Suspected CLs	Regression information is not available. The result is the blame information.

Author: kotenkov
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/90ab609c3dcf497cb08af396f552ca1c8c56e10a
Time: Fri May 27 11:46:46 2016
The CL last changed line 737 of file PartitionAlloc.h, which is stack frame 0.

Author: caitpotter88
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/74b20fa86efa112b53c838b88af7c060eb6e6f65
Time: Thu Jan 14 19:06:20 2016
The CL last changed line 102 of file ArrayBufferContents.cpp, which is stack frame 1.

Author: caitpotter88
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/74b20fa86efa112b53c838b88af7c060eb6e6f65
Time: Thu Jan 14 19:06:20 2016
The CL last changed line 114 of file ArrayBufferContents.cpp, which is stack frame 2.

Author: caitpotter88
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/74b20fa86efa112b53c838b88af7c060eb6e6f65
Time: Thu Jan 14 19:06:20 2016
The CL last changed line 310 of file V8Initializer.cpp, which is stack frame 3.

Author: mstarzinger
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/aca4a411e7082ffc790d79261ff383043de756ad
Time: Wed Aug 26 13:59:35 2015
The CL last changed line 18553 of file objects.cc, which is stack frame 4.

Author: bmeurer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/528bb4b960aa2b980d5e1716bd0eebf059c131e7
Time: Wed Feb 17 19:58:28 2016
The CL last changed line 4826 of file builtins.cc, which is stack frame 5.

Author: bmeurer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/cb21144baf8a11c406df17ffcabf1e4ba978c9f1
Time: Fri Jan 01 07:12:48 2016
The CL last changed line 4800 of file builtins.cc, which is stack frame 6.

Suspected Project: chromium

@kotenkov: Hey, would you mind checking the above issue as per suspected CL in Frame O.
Feel free to re-assign if that is not the case.

I really appreciate your help.

Thank you!

It seems unlikely that my CL is the reason: it only substitutes CHECKS with RELEASE_ASSERTS and it is a revert of the inverse conversion.

From the above blame information suspecting

https://codereview.chromium.org/1577783004

Please reassign if this is not related to your change

This blamed change sounds likely, and I would personally be OK with reverting it. The goal of the change was to allow V8 to intercept allocation failure, but underlying OS mechanisms don't give us a way to really get at that in a fully correct way. Maybe another mechanism, such as a window property to give an estimate of the amount of free memory, together with crashing on allocation failure, would be a better interface without leading to these assertion failures.

This occurs only when MEMORY_TOOL_REPLACES_ALLOCATOR is defined, which does not honour the PartitionAllocReturnNull flag (for some reason).

Maybe partitionAllocGenericFlags ought to be updated to honour the flag? `CHECK(result || flags & PartitionAllocReturnNull)` or something

Not mine as far as I see.

https://codereview.chromium.org/2044673003/ should fix the cluster-fuzz failure

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7757f92ee97b2668c3f412fa0ebdb62321d8bd0d

commit 7757f92ee97b2668c3f412fa0ebdb62321d8bd0d
Author: caitpotter88 <caitpotter88@gmail.com>
Date: Tue Jun 07 23:58:53 2016

Honour PartitionAllocReturnNull flag when MEMORY_TOOL_REPLACES_ALLOCATOR

Previously, for builds defining MEMORY_TOOL_REPLACES_ALLOCATOR, the
PartitionAllocReturnNull flag was not respected. This can causes problems on
cluster-fuzz, due to generating valid scripts which ought to just throw a
RangeError (as they do in ordinary builds) rather than crashing.

BUG= 617628 
R=jochen@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2044673003
Cr-Commit-Position: refs/heads/master@{#398422}

[modify] https://crrev.com/7757f92ee97b2668c3f412fa0ebdb62321d8bd0d/third_party/WebKit/Source/wtf/allocator/PartitionAlloc.h

ClusterFuzz has detected this issue as fixed in range 398017:398731.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5743343086862336

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  result
  blink::ArrayBufferAllocator::Allocate
  v8::internal::JSArrayBuffer::SetupAllocatingData
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=398017:398731

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv975uWlM9M2YLoTxLrgOokVcKqMQ3q7ruByC8yuy3zKkzs_uF_2uAxk6Uz8YvROl6TRm8jIR1y5fdrpslwEncINZUITJdeQejSsBBNaZQSd1KMIoemk9vYvzN55TySAnlr-nLjMmwLZqDbXfwb1V6euNVlJGwQ
<script>
    var buffer = new ArrayBuffer(9223372036854775632);
    </script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot