New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 770413 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Null-dereference READ in draw_llvm_set_sampler_state

Project Member Reported by ClusterFuzz, Sep 29 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4945616211017728

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  draw_llvm_set_sampler_state
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=370940:371042

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4945616211017728

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.
Thank You.
Components: Blink>WebGL
Labels: -CF-NeedsTriage M-62
Owner: zmo@chromium.org
Status: Assigned (was: Untriaged)
As per regression range in the CF report (https://chromium.googlesource.com/chromium/src/+log/f0c88d2d5e63301459685e84f724da4163b32c4d..afd49a83be5da2df6667a2afd14239d7783aff52?pretty=fuller&n=10000),
zmo@ can you please look into this change (https://chromium.googlesource.com/chromium/src/+/fe1d15895c2a026b2ef682652e10b5c2298bafb6) if possible?

Thank you!

Comment 3 by kbr@chromium.org, Oct 3 2017

Cc: sugoi@chromium.org capn@chromium.org
Components: Internals>GPU>SwiftShader
One point: the crash is inside Mesa's Gallium implementation and at this point we should switch over all Linux tests to use SwiftShader instead of Mesa. What needs to be done to make this switch happen on this test harness and configuration?

Comment 4 by zmo@chromium.org, Nov 15 2017

Cc: marc...@chromium.org
Labels: -Pri-1 Pri-2
The crash came from libgallium.so. It looks like the mesa driver issue might be it's not handling sampling from default cubemap texture correctly.

Stephane: is it a bug still existing in the latest Mesa? If yes, I can add a test to the WebGL conformance suite.

Reduce to P2 since it's third_party driver issue.
This is a bug in mesa, IIUC this is fixed upstream:
https://cgit.freedesktop.org/mesa/mesa/commit/?id=637240d824051b8b99f35c165cabe31106612f2a

It's not really related to cubemaps, but instead related to sampler sharing. IIRC will happen with pretty much any webgl app.

Comment 6 by zmo@chromium.org, Nov 15 2017

So which version of Mesa will have this fix?

Since this is easy to trigger, should we blacklist any Mesa without the fix?
Project Member

Comment 7 by ClusterFuzz, Mar 1 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 4945616211017728 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Status: Assigned (was: WontFix)
I don't know why clusterfuzz says it no longer crashes; maybe it took a mesa upgrade or something.

Even so, we still need to decide whether it's worth it or not to blacklist earlier mesa versions.

Sign in to add a comment