New issue
Advanced search Search tips

Issue 855249 link

Starred by 1 user
Status: Untriaged
Owner: ----
Cc:
pwang@chromium.org
davidri...@chromium.org
gurcheta...@chromium.org
za...@chromium.org
ddavenp...@chromium.org
ihf@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

virglrenderer vrend_set_sample_mask fuzzer errors

Project Member Reported by pwang@chromium.org, Jun 21 2018 
INFO: Seed: 2592169644
INFO: Loaded 1 modules   (18 inline 8-bit counters): 18 [0x5632c5a1d3d5, 0x5632c5a1d3e7),
INFO: Loaded 1 PC tables (18 PCs): 18 [0x5632c5a1d3e8,0x5632c5a1d508),
INFO: 17 Clang Coverage Counters
/build/amd64-generic/usr/libexec/fuzzers/virgl_fuzzer: Running 1 inputs 1 time(s) each.
Running: test2.output
==228048== ERROR: libFuzzer: deadly signal
    #0 0x5632c59aa157 in __sanitizer_print_stack_trace (/build/amd64-generic/usr/libexec/fuzzers/virgl_fuzzer+0xfd157)
    #1 0x5632c58d89e5 in fuzzer::Fuzzer::CrashCallback() (/build/amd64-generic/usr/libexec/fuzzers/virgl_fuzzer+0x2b9e5)
    #2 0x5632c58d899f in fuzzer::Fuzzer::StaticCrashSignalCallback() (/build/amd64-generic/usr/libexec/fuzzers/virgl_fuzzer+0x2b99f)
    #3 0x7f84380e6e7f  (/lib64/libpthread.so.0+0x10e7f)
    #4 0x7f8437956cf1 in gsignal (/lib64/libc.so.6+0x33cf1)
    #5 0x7f8437958a29 in abort (/lib64/libc.so.6+0x35a29)
    #6 0x7f8438375144 in gl_provider_resolver /build/amd64-generic/tmp/portage/media-libs/libepoxy-1.4.0/work/libepoxy-1.4.0-abi_x86_64.amd64/src/gl_generated_dispatch.c:72518:5

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
Instrumentation level: Front-end
Total functions: 0
Maximum function count: 0
Maximum internal block count: 0

gdb backtrace.
#0  0x00007ffff7077dd2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff7079bf6 in __GI_abort () at abort.c:89
#2  0x00007ffff7a9b145 in gl_provider_resolver (name=<optimized out>, providers=<optimized out>, entrypoints=<optimized out>) at gl_generated_dispatch.c:72518
#3  0x00007ffff7a88c56 in epoxy_glSampleMaski_resolver () at gl_generated_dispatch.c:98269
#4  epoxy_glSampleMaski_global_rewrite_ptr (maskNumber=0, mask=173735936) at gl_generated_dispatch.c:47018
#5  0x00007ffff7e3ef34 in vrend_set_sample_mask (ctx=0x60f0000251b0, sample_mask=173735936) at vrend_renderer.c:5996
#6  0x00007ffff7e6ebaa in vrend_decode_set_sample_mask (ctx=0x60300002d370, length=1) at vrend_decode.c:865
#7  0x00007ffff7e6c5ee in vrend_decode_block (ctx_id=1, block=0x6020000000b0, ndw=2) at vrend_decode.c:1269
#8  0x00007ffff7e29576 in virgl_renderer_submit_cmd (buffer=0x6020000000b0, ctx_id=1, ndw=2) at virglrenderer.c:100
#9  0x000055555567587a in LLVMFuzzerTestOneInput (data=0x6020000000b0 "\030\314\001", size=8) at virgl_fuzzer.c:159
#10 0x0000555555580c7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) ()
#11 0x0000555555571607 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) ()
#12 0x00005555555774ad in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) ()
#13 0x00005555555a1db3 in main ()

Sign in to add a comment