New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 816283 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Abrt in net::QuicConnection::WritePacket

Project Member Reported by ClusterFuzz, Feb 25 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5578072485789696

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e9000055cd
Crash State:
  net::QuicConnection::WritePacket
  net::QuicConnection::WriteQueuedPackets
  net::QuicConnection::OnCanWrite
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=538035:538042

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5578072485789696

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Feb 25 2018

Components: Internals>Network>QUIC
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Feb 25 2018

Labels: Test-Predator-Auto-Owner
Owner: rhalavati@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a1256c8c08e2e0ebd3145a3e8ea1e1c659f65a19 (Add traffic annotation to Quic Stream Factory Fuzzer.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)
I think this is related. The mentioned CL just adds traffic annotation to the request, and annotation does not make any effect on how the request is processed. It is only directly DCHECKed in some code sites to ensure it exists.
Cc: brajkumar@chromium.org
Labels: M-66 CF-NeedsTriage
Unable to find actual suspect through code search and also observing no suspect from the provided CL under regression range, hence adding appropriate label for further triage.

Thanks!
Project Member

Comment 5 by ClusterFuzz, Apr 13 2018

ClusterFuzz has detected this issue as fixed in range 550332:550356.

Detailed report: https://clusterfuzz.com/testcase?key=5578072485789696

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900000f56
Crash State:
  net::QuicConnection::WritePacket
  net::QuicConnection::WriteQueuedPackets
  net::QuicConnection::OnCanWrite
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=538035:538042
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=550332:550356

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5578072485789696

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Apr 13 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 5578072485789696 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment