!removed || frame->LookupCode()->marked_for_deoptimization() in src/isolate.cc |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6280629099954176 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !removed || frame->LookupCode()->marked_for_deoptimization() in src/isolate.cc Regressed: V8: r34991:34992 Minimized Testcase (9.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96cGeIqZKDWGU_cd_nyMa0QXUYmT0SnyW5wQR_xO5RPKvfKc3l6AaqlgZVeNHFrPbTFfVVPoeq7EQra2AsSflsrwkW3IxUCYYiQmwgKl6F6bQNUW7DK5I3LcMz5nWuVAAHHAgHdE1kn6gU2eyMTLSQDZojOeA Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 20 2016
,
Apr 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/b4dbb2f710834f37a0e6fbc5ea7c6d660d25c8b0 commit b4dbb2f710834f37a0e6fbc5ea7c6d660d25c8b0 Author: ishell <ishell@chromium.org> Date: Thu Apr 21 09:53:06 2016 [deoptimizer] Do not modify stack_fp which is used as a key for lookup of previously materialized objects. BUG= chromium:604680 , v8:4698 LOG=N Review URL: https://codereview.chromium.org/1904663003 Cr-Commit-Position: refs/heads/master@{#35693} [modify] https://crrev.com/b4dbb2f710834f37a0e6fbc5ea7c6d660d25c8b0/src/deoptimizer.cc [add] https://crrev.com/b4dbb2f710834f37a0e6fbc5ea7c6d660d25c8b0/test/mjsunit/regress/regress-crbug-604680.js
,
Apr 21 2016
,
Apr 21 2016
ClusterFuzz has detected this issue as fixed in range 35692:35693. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6280629099954176 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !removed || frame->LookupCode()->marked_for_deoptimization() in src/isolate.cc Regressed: V8: r34991:34992 Fixed: V8: r35692:35693 Minimized Testcase (9.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96cGeIqZKDWGU_cd_nyMa0QXUYmT0SnyW5wQR_xO5RPKvfKc3l6AaqlgZVeNHFrPbTFfVVPoeq7EQra2AsSflsrwkW3IxUCYYiQmwgKl6F6bQNUW7DK5I3LcMz5nWuVAAHHAgHdE1kn6gU2eyMTLSQDZojOeA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 22 2016
,
Apr 25 2016
CF is still complaining on Beta#51.0.2704.22. Seems like we need a merge to M51. Thank you!
,
Apr 25 2016
Here is the CF Report: https://cluster-fuzz.appspot.com/testcase?key=5457310696079360
,
Apr 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/1ef876ea478a6bf3ddc0748625a5da3130436248 commit 1ef876ea478a6bf3ddc0748625a5da3130436248 Author: ishell@chromium.org <ishell@chromium.org> Date: Tue Apr 26 08:40:32 2016 Version 5.1.281.17 (cherry-pick) Merged b4dbb2f710834f37a0e6fbc5ea7c6d660d25c8b0 [deoptimizer] Do not modify stack_fp which is used as a key for lookup of previously materialized objects. BUG= chromium:604680 ,v8:4698 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/1921773002 . Cr-Commit-Position: refs/branch-heads/5.1@{#21} Cr-Branched-From: 167dc63b4c9a1d0f0fe1b19af93644ac9a561e83-refs/heads/5.1.281@{#1} Cr-Branched-From: 03953f52bd4a184983a551927c406be6489ef89b-refs/heads/master@{#35282} [modify] https://crrev.com/1ef876ea478a6bf3ddc0748625a5da3130436248/include/v8-version.h [modify] https://crrev.com/1ef876ea478a6bf3ddc0748625a5da3130436248/src/deoptimizer.cc [add] https://crrev.com/1ef876ea478a6bf3ddc0748625a5da3130436248/test/mjsunit/regress/regress-crbug-604680.js
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ishell@chromium.org
, Apr 19 2016Status: Assigned (was: Available)