New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 837977 link

Starred by 1 user
Status: WontFix
Owner:
infe...@chromium.org
Closed: May 2018
Cc:
kbr@chromium.org
sugoi@chromium.org
piman@chromium.org
marc...@chromium.org
capn@chromium.org
senorblanco@chromium.org
dsinclair@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in swrast_dri.so

Project Member Reported by ClusterFuzz, Apr 29 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6272529648582656

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7ffd45184260
Crash State:
  swrast_dri.so
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=478717:478791

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6272529648582656

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Apr 29 2018

Labels: M-67
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 29 2018

Labels: Pri-1

Comment 3 by tsepez@chromium.org, May 2 2018

Cc: marc...@chromium.org senorblanco@chromium.org piman@chromium.org
Components: Internals>GPU>Internals
Owner: kbr@chromium.org
Status: Started (was: Untriaged)
Seems to be a crash in third_party/mesa.  Assigning to one of the OWNERS, cc'ing others.  kbr@ - sorry, not a lot to go on here.  Please take a look, re-assign as appropriate, or close out if not enough information. Thanks.

Comment 4 by piman@chromium.org, May 2 2018

Cc: kbr@chromium.org capn@chromium.org
Owner: infe...@chromium.org
Status: Assigned (was: Started)
It's not a crash in third_party/mesa, but a crash in the driver, which is also mesa, but a totally different version, configured entirely differently (using glx+dri+swrast rather than OSMesa), which would be installed on the VM on the bot.

I'm a little surprised though, we should be blacklisting software mesa and never use the driver... Aha --ignore-gpu-blacklist is passed to chrome on the bot. This is not a configuration we ship to users, so I don't think this is a security issue in the product.

Either way, is there a way to... not do that? E.g. use --use-gl=swiftshader which is a more maintainable config, and would find real bugs in SwiftShader instead.

Comment 5 by kbr@chromium.org, May 2 2018

Cc: sugoi@chromium.org
At this point we should be running Clusterfuzz against SwiftShader. SwiftShader is being used for layout tests on Linux, and there is no reason any more to be testing against the obsolete copy of Mesa currently in Chromium, which we hope to delete soon.

Comment 6 by jorgelo@chromium.org, May 3 2018

Labels: -Security_Impact-Stable -OS-Chrome Security_Impact-None OS-Linux
Project Member

Comment 7 by ClusterFuzz, May 3 2018

Labels: OS-Chrome
Project Member

Comment 8 by ClusterFuzz, May 7 2018

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6272529648582656 appears to be flaky, updating reproducibility label.
Project Member

Comment 9 by ClusterFuzz, May 21 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6272529648582656 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 10 by sheriffbot@chromium.org, Aug 27

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment