New issue
Advanced search Search tips

Issue 635844 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Sep 2016
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::GlobalHandles::MakeWeak

Project Member Reported by ClusterFuzz, Aug 9 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5962064910876672

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  v8::internal::GlobalHandles::MakeWeak
  v8::V8::MakeWeak
  blink::ScriptWrappable::setWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828

Minimized Testcase (1.64 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97k6AvJPnQUJ-CbqKP1uG95Xyj5Rjo5-cXtN-8VyFrhcE_qqLKRqvugkTh731GdEpzjPzXUB-FeBCOCajJ9D2DIzmZ94xOq2rf1eBYhvgVvi5Qqb4Ccqye3DBa-2yMTD6gpJK_mxfI7YoQ5RxUA3DvCDttJTQ?testcase_id=5962064910876672

Issue manually filed by: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>WrongResult
Labels: findit-wrong Te-Logged
Status: Available (was: Untriaged)
providing Findit results for internal purpose:

Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a6da98d86ffab7e1e50319ed12b57fcb366e24ee
Time: Mon May 09 07:15:43 2016
The CL last changed line 286 of file global-handles.cc, which is stack frame 0.

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a6da98d86ffab7e1e50319ed12b57fcb366e24ee
Time: Mon May 09 07:15:43 2016
The CL last changed line 633 of file global-handles.cc, which is stack frame 1.

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a6da98d86ffab7e1e50319ed12b57fcb366e24ee
Time: Mon May 09 07:15:43 2016
The CL last changed line 799 of file api.cc, which is stack frame 2.

Author: ulan
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a6da98d86ffab7e1e50319ed12b57fcb366e24ee
Time: Mon May 09 07:15:43 2016
The CL last changed line 7877 of file v8.h, which is stack frame 3.

Author: haraken
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/2658bb52232e9d1fcb4b45b2846f4b69e9e44800
Time: Tue May 31 07:02:32 2016
The CL last changed line 107 of file ScriptWrappable.h, which is stack frame 4.

Author: yukishiino@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/da7929ef8a290d7dbb12abbc7e3ec2b95dff25b1
Time: Fri Jul 10 13:14:41 2015
The CL last changed line 141 of file DOMDataStore.h, which is stack frame 5.

Author: yukishiino@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/da7929ef8a290d7dbb12abbc7e3ec2b95dff25b1
Time: Fri Jul 10 13:14:41 2015
The CL last changed line 101 of file V8DOMWrapper.h, which is stack frame 6.

Suspected Project: chromium-v8
Suspected Component: Blink>JavaScript

requesting v8 team to check the issue and update.
Project Member

Comment 2 by ClusterFuzz, Sep 13 2016

ClusterFuzz has detected this issue as fixed in range 417868:417884.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5962064910876672

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  v8::internal::GlobalHandles::MakeWeak
  v8::V8::MakeWeak
  blink::ScriptWrappable::setWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=417868:417884

Minimized Testcase (1.64 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97k6AvJPnQUJ-CbqKP1uG95Xyj5Rjo5-cXtN-8VyFrhcE_qqLKRqvugkTh731GdEpzjPzXUB-FeBCOCajJ9D2DIzmZ94xOq2rf1eBYhvgVvi5Qqb4Ccqye3DBa-2yMTD6gpJK_mxfI7YoQ5RxUA3DvCDttJTQ?testcase_id=5962064910876672

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Sep 13 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment