Issue 910040 link

Starred by 2 users

Issue metadata

Status:	Verified
Owner:	█ fkastenholz@chromium.org Last visit > 30 days ago
Closed:	Dec 12
Cc:	nedwilli...@gmail.com kkaluri@chromium.org █ fkastenholz@chromium.org
Components:	Internals>Network>QUIC
EstimatedDays:	----
NextAction:	----
OS:	Linux , Windows , Chrome , Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Libfuzzer Clusterfuzz ClusterFuzz-Verified M-72 Test-Predator-Wrong ClusterFuzz-Auto-CC

Out-of-memory in net_quic_stream_factory_fuzzer

Project Member Reported by ClusterFuzz, Nov 29

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4956330613538816

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  net_quic_stream_factory_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=611806:611823

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4956330613538816

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Project Member

Comment 1 by ClusterFuzz, Nov 29

Cc: nedwilli...@gmail.com
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Project Member

Comment 2 by ClusterFuzz, Nov 29

Labels: OS-Windows

Comment 3 by kkaluri@chromium.org, Nov 30

Labels: M-72 Test-Predator-Wrong CF-NeedsTriage

Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Project Member

Comment 4 by ClusterFuzz, Nov 30

Labels: OS-Mac

Comment 5 by manoranjanr@google.com, Nov 30

Components: Internals>Network>QUIC
Labels: -CF-NeedsTriage
Owner: fkastenholz@chromium.org
Status: Assigned (was: Untriaged)

Here is the change log:
========================
https://chromium.googlesource.com/chromium/src/+log/0793ae771a657373792c0cca7ac52964bed51741..e27256e97bfae8062c90d53ec8dd3131bcf71cf1?pretty=fuller&n=10000

fkastenholz@, can you please look into this change (https://chromium.googlesource.com/chromium/src/+/878763bfc11f9506ec00af2b1a565274cb60f93b) ??

Thank you!

Project Member

Comment 6 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 4956330613538816 appears to be flaky, updating reproducibility label.

Comment 7 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Comment 8 by fkastenholz@google.com, Dec 6

Status: Started (was: Assigned)

Comment 9 by fkastenholz@google.com, Dec 6

Cc: fkastenholz@chromium.org kkaluri@chromium.org

 Issue 909987  has been merged into this issue.

Project Member

Comment 10 by ClusterFuzz, Dec 6

Labels: OS-Chrome

Project Member

Comment 11 by ClusterFuzz, Dec 12

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)

ClusterFuzz testcase 6079747223977984 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Project Member

Comment 12 by ClusterFuzz, Dec 16

ClusterFuzz has detected this issue as fixed in range 616995:616996.

Detailed report: https://clusterfuzz.com/testcase?key=4956330613538816

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Fuzz target binary: net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  net_quic_stream_factory_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=611806:611823
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=616995:616996

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4956330613538816

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 910040 link

Issue metadata

Out-of-memory in net_quic_stream_factory_fuzzer

Issue description

Comment 1 by ClusterFuzz, Nov 29

Comment 1 Deleted

Comment 2 by ClusterFuzz, Nov 29

Comment 2 Deleted

Comment 3 by kkaluri@chromium.org, Nov 30

Comment 3 Deleted

Comment 4 by ClusterFuzz, Nov 30

Comment 4 Deleted

Comment 5 by manoranjanr@google.com, Nov 30

Comment 5 Deleted

Comment 6 by ClusterFuzz, Dec 1

Comment 6 Deleted

Comment 7 by infe...@chromium.org, Dec 1

Comment 7 Deleted

Comment 8 by fkastenholz@google.com, Dec 6

Comment 8 Deleted

Comment 9 by fkastenholz@google.com, Dec 6

Comment 9 Deleted

Comment 10 by ClusterFuzz, Dec 6

Comment 10 Deleted

Comment 11 by ClusterFuzz, Dec 12

Comment 11 Deleted

Comment 12 by ClusterFuzz, Dec 16

Comment 12 Deleted

Sign in to add a comment