Crash in v8::internal::Invoke |
||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6067463774273536 Job Type: linux_asan_chrome_mp Crash Type: UNKNOWN WRITE Crash Address: 0x000600000007 Crash State: v8::internal::Invoke v8::internal::Execution::Call v8::Script::Run Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=473072:473106 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6067463774273536 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 14 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f24a21c25dd45feb95fdf9bece7a589ab1126532 (Add class level comments to LayoutTreeBuilder). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Dec 14 2017
,
Dec 14 2017
,
Dec 14 2017
,
Dec 14 2017
,
Dec 15 2017
@mstartzinger: Since clusterfuzz failed to find the right culprit CL, could you take a look when you have a chance and find a good owner for this?
,
Dec 15 2017
ClusterFuzz has detected this issue as fixed in range 524079:524080. Detailed report: https://clusterfuzz.com/testcase?key=6067463774273536 Job Type: linux_asan_chrome_mp Crash Type: UNKNOWN WRITE Crash Address: 0x000600000007 Crash State: v8::internal::Invoke v8::internal::Execution::Call v8::Script::Run Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=473072:473106 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=524079:524080 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6067463774273536 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 19 2017
Marking this untriaged so the V8 sheriffs will see it in their queue. Can we confirm that this is fixed?
,
Dec 19 2017
A bisect in standalone d8 confirms that this was introduced on Apr 11 (d98dfd8b9b68635c3b974e1d91be414304dec35c), and fixed on Dec 15 (4a7eec590c81a2f953ea5526d9c8731ac4042efb) by mstarzinger.
,
Dec 19 2017
,
Dec 21 2017
,
Dec 21 2017
This bug requires manual review: M64 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 21 2017
Can you please indicate actually which CL needs to be merged for this? Merge-Request-64 was added by sherrifbot, but unclear which merge is actually needed.
,
Dec 27 2017
https://chromium.googlesource.com/v8/v8/+/4a7eec590c81a2f953ea5526d9c8731ac4042efb is the CL in question, and yes, would be good to take this in 64.
,
Dec 28 2017
Seems like a fairly large and critical change. Mstarzinger@ can you please comment for how this looks in Canary and if this well tested and safe merge overall? This has been in Canary for over 2 weeks now.
,
Jan 2 2018
As mstarzinger@ is OOO, can you please merge this jarin@?
,
Jan 5 2018
Please merge the approved cl(s) to M64 release branch 3282 as soon as possible.
,
Jan 8 2018
Has already been merged (see issue 794394 and issue 786723 ), thanks Jaro.
,
Jan 22 2018
,
Mar 2 2018
,
Mar 27 2018
,
Mar 27 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||
Comment 1 by ClusterFuzz
, Dec 14 2017Labels: Test-Predator-Auto-Components