New issue
Advanced search Search tips

Issue 883217 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Sep 23
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: shader->id_ != PaintShader::kInvalidRecordShaderId in paint_op_writer.cc

Project Member Reported by ClusterFuzz, Sep 12

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6297576834596864

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  shader->id_ != PaintShader::kInvalidRecordShaderId in paint_op_writer.cc
  cc::PaintOpWriter::Write
  cc::PaintOpWriter::Write
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=578890:578891

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6297576834596864

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Sep 12

Components: Internals>Compositing
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Sep 12

Labels: Test-Predator-Auto-Owner
Owner: p...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/66bcb57a90138959ea5a42de0677ceb3cc0a40f0 (Reland "cc, gpu: Make serialization code bitness agnostic.").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Cc: p...@chromium.org
Owner: enne@chromium.org
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 22

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9ecf8ac1a7bdf444ec968b0b2f84763b69d21e1a

commit 9ecf8ac1a7bdf444ec968b0b2f84763b69d21e1a
Author: Adrienne Walker <enne@chromium.org>
Date: Sat Sep 22 01:27:22 2018

cc: Set shader id when reading PaintShader

This doesn't really matter, but for consistency we should set this, so
that writing out the PaintShader yields the same PaintShader when
reading it back.  This fixes a fuzzer bug.

Bug:  883217 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I25488ce92fa8259c4be9974d0fdf4422e65b60ac
Reviewed-on: https://chromium-review.googlesource.com/1239544
Commit-Queue: enne <enne@chromium.org>
Commit-Queue: Khushal <khushalsagar@chromium.org>
Reviewed-by: Khushal <khushalsagar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593410}
[modify] https://crrev.com/9ecf8ac1a7bdf444ec968b0b2f84763b69d21e1a/cc/paint/paint_op_reader.cc

Project Member

Comment 5 by ClusterFuzz, Sep 23

ClusterFuzz has detected this issue as fixed in range 593404:593411.

Detailed report: https://clusterfuzz.com/testcase?key=6297576834596864

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  shader->id_ != PaintShader::kInvalidRecordShaderId in paint_op_writer.cc
  cc::PaintOpWriter::Write
  cc::PaintOpWriter::Write
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=578890:578891
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=593404:593411

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6297576834596864

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Sep 23

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6297576834596864 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment