Issue metadata
Sign in to add a comment
|
Crash in vertex_input_base_type_mask |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5263243627200512 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000001c8 Crash State: vertex_input_base_type_mask AttribsTypeMatch gpu::gles2::GLES2DecoderImpl::DoDrawArrays Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407140:407231 Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Nxz_wNftvH7rHCtkVhKnGLLf_PWDNn6wtPBfMjVls-b_RD_d0xvqO8iRVzM2OpyW0efyuFjmSd5Rjbb4GlQHZQsqoo50cnLnUScwYduHcRaig8VrPyKKjYrN3N6FQZbuOp8gYd_LamtWqQ1VxGnDAk-R_xw?testcase_id=5263243627200512 Filer: piman See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 22 2016
I'll take this one since Yunchao doesn't have crash database access.
,
Jul 23 2016
,
Jul 23 2016
,
Jul 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/14ef40159115ca5059907835a34bcd1667af7631 commit 14ef40159115ca5059907835a34bcd1667af7631 Author: zmo <zmo@chromium.org> Date: Tue Jul 26 00:50:24 2016 current program can be null in ES2/ES3 contexts. They are only required to be non null in WebGL. This also did some clean up and a minor optimization. BUG= 630802 TEST=fuzzer case in the bug R=piman@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2174173002 Cr-Commit-Position: refs/heads/master@{#407659} [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/context_state.cc [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/context_state.h [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/gles2_cmd_decoder.cc [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/program_manager.cc [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/program_manager.h [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/vertex_attrib_manager.cc [modify] https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631/gpu/command_buffer/service/vertex_attrib_manager.h
,
Jul 26 2016
,
Jul 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e9c2cd979c8114b75bbc2640a43a1371d64f502b commit e9c2cd979c8114b75bbc2640a43a1371d64f502b Author: mpearson <mpearson@chromium.org> Date: Tue Jul 26 04:43:48 2016 Revert of current program can be null in ES2/ES3 contexts. (patchset #2 id:20001 of https://codereview.chromium.org/2174173002/ ) Reason for revert: Caused webkit test failure on WebKit Win7 (dbg) https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Win7%20%28dbg%29/builds/6624 unexpected_failures: printing/webgl-oversized-printing.html virtual/threaded/printing/webgl-oversized-printing.html https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Win7__dbg_/6624/layout-test-results/results.html --- --- E:\b\rr\tmpymgexl\w\layout-test-results\printing/webgl-oversized-printing-expected.txt +++ E:\b\rr\tmpymgexl\w\layout-test-results\printing/webgl-oversized-printing-actual.txt @@ -1,5 +1,5 @@ -PASS successfullyParsed is true +CONSOLE ERROR: line 13: Uncaught TypeError: Cannot read property 'clearColor' of null +FAIL successfullyParsed should be true. Was false. TEST COMPLETE -PASS Printed without crashing. --- --- --- E:\b\rr\tmpymgexl\w\layout-test-results\virtual/threaded/printing/webgl-oversized-printing-expected.txt +++ E:\b\rr\tmpymgexl\w\layout-test-results\virtual/threaded/printing/webgl-oversized-printing-actual.txt @@ -1,5 +1,5 @@ -PASS successfullyParsed is true +CONSOLE ERROR: line 13: Uncaught TypeError: Cannot read property 'clearColor' of null +FAIL successfullyParsed should be true. Was false. TEST COMPLETE -PASS Printed without crashing. --- Original issue's description: > current program can be null in ES2/ES3 contexts. > > They are only required to be non null in WebGL. > > This also did some clean up and a minor optimization. > > BUG= 630802 > TEST=fuzzer case in the bug > R=piman@chromium.org > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel > > Committed: https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631 > Cr-Commit-Position: refs/heads/master@{#407659} TBR=piman@chromium.org,yunchao.he@intel.com,zmo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 630802 Review-Url: https://codereview.chromium.org/2181193002 Cr-Commit-Position: refs/heads/master@{#407711} [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/context_state.cc [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/context_state.h [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/gles2_cmd_decoder.cc [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/program_manager.cc [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/program_manager.h [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/vertex_attrib_manager.cc [modify] https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b/gpu/command_buffer/service/vertex_attrib_manager.h
,
Jul 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/773ceaef513c9e81fde791b6fe4612fd46cfb7fd commit 773ceaef513c9e81fde791b6fe4612fd46cfb7fd Author: zmo <zmo@chromium.org> Date: Tue Jul 26 05:09:57 2016 Reland of current program can be null in ES2/ES3 contexts. (patchset #1 id:1 of https://codereview.chromium.org/2181193002/ ) Reason for revert: I don't think this is related. See crbug.com/631316 and here the conversion between me and Mark. Original issue's description: > Revert of current program can be null in ES2/ES3 contexts. (patchset #2 id:20001 of https://codereview.chromium.org/2174173002/ ) > > Reason for revert: > Caused webkit test failure on WebKit Win7 (dbg) > https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Win7%20%28dbg%29/builds/6624 > > unexpected_failures: > printing/webgl-oversized-printing.html > virtual/threaded/printing/webgl-oversized-printing.html > > https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Win7__dbg_/6624/layout-test-results/results.html > > --- > --- E:\b\rr\tmpymgexl\w\layout-test-results\printing/webgl-oversized-printing-expected.txt > +++ E:\b\rr\tmpymgexl\w\layout-test-results\printing/webgl-oversized-printing-actual.txt > @@ -1,5 +1,5 @@ > -PASS successfullyParsed is true > +CONSOLE ERROR: line 13: Uncaught TypeError: Cannot read property 'clearColor' of null > +FAIL successfullyParsed should be true. Was false. > > TEST COMPLETE > -PASS Printed without crashing. > --- > > --- > --- E:\b\rr\tmpymgexl\w\layout-test-results\virtual/threaded/printing/webgl-oversized-printing-expected.txt > +++ E:\b\rr\tmpymgexl\w\layout-test-results\virtual/threaded/printing/webgl-oversized-printing-actual.txt > @@ -1,5 +1,5 @@ > -PASS successfullyParsed is true > +CONSOLE ERROR: line 13: Uncaught TypeError: Cannot read property 'clearColor' of null > +FAIL successfullyParsed should be true. Was false. > > TEST COMPLETE > -PASS Printed without crashing. > --- > > Original issue's description: > > current program can be null in ES2/ES3 contexts. > > > > They are only required to be non null in WebGL. > > > > This also did some clean up and a minor optimization. > > > > BUG= 630802 > > TEST=fuzzer case in the bug > > R=piman@chromium.org > > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel > > > > Committed: https://crrev.com/14ef40159115ca5059907835a34bcd1667af7631 > > Cr-Commit-Position: refs/heads/master@{#407659} > > TBR=piman@chromium.org,yunchao.he@intel.com,zmo@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG= 630802 > > Committed: https://crrev.com/e9c2cd979c8114b75bbc2640a43a1371d64f502b > Cr-Commit-Position: refs/heads/master@{#407711} TBR=piman@chromium.org,yunchao.he@intel.com,mpearson@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 630802 Review-Url: https://codereview.chromium.org/2186473002 Cr-Commit-Position: refs/heads/master@{#407713} [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/context_state.cc [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/context_state.h [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/gles2_cmd_decoder.cc [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/program_manager.cc [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/program_manager.h [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/vertex_attrib_manager.cc [modify] https://crrev.com/773ceaef513c9e81fde791b6fe4612fd46cfb7fd/gpu/command_buffer/service/vertex_attrib_manager.h
,
Jul 26 2016
,
Jul 26 2016
Issue 631381 has been merged into this issue.
,
Jul 27 2016
ClusterFuzz has detected this issue as fixed in range 407611:407721. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5263243627200512 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000001c8 Crash State: vertex_input_base_type_mask AttribsTypeMatch gpu::gles2::GLES2DecoderImpl::DoDrawArrays Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407140:407231 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407611:407721 Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Nxz_wNftvH7rHCtkVhKnGLLf_PWDNn6wtPBfMjVls-b_RD_d0xvqO8iRVzM2OpyW0efyuFjmSd5Rjbb4GlQHZQsqoo50cnLnUScwYduHcRaig8VrPyKKjYrN3N6FQZbuOp8gYd_LamtWqQ1VxGnDAk-R_xw?testcase_id=5263243627200512 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by piman@chromium.org
, Jul 22 2016Labels: -Type-Bug Type-Bug-Regression
Owner: yunchao...@intel.com