New issue
Advanced search Search tips

Issue 904773 link

Starred by 1 user
Status: Verified
Owner:
mbarbe...@chromium.org
Closed: Nov 20
Cc:
arthurso...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

IPCFuzzer play_testcase.py broken?

Project Member Reported by arthurso...@chromium.org, Nov 13 
I am trying to reproduce  bug 902964 

I followed exactly the documentation: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/ipc_fuzzer.md

I got:
~~~
# python ./tools/ipc_fuzzer/scripts/play_testcase.py ~/Downloads/clusterfuzz-testcase-minimized-5184212912832512

Output:
-------

Executing: '/usr/local/google/home/arthursonzogni/chromium/src/out/Release/chrome' '--ipc-fuzzer-testcase=/usr/local/google/home/arthursonzogni/Downloads/clusterfuzz-testcase-minimized-5184212912832512' '--no-sandbox' '--disable-kill-after-bad-ipc' '--disable-mojo-channel' '--renderer-cmd-prefix=/usr/local/google/home/arthursonzogni/chromium/src/out/Release/ipc_fuzzer_replay' '--ppapi-plugin-launcher=/usr/local/google/home/arthursonzogni/chromium/src/out/Release/ipc_fuzzer_replay' '--plugin-launcher=/usr/local/google/home/arthursonzogni/chromium/src/out/Release/ipc_fuzzer_replay' '--utility-cmd-prefix=/usr/local/google/home/arthursonzogni/chromium/src/out/Release/ipc_fuzzer_replay' '--gpu-launcher=/usr/local/google/home/arthursonzogni/chromium/src/out/Release/ipc_fuzzer_replay'
[1113/110030.056806:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.210683:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.362097:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.512678:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.586859:ERROR:message_file_reader.cc(103)] Failed to map testcase: /usr/local/google/home/arthursonzogni/Downloads/clusterfuzz-testcase-minimized-5184212912832512
[29907:29911:1113/110030.661631:ERROR:service_manager_context.cc(281)] Attempting to run unsupported native service: /usr/local/google/home/arthursonzogni/chromium/src/out/Release/chrome_renderer.service
[1113/110030.672396:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.745424:ERROR:message_file_reader.cc(103)] Failed to map testcase: /usr/local/google/home/arthursonzogni/Downloads/clusterfuzz-testcase-minimized-5184212912832512
[1113/110030.746808:ERROR:message_file_reader.cc(103)] Failed to map testcase: /usr/local/google/home/arthursonzogni/Downloads/clusterfuzz-testcase-minimized-5184212912832512
[1113/110030.818291:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110030.950766:ERROR:message_file_reader.cc(103)] Failed to map testcase: /usr/local/google/home/arthursonzogni/Downloads/clusterfuzz-testcase-minimized-5184212912832512
[1113/110030.983723:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.148433:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.313329:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.476709:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.646824:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.813158:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110031.975094:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.137390:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.299488:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.439422:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.577575:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.714987:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110032.855571:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110033.015545:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110033.162221:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110033.298884:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
[1113/110033.436750:ERROR:replay_process.cc(106)] This binary shouldn't be executed directly, please use tools/ipc_fuzzer/scripts/play_testcase.py
~~~

It looks like the switch kIpcFuzzerTestcase is not forwarded to some process.
In the browser process, I put (in navigation_request.cc)
~~~
  if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kIpcFuzzerTestcase)) {
    CHECK(0);
  }
~~~
It compiles and I can reach CHECK(0) by adding the appropriate switch.
So I think the browser process have the switch, but it is not forwarded to the replay process?

+owner mbarbella@. I think you are the appropriate owner. Could you confirm there is an issue here?

Comment 1 by arthurso...@chromium.org, Nov 16

Cc: arthurso...@chromium.org
mbarbella@ Do you have any update? ;-)

Comment 2 by mbarbe...@chromium.org, Nov 16

Components: -Tools>Stability>libFuzzer
Sorry I missed this, just had a look. It seems like this is an issue with --gpu-prefix. I think it may actually be best to remove that flag since I don't expect it gives us much useful coverage even when it's working, but I'll have a closer look later today before deciding for sure.

Comment 3 by mbarbe...@chromium.org, Nov 16

Status: Assigned (was: Untriaged)
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 20 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f64bcfb1307a551494a9eaeba84ef75a000ffd95

commit f64bcfb1307a551494a9eaeba84ef75a000ffd95
Author: Martin Barbella <mbarbella@chromium.org>
Date: Tue Nov 20 14:55:28 2018

Minor IPC fuzzer fixes:

1) Favor --renderer-cmd-prefix more heavil when generating flags files
for ClusterFuzz.
2) Remove the --gpu-launcher option as it no longer works. Looking at
existing issues I'm not sure that this is too important for our
coverage, so it seems easier to remove it than to try to continue
maintaining it.

R=inferno@chromium.org

Bug:  904773 
Change-Id: I3f0f468337540dfc5af73289ad0a46e41dcdb5ae
Reviewed-on: https://chromium-review.googlesource.com/c/1340978
Reviewed-by: Abhishek Arya <inferno@chromium.org>
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609703}
[modify] https://crrev.com/f64bcfb1307a551494a9eaeba84ef75a000ffd95/tools/ipc_fuzzer/scripts/play_testcase.py
[modify] https://crrev.com/f64bcfb1307a551494a9eaeba84ef75a000ffd95/tools/ipc_fuzzer/scripts/utils.py

Comment 5 by arthurso...@chromium.org, Nov 20

Status: Verified (was: Assigned)
It's now working. Thanks!

Sign in to add a comment