!isolate->has_pending_exception() in contexts.cc |
|||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6073538058649600 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !isolate->has_pending_exception() in contexts.cc Minimized Testcase (0.30 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95YYr81HGjZ3qm2rAKjhOSNUQ8VuqlvWwK6Dztob12lNwF0p5V7vqyiQ-p5Ba0nYoIvNA3zcFHna7eqDhyjZ91BIADHo_t8NmCtUNsbQM8OkwgJ5KIBWnuMWTgl6uLhm_QqVgINuMhAJ5rUb3Tg3oaokkG2mA var __v_13 = {}; var __v_17 = {}; __v_5 = __v_17 + __v_13; function __f_15(asmfunc) { var __v_12 = asmfunc.toString(); var __v_13 = __v_12.replace(); var __v_15 = eval("(" + __v_13 + ")")(); var __v_7 = Wasm.instantiateModuleFromAsm(__v_5); __v_16; } function __f_16() { } __f_15( function() { }); Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 13 2016
,
Jun 13 2016
,
Jun 17 2016
I was able to reduce the test case to
Wasm.instantiateModuleFromAsm({}+{});
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
,
Jun 21 2016
Issue 621808 has been merged into this issue.
,
Jul 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5133071146024960 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !has_pending_exception() in isolate.cc Regressed: V8: r37469:37470 Minimized Testcase (7.80 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94L7f3zHwUDwnb6_c2EntdLIttKADZwEO-_N6WuE6zNxWRv5NuCLwEgMr3My8Gc3QK2GO83iiwF72sM_5WooeIKDfDTLJ7PDzLLKwQ3DTpFBhLxBV3JrNVG4_eS-nhD5g3JXT2ATbvkq-4uEDCp6JJnc52d-A?testcase_id=5133071146024960 Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 2 2016
ClusterFuzz has detected this issue as fixed in range 37477:37478. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5133071146024960 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !has_pending_exception() in isolate.cc Regressed: V8: r37469:37470 Fixed: V8: r37477:37478 Minimized Testcase (7.80 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94L7f3zHwUDwnb6_c2EntdLIttKADZwEO-_N6WuE6zNxWRv5NuCLwEgMr3My8Gc3QK2GO83iiwF72sM_5WooeIKDfDTLJ7PDzLLKwQ3DTpFBhLxBV3JrNVG4_eS-nhD5g3JXT2ATbvkq-4uEDCp6JJnc52d-A?testcase_id=5133071146024960 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 5 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6268523127242752 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !has_pending_exception() in isolate.cc Regressed: V8: r34586:34587 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96_4z8EAYKU7SFngF_3fERnsrtrlsJKnDWzfOnqhQfV-r1Qu-sYa5MveN6ke2YyMgMl3JqK_XmGr8J722Ly7fENAN53p0GhBRIjFtsaGFd96fWdy-dDTRTxgJ9KniRefiY1Snx9Z-PYXFEDoyLjRMD5oArDVQ?testcase_id=6268523127242752 Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6268523127242752 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !has_pending_exception() in isolate.cc Regressed: V8: r34586:34587 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96_4z8EAYKU7SFngF_3fERnsrtrlsJKnDWzfOnqhQfV-r1Qu-sYa5MveN6ke2YyMgMl3JqK_XmGr8J722Ly7fENAN53p0GhBRIjFtsaGFd96fWdy-dDTRTxgJ9KniRefiY1Snx9Z-PYXFEDoyLjRMD5oArDVQ?testcase_id=6268523127242752 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 19 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6544689675370496 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !isolate->has_pending_exception() in compiler.cc Regressed: V8: r34586:34587 Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97vdzSFIY8pvUO31R2oSdWseeGrGMaoxXK1--TMW0hTs2-9-htOucfYwt0KsBPfiHCxiK_KAZ1KZOf4OGF_vual_0UiGMf85i8ns669LFfbIWHXKNKzpOjtWFSCJ_cM1O1hVFdIR8IlE0FiYkqHhfY8vZ-law?testcase_id=6544689675370496 Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5361893420302336 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !isolate->has_pending_exception() in contexts.cc Regressed: V8: r34586:34587 Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97tM5RwqLP_60e-KgqJyYZDp5XBpul6kv-XX1rGtjpAKUNaiOGLDcF51pre__WPDBaE04rlZI6pCL5KJkInK37k_z9AEk7R5Z4JnEyuP1FhBv-DoOfVXqqpv2DYEUgynYC6r5Lqrl4PSU0aZoy0mIMmKWCNsQ?testcase_id=5361893420302336 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 12 2016
Aseem, can you try to repro this.
,
Aug 23 2016
ClusterFuzz has detected this issue as fixed in range 38805:38806. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6544689675370496 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !isolate->has_pending_exception() in compiler.cc Regressed: V8: r34586:34587 Fixed: V8: r38805:38806 Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97vdzSFIY8pvUO31R2oSdWseeGrGMaoxXK1--TMW0hTs2-9-htOucfYwt0KsBPfiHCxiK_KAZ1KZOf4OGF_vual_0UiGMf85i8ns669LFfbIWHXKNKzpOjtWFSCJ_cM1O1hVFdIR8IlE0FiYkqHhfY8vZ-law?testcase_id=6544689675370496 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 23 2016
ClusterFuzz has detected this issue as fixed in range 38805:38806. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5361893420302336 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !isolate->has_pending_exception() in contexts.cc Regressed: V8: r34586:34587 Fixed: V8: r38805:38806 Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97tM5RwqLP_60e-KgqJyYZDp5XBpul6kv-XX1rGtjpAKUNaiOGLDcF51pre__WPDBaE04rlZI6pCL5KJkInK37k_z9AEk7R5Z4JnEyuP1FhBv-DoOfVXqqpv2DYEUgynYC6r5Lqrl4PSU0aZoy0mIMmKWCNsQ?testcase_id=5361893420302336 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 11 2016
This relates to a code path that doesn't exist anymore.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ishell@chromium.org
, Jun 13 2016Owner: titzer@chromium.org