New issue
Advanced search Search tips

Issue 601400 link

Starred by 0 users

Issue metadata

Status: Archived
Owner: ----
Closed: Nov 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc

Project Member Reported by ClusterFuzz, Apr 7 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4556633174179840

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:11818:0404/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96Szu7Yh5tDg4vsXEJmLi_Z3AXqX8SdYIkHdS4dB39zbyGdKtijx2R7V6sLD9RF6btEFoUhhUH7oPTE5nxxiiH5G0r22VeNa7GswqTWCzrKpV_BFWF-I-sd567trZFus5jjty3caWXzDVY5qknHW4sE9dkpGCAGN6YZdecL0gJADdM2jBY


Filer: ishell

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Project Member

Comment 1 by ClusterFuzz, Apr 7 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4556633174179840

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:11818:0404/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96Szu7Yh5tDg4vsXEJmLi_Z3AXqX8SdYIkHdS4dB39zbyGdKtijx2R7V6sLD9RF6btEFoUhhUH7oPTE5nxxiiH5G0r22VeNa7GswqTWCzrKpV_BFWF-I-sd567trZFus5jjty3caWXzDVY5qknHW4sE9dkpGCAGN6YZdecL0gJADdM2jBY


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Components: Blink>JavaScript
Project Member

Comment 3 by ClusterFuzz, Jun 27 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4556633174179840

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:11818:0404/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96Szu7Yh5tDg4vsXEJmLi_Z3AXqX8SdYIkHdS4dB39zbyGdKtijx2R7V6sLD9RF6btEFoUhhUH7oPTE5nxxiiH5G0r22VeNa7GswqTWCzrKpV_BFWF-I-sd567trZFus5jjty3caWXzDVY5qknHW4sE9dkpGCAGN6YZdecL0gJADdM2jBY?testcase_id=4556633174179840


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Status: Archived (was: Available)
Not actionable and has been abandoned for a while. Closing.

Sign in to add a comment