Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5b64e891917d845d28f17bf228a2395e95f6ddb4 (content: Add asyncCollectGarbage to GCController).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

+mmoroz: Maybe this is on your plate or maybe know somebody who could help me out here.

+jochen: Maybe you know how to deal with internal helper functions that are not hardened to an extend where they can be passed arbitrary garbage.

This report is wrong. We pick up an internal testing function in the fuzzer (GCController.asyncCollectAll). We pass it a JS function that contains a syntax error, so we need to crash.

Now, we need a way to crash to make CF happy, or we could just swallow the exception. 

In any case, the method is internal, so it is not well integrated into the rest of the system.

you harden them to an extend where they can deal with arbitrary garbage..

Jochen helped offline to find a way forward here. 

We can either (a) swallow the exception or (b) nicely call into Blink if an API already exists.

Will prepare a CL.

+ochang@ regarding c#3, since it's his fuzzer

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/54f67af23a0d28c44c28838f125c2ce760cede67

commit 54f67af23a0d28c44c28838f125c2ce760cede67
Author: Michael Lippautz <mlippautz@chromium.org>
Date: Tue Jan 08 15:41:57 2019

content_shell: Swallow V8 exception for internal GC call

GCController.asyncCollectAll is only exposed for web tests in
content_shell. As such, swallow exceptions instead of crashing, making
clusterfuzz happy when feeding it garbage input.

Bug:  915257 
Change-Id: I6b6071f1d213691089c815e6e85f8240c20a0bff
Reviewed-on: https://chromium-review.googlesource.com/c/1400804
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#620732}
[modify] https://crrev.com/54f67af23a0d28c44c28838f125c2ce760cede67/content/shell/test_runner/gc_controller.cc

ClusterFuzz has detected this issue as fixed in range 620731:620732.

Detailed report: https://clusterfuzz.com/testcase?key=4571340567478272

Fuzzer: ochang_domfuzzer
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900000001
Crash State:
  blink::ReportFatalErrorInMainThread
  v8::V8::ToLocalEmpty
  test_runner::GCController::AsyncCollectAllWithEmptyStack
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=593502:593503
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=620731:620732

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4571340567478272

See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4571340567478272 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.