Fatal error in v8::Isolate::Disposev8::Utils::ReportApiFailure |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4779946578018304 Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Fatal error Crash Address: Crash State: v8::Isolate::Disposev8::Utils::ReportApiFailure v8::Utils::ApiCheck v8::Isolate::Dispose Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463933:463938 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95DIq7-SVudQwEdFdrBWX-L4PVDyxo9V2VBtX3VSdM2FHW6foQn56Jrp1aOA0JKk3Fh9WTNEWhMZPm38pMt7Et4iOMle6oiK9YwwP9Wn5jB4i-eH3hE-AqhVAvobiB35NILT5vF7ySdii7seDomLoGxrBP37WwY6n0XU7DWl6dKActCPUf-BPXTuiTyK4tgAIrW-Ryy0qfUZdjP8iKmoHSeLBnWjQIMWpzwrRIIvsqJjsS14c0pnirJsa5SbivsuBfWlPz6Ozvu_0KJLJ7t_O9G9W9VHrtB5P7I-0pTD3WVwl0JPvax01SgpBdYQzBBK6WWnrcNbNgLM4wHCeV7c7C_wZlciMjOZ9tQ5Dv6UmThUDy6AW4?testcase_id=4779946578018304 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Apr 13 2017
Crash in generated code when compiling WASM. Regression range is inconclusive.
,
Apr 13 2017
ClusterFuzz has detected this issue as fixed in range 463938:463957. Detailed report: https://clusterfuzz.com/testcase?key=4779946578018304 Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Fatal error Crash Address: Crash State: v8::Isolate::Disposev8::Utils::ReportApiFailure v8::Utils::ApiCheck v8::Isolate::Dispose Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463933:463938 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463938:463957 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95DIq7-SVudQwEdFdrBWX-L4PVDyxo9V2VBtX3VSdM2FHW6foQn56Jrp1aOA0JKk3Fh9WTNEWhMZPm38pMt7Et4iOMle6oiK9YwwP9Wn5jB4i-eH3hE-AqhVAvobiB35NILT5vF7ySdii7seDomLoGxrBP37WwY6n0XU7DWl6dKActCPUf-BPXTuiTyK4tgAIrW-Ryy0qfUZdjP8iKmoHSeLBnWjQIMWpzwrRIIvsqJjsS14c0pnirJsa5SbivsuBfWlPz6Ozvu_0KJLJ7t_O9G9W9VHrtB5P7I-0pTD3WVwl0JPvax01SgpBdYQzBBK6WWnrcNbNgLM4wHCeV7c7C_wZlciMjOZ9tQ5Dv6UmThUDy6AW4?testcase_id=4779946578018304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 13 2017
Hi Deepti, I can still reproduce this issue on ToT, and it seems to be related to grow_memory. I tried to bisect the crash, but it seems to exist since always. Can you please take a look? Cheers, Andreas
,
Apr 13 2017
ClusterFuzz has detected this issue as fixed in range 463938:463957. Detailed report: https://clusterfuzz.com/testcase?key=4779946578018304 Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Fatal error Crash Address: Crash State: v8::Isolate::Disposev8::Utils::ReportApiFailure v8::Utils::ApiCheck v8::Isolate::Dispose Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463933:463938 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463938:463957 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95DIq7-SVudQwEdFdrBWX-L4PVDyxo9V2VBtX3VSdM2FHW6foQn56Jrp1aOA0JKk3Fh9WTNEWhMZPm38pMt7Et4iOMle6oiK9YwwP9Wn5jB4i-eH3hE-AqhVAvobiB35NILT5vF7ySdii7seDomLoGxrBP37WwY6n0XU7DWl6dKActCPUf-BPXTuiTyK4tgAIrW-Ryy0qfUZdjP8iKmoHSeLBnWjQIMWpzwrRIIvsqJjsS14c0pnirJsa5SbivsuBfWlPz6Ozvu_0KJLJ7t_O9G9W9VHrtB5P7I-0pTD3WVwl0JPvax01SgpBdYQzBBK6WWnrcNbNgLM4wHCeV7c7C_wZlciMjOZ9tQ5Dv6UmThUDy6AW4?testcase_id=4779946578018304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 13 2017
ClusterFuzz testcase 4779946578018304 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 14 2017
Re-opening this as this is an actual bug. The reason this confuses clusterfuzz is that any test for this bug is flaky becasue it depends on the address space of the generated code for the test case. When the memory is exported with no initial memory, there is a chance that when grow-memory is called it will try to patch an invalid address because of an uninitialized buffer.
,
Apr 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a43e1cb6e317fabdb886c7e743a081fbaaff1961 commit a43e1cb6e317fabdb886c7e743a081fbaaff1961 Author: kouhei <kouhei@chromium.org> Date: Tue Apr 18 06:34:11 2017 [ES6 modules] Introduce Modulator::Fetch{Tree,TreeInternal,Single} This CL introduces methods Modulator::Fetch{Tree,TreeInternal,Single}. These will act as entry-point for ModuleTreeLinker implementation, which will be introduced in a subsequent CL. BUG= 594639 Review-Url: https://codereview.chromium.org/2816413002 Cr-Commit-Position: refs/heads/master@{#465157} [add] https://crrev.com/a43e1cb6e317fabdb886c7e743a081fbaaff1961/third_party/WebKit/Source/core/dom/AncestorList.h [modify] https://crrev.com/a43e1cb6e317fabdb886c7e743a081fbaaff1961/third_party/WebKit/Source/core/dom/BUILD.gn [modify] https://crrev.com/a43e1cb6e317fabdb886c7e743a081fbaaff1961/third_party/WebKit/Source/core/dom/Modulator.h [modify] https://crrev.com/a43e1cb6e317fabdb886c7e743a081fbaaff1961/third_party/WebKit/Source/core/testing/DummyModulator.cpp [modify] https://crrev.com/a43e1cb6e317fabdb886c7e743a081fbaaff1961/third_party/WebKit/Source/core/testing/DummyModulator.h
,
Apr 18 2017
Looks like the wrong CL is updated here, the right one for this bug should have been - https://codereview.chromium.org/2820223002. Filed bug on the bugtracker - https://bugs.chromium.org/p/monorail/issues/detail?id=2570 Marking this issue as fixed as the relevant fix has landed.
,
May 26 2017
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by msrchandra@chromium.org
, Apr 12 2017Labels: Test-Predator-Wrong-CLs M-59