Crash in v8::internal::Isolate::PushStackTraceAndDie |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5464292645404672 Fuzzer: libfuzzer_v8_wasm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x000001d78328 Crash State: v8::internal::Isolate::PushStackTraceAndDie v8::internal::LookupIterator::GetRootForNonJSReceiver v8::internal::LookupIterator::LookupIterator Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=430927:430950 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ZgLm-Z_GsiqeD_ghwU9WiOAUl2mibN2CiE3Es4MYG_qhrTln9tRmCbaQ3TSI-xiEOcd5mg5HUTKuAM-iGRhhJTwsUxszj21JNvuiLFDaZ7w1Bxt-eVuP6ItETl5d7VmSDmdfSJ-qJeeeLuCr4s0y57qj6PA?testcase_id=5464292645404672 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Nov 18 2016
Bisects to https://codereview.chromium.org/2486183002 out/x64.debug/v8_simple_wasm_fuzzer fuzz-3-v8_wasm_fuzzer
,
Nov 18 2016
Issue 663992 has been merged into this issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/a2081b2d7c7e662abe4d67c4a544019b7eb79ec9 commit a2081b2d7c7e662abe4d67c4a544019b7eb79ec9 Author: ahaas <ahaas@chromium.org> Date: Tue Jan 10 09:55:10 2017 [wasm] The exports property of a wasm instance should always exist R=clemensh@chromium.org BUG= chromium:663994 Review-Url: https://codereview.chromium.org/2622563002 Cr-Commit-Position: refs/heads/master@{#42163} [modify] https://crrev.com/a2081b2d7c7e662abe4d67c4a544019b7eb79ec9/src/wasm/wasm-module.cc [add] https://crrev.com/a2081b2d7c7e662abe4d67c4a544019b7eb79ec9/test/mjsunit/regress/wasm/regression-663994.js
,
Jan 11 2017
ClusterFuzz has detected this issue as fixed in range 442570:442614. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5464292645404672 Fuzzer: libfuzzer_v8_wasm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x000001d78328 Crash State: v8::internal::Isolate::PushStackTraceAndDie v8::internal::LookupIterator::GetRootForNonJSReceiver v8::internal::LookupIterator::LookupIterator Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=430927:430950 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=442570:442614 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ZgLm-Z_GsiqeD_ghwU9WiOAUl2mibN2CiE3Es4MYG_qhrTln9tRmCbaQ3TSI-xiEOcd5mg5HUTKuAM-iGRhhJTwsUxszj21JNvuiLFDaZ7w1Bxt-eVuP6ItETl5d7VmSDmdfSJ-qJeeeLuCr4s0y57qj6PA?testcase_id=5464292645404672 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 11 2017
ClusterFuzz testcase 5464292645404672 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Nov 10 2016Components: Blink>JavaScript
Labels: Test-Predator-Wrong-CLs
Status: Available (was: Untriaged)