New issue
Advanced search Search tips

Issue 682586 link

Starred by 1 user
Status: Duplicate
Merged: issue 682101
Owner:
machenb...@chromium.org
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

V8 correctness failure in configs: x64,fullcode:x64,ignition_staging

Project Member Reported by ClusterFuzz, Jan 19 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5589754113687552

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,fullcode:x64,ignition_staging
  sources: 9c0
  
Sanitizer: address (ASAN)

Regressed: V8: 42370:42371

Minimized Testcase (0.62 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94qfvVJqSJoaFn8PHAjGjyUUmUpTiIt7c7tRBu2DoRlklkKWoU7tbQWXkhaNo3FtVFFafucqrXYl4LW23G60AfQH9RJhJwWjMAjubcTtsWvUy5loLVpb_lMLDfZiw9E526A-g_6uFHnUn8dMVqks26gEYlRP-R5Li1Hu2-4AqINT7eu-URrDeBnj5ZbtKfJn5YP6Un1sRqbYjzuvnbUzSjsCGNjzYABU4qJFx95BJXfMP4yh6SnVC_-lxwOrKVtiS5DPJWRIX3ivNcu_vdko5L28qPk9oJp8npgKRj6oDM7P0uJR-wLXZD0ECQNu4nyBpq6AuZlSIT6tUKWZZYDDi5evOwMH8b3j9a4CNQ71Cm9EAvZM5k?testcase_id=5589754113687552
__PrettyPrint = function __PrettyPrint(value, depth=__max_depth) {
  switch (typeof value) {
    case "object":
      switch (objectClass) {
      case "Number":
      }
  }
}
assertEquals = function assertEquals(expected, found, name_opt) { print(found); };
var __v_0 = 1073741823;
var __v_1 = function() {};
print("v8-foozzie source: /v8/test/mjsunit/compiler/inline-literals.js");
function __f_1() {
  return __v_1;
}
function __f_4(a, b, c) {
  return a + __f_1()();
}
function __f_5(a, b, c, __v_3) {
  var __v_2 = __f_4(a, b, c);
  assertEquals(__v_0, __v_2, "__f_5");
}
__f_5();
%OptimizeFunctionOnNextCall(__f_5);
__f_5( "c");


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by hablich@chromium.org, Jan 20 2017

Owner: machenb...@chromium.org
Status: Assigned (was: Untriaged)
As discussed, moving to machenbach@ for further triage.
Project Member

Comment 2 by ClusterFuzz, Mar 8 2017 

ClusterFuzz has detected this issue as fixed in range 43654:43655.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5589754113687552

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,fullcode:x64,ignition_staging
  sources: 9c0
  
Sanitizer: address (ASAN)

Regressed: V8: 42370:42371
Fixed: V8: 43654:43655

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94qfvVJqSJoaFn8PHAjGjyUUmUpTiIt7c7tRBu2DoRlklkKWoU7tbQWXkhaNo3FtVFFafucqrXYl4LW23G60AfQH9RJhJwWjMAjubcTtsWvUy5loLVpb_lMLDfZiw9E526A-g_6uFHnUn8dMVqks26gEYlRP-R5Li1Hu2-4AqINT7eu-URrDeBnj5ZbtKfJn5YP6Un1sRqbYjzuvnbUzSjsCGNjzYABU4qJFx95BJXfMP4yh6SnVC_-lxwOrKVtiS5DPJWRIX3ivNcu_vdko5L28qPk9oJp8npgKRj6oDM7P0uJR-wLXZD0ECQNu4nyBpq6AuZlSIT6tUKWZZYDDi5evOwMH8b3j9a4CNQ71Cm9EAvZM5k?testcase_id=5589754113687552


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Mar 8 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5589754113687552 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 4 by machenb...@chromium.org, Mar 8 2017

Labels: ClusterFuzz-Wrong
Status: Available (was: Verified)

Comment 5 by mstarzinger@chromium.org, Mar 10 2017

Mergedinto: 682101
Status: Duplicate (was: Available)

Comment 6 by infe...@chromium.org, Sep 18 2017

Labels: -ClusterFuzz-Wrong
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.

Sign in to add a comment