (interestingly all of these got filed around the same time, so I am guessing something changed on the fuzzing side in expanding inputs?)

At first glance the profile blames FtpCtrlResponseBuffer::ExtractFullLinesFromBuffer(), which is what splits the input into parsed lines:

Samples: 272K of event 'cycles', Event count (approx.): 253360746689                                                              
  Children      Self  Command          Shared Object               Symbol                                                         
+   98.01%     0.00%  net_url_request  net_url_req[.] base::internal::FunctorTraits<void (net::FuzzedSocket::*)(base::RepeatingCal
+   97.80%     0.00%  net_url_request  net_url_req[.] net::FuzzedSocket::OnReadComplete                                           
+   97.80%     0.00%  net_url_request  net_url_req[.] base::RepeatingCallback<void (int)>::Run                                    
+   97.79%     0.00%  net_url_request  libnet.so  [.] base::internal::Invoker<base::internal::BindState<void (net::FtpNetworkTrans
+   97.79%     0.00%  net_url_request  libnet.so  [.] base::internal::Invoker<base::internal::BindState<void (net::FtpNetworkTrans
+   97.79%     0.00%  net_url_request  libnet.so  [.] base::internal::InvokeHelper<false, void>::MakeItSo<void (net::FtpNetworkTra
+   97.78%     0.00%  net_url_request  libnet.so  [.] base::internal::FunctorTraits<void (net::FtpNetworkTransaction::*)(int), voi
+   97.78%     0.00%  net_url_request  libnet.so  [.] net::FtpNetworkTransaction::OnIOComplete                                    
+   97.77%     0.01%  net_url_request  libnet.so  [.] net::FtpNetworkTransaction::DoLoop                                          
+   96.89%     0.00%  net_url_request  libnet.so  [.] net::FtpNetworkTransaction::DoCtrlReadComplete                              
+   96.87%     0.00%  net_url_request  libnet.so  [.] net::FtpCtrlResponseBuffer::ConsumeData                                     
+   90.77%    27.20%  net_url_request  libnet.so  [.] net::FtpCtrlResponseBuffer::ExtractFullLinesFromBuffer                      
+   58.57%    58.50%  net_url_request  net_url_req[.] __sanitizer_cov_trace_pc_guard                                              
+   33.07%     7.94%  net_url_request  libnet.so  [.] std::__1::__compressed_pair_elem<std::__1::basic_string<char, std::__1::char
+    9.92%     2.19%  net_url_request  libnet.so  [.] std::__1::__compressed_pair_elem<std::__1::basic_string<char, std::__1::char
+    2.72%     0.00%  net_url_request  libnet.so  [.] 0xffff800817aea370                                                          
+    2.72%     2.72%  net_url_request  libnet.so  [.] 0x0000000001724370                                                          
+    1.13%     0.01%  net_url_request  libbase.so [.] base::SequenceCheckerImpl::CalledOnValidSequence                            
+    0.86%     0.01%  net_url_request  libnet.so  [.] net::FtpNetworkTransaction::DoCtrlRead                                      
+    0.83%     0.01%  net_url_request  net_url_req[.] net::FuzzedSocket::Read                                                     
+    0.73%     0.00%  net_url_request  libbase.so [.] base::SequenceCheckerImpl::Core::CalledOnValidSequence                      
+    0.70%     0.01%  net_url_request  libbase.so [.] base::ThreadCheckerImpl::CalledOnValidThread                                
+    0.53%     0.00%  net_url_request  libbase.so [.] base::AutoLock::AutoLock                                                    
+    0.51%     0.00%  net_url_request  libbase.so [.] base::Lock::Acquire                                                         
     0.41%     0.00%  net_url_request  libbase.so [.] base::internal::WeakReference::is_valid                                     
     0.41%     0.00%  net_url_request  net_url_req[.] base::WeakPtr<net::FuzzedSocket>::get                                       
     0.39%     0.00%  net_url_request  libbase.so [.] base::internal::IncomingTaskQueue::TriageQueue::HasTasks                    
     0.39%     0.01%  net_url_request  libbase.so [.] base::internal::LockImpl::Lock                                              
     0.38%     0.00%  net_url_request  libbase.so [.] base::internal::WeakReference::Flag::IsValid                                
     0.34%     0.01%  net_url_request  libbase.so [.] base::internal::IncomingTaskQueue::TriageQueue::ReloadFromIncomingQueueIfEmp
     0.33%     0.00%  net_url_request  libbase.so [.] base::OnceCallback<void ()>::~OnceCallback                                  
     0.33%     0.00%  net_url_request  libbase.so [.] base::internal::CallbackBase::~CallbackBase
Project Member

Comment 6 by ClusterFuzz, Jan 29 2018

Labels: OS-Mac

Comment 7 by infe...@chromium.org, Apr 17 2018

Status: WontFix (was: Available)
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.

Sign in to add a comment