CHECK failure: (code_to_relocate.Find(old_code)) == nullptr in wasm-debug.cc |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5926789164826624 Fuzzer: mbarbella_js_mutation Job Type: linux_v8_d8_tot Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (code_to_relocate.Find(old_code)) == nullptr in wasm-debug.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_v8_d8_tot&range=43912:44002 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5926789164826624 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 3 2017
,
May 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/9c62795bec6e682d483f13b80747dfc559642387 commit 9c62795bec6e682d483f13b80747dfc559642387 Author: Clemens Hammacher <clemensh@chromium.org> Date: Wed May 03 08:05:42 2017 [wasm] Disallow lazy compilation with --wasm-interpret-all The --wasm-interpret-all flag is mainly used for debugging. Combining it with lazy compilation is unreasonable and would create a lot of special cases in both code paths. Hence this CL disallows the combination of these two flags by adding a negative flag implication. R=rossberg@chromium.org BUG= chromium:715216 Change-Id: I777e21d7e64f567e2728498dbb6f5b0709cd28f1 Reviewed-on: https://chromium-review.googlesource.com/494486 Reviewed-by: Andreas Rossberg <rossberg@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45047} [modify] https://crrev.com/9c62795bec6e682d483f13b80747dfc559642387/src/flag-definitions.h [modify] https://crrev.com/9c62795bec6e682d483f13b80747dfc559642387/src/wasm/wasm-code-specialization.cc [add] https://crrev.com/9c62795bec6e682d483f13b80747dfc559642387/test/mjsunit/regress/wasm/regression-715216-a.js [add] https://crrev.com/9c62795bec6e682d483f13b80747dfc559642387/test/mjsunit/regress/wasm/regression-715216-b.js
,
May 3 2017
,
May 4 2017
ClusterFuzz has detected this issue as fixed in range 45046:45047. Detailed report: https://clusterfuzz.com/testcase?key=5926789164826624 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (code_to_relocate.Find(old_code)) == nullptr in wasm-debug.cc Sanitizer: address (ASAN) Regressed: V8: 43912:44002 Fixed: V8: 45046:45047 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5926789164826624 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Apr 25 2017Labels: M-60 Test-Predator-Wrong
Owner: clemensh@chromium.org
Status: Assigned (was: Untriaged)