array index is out of range - Crashed with Family_100_bubblesort_flag

[malayaku]

While we test GraphicsFuzz (v1.3) & some specific test (e.g. Family_100_bubblesort_flag), we saw random crashes (2/10 times).

Right before Crash, we see array index is out of range (//DEBUG TEST: i=4294947814)

[malayaku]

Concerning the null pointer, below are log messages based on the instrumentation I mentioned earlier. I didn't check c->type so that is interesting, it appears the array index is also corrupted.

02-19 22:52:20.938 12094 12115 W : //DEBUG TEST: Enter ir_constant::ir_constant
02-19 22:52:20.938 12094 12115 W : //DEBUG TEST: i=1
02-19 22:52:20.938 12094 12115 W : //DEBUG TEST: ir_constant *c is not NULL c=-1998529424
02-19 22:52:22.963 12094 12115 W : //DEBUG TEST: Enter ir_constant::ir_constant
02-19 22:52:22.963 12094 12115 W : //DEBUG TEST: i=3
02-19 22:52:22.963 12094 12115 W : //DEBUG TEST: ir_constant *c is not NULL c=-1996120688
02-19 22:52:25.436 12094 12115 W : //DEBUG TEST: Enter ir_constant::ir_constant
02-19 22:52:25.436 12094 12115 W : //DEBUG TEST: i=0
02-19 22:52:25.436 12094 12115 W : //DEBUG TEST: ir_constant *c is not NULL c=-1968548528
02-19 22:52:26.943 12094 12115 W : //DEBUG TEST: Enter ir_constant::ir_constant
02-19 22:52:26.943 12094 12115 W : //DEBUG TEST: i=1707
02-19 22:52:26.943 12094 12115 W : //DEBUG TEST: ir_constant *c is not NULL c=-1968932304
02-19 22:52:26.943 12094 12115 W : //DEBUG TEST: Enter ir_constant::ir_constant
02-19 22:52:26.943 12094 12115 W : //DEBUG TEST: i=4294947814   <<< Crash occurs with this index.

[malayaku]

Complete Crash BT:

12-19 00:47:58.413 24692 24692 F DEBUG : pid: 24460, tid: 24484, name: GLThread 1441 >>> com.graphicsfuzz.glesworker:launcher <<
12-19 00:47:58.413 24692 24692 F DEBUG : uid: 1010103

12-19 00:47:58.413 24692 24692 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x796b361c708c

12-19 00:47:58.413 24692 24692 F DEBUG : rax 00000000fffec635 rbx 0000796736215a30 rcx 00007967372403d0 rdx 00000000fffec635

12-19 00:47:58.413 24692 24692 F DEBUG : r8 00000000000000b0 r9 0000000000000000 r10 0000000000000001 r11 0000000000000001

12-19 00:47:58.413 24692 24692 F DEBUG : r12 0000796736215790 r13 00000000366a1b01 r14 0000796736215790 r15 0000000000000000

12-19 00:47:58.413 24692 24692 F DEBUG : rdi 0000796737bf75d8 rsi 0000796736215790

12-19 00:47:58.413 24692 24692 F DEBUG : rbp 00000000fffec635 rsp 0000796737056bc0 rip 00007967375b753a

12-19 00:47:58.511 24692 24692 F DEBUG :

12-19 00:47:58.511 24692 24692 F DEBUG : backtrace:

12-19 00:47:58.511 24692 24692 F DEBUG : #00 pc 000000000045c53a /vendor/lib64/dri/i965_dri.so (ir_constant::ir_constant(ir_constant const*, unsigned int)+106) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.511 24692 24692 F DEBUG : #01 pc 000000000045a919 /vendor/lib64/dri/i965_dri.so (ir_dereference_array::constant_expression_value(void*, hash_table*)+361) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.511 24692 24692 F DEBUG : #02 pc 000000000049d6b7 /vendor/lib64/dri/i965_dri.so (ir_constant_fold(ir_rvalue**)+167) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.511 24692 24692 F DEBUG : #03 pc 000000000049e357 /vendor/lib64/dri/i965_dri.so ((anonymous namespace)::ir_constant_propagation_visitor::handle_rvalue(ir_rvalue**)+887) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.511 24692 24692 F DEBUG : #04 pc 0000000000464491 /vendor/lib64/dri/i965_dri.so (ir_rvalue_visitor::visit_leave(ir_expression*)+49) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.511 24692 24692 F DEBUG : #05 pc 0000000000461c60 /vendor/lib64/dri/i965_dri.so (ir_expression::accept(ir_hierarchical_visitor*)+80) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #06 pc 0000000000461c60 /vendor/lib64/dri/i965_dri.so (ir_expression::accept(ir_hierarchical_visitor*)+80) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #07 pc 0000000000461f7b /vendor/lib64/dri/i965_dri.so (ir_assignment::accept(ir_hierarchical_visitor*)+75) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #08 pc 0000000000461915 /vendor/lib64/dri/i965_dri.so (visit_list_elements(ir_hierarchical_visitor*, exec_list*, bool)+85) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #09 pc 000000000049dba2 /vendor/lib64/dri/i965_dri.so ((anonymous namespace)::ir_constant_propagation_visitor::visit_enter(ir_function_signature*)+98) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #10 pc 0000000000461a9c /vendor/lib64/dri/i965_dri.so (ir_function_signature::accept(ir_hierarchical_visitor*)+28) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #11 pc 0000000000461beb /vendor/lib64/dri/i965_dri.so (ir_function::accept(ir_hierarchical_visitor*)+107) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #12 pc 0000000000461915 /vendor/lib64/dri/i965_dri.so (visit_list_elements(ir_hierarchical_visitor*, exec_list*, bool)+85) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #13 pc 000000000049dac9 /vendor/lib64/dri/i965_dri.so (do_constant_propagation(exec_list*)+153) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #14 pc 000000000044b5f5 /vendor/lib64/dri/i965_dri.so (do_common_optimization(exec_list*, bool, bool, gl_shader_compiler_options const*, bool)+261) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #15 pc 000000000044b2ae /vendor/lib64/dri/i965_dri.so (_mesa_glsl_compile_shader+2510) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #16 pc 00000000006c2656 /vendor/lib64/dri/i965_dri.so (_mesa_compile_shader+150) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #17 pc 00000000006c3249 /vendor/lib64/dri/i965_dri.so (_mesa_CompileShader+57) (BuildId: 2605846b0aace93518352675f4ba09a427565a50)

12-19 00:47:58.512 24692 24692 F DEBUG : #18 pc 0000000000173641 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+209) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #19 pc 0000000000168354 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+756) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #20 pc 0000000000178bf0 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+288) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #21 pc 000000000033b1c9 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+377) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #22 pc 0000000000335a89 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+1017) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #23 pc 0000000000653cba /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1354) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.512 24692 24692 F DEBUG : #24 pc 0000000000161a19 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #25 pc 000000000020c0cc /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.badlogic.gdx.graphics.glutils.ShaderProgram.loadShader+36)

12-19 00:47:58.513 24692 24692 F DEBUG : #26 pc 0000000000654cf1 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1361) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #27 pc 0000000000161919 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #28 pc 000000000020c538 /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.badlogic.gdx.graphics.glutils.ShaderProgram.compileShaders+24)

12-19 00:47:58.513 24692 24692 F DEBUG : #29 pc 0000000000654cf1 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1361) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #30 pc 0000000000161919 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #31 pc 000000000020c40e /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.badlogic.gdx.graphics.glutils.ShaderProgram.+278)

12-19 00:47:58.513 24692 24692 F DEBUG : #32 pc 0000000000654cf1 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1361) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #33 pc 0000000000161919 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #34 pc 000000000058d20c /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.graphicsfuzz.glesworker.MyShaderProgram.)

12-19 00:47:58.513 24692 24692 F DEBUG : #35 pc 0000000000654cf1 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1361) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #36 pc 0000000000161919 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #37 pc 000000000058b892 /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.graphicsfuzz.glesworker.Main.prepareProgram+62)

12-19 00:47:58.513 24692 24692 F DEBUG : #38 pc 000000000030880d /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17217001537915276687+237) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #39 pc 0000000000641663 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1203) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #40 pc 00000000001737cc /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+140) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #41 pc 0000000002014c78 /memfd:/jit-cache (deleted) (com.graphicsfuzz.glesworker.Main.render+13240)

12-19 00:47:58.513 24692 24692 F DEBUG : #42 pc 0000000000168354 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+756) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #43 pc 0000000000178bf0 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+288) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #44 pc 000000000033b1c9 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+377) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #45 pc 0000000000335a89 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+1017) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #46 pc 0000000000653cba /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1354) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.513 24692 24692 F DEBUG : #47 pc 0000000000161a19 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #48 pc 00000000001b68c8 /data/app/com.graphicsfuzz.glesworker-6As6XVCvEklKqCbedAap2Q==/oat/x86_64/base.vdex (com.badlogic.gdx.backends.android.AndroidGraphics.onDrawFrame+468)

12-19 00:47:58.514 24692 24692 F DEBUG : #49 pc 0000000000653fcd /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+2141) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #50 pc 0000000000161a19 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #51 pc 00000000002d2456 /system/framework/framework.jar (android.opengl.GLSurfaceView$GLThread.guardedRun+1086)

12-19 00:47:58.514 24692 24692 F DEBUG : #52 pc 0000000000654cf1 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1361) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #53 pc 0000000000161919 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+25) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #54 pc 00000000002d2a50 /system/framework/framework.jar (android.opengl.GLSurfaceView$GLThread.run+48)

12-19 00:47:58.514 24692 24692 F DEBUG : #55 pc 000000000030880d /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17217001537915276687+237) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #56 pc 0000000000641663 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1203) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #57 pc 00000000001737cc /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+140) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #58 pc 0000000000168354 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+756) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #59 pc 0000000000178bf0 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+288) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #60 pc 000000000053fa59 /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+89) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #61 pc 0000000000540c75 /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+437) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #62 pc 000000000058b364 /apex/com.android.runtime/lib64/libart.so (art::Thread::CreateCallback(void*)+1444) (BuildId: b7ed59cf25855a5153b1e70650e57f85)

12-19 00:47:58.514 24692 24692 F DEBUG : #63 pc 00000000000fa8d1 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+33) (BuildId: 37af595a0fd8f93364df0fa3e99ebe0e)

12-19 00:47:58.514 24692 24692 F DEBUG : #64 pc 00000000000963b7 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 37af595a0fd8f93364df0fa3e99ebe0e)

[malayaku]

I too see there are below fixes w.r.t. array in recent past & do you see if my issue is similar to any of the issue below ?

#784 - Array function parameters are not properly handled by GraphicsFuzz
#883 - Const arrays, and fuzzing of array constructors
#887 - Support array parameters

[afd]

Thanks for this report @malaya-parida.

Would you be able to share with us the generated shader that caused this issue by attaching it to this report?

Also, would you be willing to try build the latest GraphicsFuzz from source and try to reproduce the issue again? If you are able to reproduce it, could you please send us the exact commands you used to generate this shader?

Also, could you try running glsl-reduce on the shader to try to reduce the crash?

[malayaku]

Hi Alastair,

Thanq for the response.
Would like to know, does the graphicsfuzz suite have any test cases that will be executed as part of shader family which might generate a crash in mesa module if not checked the correctness of the input args.

[malayaku]

Hi Alastair,

We are facing infrastructure issue to build from latest GraphicsFuzz src. Could you help to share apk built on top of latest src.

[malayaku]

GraphicsFuzz webUI shows the status of the test as CRASH in the 6 six cases for the entire suite of 100_families. below is the sample from one family (family_100_bubblesort_flag)

Is this behavior correct, as the values generated in the test content (sample shaders) are expected to crash..? Can you confirm this ?

[paulthomson]

Thanks for running GraphicsFuzz @malaya-parida

GraphicsFuzz generates shaders to find bugs in graphics drivers. Every graphics driver might behave differently. The "CRASH" here indicates either:

• A bug in your graphics driver, or
• A bug in GraphicsFuzz

It is probably a bug in your graphics driver. This is a good thing, as it means this bug can be reported (e.g. to Intel) and the bug can be fixed.

Can I ask: what are you trying to achieve? Are you trying out GraphicsFuzz for fun? Are you hoping to find bugs in a graphics driver to report/fix?

Also note: our current priority is testing Vulkan drivers. And our recommended way to try this is gfauto. This will use GraphicsFuzz behind the scenes to test your Vulkan driver.

[malayaku]

We are trying to test Graphics Fuzz on Intel System & found crash in i965-dri.so. We saw array index out of range in MESA & put code to return whenever array index out of range. But now crash in MESA not seen but we see rendering issue & hence the test is failed in webUI (As seen in above pic). Practically we can't handle array index out of range & can't proceed gracefully like rendering etc. In this case, does crash expected ?

[malayaku]

With attached original shaders, we saw crash in application.
On further debug we used glslreduce & applied first level reduction & no crash is seen. But the rendered output not matched with reference image.
Since level reduction fixing the crash, It's clearly showing the issue is on shader.

Can GraphicsFuzz check the buggy shaders ?

[paulthomson]

You will need to perform a "no image reduction" on the CRASH as described in the walkthrough.

For the "Error string to look for in log", try using something like: ir_constant::ir_constant

[malayaku]

We have fixed in MESA to handle array index out of range coming from Shaders (https://gitlab.freedesktop.org/mesa/mesa/issues/2604).

But with this patch there is no crash in MESA but crash now seen in GraphicsFuzz application. Can we not review the shaders from GraphicsFuzz to handle the crash in application.

[afd]

@malaya-parida It looks like you are not using release 1.3 of GraphicsFuzz but perhaps an older release.

First the shader that was called "bubblesort_flag" is called "stable_bubblesort_flag" in GraphicsFuzz 1.3. Second, the GraphicsFuzz 1.3 test generator ensures that this macro is present in every generated shader:

#define _GLF_MAKE_IN_BOUNDS_INT

I don't see that macro in the variant shaders you filed in the Mesa bug report.

Can you please check that you're definitely using the 1.3 release, which is here:

https://github.com/google/graphicsfuzz/releases/tag/v1.3

Thanks!

[afd]

Closing this as there's not been discussion for a year, but please re-open or open a new issue if you'd like to discuss more.