CHECK failure: !outstanding_result_pointer_ in transfer_buffer.cc |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5768077234667520 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: !outstanding_result_pointer_ in transfer_buffer.cc gpu::TransferBuffer::ShrinkOrExpandRingBufferIfNecessary gpu::TransferBuffer::AllocUpTo Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=608847:608881 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5768077234667520 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 26
Predator and CL could not provide any possible suspects. Using Code Search for the file, "transfer_buffer.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3 jdarpinian@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Nov 26
My CL added this check to detect potential issues in the wild. This one looks like a false positive. I'll fix it.
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/44911c8ee06a4c3972bd88a54d624ad12739e368 commit 44911c8ee06a4c3972bd88a54d624ad12739e368 Author: James Darpinian <jdarpinian@chromium.org> Date: Tue Nov 27 17:22:06 2018 gpu: Fix CHECK failure found by ClusterFuzz ClusterFuzz found a case where the transfer buffer could be resized after we finish using a ScopedResultPtr but before it goes out of scope. This cleans up the dangling pointer by reducing its scope. Bug: 905889 , 906409 Change-Id: I9e4aec8ed8f66df15404719c2589f775b433c3cd Reviewed-on: https://chromium-review.googlesource.com/c/1351783 Reviewed-by: Antoine Labour <piman@chromium.org> Commit-Queue: James Darpinian <jdarpinian@chromium.org> Cr-Commit-Position: refs/heads/master@{#611158} [modify] https://crrev.com/44911c8ee06a4c3972bd88a54d624ad12739e368/gpu/command_buffer/client/implementation_base.cc
,
Nov 27
,
Nov 28
ClusterFuzz has detected this issue as fixed in range 611149:611175. Detailed report: https://clusterfuzz.com/testcase?key=5768077234667520 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: !outstanding_result_pointer_ in transfer_buffer.cc gpu::TransferBuffer::ShrinkOrExpandRingBufferIfNecessary gpu::TransferBuffer::AllocUpTo Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=608847:608881 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=611149:611175 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5768077234667520 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 28
ClusterFuzz testcase 5768077234667520 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Nov 18