Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5128996015833088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: WeakCell::cast(list->get(shared->function_literal_id()))->value() == *shared in Regressed: V8: r41733:41734 Minimized Testcase (0.75 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fHcubNGtZsLBKFiKvJe_5gKqjm46HBoce2iM_wK8-zxjKPQGw2sEAQEFXA9x1K9YceAoQbKK_rof_icKiUV30UYIRP3h8fXZbN-xXvQV3PADlYA0kM5t_RYAXhXKKX-b_KVTynfolMDNHK8VxC3mdqbBtiQ?testcase_id=5128996015833088 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
CF points to 4f2cb8fe829ea84eb4920a7e3ec30bd9f3f5e7e6.
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/58247e87be6a0c5f0bc021c9f329977f5765fe30 commit 58247e87be6a0c5f0bc021c9f329977f5765fe30 Author: jochen <jochen@chromium.org> Date: Mon Dec 19 11:33:26 2016 Use preexisting SharedFunctionInfos in the asm-wasm builder BUG= chromium:675114 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2583113002 Cr-Commit-Position: refs/heads/master@{#41796} [modify] https://crrev.com/58247e87be6a0c5f0bc021c9f329977f5765fe30/src/asmjs/asm-js.cc [modify] https://crrev.com/58247e87be6a0c5f0bc021c9f329977f5765fe30/src/asmjs/asm-js.h [modify] https://crrev.com/58247e87be6a0c5f0bc021c9f329977f5765fe30/src/asmjs/asm-wasm-builder.cc [modify] https://crrev.com/58247e87be6a0c5f0bc021c9f329977f5765fe30/src/asmjs/asm-wasm-builder.h [modify] https://crrev.com/58247e87be6a0c5f0bc021c9f329977f5765fe30/src/compiler.cc
ClusterFuzz has detected this issue as fixed in range 41795:41796. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5128996015833088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: WeakCell::cast(list->get(shared->function_literal_id()))->value() == *shared in Regressed: V8: r41733:41734 Fixed: V8: r41795:41796 Minimized Testcase (0.75 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fHcubNGtZsLBKFiKvJe_5gKqjm46HBoce2iM_wK8-zxjKPQGw2sEAQEFXA9x1K9YceAoQbKK_rof_icKiUV30UYIRP3h8fXZbN-xXvQV3PADlYA0kM5t_RYAXhXKKX-b_KVTynfolMDNHK8VxC3mdqbBtiQ?testcase_id=5128996015833088 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by ishell@chromium.org
, Dec 19 2016Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)