New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 859265 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Jul 2
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Abrt in rtc::webrtc_checks_impl::FatalLog

Project Member Reported by ClusterFuzz, Jun 30 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5824765445799936

Fuzzer: libFuzzer_ulpfec_generator_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900006966
Crash State:
  rtc::webrtc_checks_impl::FatalLog
  webrtc::internal::CopyColumn
  webrtc::ForwardErrorCorrection::InsertZerosInPacketMasks
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=567942:567947

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5824765445799936

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jun 30 2018

Cc: jonasolsson@webrtc.org yinwa@webrtc.org
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

Refactor checks to use a copy of the new logging backend. by jonasolsson@webrtc.org - https://webrtc.googlesource.com/src/+/f8e5c110ee806992f4092220339939fe5c2d3cc9

Fix a downstream test failure. by yinwa@webrtc.org - https://webrtc.googlesource.com/src/+/6a9bd744811c183764ef4a590aacbf96f18eb57e

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
Project Member

Comment 2 by ClusterFuzz, Jun 30 2018

Cc: kwiberg@webrtc.org mflodman@webrtc.org henrika@webrtc.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Project Member

Comment 3 by ClusterFuzz, Jun 30 2018

Labels: OS-Mac
Owner: jonasolsson@chromium.org
Status: Assigned (was: Untriaged)
Owner: yinwa@chromium.org
Looks like the fuzzer manages to trigger the newly added "RTC_CHECK_LT(new_bit_index, 8 * new_mask_bytes);" in the FEC internals.

Reassigning to @yinwa, as you added that check and did some related fuzzer work in https://webrtc-review.googlesource.com/c/src/+/82802.
Status: Started (was: Assigned)
In rare case, two consecutive packets may have same sequence number in this fuzzer test. (When all packets in between are not "protected")
 
Uploaded a CL https://webrtc-review.googlesource.com/c/src/+/86547


Project Member

Comment 7 by bugdroid1@chromium.org, Jul 2

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/6b33e602138812e6dfd01d29a9373535316fc6a0

commit 6b33e602138812e6dfd01d29a9373535316fc6a0
Author: Ying Wang <yinwa@webrtc.org>
Date: Mon Jul 02 15:51:10 2018

In ULP FEC fuzzer test, make sure sequence number is not the same as previous sequence number.

Bug:  chromium:859265 
Change-Id: I9acb9a177dfed3830ead0ba5a16ee4310f4d2b5b
Reviewed-on: https://webrtc-review.googlesource.com/86547
Commit-Queue: Ying Wang <yinwa@webrtc.org>
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23806}
[modify] https://crrev.com/6b33e602138812e6dfd01d29a9373535316fc6a0/test/fuzzers/BUILD.gn
[modify] https://crrev.com/6b33e602138812e6dfd01d29a9373535316fc6a0/test/fuzzers/ulpfec_generator_fuzzer.cc

Status: Fixed (was: Started)
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 2

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c4a57e47439da24e986039253f5e620dc591a4ea

commit c4a57e47439da24e986039253f5e620dc591a4ea
Author: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Mon Jul 02 22:25:12 2018

Roll src/third_party/webrtc 4d01146f1679..312466a20450 (3 commits)

https://webrtc.googlesource.com/src.git/+log/4d01146f1679..312466a20450


git log 4d01146f1679..312466a20450 --date=short --no-merges --format='%ad %ae %s'
2018-07-02 buildbot@webrtc.org Roll chromium_revision c20726850b..a1981d69db (571826:571936)
2018-07-02 qingsi@google.com Add ADAPTER_TYPE_ANY in AdapterType.
2018-07-02 yinwa@webrtc.org In ULP FEC fuzzer test, make sure sequence number is not the same as previous sequence number.


Created with:
  gclient setdep -r src/third_party/webrtc@312466a20450

The AutoRoll server is located here: https://webrtc-chromium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.

CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_archive_rel_ng;master.tryserver.chromium.mac:mac_chromium_archive_rel_ng

BUG=chromium:None,chromium:859265
TBR=webrtc-chromium-sheriffs-robots@google.com

Change-Id: Ibe3ca6c450a7f021ed739daea306e9fc9f395562
Reviewed-on: https://chromium-review.googlesource.com/1123079
Reviewed-by: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#572022}
[modify] https://crrev.com/c4a57e47439da24e986039253f5e620dc591a4ea/DEPS

Project Member

Comment 10 by ClusterFuzz, Jul 3

ClusterFuzz has detected this issue as fixed in range 572016:572024.

Detailed report: https://clusterfuzz.com/testcase?key=5824765445799936

Fuzzer: libFuzzer_ulpfec_generator_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900006966
Crash State:
  rtc::webrtc_checks_impl::FatalLog
  webrtc::internal::CopyColumn
  webrtc::ForwardErrorCorrection::InsertZerosInPacketMasks
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=567942:567947
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=572016:572024

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5824765445799936

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Cc: -jonasolsson@webrtc.org
Project Member

Comment 12 by ClusterFuzz, Jul 3

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 5824765445799936 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Components: Blink>WebRTC>Network
Labels: M-69

Sign in to add a comment