Issue metadata
Sign in to add a comment
|
RUNTIME_ASSERT in edge.to() == NodeProperties::GetControlInput(use) in src/compiler/scheduler.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5569742567374848 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: RUNTIME_ASSERT Crash Address: Crash State: edge.to() == NodeProperties::GetControlInput(use) in src/compiler/scheduler.cc Regressed: V8: r34586:34587 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv979Zx1NdyqfKwDp9yrn3XeugHbtL_xhPaTOzXADT-Sr_QWIvzLabuJm-L6RnJei8rhD_LOvMRZJG8qW6wbuJEGT3_t1bEWoJ8y104uAc97kTtd_2KFdEVxBnpRm4S4rklIkgp6R6mmD1BzIk_7Ll3LehdLSbg function __f_6(){ 'use asm'; function __f_8() { var __v_16 = 1, __v_15 = 0, __v_17 = 0; do { __v_15 | 0 % 2 | 0; } while(0); } return { __f_8: __f_8 }; } var __v_14 = Wasm.instantiateModuleFromAsm(__f_6.toString()); Filer: hablich See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 30 2016
Bulk edit to remove recently filed RUNTIME_ASSERT bugs from the security triage queue.
,
Mar 30 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5569742567374848 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: RUNTIME_ASSERT Crash Address: Crash State: edge.to() == NodeProperties::GetControlInput(use) in src/compiler/scheduler.cc Regressed: V8: r34586:34587 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv979Zx1NdyqfKwDp9yrn3XeugHbtL_xhPaTOzXADT-Sr_QWIvzLabuJm-L6RnJei8rhD_LOvMRZJG8qW6wbuJEGT3_t1bEWoJ8y104uAc97kTtd_2KFdEVxBnpRm4S4rklIkgp6R6mmD1BzIk_7Ll3LehdLSbg function __f_6(){ 'use asm'; function __f_8() { var __v_16 = 1, __v_15 = 0, __v_17 = 0; do { __v_15 | 0 % 2 | 0; } while(0); } return { __f_8: __f_8 }; } var __v_14 = Wasm.instantiateModuleFromAsm(__f_6.toString()); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 3 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by hablich@chromium.org
, Mar 30 2016Status: Assigned (was: Available)