Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5551180676857856 Fuzzer: libfuzzer_v8_wasm_code_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Disposing the isolate that is entered by a thread in wasm-code.cc Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=435634:435703 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95EOWki9FXI4ei3SwuwPhfgqD652Pz6Wk2I50o73ajB2uUSdNr5Ui1qtP3XQD3M3vr-a4tCLtZtlc_1Z5BCnoAFIB-yxpF9GnfUBhGU6ih7bOG2tblFlmPUa7PmhbAm27qaLLF_N3hpOH9cKsKWwQs72p9r0FM6y9YtxQqzWsECP-udxufOaymmK1h8hYvxSXPgMQulE7DAyi7awQhh5222HBHFCDTK9dhdrsNvlWB-pI8zzY1bkWsBFhpetUrWlgSGXgk8htuge0eC0dTUcZSkRQGY-0dK09QP_eEQO3zluakZJMlbjtd6uOYTC8NhOs2EBMMMf4mDaT-QvqniTSkSvIhaUySjNxYAOuVgWeUKpBCViwI?testcase_id=5551180676857856 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
ClusterFuzz has detected this issue as fixed in range 443818:443834. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5551180676857856 Fuzzer: libfuzzer_v8_wasm_code_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Disposing the isolate that is entered by a thread in wasm-code.cc Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=435634:435703 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=443818:443834 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95EOWki9FXI4ei3SwuwPhfgqD652Pz6Wk2I50o73ajB2uUSdNr5Ui1qtP3XQD3M3vr-a4tCLtZtlc_1Z5BCnoAFIB-yxpF9GnfUBhGU6ih7bOG2tblFlmPUa7PmhbAm27qaLLF_N3hpOH9cKsKWwQs72p9r0FM6y9YtxQqzWsECP-udxufOaymmK1h8hYvxSXPgMQulE7DAyi7awQhh5222HBHFCDTK9dhdrsNvlWB-pI8zzY1bkWsBFhpetUrWlgSGXgk8htuge0eC0dTUcZSkRQGY-0dK09QP_eEQO3zluakZJMlbjtd6uOYTC8NhOs2EBMMMf4mDaT-QvqniTSkSvIhaUySjNxYAOuVgWeUKpBCViwI?testcase_id=5551180676857856 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 5551180676857856 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/fec614151a3f5aad0a6d44d7eafc38e8f3a006c2 commit fec614151a3f5aad0a6d44d7eafc38e8f3a006c2 Author: ahaas <ahaas@chromium.org> Date: Mon Jan 16 10:43:03 2017 [wasm] Remove special treatment of F(32|64)Sub in the interpreter. The special treatment is not required anymore because the wasm spec changed and NaNs do not have to be preserved anymore. In addition, it may introduce non-determinism which confused the fuzzers. R=titzer@chromium.org BUG= chromium:681033 Review-Url: https://codereview.chromium.org/2630293002 Cr-Commit-Position: refs/heads/master@{#42359} [modify] https://crrev.com/fec614151a3f5aad0a6d44d7eafc38e8f3a006c2/src/wasm/wasm-interpreter.cc
Comment 1 by mummare...@chromium.org
, Jan 14 2017Labels: Test-Predator-Wrong M-57