New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 704370 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug


Show other hotlists

Hotlists containing this issue:
Wasm-M59


Sign in to add a comment

CHECK failure: AllowHeapAllocation::IsAllowed() in heap.cc

Project Member Reported by ClusterFuzz, Mar 23 2017

Issue description

Components: Blink>JavaScript
Labels: Test-Predator-Wrong-CLs M-59

Comment 2 by ishell@chromium.org, Mar 28 2017

Cc: clemensh@chromium.org rossberg@chromium.org
Owner: ahaas@chromium.org
Status: Assigned (was: Untriaged)
PTAL. It fails here: https://cs.chromium.org/chromium/src/v8/src/assembler.cc?type=cs&q=assembler.cc:318+package:%5Echromium$&l=318

Comment 3 by ahaas@chromium.org, Mar 28 2017

Cc: ahaas@chromium.org
Owner: gdeepti@chromium.org
Hi Deepti,
I think this issue is related to GrowMemory. Could you take a look?
Cheers, Andreas
Status: Fixed (was: Assigned)
This has been fixed with the fix for  bug 699485 , GrowMemory related refactoring changes. 
Project Member

Comment 5 by ClusterFuzz, Apr 6 2017

ClusterFuzz has detected this issue as fixed in range 462049:462072.

Detailed report: https://clusterfuzz.com/testcase?key=6532538198917120

Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  AllowHeapAllocation::IsAllowed() in heap.cc
  v8::internal::Heap::CollectGarbage
  v8::internal::Heap::CollectAllAvailableGarbage
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=462049:462072

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96zNkWe98QMGC9rmkogVK_-jeDZDYJpbNrptKyzfhNdY9Xnx9-2z4Yd8-sCKgvwcltnioEfXPX250kGe1WW7MBe1MzoI1dhTqqfGr3QCMMSjWTEc5t1M80gPdzrm2goBoqIQWET6uTfF4zFJh2BCRXURN4O2fnI_1cI6f6VUdNE4i9ecRn2rhPMXhJC70F3w5bveX4-wSXIak7VjjJZZxrtX2idgTzEjqY49R9t3wXKNquVapofUVupa-6Iw3vkEVkttfu7RmQyU1zP7W0DVN0h7R3Xod_9MSPkQxYxin5oRptavG9hK0SxoCQA7oBhcuNs-v-34SE2HkrG_xw-FyoPC06v0bCY4FItFU-425UXcXHzBZtX7CPKGvxnkmAfCUzCGcS9sMyqR9bV-F0tclro3rjxHw?testcase_id=6532538198917120


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment