New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 602971 link

Starred by 0 users
Status: WontFix
Owner:
mlippautz@chromium.org
Closed: Apr 2016
Cc:
hpayer@chromium.org
ishell@chromium.org
mstarzinger@chromium.org
u...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc

Project Member Reported by ClusterFuzz, Apr 13 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5250606956019712

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  _ZN2v88internal13RememberedSetILNS0_16PointerDirectionE0EE7IterateIZNS3_16Verify
  _ZN2v88internal13RememberedSetILNS0_16PointerDirectionE0EE19IterateMemoryChunksI
  v8::internal::MarkCompactCollector::ClearInvalidRememberedSetSlots
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95xQl-7noleqe-9mQLoQjCXDb_AoRBospgTn3DvVdGzZTeW7I0LoXzenjpa09UCoJ_yAzwErY8aV07V0G82r_JzERim30YYqF2_p8jYpiBO666beAfqKRmmAw3sjXNWNkTbYjyH7hRNuGfF3Vk5lBEiZt8sV5KMo3FXrvVxXRFOPBS90I8


Filer: ishell

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, Apr 13 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5759912231043072

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:23804:0412/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95H9kLPv2b1iQ03kw4_gqQh-JJspiKu9fBWD3_kdlOToRhMDFY24JoHtVHU1bF5geWzYzhM97LRipsWyFJqt06iVdbSKKFYQ308pwUoddsYkzbqOnB84z64SCc5d08_aBqlIYc0m73v2nI2ycMO7fy7UH_PQsCsgxiymqUxuGpQ0RpJEVo


Filer: ishell

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 2 by ClusterFuzz, Apr 13 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6557643103010816

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:6060:0409/NUMBER:ERROR:gles2_cmd_decoder.cc(NUMBER)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv962Wy3fp0Ipkd7L8gm8l41wEw2R7WP3N9gbMSaWsX1qWoQyKuBhvIh1_xV6gzA1AwWHXKBAAd2vSs9XM50AkxD3HqtQFzTfGzBBqTyMazCoVBP7fehS3yBoD8Dtesyz3rezXdAY1nrSyDNnJDCE53jv6HS3gYOVZ7rmfHmBTRlJaRKQ5sk


Filer: ishell

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 3 by ClusterFuzz, Apr 13 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6614560110280704

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  <unknown>
  v8::base::OS::Abort
  [NUMBER:31323:0408/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97xb3_bIz_B34sA13e844lWhSVjuvCokeuaNtVGzDeZgIxTr3TN37KTonZ_Y4vd_pU6uZpHu2dIZ6jyKrXNT2jbKnJbZKZpnXmI3jXbNau9wjuaajR_IzKZAOnvJQMuGzQhuGemWO1QOoi7yeGzMMg_vS9gz2c1adW0ijiI6qXXPn7jPsE


Filer: ishell

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 4 by ishell@chromium.org, Apr 13 2016

Cc: hpayer@chromium.org u...@chromium.org mstarzinger@chromium.org
Owner: mlippautz@chromium.org
Status: Assigned (was: Available)
Project Member

Comment 5 by ClusterFuzz, Apr 13 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5250606956019712

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  _ZN2v88internal13RememberedSetILNS0_16PointerDirectionE0EE7IterateIZNS3_16Verify
  _ZN2v88internal13RememberedSetILNS0_16PointerDirectionE0EE19IterateMemoryChunksI
  v8::internal::MarkCompactCollector::ClearInvalidRememberedSetSlots
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95xQl-7noleqe-9mQLoQjCXDb_AoRBospgTn3DvVdGzZTeW7I0LoXzenjpa09UCoJ_yAzwErY8aV07V0G82r_JzERim30YYqF2_p8jYpiBO666beAfqKRmmAw3sjXNWNkTbYjyH7hRNuGfF3Vk5lBEiZt8sV5KMo3FXrvVxXRFOPBS90I8


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Apr 13 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6614560110280704

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  <unknown>
  v8::base::OS::Abort
  [NUMBER:31323:0408/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97xb3_bIz_B34sA13e844lWhSVjuvCokeuaNtVGzDeZgIxTr3TN37KTonZ_Y4vd_pU6uZpHu2dIZ6jyKrXNT2jbKnJbZKZpnXmI3jXbNau9wjuaajR_IzKZAOnvJQMuGzQhuGemWO1QOoi7yeGzMMg_vS9gz2c1adW0ijiI6qXXPn7jPsE


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Apr 13 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5759912231043072

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:23804:0412/NUMBER:ERROR:cert_verify_proc_nss.cc(984)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95H9kLPv2b1iQ03kw4_gqQh-JJspiKu9fBWD3_kdlOToRhMDFY24JoHtVHU1bF5geWzYzhM97LRipsWyFJqt06iVdbSKKFYQ308pwUoddsYkzbqOnB84z64SCc5d08_aBqlIYc0m73v2nI2ycMO7fy7UH_PQsCsgxiymqUxuGpQ0RpJEVo


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by ClusterFuzz, Apr 13 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6557643103010816

Fuzzer: stgao_chromebot2
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  obj->IsValidSlot(offset) in v8/src/heap/remembered-set.cc
  [NUMBER:6060:0409/NUMBER:ERROR:gles2_cmd_decoder.cc(NUMBER)]
  <unknown>
  v8::base::OS::Abort
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv962Wy3fp0Ipkd7L8gm8l41wEw2R7WP3N9gbMSaWsX1qWoQyKuBhvIh1_xV6gzA1AwWHXKBAAd2vSs9XM50AkxD3HqtQFzTfGzBBqTyMazCoVBP7fehS3yBoD8Dtesyz3rezXdAY1nrSyDNnJDCE53jv6HS3gYOVZ7rmfHmBTRlJaRKQ5sk


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 9 by mlippautz@chromium.org, Apr 13 2016

Status: WontFix (was: Assigned)
Likely related to one of the many issues that prevented us from rolling. Since this is not happening any more let's close it.
Project Member

Comment 10 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment