New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 661868 link

Starred by 1 user
Status: Verified
Owner:
piman@chromium.org
Closed: Nov 2016
Cc:
kbr@chromium.org
kainino@chromium.org
msrchandra@chromium.org
zmo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in base::debug::DebugBreak

Project Member Reported by ClusterFuzz, Nov 3 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5585924693164032

Fuzzer: libfuzzer_gpu_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900000261
Crash State:
  base::debug::DebugBreak
  gpu::gles2::GLES2DecoderImpl::ValidateUniformBlockBackings
  gpu::gles2::GLES2DecoderImpl::DoDrawArrays
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=429354:429425

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97VFpua9HtFxNiH0Hfesz3oQ5Oqef-6r-ZtVjd_KDFFNaHocMz-uGp1hNzywT8g8qO5PqiVGB4ZHBazQ4e7l6KOd2fGoq5JXBHyO0v6TMhJ4gZ2lmoO1EuVhkscOqDVvMRlDhNI52X12fqVvsyg0HTUQL7Lew?testcase_id=5585924693164032

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Nov 3 2016

Cc: msrchandra@chromium.org
Components: Internals>GPU
Labels: Findit-for-crash Test-Predator-Correct
Owner: zmo@chromium.org
Status: Assigned (was: Untriaged)
Using find it assigning to the concern owner,
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: zmo
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/cc9875e20a39ec849cb15916821945f510f6a623
Time: Wed Nov 02 22:14:30 2016
Lines 8702-8706, 9832-9835 of file gles2_cmd_decoder.cc which potentially caused crash are changed in this cl (frame #5, "gpu::gles2::GLES2DecoderImpl::ValidateUniformBlockBackings"; frame #6, "gpu::gles2::GLES2DecoderImpl::DoDrawArrays").
Minimum distance from crash line to modified line: 0. (file: gles2_cmd_decoder.cc, crashed on: 8704, modified: 8704).

Suspected Project: chromium
Suspected Component: Internals>GPU>Internals

@zmo -- Could you please look into the issue, Kindly help to re-assign, if your changes are not cause for this issue.
Thank You.

Comment 2 by msrchandra@chromium.org, Nov 3 2016

Labels: -Test-Predator-Correct Test-Predator-Correct-CLs

Comment 3 by piman@chromium.org, Nov 3 2016

Cc: zmo@chromium.org
 Issue 661874  has been merged into this issue.

Comment 4 by piman@chromium.org, Nov 3 2016 

[1102/181753:FATAL:gles2_cmd_decoder.cc(8703)] Check failed: state_.current_program.get().
#0 0x00000046c271 __interceptor_backtrace
#1 0x7fae98a3e06a base::debug::StackTrace::StackTrace()
#2 0x7fae98be5013 logging::LogMessage::~LogMessage()
#3 0x7fae99b7eb74 gpu::gles2::GLES2DecoderImpl::ValidateUniformBlockBackings()
#4 0x7fae99b9b347 gpu::gles2::GLES2DecoderImpl::DoDrawArrays()
#5 0x7fae99a57e8b gpu::gles2::GLES2DecoderImpl::HandleDrawArrays()
#6 0x7fae99c15a25 gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<>()
#7 0x7fae99b43d61 gpu::gles2::GLES2DecoderImpl::DoCommands()
#8 0x7fae998fbadb gpu::CommandParser::ProcessCommands()
#9 0x7fae999080e8 gpu::CommandExecutor::PutChanged()
#10 0x0000004fba4a gpu::(anonymous namespace)::CommandBufferSetup::PumpCommands()
#11 0x0000004fd83b _ZN4base8internal13FunctorTraitsIMN3gpu12_GLOBAL__N_118CommandBufferSetupEFvvEvE6InvokeIPS4_JEEEvS6_OT_DpOT0_
#12 0x0000004fd3ee _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3gpu12_GLOBAL__N_118CommandBufferSetupEFvvEJPS6_EEEvOT_DpOT0_
#13 0x0000004fd16a _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu12_GLOBAL__N_118CommandBufferSetupEFvvEJNS0_17UnretainedWrapperIS5_EEEEEFvvEE7RunImplIRKS7_RKNSt3__15tupleIJS9_EEEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#14 0x0000004fcf45 _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu12_GLOBAL__N_118CommandBufferSetupEFvvEJNS0_17UnretainedWrapperIS5_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#15 0x7fae9990486f base::internal::RunMixin<>::Run()
#16 0x7fae998ff5f9 gpu::CommandBufferService::Flush()
#17 0x0000004f62eb gpu::(anonymous namespace)::CommandBufferSetup::RunCommandBuffer()
#18 0x0000004f5ab4 LLVMFuzzerTestOneInput
#19 0x00000056f1c9 fuzzer::Fuzzer::ExecuteCallback()
#20 0x00000056fe0a fuzzer::Fuzzer::RunOne()
#21 0x00000050dc6f fuzzer::RunOneTest()
#22 0x000000514d6c fuzzer::FuzzerDriver()
#23 0x000000598fbf main
#24 0x7fae8e76fec5 __libc_start_main
#25 0x000000420a65 <unknown>

Comment 5 by piman@chromium.org, Nov 3 2016

Cc: kbr@chromium.org kainino@chromium.org

Comment 6 by zmo@chromium.org, Nov 3 2016

Status: Started (was: Assigned)

Comment 7 by piman@chromium.org, Nov 3 2016 

https://codereview.chromium.org/2475793002 should fix this.

Comment 8 by zmo@chromium.org, Nov 3 2016

Owner: piman@chromium.org
piman already uploaded a CL.
Project Member

Comment 9 by bugdroid1@chromium.org, Nov 4 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9dd9a266280b4f58cbe708e6d123db3dbccc1e46

commit 9dd9a266280b4f58cbe708e6d123db3dbccc1e46
Author: piman <piman@chromium.org>
Date: Fri Nov 04 00:50:07 2016

Fix crash when drawing without a program

BUG= 661868 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2475793002
Cr-Commit-Position: refs/heads/master@{#429743}

[modify] https://crrev.com/9dd9a266280b4f58cbe708e6d123db3dbccc1e46/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/9dd9a266280b4f58cbe708e6d123db3dbccc1e46/gpu/command_buffer/service/gles2_cmd_decoder_unittest_drawing.cc
Project Member

Comment 10 by ClusterFuzz, Nov 4 2016 

ClusterFuzz has detected this issue as fixed in range 429695:429743.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5585924693164032

Fuzzer: libfuzzer_gpu_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900000261
Crash State:
  base::debug::DebugBreak
  gpu::gles2::GLES2DecoderImpl::ValidateUniformBlockBackings
  gpu::gles2::GLES2DecoderImpl::DoDrawArrays
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=429354:429425
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=429695:429743

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97VFpua9HtFxNiH0Hfesz3oQ5Oqef-6r-ZtVjd_KDFFNaHocMz-uGp1hNzywT8g8qO5PqiVGB4ZHBazQ4e7l6KOd2fGoq5JXBHyO0v6TMhJ4gZ2lmoO1EuVhkscOqDVvMRlDhNI52X12fqVvsyg0HTUQL7Lew?testcase_id=5585924693164032

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 11 by ClusterFuzz, Nov 4 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 12 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment