New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 618999 link

Starred by 1 user
Status: WontFix
Owner:
jarin@chromium.org
Closed: Dec 2016
Cc:
hpayer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::MarkCompactCollector::PrepareThreadForCodeFlushing

Project Member Reported by ClusterFuzz, Jun 10 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5317099560108032

Fuzzer: therealholden_worker
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  v8::internal::MarkCompactCollector::PrepareThreadForCodeFlushing
  v8::internal::MarkCompactCollector::PrepareForCodeFlushing
  v8::internal::MarkCompactCollector::MarkLiveObjects
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=398867:398897

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95OnM1sbXJIB49BpnchwaZDPHlPVMCcgIu7VatCBE6x2EFzkU4GqWnj-9kAMW-7DfTPslxD7DUTfgKiOg2I9_I64K9_XoqvMleATUm_1IjgeKpTH6m1-OgAHUpND21BnJWV-dyRyXA-sGZLukEb_TO1QaMTPQ


Additional requirements: Requires HTTP

Filer: ashejole

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ashej...@chromium.org, Jun 10 2016

Components: Blink>JavaScript
Labels: Te-Logged
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: vegorov@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/ac36cb4504409229002a2bf3845b0f81b08a94e4
Time: Mon Sep 19 18:36:47 2011
The CL last changed line 216 of file mark-compact.h, which is stack frame 0.

Author: mstarzinger
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/26241740bbbd5990eb940154c53ab85f0c5628cc
Time: Mon Aug 17 16:58:16 2015
The CL last changed line 17 of file mark-compact-inl.h, which is stack frame 1.

Author: mstarzinger
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/33922309919bf9a0aa9989b34560b3d60bcf9b82
Time: Mon Aug 17 13:09:29 2015
The CL last changed line 39 of file mark-compact-inl.h, which is stack frame 2.

Author: vegorov@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a457040ca6a21008905792fe8c032fc94aab6635
Time: Thu Dec 08 16:07:07 2011
The CL last changed line 1356 of file mark-compact.cc, which is stack frame 3.

Author: karlklose@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/b8d5fd7d329f122d754a8f689a48c3e56da2b74c
Time: Fri Apr 01 11:59:00 2011
The CL last changed line 1378 of file mark-compact.cc, which is stack frame 4.

Author: hpayer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/c5479518e089d48399117228868c743eed13bbb3
Time: Fri Oct 16 15:41:27 2015
The CL last changed line 2304 of file mark-compact.cc, which is stack frame 5.

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/8c376b4635831ff28bb4a04f3859ad7e51c17e8b
Time: Tue Dec 08 20:50:50 2015
The CL last changed line 346 of file mark-compact.cc, which is stack frame 6.

Suspected Project: chromium-v8
Suspected Component: Blink>JavaScript

Comment 2 by ishell@chromium.org, Jul 25 2016

Cc: hpayer@chromium.org
Labels: -ClusterFuzz Clusterfuzz
Owner: jarin@chromium.org
Status: Assigned (was: Available)
Assigning to current Memory Sheriff for investigation.
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5317099560108032 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment