IssueTracker

Thanks for the report! I'd like to try to repro locally. Instructions given are "To reproduce this, please build the target in this report and run it against the reproducer testcase." Do you know (a) what the "target in this report" is and (b) how to run it against the reproducer testcase?

I'm going to hold off on reverting the CL at this point as I haven't seen any indications that this is happening in production and the CL is guarded by a killswitch that we could turn off at any point. I'm highly interested in running this locally to repro, but I haven't yet been able to find an answer to the question in comment#2 (I asked in other venues but haven't been able to find someone who knows the answer).

Hi there! If you look at the ClusterFuzz report, you will see that there are two interesting lines at the very beggining: [Environment] and [Command line]. As you can see, the bug is happening on Mac, by running the Chromium binary there. What you need to do is download the "Unminimized Testcase" and run it against that binary using the correct environment variables provided in the log and using all the same switches used in the [Command line] part of the logs.

Please do not hesitate to directly reach out if you need any help on that :)

You may also need to build using the args.gn provided towards the bottom of the page.

Thanks, both! My only Mac environment to locally repro on is an M1 MBP. I built using the args.gn at the bottom of the page except that I removed target_cpu = "x64". I then ran with the specified command line with the addition of --disable-skia-graphite as Skia's new Graphite backend is enabled by default on Mac-ARM but not on Mac-x64. Full repro command is below. With that repro command I get an error in Swiftshader. The run then continues (I suspect that the GPU process eventually falls back to software). I don't see any content drawn and I don't see the error in the OP.

I then removed --use-gl=angle --use-angle=swiftshader (since my MBP has a GPU in any case). With that modified command line I see content that I assume is the intended content of fuzz-00857.html. I don't see the error reported in the OP (or any error) after leaving it running for over a minute.

Is there anything else I can/should try or anything that I've misconfigured in my setup here? It's possible that it repros only on Mac-x64 or with Swiftshader or both - either of those would be surprising findings to me but there are lots of times that I get surprised in Chromium development :).

Repro command:

./out/mac_asan_release/Chromium.app/Contents/MacOS/Chromium --enable-logging=stderr --v=1 --disable-in-process-stack-traces --ignore-gpu-blacklist --allow-file-access-from-files --disable-gesture-requirement-for-media-playback --disable-click-to-play --disable-hang-monitor --dns-prefetch-disable --disable-default-apps --disable-component-update --safebrowsing-disable-auto-update --metrics-recording-only --disable-gpu-watchdog --disable-metrics --disable-popup-blocking --disable-prompt-on-repost --enable-experimental-extension-apis --enable-extension-apps --js-flags="--expose-gc --verify-heap" --new-window --no-default-browser-check --no-first-run --no-process-singleton-dialog --enable-shadow-dom --enable-media-stream --use-fake-device-for-media-stream --use-fake-ui-for-media-stream --disable-breakpad --use-gl=angle --use-angle=swiftshader --use-mock-keychain --enable-features=WebMachineLearningNeuralNetwork --disable-skia-graphite --user-data-dir=/tmp/bar ~/hibernation_handler_clusterfuzz/fuzz-00857.html

Crash has now been observed in the wild. Being able to repro locally would be super-useful!

Project: chromium/src
Branch: main
Author: Colin Blundell <blundell@chromium.org>
Link:      https://chromium-review.googlesource.com/6330742

[Blink] Disable AdjustGetOrCreate2DCanvasProvider base::Feature

[Blink] Disable AdjustGetOrCreate2DCanvasProvider base::Feature 
 
Looks like it's causing crashes (see linked bugs). 
 
Bug: 401192130, 399667096 
Change-Id: I0dad92aa6d10fe27271e3c2817d019b5be33d8b0 
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6330742 
Commit-Queue: Colin Blundell <blundell@chromium.org> 
Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> 
Cr-Commit-Position: refs/heads/main@{#1428919}

Paul/Mark:

Is there a way for me to run CLs through this fuzzing case on the bot? I can't identify what's causing the crash from code inspection and I can't repro using ASAN locally. Thanks!

Project: chromium/src
Branch: refs/branch-heads/7049
Author: Colin Blundell <blundell@chromium.org>
Link:      https://chromium-review.googlesource.com/6330166

[135][Blink] Disable AdjustGetOrCreate2DCanvasProvider base::Feature

[135][Blink] Disable AdjustGetOrCreate2DCanvasProvider base::Feature 
 
Looks like it's causing crashes (see linked bugs). 
 
(cherry picked from commit 3bf0a87fe92b86a9c1dbcb4b52c321476487fac0) 
 
Bug: 401192130, 399667096 
Fixed: 401463216 
Change-Id: I0dad92aa6d10fe27271e3c2817d019b5be33d8b0 
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6330742 
Commit-Queue: Colin Blundell <blundell@chromium.org> 
Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org> 
Cr-Original-Commit-Position: refs/heads/main@{#1428919} 
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6330166 
Cr-Commit-Position: refs/branch-heads/7049@{#206} 
Cr-Branched-From: 2dab7846d0951a552bdc4f350dad497f986e6fed-refs/heads/main@{#1427262}