Issue metadata
Sign in to add a comment
|
CHECK failure: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4895876618387456 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4895876618387456 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=4991349983281152 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #32:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4991349983281152 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5044691061178368 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #227:JSLessThan should be followed by IfSuccess/IfException, but is only followe v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5044691061178368 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5144143176400896 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #34:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5144143176400896 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5164496221110272 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #44:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5164496221110272 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5344969136275456 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #33:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5344969136275456 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5740302823587840 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #31:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5740302823587840 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5765689502859264 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #36:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5765689502859264 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
CF does not like this change: 69c8f16da7a9587d68904af36eb6ccac8ab5b1eb. PTAL.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=6578840158863360 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #32:JSStackCheck should be followed by IfSuccess/IfException, but is only follow Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6578840158863360 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=6356326761627648 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #42:JSStackCheck should be followed by IfSuccess/IfException, but is only follow Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6356326761627648 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=6189743837806592 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #40:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6189743837806592 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
We should probably revert the OSR deconstruction CL for now given these clusterfuzz issues.
,
Jul 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/5d0a4327c7991f39b11482aa9b68bb6660a82833 commit 5d0a4327c7991f39b11482aa9b68bb6660a82833 Author: Ross McIlroy <rmcilroy@chromium.org> Date: Fri Jul 21 11:12:51 2017 Revert "[Turbofan] Merged the OSR phase into the graph building phase." This reverts commit 69c8f16da7a9587d68904af36eb6ccac8ab5b1eb. Reason for revert: Causing crashes on Clusterfuzz - http://crbug.com/747154 BUG= chromium:747154 Original change's description: > [Turbofan] Merged the OSR phase into the graph building phase. > > Now the OSR phase is only used when OSRing from the ast graph builder. > When OSRing from Turbofan, the implementation is now in the graph > building phase, at the beginning of the VisitBytecode function. > We are no longer generating any OSRLoopEntry or OSRNormalEntry nodes, > nor nodes for the possible code of the OSRed function which is before > the OSRed loops. > > The trimming and reducing of the OSR phase is not done either. This > change in the way the way the OSR is done enabled to remove the > workaround to the bug mentioned below. > > Bug: v8:6112 > Bug: v8:6518 > Change-Id: I1c9231810b923486d55ea618d550d981d695d797 > Reviewed-on: https://chromium-review.googlesource.com/543042 > Commit-Queue: Alexandre Talon <alexandret@google.com> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46801} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,alexandret@google.com Change-Id: Ifa9bf5d86e888a47cad7fb10446b36fda5029604 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6112, v8:6518 Reviewed-on: https://chromium-review.googlesource.com/581288 Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46817} [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/bytecode-analysis.h [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/bytecode-graph-builder.cc [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/bytecode-graph-builder.h [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/js-inlining.cc [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/osr.cc [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/osr.h [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/compiler/pipeline.cc [modify] https://crrev.com/5d0a4327c7991f39b11482aa9b68bb6660a82833/src/source-position-table.h [delete] https://crrev.com/250ba28a57b1a1f50ed00248122258b1ba066ab0/test/mjsunit/compiler/osr-try.js
,
Jul 21 2017
Detailed report: https://clusterfuzz.com/testcase?key=5863374239039488 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #35:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5863374239039488 See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 21 2017
Reverted for now. Alexandre, please take a look at the clusterfuzz crashes and address before relanding.
,
Jul 21 2017
Issue 747374 has been merged into this issue.
,
Jul 21 2017
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=4664814222966784 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #52:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4664814222966784 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=6189743837806592 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #40:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6189743837806592 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5344969136275456 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #33:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5344969136275456 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=4991349983281152 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #32:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4991349983281152 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5863374239039488 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #35:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5863374239039488 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=6578840158863360 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #32:JSStackCheck should be followed by IfSuccess/IfException, but is only follow Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6578840158863360 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5765689502859264 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #36:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5765689502859264 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=6356326761627648 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #42:JSStackCheck should be followed by IfSuccess/IfException, but is only follow Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6356326761627648 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5044691061178368 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #227:JSLessThan should be followed by IfSuccess/IfException, but is only followe v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5044691061178368 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=4895876618387456 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4895876618387456 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5144143176400896 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #34:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5144143176400896 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5164496221110272 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #44:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5164496221110272 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz has detected this issue as fixed in range 46816:46817. Detailed report: https://clusterfuzz.com/testcase?key=5740302823587840 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: #31:JSStackCheck should be followed by IfSuccess/IfException, but is only follow v8::internal::compiler::Verifier::Visitor::Check v8::internal::compiler::Verifier::Run Sanitizer: address (ASAN) Regressed: V8: 46800:46801 Fixed: V8: 46816:46817 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5740302823587840 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2017
ClusterFuzz testcase 4664814222966784 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jul 28 2017
ClusterFuzz testcase 5551473848221696 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Oct 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jul 21 2017