(map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF |
||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6188353073971200 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:10033:0401/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94paNngBf_to1E49hrPq6lgYB_0UxitwSL5GR5NXGsnR7PNYOBbA3xu1wCqEkeIM9P2XTar-9t4WD8Xr-Ck1VkA5qC9-48nogCltOgGc0dI1XWI9QOqywEnjjoJlLsixkPCsNwA7C2YBS3v9GFSupiS5NNHcadUMAwMgd9qDV8D4hdJXXs Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
,
Apr 7 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6017094054838272 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:14578:0403/NUMBER:ERROR:gles2_cmd_decoder.cc(NUMBER)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94qY3Z34YO7p4EtZ-o0S5I9xVpFt_P4nCxeShM16OJ-knmw7RDY5awonx1OFZc_Btg3FhNB0XDl2d2edPIxQHLvyDeLMotKta2Mi7oP9nSbIYoQP3oqBVrI5ZQU0V4Z8Ba2syBbBHBH2J413Q5Zt8lhmO_8zDyg9z23jZNkVd2kE-WZ2XM Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5178940733259776 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:4030:0331/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97zorZPl0qyQ4uWqWMz4bHpxAE-gTJF7z6VsRdaVzKjs1XsZQN23P1wltukL6UTtk6nXwsO_0AYSWdzp7EeKrCdeOfRS3jNcI7cAD3C42bKO2teDlKry6wj-apzxobvM9JE3SBxT76ShU4A3FVUCWaj3klaLky2f-PJh9GNw-ypYfvvOe0 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5400233428647936 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=375259:376263 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96bPmdUeHT2lI81lxieDzvka6i0ADmI11yU7hzZkmzgYZqf7ztDNuykWIi1l1uupqopxJg8_kGLJuywkF6MFukGpjaktazzZXrHTcuj8Jr1Eogt5OaqA7Q8_rfuEebFiGckxfk8yK0U7DJbM6WX9LwEK1RNSw <script> window.location = 'http://webglsamples.googlecode.com/hg/aquarium/aquarium.html'; </script> Additional requirements: Requires HTTP Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6188353073971200 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:10033:0401/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94paNngBf_to1E49hrPq6lgYB_0UxitwSL5GR5NXGsnR7PNYOBbA3xu1wCqEkeIM9P2XTar-9t4WD8Xr-Ck1VkA5qC9-48nogCltOgGc0dI1XWI9QOqywEnjjoJlLsixkPCsNwA7C2YBS3v9GFSupiS5NNHcadUMAwMgd9qDV8D4hdJXXs See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 7 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5985269773238272 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF v8::internal::StoreIC::Store [NUMBER:20217:0331/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95VIJKu5-XF3OYMizO2BIuJIquhvgeXhI1OPw0BDRXuj_SrQVyn5vGuVwABisqLF0QuGLILg7clYIQ4N7ryg_I9XSgGpi9SN2NDqATCobi-qC6YK7bcngDiNjouZ40hvFuNuPXroGIwxdo2YIIbePxAu1sqkXT7DfuPQgQ_rc2lgt01M30 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 7 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6188353073971200 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:10033:0401/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94paNngBf_to1E49hrPq6lgYB_0UxitwSL5GR5NXGsnR7PNYOBbA3xu1wCqEkeIM9P2XTar-9t4WD8Xr-Ck1VkA5qC9-48nogCltOgGc0dI1XWI9QOqywEnjjoJlLsixkPCsNwA7C2YBS3v9GFSupiS5NNHcadUMAwMgd9qDV8D4hdJXXs See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 8 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6188353073971200 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:10033:0401/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94paNngBf_to1E49hrPq6lgYB_0UxitwSL5GR5NXGsnR7PNYOBbA3xu1wCqEkeIM9P2XTar-9t4WD8Xr-Ck1VkA5qC9-48nogCltOgGc0dI1XWI9QOqywEnjjoJlLsixkPCsNwA7C2YBS3v9GFSupiS5NNHcadUMAwMgd9qDV8D4hdJXXs See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 12 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6188353073971200 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:10033:0401/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94paNngBf_to1E49hrPq6lgYB_0UxitwSL5GR5NXGsnR7PNYOBbA3xu1wCqEkeIM9P2XTar-9t4WD8Xr-Ck1VkA5qC9-48nogCltOgGc0dI1XWI9QOqywEnjjoJlLsixkPCsNwA7C2YBS3v9GFSupiS5NNHcadUMAwMgd9qDV8D4hdJXXs See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 13 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6198290269339648 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95dAoFNLY1Ku-5HUolCScKWrcFWNrXQelXJGnWDJMq2qiVI3o5wt2oqKjrKVehgzSVvBJeC8jXHsFMzfHHclZ48_OJ_24fUHC4o7N0yw-ALRCBaNlR4gEvs_zCGJlC-MwzzFklzwmcpTNFaf5xPoOe3HMRbebwOLAU6Ca5n3W3W0VJFnG4 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 13 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4636452591239168 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF v8::base::OS::Abort V8_Fatal v8::internal::JSObject::JSObjectVerify Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97Z6S4dAJPsCDCYlFDpT0ul6WK8EmgdCTwEMUma7D-eE6Btdn8xj6odyhlw8us68S8P4xcsgclQxzNYSsPoAWeqlbD34fR-Snb-jolf6PR0p69t3UEAgQ0LN1jUAoxufMXSeMlyqUDBTLoQKitdzA3ZTYX8XW2P8H_FigtXZsomwIm442s Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 13 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5632924296151040 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:1828:0410/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96XOQCs8DGxxhfcB1lUB9pn5zpoUJU_A91iLWT7i0wsMiSgdaH38Wiw4Y3KmqJ631-LtOtGV7yjumeWaVDzs7kJKHS0i95Hvy-fKH7D48VRxWl0rInwm0g5GOOOpW_sl5z2qxMxmCvQ_jwwJSSMnnxIBIFxjxL5f7EdCIQk2eo4DvGZ5Zs Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 13 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5490711767547904 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF ADDRESS v8::internal::KeyedStoreIC::Store v8::internal::Runtime_StoreIC_MissFromStubFailure Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97boFV3XRLyrFyV9igLu1KoWU_KojIOo6FtjwjAXiA35I8fhH1omOQIEMZmEgmvM_Hb07RybDLx0w8-1TelyaZ0E2Z5o4BysL8zSGebf0OTJT5cldFMPkGrgyCgq-1-V3IZKAVdzkChAry5vLqVENSmuDv84pFb7jzYZ592PuPkm-mIXTQ Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 13 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5400233428647936 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=375259:376263 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96bPmdUeHT2lI81lxieDzvka6i0ADmI11yU7hzZkmzgYZqf7ztDNuykWIi1l1uupqopxJg8_kGLJuywkF6MFukGpjaktazzZXrHTcuj8Jr1Eogt5OaqA7Q8_rfuEebFiGckxfk8yK0U7DJbM6WX9LwEK1RNSw <script> window.location = 'http://webglsamples.googlecode.com/hg/aquarium/aquarium.html'; </script> Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 19 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5400233428647936 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=375259:376263 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96bPmdUeHT2lI81lxieDzvka6i0ADmI11yU7hzZkmzgYZqf7ztDNuykWIi1l1uupqopxJg8_kGLJuywkF6MFukGpjaktazzZXrHTcuj8Jr1Eogt5OaqA7Q8_rfuEebFiGckxfk8yK0U7DJbM6WX9LwEK1RNSw <script> window.location = 'http://webglsamples.googlecode.com/hg/aquarium/aquarium.html'; </script> Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 26 2016
,
May 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5400233428647936 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=375259:376263 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96bPmdUeHT2lI81lxieDzvka6i0ADmI11yU7hzZkmzgYZqf7ztDNuykWIi1l1uupqopxJg8_kGLJuywkF6MFukGpjaktazzZXrHTcuj8Jr1Eogt5OaqA7Q8_rfuEebFiGckxfk8yK0U7DJbM6WX9LwEK1RNSw <script> window.location = 'http://webglsamples.googlecode.com/hg/aquarium/aquarium.html'; </script> Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 2 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6017094054838272 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:14578:0403/NUMBER:ERROR:gles2_cmd_decoder.cc(NUMBER)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94qY3Z34YO7p4EtZ-o0S5I9xVpFt_P4nCxeShM16OJ-knmw7RDY5awonx1OFZc_Btg3FhNB0XDl2d2edPIxQHLvyDeLMotKta2Mi7oP9nSbIYoQP3oqBVrI5ZQU0V4Z8Ba2syBbBHBH2J413Q5Zt8lhmO_8zDyg9z23jZNkVd2kE-WZ2XM See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 2 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5178940733259776 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:4030:0331/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97zorZPl0qyQ4uWqWMz4bHpxAE-gTJF7z6VsRdaVzKjs1XsZQN23P1wltukL6UTtk6nXwsO_0AYSWdzp7EeKrCdeOfRS3jNcI7cAD3C42bKO2teDlKry6wj-apzxobvM9JE3SBxT76ShU4A3FVUCWaj3klaLky2f-PJh9GNw-ypYfvvOe0 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 2 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6198290269339648 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95dAoFNLY1Ku-5HUolCScKWrcFWNrXQelXJGnWDJMq2qiVI3o5wt2oqKjrKVehgzSVvBJeC8jXHsFMzfHHclZ48_OJ_24fUHC4o7N0yw-ALRCBaNlR4gEvs_zCGJlC-MwzzFklzwmcpTNFaf5xPoOe3HMRbebwOLAU6Ca5n3W3W0VJFnG4 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 2 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4636452591239168 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF v8::base::OS::Abort V8_Fatal v8::internal::JSObject::JSObjectVerify Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97Z6S4dAJPsCDCYlFDpT0ul6WK8EmgdCTwEMUma7D-eE6Btdn8xj6odyhlw8us68S8P4xcsgclQxzNYSsPoAWeqlbD34fR-Snb-jolf6PR0p69t3UEAgQ0LN1jUAoxufMXSeMlyqUDBTLoQKitdzA3ZTYX8XW2P8H_FigtXZsomwIm442s See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 5 2016
ClusterFuzz has detected this issue as fixed in range 36428:36429. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5490711767547904 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF ADDRESS v8::internal::KeyedStoreIC::Store v8::internal::Runtime_StoreIC_MissFromStubFailure Fixed: V8: r36428:36429 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97boFV3XRLyrFyV9igLu1KoWU_KojIOo6FtjwjAXiA35I8fhH1omOQIEMZmEgmvM_Hb07RybDLx0w8-1TelyaZ0E2Z5o4BysL8zSGebf0OTJT5cldFMPkGrgyCgq-1-V3IZKAVdzkChAry5vLqVENSmuDv84pFb7jzYZ592PuPkm-mIXTQ See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 8 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5632924296151040 Fuzzer: stgao_chromebot2 Job Type: linux_asan_chrome_v8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [NUMBER:1828:0410/NUMBER:ERROR:cert_verify_proc_nss.cc(984)] <unknown> v8::base::OS::Abort Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96XOQCs8DGxxhfcB1lUB9pn5zpoUJU_A91iLWT7i0wsMiSgdaH38Wiw4Y3KmqJ631-LtOtGV7yjumeWaVDzs7kJKHS0i95Hvy-fKH7D48VRxWl0rInwm0g5GOOOpW_sl5z2qxMxmCvQ_jwwJSSMnnxIBIFxjxL5f7EdCIQk2eo4DvGZ5Zs See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 14 2016
This still reproduces with --js-flags="--verify-heap" on http://webglsamples.org/aquarium/aquarium.html (reliably, during initial load).
,
Jun 14 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 14 2016
,
Jun 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/7446a74f94e2117f22e2b26f9f1ad1d7d7c3668d commit 7446a74f94e2117f22e2b26f9f1ad1d7d7c3668d Author: ishell <ishell@chromium.org> Date: Tue Jun 14 14:36:59 2016 [stubs] Ensure that StoreTransitionStub does not bailout after the properties backing store is enlarged. In addition, this CL fixes --trace-hydrogen-stubs mode. BUG= chromium:601420 LOG=Y Review-Url: https://codereview.chromium.org/2068693003 Cr-Commit-Position: refs/heads/master@{#36971} [modify] https://crrev.com/7446a74f94e2117f22e2b26f9f1ad1d7d7c3668d/src/code-stubs-hydrogen.cc [modify] https://crrev.com/7446a74f94e2117f22e2b26f9f1ad1d7d7c3668d/src/crankshaft/hydrogen.cc [modify] https://crrev.com/7446a74f94e2117f22e2b26f9f1ad1d7d7c3668d/src/deoptimizer.cc
,
Jun 14 2016
Now it's fixed.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Apr 7 2016