Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://dawn.googlesource.com/dawn/+/92700bfccd1806971ab47773ebe95576a128a998 (Replace BlendState builder via BlendState descriptor.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Any clue about this bug, how can I reproduce this issue, @cwallez and @kainino?

Do the instructions on https://github.com/google/clusterfuzz-tools not work?

I'll take this, it isn't related to your patch.

metzman@ I personally reproduce manually because clusterfuzz-tools is too slow.

cwallez@ Thanks for the feedback.
Do you have an idea of what makes it too slow?
I have some ideas for what can be improved.
For example, we could try to build first and if that fails, do apt update && apt get install instead of always doing it.
Another idea that might be faster in the common case is to try to repro on what ever commit is at HEAD if it comes after a previously crashing commit.
+inferno

Last time I used the tool it started doing a lot of downloading of stuff, compilations etc and didn't finish in ~10 minutes. Contrast this with the 2 seconds it takes to run the following command in an out/fuzz with the right GN args:

ninja dawn_wire_server_and_frontend_fuzzer && ASAN_OPTIONS=redzone=32:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:print_scariness=1:max_uar_stack_size_log=16:quarantine_size_mb=64:detect_odr_violation=0:handle_sigill=1:allocator_release_to_os_interval_ms=500:use_sigaltstack=1:fast_unwind_on_fatal=0:detect_leaks=1:print_summary=1:handle_abort=1:check_malloc_usable_size=0:detect_container_overflow=1:symbolize=0:handle_segv=1:abort_on_error=1 gdb --args  ./dawn_wire_server_and_frontend_fuzzer ~/Downloads/clusterfuzz-*

Do you remember which bug it was? We might want to see why it hangs (don't spend time figuring out if it takes more than a minute to find it).

I guess it is better for the reproduce tool to be a fail proof way to repro a bug for people not very experienced with ClusterFuzz than the easiest way for power users to repro.

The following revision refers to this bug:
  https://dawn.googlesource.com/dawn/+/1e37db53507eb9a2286c67a50171f76d05f754d9

commit 1e37db53507eb9a2286c67a50171f76d05f754d9
Author: Corentin Wallez <cwallez@chromium.org>
Date: Fri Jan 04 09:54:40 2019

WireServer: check buffer exists before sending the map callback

The client might have asked for the buffer to be destroyed, but the
reference to the buffer is still alive because it is internally
referenced by Dawn.

BUG= chromium:918254 

Change-Id: Id7d2de891eba98e3cf15e77730f66f64d9a3b9f9
Reviewed-on: https://dawn-review.googlesource.com/c/3622
Reviewed-by: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>

[modify] https://crrev.com/1e37db53507eb9a2286c67a50171f76d05f754d9/generator/templates/dawn_wire/WireServer.cpp

The following revision refers to this bug:
  https://dawn.googlesource.com/dawn/+/110bc7918fc269862bbab2dd9249e80338e15f7d

commit 110bc7918fc269862bbab2dd9249e80338e15f7d
Author: Corentin Wallez <cwallez@chromium.org>
Date: Fri Jan 04 12:01:44 2019

Validate EndPass isn't called more than once.

BUG= chromium:918254 

Change-Id: I24db2f459bae7c0644a54472e56159ff8f5ab955
Reviewed-on: https://dawn-review.googlesource.com/c/3621
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Yunchao He <yunchao.he@intel.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>

[modify] https://crrev.com/110bc7918fc269862bbab2dd9249e80338e15f7d/src/dawn_native/ProgrammablePassEncoder.cpp
[modify] https://crrev.com/110bc7918fc269862bbab2dd9249e80338e15f7d/src/tests/unittests/validation/CommandBufferValidationTests.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fba8e1c09a862ad8ff8e2a021e7de3e1460d2902

commit fba8e1c09a862ad8ff8e2a021e7de3e1460d2902
Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Date: Fri Jan 04 17:19:35 2019

Roll src/third_party/dawn 93158ebede89..110bc7918fc2 (6 commits)

https://dawn.googlesource.com/dawn.git/+log/93158ebede89..110bc7918fc2


git log 93158ebede89..110bc7918fc2 --date=short --no-merges --format='%ad %ae %s'
2019-01-04 cwallez@chromium.org Validate EndPass isn't called more than once.
2019-01-04 cwallez@chromium.org dawn_native: Add Instance and Adapters
2019-01-04 cwallez@chromium.org Vulkan: Print the VkResult value on device creation failure.
2019-01-04 cwallez@chromium.org WireServer: check buffer exists before sending the map callback
2019-01-04 cwallez@chromium.org WireCmd: guard against overflows when computing array sizes
2019-01-04 yunchao.he@intel.com Unify the compare function for sampler and depth stencil


Created with:
  gclient setdep -r src/third_party/dawn@110bc7918fc2

The AutoRoll server is located here: https://autoroll.skia.org/r/dawn-chromium-autoroll

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.

CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel

BUG= chromium:918254 , chromium:917555 , chromium:918254 ,chromium:918094,chromium:918348,chromium:918260
TBR=cwallez@chromium.org

Change-Id: I4fe10af6d77616459112369b6414dc5b18b3cee4
Reviewed-on: https://chromium-review.googlesource.com/c/1396182
Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#619987}
[modify] https://crrev.com/fba8e1c09a862ad8ff8e2a021e7de3e1460d2902/DEPS

ClusterFuzz has detected this issue as fixed in range 619888:619889.

Detailed report: https://clusterfuzz.com/testcase?key=5743319669538816

Fuzzer: afl_dawn_wire_server_and_frontend_fuzzer
Fuzz target binary: dawn_wire_server_and_frontend_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Null-dereference WRITE
Crash Address: 0x000000000018
Crash State:
  dawn_wire::server::Server::OnMapWriteAsyncCallback
  dawn_native::null::Device::SubmitPendingOperations
  dawn_native::DeviceBase::Tick
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=619011:619012
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=619888:619889

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5743319669538816

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5743319669538816 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.