New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 861603 link

Starred by 1 user
Status: WontFix
Owner:
capn@chromium.org
Closed: Dec 1
Cc:
chrisforbes@google.com
nicolasc...@google.com
cwallez@google.com
shannonwoods@google.com
kkaluri@chromium.org
capn@chromium.org
sugoi@google.com
sugoi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 3
Type: Bug



Sign in to add a comment

ASSERT: false

Project Member Reported by ClusterFuzz, Jul 8 
Detailed report: https://clusterfuzz.com/testcase?key=6584021937815552

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  false
  sw::Surface::isFloatFormat
  hasFloatTexture
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=521495:521545

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6584021937815552

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Jul 8

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jul 8

Cc: nicolasc...@google.com sugoi@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by kkaluri@chromium.org, Jul 10

Cc: kkaluri@chromium.org
Labels: M-68
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
Since it is related to SwiftShader component, assigning it to capn@ for further triage.

Comment 4 by capn@chromium.org, Jul 16

Labels: -Pri-1 OS-Windows Pri-3
This is caused by a sampler register index being out of range. This can't actually happen in Chrome because we validate them at draw time when applying the state. The fuzzer takes a shortcut and doesn't actually draw anything.

So this is benign, but we should probably have a fail-safe at either the shader ASM generation or Reactor routine generation (or both). Anyway, this is all going to change when we switch to using the glslang compiler, so it's not a priority.
Project Member

Comment 5 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6584021937815552 appears to be flaky, updating reproducibility label.
Project Member

Comment 6 by ClusterFuzz, Dec 1

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6584021937815552 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 7 by kkaluri@chromium.org, Dec 4

Cc: shannonwoods@google.com cwallez@google.com capn@chromium.org chrisforbes@google.com
 Issue 910893  has been merged into this issue.
Project Member

Comment 8 by ClusterFuzz, Dec 8

Labels: Needs-Feedback
ClusterFuzz testcase 6350084528406528 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 9 by nicolasc...@google.com, Dec 8

Labels: ClusterFuzz-Ignore

Sign in to add a comment