New issue
Advanced search Search tips

Issue 838028 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Jul 24
Cc:
thestig@chromium.org
kkaluri@chromium.org
mmoroz@chromium.org
dcheng@chromium.org
infe...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in event_del

Project Member Reported by ClusterFuzz, Apr 30 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5594696634859520

Fuzzer: afl_mediasource_WEBM_VP8_pipeline_integration_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  event_del
  base::MessagePumpLibevent::~MessagePumpLibevent
  base::MessagePumpLibevent::~MessagePumpLibevent
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5594696634859520

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
Project Member

Comment 1 by ClusterFuzz, Apr 30 2018

Components: Internals>Core
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by kkaluri@chromium.org, Apr 30 2018

Cc: kkaluri@chromium.org
Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Comment 3 by gab@chromium.org, May 29 2018 

 Issue 844251  has been merged into this issue.

Comment 4 by gab@chromium.org, May 29 2018

Cc: thestig@chromium.org dcheng@chromium.org
This also manifested as  issue 844251 . Perhaps related to failing MessagePumpLibevent::Init()..?

@Linux base experts, any idea?
Project Member

Comment 5 by ClusterFuzz, May 29 2018

Cc: xhw...@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 6 by xhw...@chromium.org, May 29 2018

Cc: -xhw...@chromium.org

Comment 7 by thestig@chromium.org, May 29 2018

Cc: mmoroz@chromium.org infe...@chromium.org
CF keeps reproducing unreproducible bugs. What's going wrong? See also  bug 841502 ,  bug 840188 , and  bug 838038 .

Comment 8 by mmoroz@chromium.org, May 30 2018 

thestig@, there is a note in bold text in the issue description. CF keeps reporting unreproducible bugs, because CF keeps seeing them happening multiple times every day in the past 14 days.

We understand that many of such bugs can be hard to fix, but we've also seen many cases when it was possible to write a fix based on the stack trace of the crash. There is "Crash Stats" button on the testcase details page, that shows how often the crash occurs and can be used for verifying the fix.

If you don't see any potential solution, please WontFix it and sorry for the noise.
Project Member

Comment 9 by ClusterFuzz, Jul 24

Status: WontFix (was: Untriaged)
ClusterFuzz testcase 5310025376202752 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment