ASSERT: eglInitialize(cookie.display, NULL, NULL) |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5409626817036288 Fuzzer: libFuzzer_chromeos_virgl_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: eglInitialize(cookie.display, NULL, NULL) virgl_fuzzer.c Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=2790753:2791191 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5409626817036288 Issue filed automatically. See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for more information.
,
Jul 28
,
Jul 28
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
,
Jul 29
,
Jul 30
Stack trace for convenience: virgl_fuzzer: virgl_fuzzer.c:125: int initialize_environment(): Assertion `eglInitialize(cookie.display, NULL, NULL)' failed. AddressSanitizer:DEADLYSIGNAL ================================================================= ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7ff937e7cdd2 bp 0x7ffe2933e390 sp 0x7ffe2933e268 T0) SCARINESS: 10 (signal) #0 0x7ff937e7cdd1 in gsignal #1 0x7ff937e75d64 in libc.so.6 #2 0x7ff937e75e12 in __assert_fail #3 0x55e331d63bba in initialize_environment /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180727-r1/work/virglrenderer-9c420d224d86215d408dff8dea599ed9414a24d6/tests/fuzzer/virgl_fuzzer.c:125:7 #4 0x55e331d63bba in LLVMFuzzerTestOneInput /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180727-r1/work/virglrenderer-9c420d224d86215d408dff8dea599ed9414a24d6/tests/fuzzer/virgl_fuzzer.c:168 #5 0x55e331c6ea4c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) #6 0x55e331c5f426 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) #7 0x55e331c652cc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) #8 0x55e331c8fc82 in main #9 0x7ff937e69735 in __libc_start_main #10 0x55e331c5e9e8 in _start Failure to initialize EGL -> fuzzer init / infra problem and not a security issue. Relabeling appropriately.
,
Jul 30
This error is because surfaceless still expects the DRM device nodes which aren't available in the minijail'd clusterfuzz. Changes to address this are currently blocked on mesa upstream. I've posted ebuild patch that would get us blocked in the interim while continuing to work with upstream to get the patches in: https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/1153992
,
Jul 30
,
Jul 30
,
Aug 1
Fixed from change in c#7.
,
Aug 2
ClusterFuzz has detected this issue as fixed in range 2801419:2801745. Detailed report: https://clusterfuzz.com/testcase?key=5409626817036288 Fuzzer: libFuzzer_chromeos_virgl_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: eglInitialize(cookie.display, NULL, NULL) virgl_fuzzer.c Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=2790753:2791191 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=2801419:2801745 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5409626817036288 See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 2
ClusterFuzz testcase 5409626817036288 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Jul 28Labels: ClusterFuzz-Auto-CC