This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Bulk edit: removing sigbus crashes from the security queue.

From the regression range , this looks like an old issue. 

Possible suspect: https://chromium.googlesource.com/chromium/src/+/db4fdf181e7064a8c7ab45aa29e19f3d07c56eb7

Adding respective component.

trying to see report...

I don't see any indicators that this is Skia.. perhaps someone on GPU more familiar with these command buffer calls might see something. will stay on cc but removing component for now.

[Guessing this should be "bug", not "bus"]

Need to be owner of bug to look at clusterfuzz report.

Nothing stands out in the regression range. The test case is mostly a WebGL canvas.

Also adding some stack tracing to provide more information:
#3 0x7fff89222028 in _dispatch_client_callout2
#4 0x7fff892268c0 in _dispatch_apply_serial
#5 0x7fff8921040a in _dispatch_client_callout
#6 0x7fff892215a3 in _dispatch_sync_f_invoke
#7 0x7fff89221c4b in dispatch_apply_f
#8 0x7fff8d05641d in glgProcessPixelsWithProcessor
#9 0x7fff83bc7b02 in gldDoScalingBlit
#10 0x7fff83bc556b in gldBlitFramebufferData
#11 0x7fff90432a0a in gleBlitFramebuffer
#12 0x7fff9037010a in glBlitFramebufferEXT_Exec
#13 0x7fff8ba2805c in glBlitFramebuffer
#14 0x10ee0046d in gl::GLApiBase::glBlitFramebufferFn(int, int, int, int, int, int, int, int, unsigned int, unsigned int) ui/gl/gl_bindings_autogen_gl.cc:2627:3
#15 0x1103dd3f7 in gpu::gles2::GLES2DecoderImpl::DoBlitFramebufferCHROMIUM(int, int, int, int, int, int, int, int, unsigned int, unsigned int) gpu/command_buffer/service/gles2_cmd_decoder.cc:8327:5
#16 0x11036c86f in gpu::gles2::GLES2DecoderImpl::HandleBlitFramebufferCHROMIUM(unsigned int, void const volatile*) gpu/command_buffer/service/gles2_cmd_decoder_autogen.h:4135:3
#17 0x1103c180e in gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>(unsigned int, void const volatile*, int, int*) gpu/command_buffer/service/gles2_cmd_decoder.cc:5276:18

 Issue 729337  has been merged into this issue.

This is a bug in Apple's OpenGL driver in BlitFramebuffer / glBlitFramebuffer. If the values passed are too large then this can happen. zmo@ investigated this and we were considering generating GL_INVALID_OPERATION instead even though this might not be spec compliant.

It's not a regression. It's also not a P1. There are plenty of ways the GPU process can be crashed (like via out-of-memory). Downgrading and marking Available.

ClusterFuzz testcase 5304417640513536 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz testcase 6495326642110464 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

ClusterFuzz testcase 6495326642110464 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 830312  has been merged into this issue.