Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3ca00ab52c0afd9440101b9b8d964709847987cf (Landing Recent QUIC changes until 3:08 PM, Jul 6, 2018 UTC-4).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

I think this is related with FLAGS_quic_reloadable_flag_quic_stream_too_long. Dan, can you take a look?

It hits a QUIC_PEER_BUG:
[0711/003013.848440:FATAL:quic_stream.cc(113)] Receive stream frame reaches max stream length. frame offset 12971200365243468288 length 0
AddressSanitizer:DEADLYSIGNAL

--quic_reloadable_flag_quic_stream_too_long limits stream max length to 2^62-1.
This frame starts from 12971200365243468288 which is larger than the upper limit.

QUIC_PEER_BUG currently defined as LOG(DFATAL) which crashed upon receiving illegal input from fuzzer. We don't want to capture errors caused by peer in this case. As a solution, we can change QUIC_PEER_BUG to be merely LOG(ERROR).

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a23b6b0dc3114672a9949440c72b19aff144520

commit 1a23b6b0dc3114672a9949440c72b19aff144520
Author: Dan Zhang <danzh@chromium.org>
Date: Thu Jul 12 21:20:34 2018

Change QUIC_PEER_BUG macro platform implementation to use LOG(ERROR) instead of LOG(DFATAL).

In fuzzing test, fuzzer might send any illegal data to quic. In this
case, peer bug shouldn't be captured via DFATAL.

Also add EXPECT_QUIC_PEER_BUG macro which is a no-op in chromium.

R=zhongyi@chromium.org

Bug:  862488 
Change-Id: Ic4547cdcc4b7aeb232c9428235aa33ae668659c7
Reviewed-on: https://chromium-review.googlesource.com/1135286
Reviewed-by: Zhongyi Shi <zhongyi@chromium.org>
Commit-Queue: Dan Zhang <danzh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#574724}
[modify] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/BUILD.gn
[modify] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/third_party/quic/core/quic_stream_test.cc
[add] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/third_party/quic/platform/api/quic_expect_bug.h
[modify] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/third_party/quic/platform/impl/quic_bug_tracker_impl.h
[add] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/third_party/quic/platform/impl/quic_expect_bug_impl.h
[modify] https://crrev.com/1a23b6b0dc3114672a9949440c72b19aff144520/net/third_party/quic/test_tools/quic_test_utils.h

ClusterFuzz has detected this issue as fixed in range 574723:574724.

Detailed report: https://clusterfuzz.com/testcase?key=6400032560119808

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x05390000022e
Crash State:
  quic::QuicStream::OnStreamFrame
  quic::QuicSession::OnStreamFrame
  net::QuicChromiumClientSession::OnStreamFrame
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=573773:573777
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=574723:574724

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6400032560119808

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6400032560119808 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.