Timeout in media_pipeline_integration_fuzzer |
|||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6215261640982528 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: media_pipeline_integration_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=413124:413277 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6215261640982528 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jun 12 2018
This is probably related to https://chromium.googlesource.com/chromium/src/+/ded04b8261c21b7a0a968c5f3cdd404c27e4131e, which use proprietary codecs for libfuzzer. That being said, the timeout seems a real issue to fix.
,
Jun 12 2018
I am seeing tons of logs about empty packet. I suspect the demuxer has a bug where it keeps sending out empty packets and the readhead moves slowly, causing the test to timeout. Assign to hubbe@ who's familiar with FFmpegDemuxer and doing the ffmpeg roll. [0612/155658.036905:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010c2e00 [0612/155658.037621:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010c2e60 [0612/155658.038248:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010c2ec0 [0612/155658.038884:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010c2f20 [0612/155658.039484:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010c2f80 [0612/155658.040105:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0000 [0612/155658.040690:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0060 [0612/155658.041269:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d00c0 [0612/155658.041981:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0120 [0612/155658.042700:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0180 [0612/155658.043321:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d01e0 [0612/155658.043926:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0240 [0612/155658.044536:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d02a0 [0612/155658.045239:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0300 [0612/155658.045828:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0360 [0612/155658.046397:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d03c0 [0612/155658.046979:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0420 [0612/155658.047545:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0480 [0612/155658.048105:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d04e0 [0612/155658.048707:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0540 [0612/155658.049384:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d05a0 [0612/155658.050089:WARNING:ffmpeg_demuxer.cc(1773)] Dropping empty packet, size: 0, data: 0x6060010d0600
,
Jun 20 2018
Not a security issue, so it will have to wait until I come back from vacation.
,
Jun 23 2018
,
Jul 18
,
Oct 10
,
Oct 17
,
Dec 1
,
Dec 1
Have a fix, but may be risky.
,
Dec 1
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5caab9db3e50cc9259e88e88dbb6bdcc5574e894 commit 5caab9db3e50cc9259e88e88dbb6bdcc5574e894 Author: Dale Curtis <dalecurtis@chromium.org> Date: Sat Dec 01 02:43:53 2018 Fix spammy empty packets from slowing down demuxing. This takes the runtime of the demuxer for the linked bug from 70s to 3.5s; there is a small risk this will block the blocking_thread_ for a longer time, but that's a dedicated thread for this demuxer, so that's fine. BUG= 852093 TEST=fuzzer R=tmathmeyer Change-Id: I01d1dab399059caaa7cf5b2a280484c0f9d4cc42 Reviewed-on: https://chromium-review.googlesource.com/c/1357631 Reviewed-by: Ted Meyer <tmathmeyer@chromium.org> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Cr-Commit-Position: refs/heads/master@{#612913} [modify] https://crrev.com/5caab9db3e50cc9259e88e88dbb6bdcc5574e894/media/filters/ffmpeg_demuxer.cc
,
Dec 1
ClusterFuzz testcase 6215261640982528 appears to be flaky, updating reproducibility label.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
ClusterFuzz has detected this issue as fixed in range 612912:612913. Detailed report: https://clusterfuzz.com/testcase?key=6215261640982528 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: media_pipeline_integration_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=413124:413277 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=612912:612913 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6215261640982528 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 1
ClusterFuzz testcase 6215261640982528 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 3
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fca7e34b0e457e3fc3b15cfb78290840f768df62 commit fca7e34b0e457e3fc3b15cfb78290840f768df62 Author: Dale Curtis <dalecurtis@chromium.org> Date: Mon Dec 03 22:12:05 2018 Fix leaks encountered while skipping packets. Apparently zero byte, nullptr packets can still be attached to memory, who knew! BUG= 852093 , 910896 , 910898 , 910928 TEST=local run shows no leaks. R=tmathmeyer Change-Id: Iff90057b02e37cb67b9d443ffeb92695e6e5c7f8 Reviewed-on: https://chromium-review.googlesource.com/c/1359060 Reviewed-by: Ted Meyer <tmathmeyer@chromium.org> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Cr-Commit-Position: refs/heads/master@{#613282} [modify] https://crrev.com/fca7e34b0e457e3fc3b15cfb78290840f768df62/media/filters/ffmpeg_demuxer.cc |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by ClusterFuzz
, Jun 12 2018Labels: ClusterFuzz-Auto-CC