map == code->GetHeap()->code_map() in frames.cc |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5707255068753920 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map == code->GetHeap()->code_map() in frames.cc Regressed: V8: r36762:36763 Minimized Testcase (0.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv974uIIa8Ve39xpDwookgSmwhZCHicA4cB13XiZicBrNwjgWlDqU0sPrxQCdAOYUYVx5FeMIGmQqUoHe3iVhbm2sHUB9SZnGqjA25x3D2Z9gqSHDvwGI_IHfvdX998NcVYu2wgqW_PeHmzGsbuodO6eYLVYeYg Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 7 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2 commit 2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2 Author: hpayer <hpayer@chromium.org> Date: Tue Jun 07 15:03:07 2016 [heap] Unregister shrinked large object memory from chunk map. BUG= chromium:617883 LOG=n Review-Url: https://codereview.chromium.org/2046953002 Cr-Commit-Position: refs/heads/master@{#36793} [modify] https://crrev.com/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2/src/hashmap.h [modify] https://crrev.com/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2/src/heap/spaces.cc [modify] https://crrev.com/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2/src/heap/spaces.h
,
Jun 7 2016
ClusterFuzz has detected this issue as fixed in range 36801:36802. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5707255068753920 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map == code->GetHeap()->code_map() in frames.cc Regressed: V8: r36762:36763 Fixed: V8: r36801:36802 Minimized Testcase (0.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv974uIIa8Ve39xpDwookgSmwhZCHicA4cB13XiZicBrNwjgWlDqU0sPrxQCdAOYUYVx5FeMIGmQqUoHe3iVhbm2sHUB9SZnGqjA25x3D2Z9gqSHDvwGI_IHfvdX998NcVYu2wgqW_PeHmzGsbuodO6eYLVYeYg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/56a9e33802c08563495ce0ef5aa47025fe8f594a commit 56a9e33802c08563495ce0ef5aa47025fe8f594a Author: hpayer <hpayer@chromium.org> Date: Wed Jun 08 06:11:38 2016 Revert of [heap] Unregister shrinked large object memory from chunk map. (patchset #6 id:100001 of https://codereview.chromium.org/2046953002/ ) Reason for revert: Revert because uncommit of lo is broken. Original issue's description: > [heap] Unregister shrinked large object memory from chunk map. > > BUG= chromium:617883 > LOG=n > > Committed: https://crrev.com/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2 > Cr-Commit-Position: refs/heads/master@{#36793} TBR=ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= chromium:617883 Review-Url: https://codereview.chromium.org/2046563008 Cr-Commit-Position: refs/heads/master@{#36806} [modify] https://crrev.com/56a9e33802c08563495ce0ef5aa47025fe8f594a/src/hashmap.h [modify] https://crrev.com/56a9e33802c08563495ce0ef5aa47025fe8f594a/src/heap/spaces.cc [modify] https://crrev.com/56a9e33802c08563495ce0ef5aa47025fe8f594a/src/heap/spaces.h
,
Jun 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5893647010889728 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map == code->GetHeap()->code_map() in frames.cc Regressed: V8: r36802:36803 Minimized Testcase (2.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9463hDFPfC03YEitAXJ9ckwWq8b1lwToYUbaFcXCOrfY9dxmkGPP8CsT2gguet0XB1_2a5U--cli7HNpWcChPXT-0378plLg_7_XS_DIJTA7fDFMzf7NEgKsyab3a2sXPUj9c2pU8VYCTuNDpnnM0pDTVDoXw Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 9 2016
ClusterFuzz has detected this issue as fixed in range 36806:36807. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5893647010889728 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map == code->GetHeap()->code_map() in frames.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=36802:36803 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=36806:36807 Minimized Testcase (0.57 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97s8FXeHW8-W2JY47DmQ47TwJGUUzIMqT-9-2l3PJFKv6VyyAyn19u87KuqzU0x3dcbNtLArIgBakbSPwKtfk01QHNyUMvkT6rheihWYOE_3f9rFBw7Cfz9M2drNSENijMrIJid1K7UXcd-5uwHgYC_g0jtwA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by mstarzinger@chromium.org
, Jun 7 2016Owner: hpayer@chromium.org
Status: Assigned (was: Available)