CHECK failure: false in gles2_cmd_decoder.cc |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6258507574411264 Fuzzer: libFuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false in gles2_cmd_decoder.cc gpu::gles2::GLES2DecoderImpl::DoFramebufferTextureMultiviewLayeredANGLE gpu::gles2::GLES2DecoderImpl::HandleFramebufferTextureMultiviewLayeredANGLE Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=579277:579279 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6258507574411264 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Aug 2
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/bb1ff6ae23813a01f053dbc64ccf032b8a4c4025 (Implement bindImageTexture for webgl2-compute). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Aug 3
The CHECK failure is not caused by my change. The reasons are as below: 1. Currently, webgl2-compute context is only enabled for passthrough command decoder. The context creation will fail if it's a validating command decoder(See https://chromium-review.googlesource.com/c/chromium/src/+/1149711). All APIs of webgl2-compute are also only supported for passthrough cmd decoder. But the crash happens in validating command decoder. So it's not possible that my change caused this failure. 2. The crash is due to reaching UNREACHABLE(). We can see that https://chromium.googlesource.com/chromium/src/+/c6f67d0719deef129f9d518a50cb8a24a247e1bc/gpu/command_buffer/service/gles2_cmd_decoder.cc#8329 has stated that 'This is only supported in passthrough command buffer'. But we reached here through validating cmd decoder. My change has nothing to do with this. Maybe the fixing should be return a gl error to indicate that 'this API is not supported in validating cmd decoder' instead of UNREACHABLE. Or get the 'ANGLE_multiview' extension failure if it's not passthrough cmd decoder. I think the possible regression changelist should be https://chromium.googlesource.com/chromium/src/+/ad806a38015518e7361ab70adc4696b2e45c449d
,
Aug 3
ClusterFuzz has detected this issue as fixed in range 579911:580305. Detailed report: https://clusterfuzz.com/testcase?key=6258507574411264 Fuzzer: libFuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false in gles2_cmd_decoder.cc gpu::gles2::GLES2DecoderImpl::DoFramebufferTextureMultiviewLayeredANGLE gpu::gles2::GLES2DecoderImpl::HandleFramebufferTextureMultiviewLayeredANGLE Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=579277:579279 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=579911:580305 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6258507574411264 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3
ClusterFuzz testcase 6258507574411264 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 3
I think this is an actual bug (though without real-world implications), not sure why it was auto-closed as fixed. Here's the fix: https://chromium-review.googlesource.com/c/chromium/src/+/1161901
,
Aug 7
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8fcf3c87f170b4ed12c94505209de0bf8a0cd94c commit 8fcf3c87f170b4ed12c94505209de0bf8a0cd94c Author: Olli Etuaho <oetuaho@nvidia.com> Date: Tue Aug 07 00:44:36 2018 Add missing multiview extension check The extension flag needs to be checked when multiview functions are called on the GPU command buffer service side. BUG= 870240 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel Change-Id: I372593c510154ab96fc7e2415c534a1fc46286e2 Reviewed-on: https://chromium-review.googlesource.com/1161901 Commit-Queue: Kenneth Russell <kbr@chromium.org> Reviewed-by: Kenneth Russell <kbr@chromium.org> Reviewed-by: Zhenyao Mo <zmo@chromium.org> Cr-Commit-Position: refs/heads/master@{#581066} [modify] https://crrev.com/8fcf3c87f170b4ed12c94505209de0bf8a0cd94c/gpu/command_buffer/build_gles2_cmd_buffer.py [modify] https://crrev.com/8fcf3c87f170b4ed12c94505209de0bf8a0cd94c/gpu/command_buffer/service/gles2_cmd_decoder_autogen.h [modify] https://crrev.com/8fcf3c87f170b4ed12c94505209de0bf8a0cd94c/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_handlers_autogen.cc
,
Aug 7
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Aug 2Labels: Test-Predator-Auto-Components