Testcase 5987559716159488 is a top crash on ClusterFuzz for linux platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is causing startup crashes. started appearing on ClusterFuzz yesterday/today.
Nicolas, can you take a look.

AddressSanitizer:DEADLYSIGNAL
=================================================================
==2343==ERROR: AddressSanitizer: SEGV on unknown address 0x000000001548 (pc 0x7fcae1e30999 bp 0x7fff328cd7d0 sp 0x7fff328ccf78 T0)
==2343==The signal is caused by a READ memory access.
SCARINESS: 20 (wild-addr-read)
#0 0x7fcae1e30998 in memcpy-ssse3-back.S:130 /build/eglibc-SvCtMH/eglibc-2.19/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:130
#1 0x7fcadab61349 in sw::Surface::genericUpdate(sw::Surface::Buffer&, sw::Surface::Buffer&) third_party/swiftshader/src/Renderer/Surface.cpp:1899:6
#2 0x7fcadab4f6f5 in sw::Surface::lockInternal(int, int, int, sw::Lock, sw::Accessor) third_party/swiftshader/src/Renderer/Surface.cpp:1434:5

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x153998)
==2343==ABORTING

This is a recent regression, started appearing on ClusterFuzz yesterday/today.
Nicolas, can you take a look.

This is also the reason for good-to-all build ratio low on vi/clusterfuzz.

I don't think this is P0 (Emergency). SwiftShader is only used as a WebGL fallback on user systems, and for headless mode with OpenGL support on our servers. This isn't WebGL content and thus it's not affecting users directly.

This appears to be a Skia fuzzer? Can we CC the owners of it to clarify how it's using SwiftShader? I wasn't able to find the source for it...

At first glance the crash appears to be due to an out-of-memory situation. We can't do much about that, and crashing the GPU process has been deemed acceptable behavior before. Note that GPU drivers might crash in this situation as well.

What's vi/clusterfuzz ?

Ignore c#5, that was for ClusterFuzz sheriff.

Regardaring C#4, we are seeing on just plain builds as well, when Chrome launches. So, even though this report on inferno_flicker fuzzer, it also happens on just launching Chrome. Since this is ClusterFuzz regression and blocks regular fuzzing, it is still Pri=0.

Thanks for clarifying that. I don't understand how SwiftShader could be used during Chrome launch though.

zmo@, piman@, do you know of any changes that would cause SwiftShader to be used in more cases (and make it crash badly)?

--use-gl=swiftshader is passed explicitly on the command line.

inferno@, just to be clear, when you say "just launching Chrome" do you mean all Chrome Linux builds crash on startup, and users would be affected if this went to Beta, or it's only affecting ClusterFuzz runs due to --use-gl=swiftshader being passed in?

I'll try to bisect this when I get my Linux workstation back in working order.

We were noticing this reliably in atleast one linux asan config, not all. I don't understand why other configs are not impacted. maybe something is enabled with media codecs build.

ffmpeg_branding = "ChromeOS"
is_asan = true
is_component_build = false
is_debug = false
is_lsan = true
sanitizer_coverage_flags = "trace-pc-guard"
strip_absolute_paths_from_debug_symbols = true
target_os = "chromeos"
v8_enable_verify_heap = true

with command line args
--user-data-dir=/mnt/scratch0/tmp/user_profile_0 --js-flags="--expose-gc --verify-heap" --no-first-run --use-gl=swiftshader --disable-in-process-stack-traces

ClusterFuzz has detected this issue as fixed in range 525321:525392.

Detailed report: https://clusterfuzz.com/testcase?key=5987559716159488

Fuzzer: inferno_flicker
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000001548
Crash State:
  sw::Surface::genericUpdate
  sw::Surface::lockInternal
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=525192:525225
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=525321:525392

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5987559716159488

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5987559716159488 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot