New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 770413 link

Starred by 2 users
Status: Assigned
Owner:
zmo@chromium.org
Cc:
sugoi@chromium.org
marc...@chromium.org
capn@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Null-dereference READ in draw_llvm_set_sampler_state

Project Member Reported by ClusterFuzz, Sep 29 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4945616211017728

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  draw_llvm_set_sampler_state
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=370940:371042

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4945616211017728

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by pnangunoori@chromium.org, Oct 3 2017

Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.
Thank You.

Comment 2 by manoranj...@chromium.org, Oct 3 2017

Components: Blink>WebGL
Labels: -CF-NeedsTriage M-62
Owner: zmo@chromium.org
Status: Assigned (was: Untriaged)
As per regression range in the CF report (https://chromium.googlesource.com/chromium/src/+log/f0c88d2d5e63301459685e84f724da4163b32c4d..afd49a83be5da2df6667a2afd14239d7783aff52?pretty=fuller&n=10000),
zmo@ can you please look into this change (https://chromium.googlesource.com/chromium/src/+/fe1d15895c2a026b2ef682652e10b5c2298bafb6) if possible?

Thank you!

Comment 3 by kbr@chromium.org, Oct 3 2017

Cc: sugoi@chromium.org capn@chromium.org
Components: Internals>GPU>SwiftShader
One point: the crash is inside Mesa's Gallium implementation and at this point we should switch over all Linux tests to use SwiftShader instead of Mesa. What needs to be done to make this switch happen on this test harness and configuration?

Comment 4 by zmo@chromium.org, Nov 15 2017

Cc: marc...@chromium.org
Labels: -Pri-1 Pri-2
The crash came from libgallium.so. It looks like the mesa driver issue might be it's not handling sampling from default cubemap texture correctly.

Stephane: is it a bug still existing in the latest Mesa? If yes, I can add a test to the WebGL conformance suite.

Reduce to P2 since it's third_party driver issue.

Comment 5 by marc...@chromium.org, Nov 15 2017 

This is a bug in mesa, IIUC this is fixed upstream:
https://cgit.freedesktop.org/mesa/mesa/commit/?id=637240d824051b8b99f35c165cabe31106612f2a

It's not really related to cubemaps, but instead related to sampler sharing. IIRC will happen with pretty much any webgl app.

Comment 6 by zmo@chromium.org, Nov 15 2017 

So which version of Mesa will have this fix?

Since this is easy to trigger, should we blacklist any Mesa without the fix?
Project Member

Comment 7 by ClusterFuzz, Mar 1 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 4945616211017728 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 8 by kainino@chromium.org, Mar 1 2018

Status: Assigned (was: WontFix)
I don't know why clusterfuzz says it no longer crashes; maybe it took a mesa upgrade or something.

Even so, we still need to decide whether it's worth it or not to blacklist earlier mesa versions.

Sign in to add a comment