New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684958 link

Starred by 2 users
Status: Duplicate
Merged: issue 684858
Owner:
mtrofin@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in GetNameOrNull

Project Member Reported by ClusterFuzz, Jan 25 2017

Comment 1 by msrchandra@chromium.org, Jan 25 2017

Cc: msrchandra@chromium.org mtrofin@chromium.org
Components: Blink>JavaScript
Labels: Test-Predator-Correct-CLs
Providing the Find it results --
The result is a list of CLs that change the crashed files. 

Author: mtrofin
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/8da82d30b861cdb6cc3c4276322a1592cb8ae4a2
Time: Tue Jan 24 07:11:01 2017
Lines 3752, 3772-3774 of file wasm-compiler.cc which potentially caused crash are changed in this cl (frame #4, "v8::internal::compiler::WasmCompilationUnit::WasmCompilationUnit"). 

File wasm-module.cc is changed in this cl (and is part of stack frame #5, "InitializeParallelCompilation"; frame #6, "CompileInParallel")
Minimum distance from crash line to modified line: 0. (file: wasm-compiler.cc, crashed on: 3752, modified: 3752).

Not changing the status as this is a v8 related issue.
Could some one please look into the issue and update.
Thank You.

Comment 2 by mtrofin@chromium.org, Jan 25 2017

Cc: -mtrofin@chromium.org
Owner: mtrofin@chromium.org
Status: Started (was: Untriaged)
I have a fix about ready, this isn't actually related to that change. It's reproducible with our without it. The fix (https://codereview.chromium.org/2656563005/) describes what the problem is.

Comment 3 by mtrofin@chromium.org, Jan 25 2017

Mergedinto: 684858
Status: Duplicate (was: Started)
Project Member

Comment 4 by ClusterFuzz, Jan 26 2017 

ClusterFuzz has detected this issue as fixed in range 446005:446058.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6243255399481344

Fuzzer: libfuzzer_v8_wasm_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x7fb21a130148
Crash State:
  GetNameOrNull
  v8::internal::wasm::ModuleWireBytes::GetNameOrNull
  v8::internal::compiler::WasmCompilationUnit::WasmCompilationUnit
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=445710:445758
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=446005:446058

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv973him9lRxfRnisVfsSR8DZFYbYbfYUn4-Wx1k29D-ewOdcB6YAHb8sIyULuQpE0_qAiYCnupanpGgkSusQxXT89WALne6uktMBX8I2Toqg5IDk6nGHllgWl-3p5pNEIp5GkBbmX0ZQrgxm8Bkag7Hl3l7AaN5lnp_lQrzlIj_8rlTnHwJhbUrryCrDymuj9UG3LwPDOMk-dErgkaAyokumVhiFaWreNxxkU5VXeRH9OSwtFTf1_9PTmZ43Qjac1HPhwX4oyDLlLimoaPXiDpJvLiQs0yXL7qqhB1LJC8-GmWrdGvtVMZddFmfYbvIB3z7EFPHeBoM2YEOuOzVnT6vP97sCxCyPJi2HD4QcZ1AnpusxCz4?testcase_id=6243255399481344

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment