Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6322874429472768 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: kMutable == next_constness in map-updater.cc Sanitizer: address (ASAN) Regressed: V8: 42496:42497 Minimized Testcase (11.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Zofmh6awub9OdD1ggVt17RH11DmSDqY5hYcEY1Xjm-NiU4iEL0jJnHX0LWXX9yAORMLbM9WJMonu8rSsL_6VCObbe_ICaqfj83vyVz6I7SdpVjIVz0-OvB8UjNcZJMvgBVoCMk_14UbdXcCF392CwWkb-4Q3nL3o-aPlh0F-_Llg9mgAOHXqyjEyce_gKkuC3FR1YvPnXc8oGbf51XsYUmG3cs91vXqweScYkDdJDuI4d4SL0fgOnv6rWCNAM0SeyYcxP5T39O30loTS4LY1_kJ8jPvsFyG8NAU95DGrGqyezN-KL34ZKIGfcSY2QY5AWrugVJ6wpt12q-xWi3wry8sxevHTUNpsFUop4TpY0WsC6pRQ?testcase_id=6322874429472768 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Through code search on file map-updater.cc, suspected CL is https://chromium.googlesource.com/v8/v8/+/1dcd8b23820c427903637b040482358640ec33fd%5E%21/src/map-updater.cc
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/d02ca3625f9f496fa5374f8582c137cf5a6ba883 commit d02ca3625f9f496fa5374f8582c137cf5a6ba883 Author: ishell <ishell@chromium.org> Date: Fri Jan 20 13:17:04 2017 [runtime] Always request kMutable constness when reconfiguring to a field. BUG= chromium:682706 Review-Url: https://codereview.chromium.org/2644853003 Cr-Commit-Position: refs/heads/master@{#42554} [modify] https://crrev.com/d02ca3625f9f496fa5374f8582c137cf5a6ba883/src/map-updater.cc
ClusterFuzz has detected this issue as fixed in range 42553:42554. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6322874429472768 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: kMutable == next_constness in map-updater.cc Sanitizer: address (ASAN) Regressed: V8: 42496:42497 Fixed: V8: 42553:42554 Minimized Testcase (11.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Zofmh6awub9OdD1ggVt17RH11DmSDqY5hYcEY1Xjm-NiU4iEL0jJnHX0LWXX9yAORMLbM9WJMonu8rSsL_6VCObbe_ICaqfj83vyVz6I7SdpVjIVz0-OvB8UjNcZJMvgBVoCMk_14UbdXcCF392CwWkb-4Q3nL3o-aPlh0F-_Llg9mgAOHXqyjEyce_gKkuC3FR1YvPnXc8oGbf51XsYUmG3cs91vXqweScYkDdJDuI4d4SL0fgOnv6rWCNAM0SeyYcxP5T39O30loTS4LY1_kJ8jPvsFyG8NAU95DGrGqyezN-KL34ZKIGfcSY2QY5AWrugVJ6wpt12q-xWi3wry8sxevHTUNpsFUop4TpY0WsC6pRQ?testcase_id=6322874429472768 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 6322874429472768 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by mummare...@chromium.org
, Jan 19 2017Owner: ishell@chromium.org
Status: Assigned (was: Untriaged)