Suspected CL from regression range
https://chromium.googlesource.com/chromium/src/+/5b85620a5e701039630f96339a6d1b4ceb5b14f0
dongseong.hwang@, please take a look?.
Thank you

It's not that CL, and I don't think it's a regression
I can repro the crash but only when running with --use-gl=osmesa. The crash is in osmesa, which we don't use in production (only for tests - we don't even bundle it with Chrome). osmesa hasn't changed in forever, and indeed, the crash repros at both ends of the suspected revision range.

Unfortunately, I don't think it's a good idea to try to fuzz that osmesa version we have in the tree, we know it's not very stable, but realistically we can't spend much of our time fixing bugs there.

 Issue 704585  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 472480:472487.

Detailed report: https://clusterfuzz.com/testcase?key=5681955191652352

Fuzzer: inferno_twister
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference
Crash Address: 0x000000000018
Crash State:
  gpu::gles2::Shader::DoCompile
  gpu::gles2::GLES2DecoderImpl::DoGetShaderiv
  gpu::gles2::GLES2DecoderImpl::HandleGetShaderiv
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443258:443393
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=472480:472487

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5681955191652352


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.