CHECK failure: glGetError() == GL_NO_ERROR in gles2_cmd_decoder.cc |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5371480029003776 Fuzzer: libFuzzer_gpu_swiftshader_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: glGetError() == GL_NO_ERROR in gles2_cmd_decoder.cc gpu::gles2::GLES2DecoderImpl::ClearLevel gpu::gles2::Texture::ClearLevel Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=539219:539239 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5371480029003776 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Mar 21 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/27a33c6510b49dda52c27035e4b580738b653a0f (Remove gpu workaround code that no config specifies). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 21 2018
I'm unable to repro this on Linux at either ToT or at the revision specified. If that bisect is correct, it's almost certainly related to my change (given other unrelated changes), but it's hard to track down without a local repro.
,
Mar 21 2018
Note that ClusterFuzz runs without GPU so when trying to repro locally you'll probably have to run this with --disable-gpu. Invoking the test over SSH or Chrome Remote Desktop should also do the trick.
,
Mar 21 2018
Yeah, this does not repro for me with --disable-gpu or via ssh either.
,
Apr 2 2018
The reason this is finding my patch seems similar to https://bugs.chromium.org/p/chromium/issues/detail?id=825545#c8. Reassigning.
,
Apr 10 2018
According to crbug.com/801648#c20 , MSAN is broken on Rodete, and I suspect ASAN is also troubled.
,
Apr 10 2018
Reproduces when I manually run the fuzzer executable against the testcase.
,
Apr 10 2018
There a GL_INVALID_VALUE that gets generated by the glBlitFramebuffer() call in GLES2DecoderImpl::DoBlitFramebufferCHROMIUM() because the 'mask' parameter is 0xFFF80000. This is OpenGL ES 3.0 spec compliant: "If mask contains any bits other than COLOR_BUFFER_BIT, DEPTH_BUFFER_BIT, or STENCIL_BUFFER_BIT, then the error INVALID_VALUE is generated." The error doesn't get detected until much later, in DoGenerateMipmap > ClearTextureLevel > ClearLevel. Validating 'mask' in DoBlitFramebufferCHROMIUM() before the glBlitFramebuffer() call should fix this. Mo, could you take care of that?
,
May 17 2018
ClusterFuzz has detected this issue as fixed in range 559059:559067. Detailed report: https://clusterfuzz.com/testcase?key=5371480029003776 Fuzzer: libFuzzer_gpu_swiftshader_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: glGetError() == GL_NO_ERROR in gles2_cmd_decoder.cc gpu::gles2::GLES2DecoderImpl::ClearLevel gpu::gles2::Texture::ClearLevel Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=539219:539239 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=559059:559067 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5371480029003776 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 17 2018
ClusterFuzz testcase 5371480029003776 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Mar 21 2018Labels: Test-Predator-Auto-Components