Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/840ab30ddf08c31b478f95bea457005a15b1f426 (Let Platform own main thread in simple use cases.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Hmm OK, I think this is caused by the fuzzer trying to initialize Blink
multiple times in one process. This is not supported, and has not ever been
supported. There's little we can do from Blink's perspective -- each fuzzer
using Blink needs to be fixed.

This bug really needs someone working on fuzzers.

yutak: Could you clarify where the multiple initialization is happening? https://cs.chromium.org/chromium/src/components/webcrypto/fuzzer_support.cc?rcl=aa5d50c3951f70daccac7783c280de76b53f59ba&l=23 seems to explicitly only initialize once?

Initialization is being done only once. The problem is the use of Platform::CurrentThread(), which is no longer valid to call following 840ab30ddf08c31b478f95bea457005a15b1f426.

I believe the fix is for the test to use blink::Platform::CreateMainThreadAndInitialize() instead.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a73a16878a10dc056918162895b9f5bd6ded0b33

commit a73a16878a10dc056918162895b9f5bd6ded0b33
Author: Eric Roman <eroman@chromium.org>
Date: Thu Aug 09 03:28:22 2018

Fix crashing webcrypto fuzzers.

Use blink::Platform::CreateMainThreadAndInitialize() to create and own the main thread.

Bug:  872240 
Change-Id: I53c8ad6875aecf83246f8077e03eed6482d36be4
Reviewed-on: https://chromium-review.googlesource.com/1168194
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Commit-Queue: Eric Roman <eroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#581775}
[modify] https://crrev.com/a73a16878a10dc056918162895b9f5bd6ded0b33/components/webcrypto/fuzzer_support.cc

Um yeah, I think I misunderstood the problem and you are right.

However, I'm not sure why this worked previously, because CurrentThread()
was a pure virtual function so InitOnce should have been non-instantiatable...

CurrentThread() previously would return nullptr [1], so platform initialization would end up without a main thread. Surprisingly things worked. The test's dependence on blink is pretty minimal.

The updated code should be more correct now, since it actually has a main thread should it be needed.

[1] https://chromium.googlesource.com/chromium/src/+/af6f49690caf8ba3279f4c207ee27b0cccc36637/third_party/blink/public/platform/platform.h#397

ClusterFuzz has detected this issue as fixed in range 581774:581775.

Detailed report: https://clusterfuzz.com/testcase?key=4527769502089216

Fuzzer: libFuzzer_webcrypto_rsa_import_key_pkcs8_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  owned_main_thread_ in platform.cc
  blink::Platform::CurrentThread
  webcrypto::InitOnce::InitOnce
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=581135:581136
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=581774:581775

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4527769502089216

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4527769502089216 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.