New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 778935 link

Starred by 2 users
Status: WontFix
Owner:
capn@chromium.org
Closed: Dec 2017
Cc:
kbr@chromium.org
nicolasc...@google.com
sugoi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

SwiftShader lockInternal triggers exception in KERNELBASE.dll

Project Member Reported by ClusterFuzz, Oct 27 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5800526196506624

Fuzzer: inferno_twister
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Unknown exception
Crash Address: 0x0103ca50
Crash State:
  C:\windows\SYSTEM32\KERNELBASE.dll
  sw::allocate
  sw::Surface::lockInternal
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=480776:480824

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5800526196506624

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Oct 27 2017

Labels: M-62
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 27 2017

Labels: Pri-1

Comment 3 by elawrence@chromium.org, Oct 29 2017

Components: Internals>GPU>SwiftShader
Summary: SwiftShader lockInternal triggers exception in KERNELBASE.dll (was: Unknown exception in C:\windows\SYSTEM32\KERNELBASE.dll)

Comment 4 by palmer@chromium.org, Oct 31 2017

Cc: kbr@chromium.org sugoi@chromium.org nicolasc...@google.com
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
That stack trace looks a bit weird. Allocation failure due to OOM, or weird arguments...?

Comment 5 by sugoi@chromium.org, Oct 31 2017

Status: WontFix (was: Assigned)
This is attempting to allocate 8192*8192 32F textures in a 32 bit executable and is quickly running out of memory, as expected. Closing as Wont Fix.

Comment 6 by capn@chromium.org, Oct 31 2017

Labels: -Type-Bug-Security -Pri-1 -Restrict-View-SecurityTeam -Security_Severity-High Security_Severity-Low Pri-3 Type-Bug
Status: Assigned (was: WontFix)
Note that the -rss_limit_mb command line option can be used to control the memory limit used by libFuzzer (defaults to 2 GiB). It's not clear currently why this OOM causes an exception in KERNELBASE.dll instead getting a "ERROR: libFuzzer: out-of-memory" message from exceeding rss_limit_mb.

It's possibly caused by memory fragmentation; i.e. we're well below the 2 GiB threshold but there are no more contiguous 256 MiB memory blocks. Lowering rss_limit_mb to 1 GiB might help. GPUs with 1 GiB of RAM are still very common, so this should be reasonable.

Comment 7 by sugoi@chromium.org, Oct 31 2017 

Wouldn't changing the limit simply hide the issue or make it happen less frequently?

Comment 8 by capn@chromium.org, Oct 31 2017 

I think it would just make it clearer that we're dealing with an OOM. ClusterFuzz still reports them as bugs, but only one at a time.

Comment 9 by capn@chromium.org, Nov 9 2017 

 Issue 778937  has been merged into this issue.
Project Member

Comment 10 by ClusterFuzz, Dec 13 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5800526196506624 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment