Abrt in gpu::CommandBufferSetup::LogGLDebugMessage |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5995575616733184 Fuzzer: afl_gpu_angle_fuzzer Fuzz target binary: gpu_angle_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Abrt Crash Address: 0x053900185465 Crash State: gpu::CommandBufferSetup::LogGLDebugMessage gl::Debug::insertMessage gl::ErrorSet::validationError Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=515320:515349 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5995575616733184 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 9
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Jan 9
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b336d705f4e01900f5a18357c8a5cbde9e56669d (gpu_angle_fuzzer: catch GL errors). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 9
,
Jan 9
Full stack:
#0 0x7f0fe7fc8427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54
#1 0x55802de20577 in logging::LogMessage::~LogMessage() base/logging.cc:875:7
#2 0x55802d412228 in gpu::(anonymous namespace)::CommandBufferSetup::LogGLDebugMessage(unsigned int, unsigned int, unsigned int, unsigned int, int, char const*, void const*) gpu/command_buffer/tests/fuzzer_main.cc:514:5
#3 0x7f0fe32108d3 in gl::Debug::insertMessage(unsigned int, unsigned int, unsigned int, unsigned int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&&) const third_party/angle/src/libANGLE/Debug.cpp:111:9
#4 0x7f0fe31c1778 in gl::ErrorSet::validationError(unsigned int, char const*) third_party/angle/src/libANGLE/Context.cpp:8059:37
#5 0x7f0fe3435cf9 in gl::ValidateES3TexImageParametersBase(gl::Context*, gl::TextureTarget, int, unsigned int, bool, bool, int, int, int, int, int, int, int, unsigned int, unsigned int, int, void const*) third_party/angle/src/libANGLE/validationES3.cpp:0:18
#6 0x7f0fe3423832 in gl::ValidateCompressedTexImage2D(gl::Context*, gl::TextureTarget, int, unsigned int, int, int, int, int, void const*) third_party/angle/src/libANGLE/validationES2.cpp:2835:14
#7 0x7f0fe30a2a93 in gl::CompressedTexImage2D(unsigned int, int, unsigned int, int, int, int, int, void const*) third_party/angle/src/libGLESv2/entry_points_gles_2_0_autogen.cpp:383:13
#8 0x55802dfdee45 in gl::GLApiBase::glCompressedTexImage2DFn(unsigned int, int, unsigned int, int, int, int, int, void const*) ui/gl/gl_bindings_autogen_gl.cc:2951:3
#9 0x55802eddcb64 in gpu::gles2::GLES2DecoderImpl::DoCompressedTexImage(unsigned int, int, unsigned int, int, int, int, int, int, void const*, gpu::gles2::ContextState::Dimension) gpu/command_buffer/service/gles2_cmd_decoder.cc:0
#10 0x55802ed28263 in gpu::gles2::GLES2DecoderImpl::HandleCompressedTexImage2D(unsigned int, void const volatile*) gpu/command_buffer/service/gles2_cmd_decoder.cc:14208:10
#11 0x55802eda171e in gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>(unsigned int, void const volatile*, int, int*) gpu/command_buffer/service/gles2_cmd_decoder.cc:5830:18
#12 0x55802eff3c1d in gpu::CommandBufferService::Flush(int, gpu::AsyncAPIInterface*) gpu/command_buffer/service/command_buffer_service.cc:69:18
#13 0x55802d411159 in gpu::(anonymous namespace)::CommandBufferSetup::RunCommandBuffer(unsigned char const*, unsigned long) gpu/command_buffer/tests/fuzzer_main.cc:451:22
#14 0x55802d410cfe in LLVMFuzzerTestOneInput gpu/command_buffer/tests/fuzzer_main.cc:562:17
#15 0x55802d417b1a in ExecuteFilesOnyByOne(int, char**) third_party/libFuzzer/src/afl/afl_driver.cpp:301:5
#16 0x55802d4182a5 in main third_party/libFuzzer/src/afl/afl_driver.cpp:339:12
#17 0x7f0fe7fb382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
It's a useful error message:
[0109/081311.906206:FATAL:fuzzer_main.cc(514)] GL Driver Message: Invalid compressed image size.
Probably an error in image size computation in the command buffer code.
,
Jan 10
format is GL_COMPRESSED_RGBA_S3TC_DXT1_EXT width is 0 (sic) height is 131 imageSize is 0 Basically, command buffer code and ANGLE disagree on whether non-multiple-of-block-size images are allowed for this format. Command buffer accepts it [1], but ANGLE rejects it [2]. I believe the original spec allows any size [3], but ANGLE always applies the webgl semantics (which are stricter [4]). [1] https://cs.chromium.org/chromium/src/gpu/command_buffer/service/gl_utils.cc?type=cs&q=ValidateCompressedTexDimensions&sq=package:chromium&g=0&l=703 [2] https://cs.chromium.org/chromium/src/third_party/angle/src/libANGLE/validationES.cpp?type=cs&q=CompressedTextureFormatRequiresExactSize&sq=package:chromium&g=0&l=46 [3] https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_texture_compression_dxt1.txt [4] https://www.khronos.org/registry/webgl/extensions/WEBGL_compressed_texture_s3tc/
,
Jan 10
Thanks for investigating, I'll look into fixing this. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jan 9Labels: Test-Predator-Auto-Components