Timeout in pdf_codec_fax_fuzzer |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6554355555368960 Fuzzer: libFuzzer_pdf_codec_fax_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: pdf_codec_fax_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=583292:583305 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6554355555368960 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 30
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Nov 30
,
Nov 30
kcc: Got any advice here? A big portion of the time is spent in the sanitizers. On Linux, I recorded a trace with "perf record -g path/to/pdf_codec_fax_fuzzer bug_910505.fuzz" and viewed the "perf report" output. With MSAN, 21% of the time is in __sanitizer_cov_trace_cmp8, 19% in fuzzer::ValueBitMap::AddValue, 10% in __interceptor_memcmp, and 10% in __sanitizer_cov_trace_const_cmp4 = 60%. With ASAN, __interceptor_memcmp takes 40% of the time, and __asan::QuickCheckForUnpoisonedRegion takes 27% of the time = 67%.
,
Nov 30
There isn't much I can do here with the sanitizers to speed things up. The input here is 621k -- is it at all reasonable to run this fuzzer on inputs this large? (sometimes it is, but it's very expensive and inefficient and so often the best solution is to limit the input side with something like 10K, you can do this inside the fuzz target)
,
Dec 1
ClusterFuzz testcase 6554355555368960 appears to be flaky, updating reproducibility label.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 4
With reference to the Issue 845117 , assigning it to thestig@
,
Dec 5
core/fxcodec/codec/ccodec_faxmodule.cpp has (almost) 100% coverage via the fuzzer, so maybe it is ok to reduce the size.
,
Dec 6
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/51340b520686e85ac182d22de352e237047e3b4c commit 51340b520686e85ac182d22de352e237047e3b4c Author: Lei Zhang <thestig@chromium.org> Date: Thu Dec 06 20:38:04 2018 Limit pdf_codec_fax_fuzzer input size. Larger inputs probably do not improve coverage. BUG= chromium:910505 Change-Id: I9a2fb4a1c1addbae8f5bd24db018b5be1ef5bb9d Reviewed-on: https://pdfium-review.googlesource.com/c/46612 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/51340b520686e85ac182d22de352e237047e3b4c/testing/fuzzers/pdf_codec_fax_fuzzer.cc
,
Dec 7
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9dbfb69b67406cdee217e9970fafea98e8c70c40 commit 9dbfb69b67406cdee217e9970fafea98e8c70c40 Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Date: Fri Dec 07 04:39:56 2018 Roll src/third_party/pdfium f1038808a9c8..994719731644 (6 commits) https://pdfium.googlesource.com/pdfium.git/+log/f1038808a9c8..994719731644 git log f1038808a9c8..994719731644 --date=short --no-merges --format='%ad %ae %s' 2018-12-07 tsepez@chromium.org Move element/parent relationship data to .inc file 2018-12-06 tsepez@chromium.org Use symbols to represent parents in script hierarchy 2018-12-06 tsepez@chromium.org XFA: generate element tables via C preprocessor 2018-12-06 tsepez@chromium.org XFA: generate value tables with C preprocessor. 2018-12-06 tsepez@chromium.org XFA: generate attribute tables via C Preprocessor. 2018-12-06 thestig@chromium.org Limit pdf_codec_fax_fuzzer input size. Created with: gclient setdep -r src/third_party/pdfium@994719731644 The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:910505 TBR=dsinclair@chromium.org Change-Id: I666c94ba76957f9159579f9c9932e9769bbc8915 Reviewed-on: https://chromium-review.googlesource.com/c/1367102 Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#614597} [modify] https://crrev.com/9dbfb69b67406cdee217e9970fafea98e8c70c40/DEPS
,
Dec 7
ClusterFuzz has detected this issue as fixed in range 614588:614611. Detailed report: https://clusterfuzz.com/testcase?key=6554355555368960 Fuzzer: libFuzzer_pdf_codec_fax_fuzzer Fuzz target binary: pdf_codec_fax_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: pdf_codec_fax_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=583292:583305 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=614588:614611 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6554355555368960 See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 7
ClusterFuzz testcase 6554355555368960 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Nov 30