New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 827883 link

Starred by 2 users
Status: Assigned
Owner:
brajkumar@chromium.org
Last visit > 30 days ago
Cc:
penghuang@chromium.org
ifratric@google.com
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Abrt in gpu::PassThroughImageTransportSurface::SwapBuffers

Project Member Reported by ClusterFuzz, Apr 1 2018 
Detailed report: https://clusterfuzz.com/testcase?key=4545725808246784

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900007bbd
Crash State:
  gpu::PassThroughImageTransportSurface::SwapBuffers
  gpu::gles2::GLES2DecoderImpl::DoSwapBuffers
  gpu::gles2::GLES2DecoderImpl::HandleSwapBuffers
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4545725808246784

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by brajkumar@chromium.org, Apr 2 2018

Cc: brajkumar@chromium.org
Components: Internals>GPU
Labels: M-66 Test-Predator-Wrong
Owner: penghuang@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "pass_through_image_transport_surface.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/6bf92778c48f4041a2e21c29c89bfc4683e9d34d%5E%21/gpu/ipc/service/pass_through_image_transport_surface.cc

penghuang@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by penghuang@chromium.org, Apr 3 2018 

That CL just adds a callback argument. The callback is not called in that method. I don't think it causes this issue. I also found some other crashes in the log. Is it related to this issue?



AddressSanitizer:DEADLYSIGNAL
=================================================================
==31641==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f6ca3b3a431 bp 0x7ffd08106170 sp 0x7ffd08106070 T0)
==31641==The signal is caused by a WRITE memory access.
==31641==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
#0 0x7f6ca3b3a430 in sw::FrameBufferX11::~FrameBufferX11() third_party/swiftshader/src/Main/FrameBufferX11.cpp:100:18
#1 0x7f6ca71f3262 in egl::WindowSurface::swap() third_party/swiftshader/src/OpenGL/libEGL/Surface.cpp:264:3
[31677:31677:0100/000000.373260:FATAL:FontCache.cpp(382)] Check failed: false.
#0 0x7f20ba304fa1 <unknown>
#1 0x7f20c1b0921e <unknown>
#2 0x7f20c1b69953 <unknown>
#3 0x7f20cbb58a79 <unknown>

Comment 3 by penghuang@chromium.org, Sep 10

Cc: penghuang@chromium.org
Owner: brajkumar@chromium.org
Is this problem still happening?

Sign in to add a comment