New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 729337 link

Starred by 2 users
Status: Duplicate
Merged: issue 727582
Owner: ----
Closed: Jun 2017
Cc:
sadrul@chromium.org
ranjitkan@chromium.org
jmad...@chromium.org
mac-bugs-priority@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Bus in storeColor

Project Member Reported by ClusterFuzz, Jun 3 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6495326642110464

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Bus
Crash Address: 0x602000190000
Crash State:
  storeColor
  glgProcessColor
  __glgProcessPixelsWithProcessor_block_invoke
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458746:463137

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6495326642110464


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, Jun 8 2017

Cc: ranjitkan@chromium.org
Labels: M-61 Test-Predator-Correct-CLs
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: capn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c13a0740ec6fc445376f3c18c987e60a08aec306
Time: Wed Mar 22 16:51:22 2017
File gles2_cmd_decoder.cc is changed in this cl (and is part of stack frame #15, "gpu::gles2::GLES2DecoderImpl::DoBlitFramebufferCHROMIUM"; frame #17, "gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl")
Minimum distance from crash line to modified line: 35. (file: gles2_cmd_decoder.cc, crashed on: 8332, modified: 8367).

@capn: Assigning to you, kindly take a look into it. Please help us to find an owner if not with respect to your change.

Thanks.!

Comment 2 by capn@chromium.org, Jun 8 2017

Cc: sadrul@chromium.org jmad...@chromium.org
Owner: ----
Status: Available (was: Assigned)
This looks like a crash in the Mac OpenGL driver to me. My change causes Chrome to use the GL_ANGLE_framebuffer_multisample extension if the driver supports it, when we're running with either ANGLE or SwiftShader. But we're not using either on Mac at the moment, and it doesn't look like any Mac drivers support this ANGLE extension (http://opengl.gpuinfo.org/gl_listreports.php?listreportsbyextension=GL_ANGLE_framebuffer_multisample). Also, we'd see a call to glBlitFramebufferANGLE() instead of glBlitFramebuffer() on the crash stack (unless they remapped the entry function).

CC'ing Jamie who works on ANGLE, and Sadrul for another GPU related change in the regression range, to also take a look.

Comment 3 by kbr@chromium.org, Jun 16 2017

Mergedinto: 727582
Status: Duplicate (was: Available)
This is the same report as  Issue 727582 .
Project Member

Comment 4 by ClusterFuzz, Mar 21 2018 

ClusterFuzz has detected this issue as fixed in range 544435:544631.

Detailed report: https://clusterfuzz.com/testcase?key=6495326642110464

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Bus
Crash Address: 0x602000170000
Crash State:
  storeColor
  glgProcessColor
  __glgProcessPixelsWithProcessor_block_invoke
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458746:463137
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=544435:544631

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6495326642110464

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment