New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 875798 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Last visit > 30 days ago
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in sequence_manager_fuzzer

Project Member Reported by ClusterFuzz, Aug 20

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6625386532962304

Fuzzer: libFuzzer_sequence_manager_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  sequence_manager_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=584148:584149

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6625386532962304

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Aug 20

Components: Internals>Core
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Aug 20

Cc: farahcharab@google.com
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

SQM Fuzzer: Add support for multi-threading. by farahcharab@google.com - https://chromium.googlesource.com/chromium/src/+/6a6e23cb7044bf8f79abc09343ce92fc2b1f10ef

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!
Cc: altimin@chromium.org
@altimin, Dumping the test description generated, all what this test is doing is creating threads as an initial action, so the program is crashing as the fuzzer has a default memory bound set. 

We probably should limit the number of the threads that can be created, since these use cases are not what we probably want to test. 
Components: -Internals>Core Blink>Scheduling
Labels: -CF-NeedsTriage
Owner: farahcharab@chromium.org
Status: Assigned (was: Untriaged)
Yeah, limiting the number of threads we can create sounds like a good idea.
Project Member

Comment 6 by ClusterFuzz, Oct 9

Labels: OS-Windows OS-Mac
Project Member

Comment 7 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6625386532962304 appears to be flaky, updating reproducibility label.
Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
Project Member

Comment 10 by ClusterFuzz, Dec 5

Labels: OS-Chrome

Sign in to add a comment