Issue metadata
Sign in to add a comment
|
DCHECK failure in (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4655273041199104 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc v8::internal::wasm::NativeModuleSerializer::NativeModuleSerializer v8::internal::wasm::SerializeNativeModule Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49947:49948 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4655273041199104 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jan 18 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/f2e19a63873a700e6c0a1bca35e8301bd50db4e1 ([wasm] Add --wasm-jit-to-native under --future). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Jan 18 2018
,
Jan 18 2018
,
Jan 20 2018
,
Jan 21 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
Needs --wasm-lazy-compilation to reproduce, which is not on by default.
,
Jan 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5 commit e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5 Author: Michael Starzinger <mstarzinger@chromium.org> Date: Mon Jan 22 17:27:15 2018 [wasm] Remove {NativeModule::lazy_builtin} field. This removes the field in question to make it simpler to serialize and deserialize modules without having to worry about the state of lazy compilation. It is always possible to clone a non-anonymous builtin, even without having this module-wide field. R=clemensh@chromium.org TEST=mjsunit/regress/wasm/regress-803427 BUG= chromium:803427 Change-Id: I72041e314eb6ee92859d45f1db0ed8500003edc4 Reviewed-on: https://chromium-review.googlesource.com/878581 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50771} [modify] https://crrev.com/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5/src/wasm/module-compiler.cc [modify] https://crrev.com/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5/src/wasm/wasm-code-manager.cc [modify] https://crrev.com/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5/src/wasm/wasm-code-manager.h [modify] https://crrev.com/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5/src/wasm/wasm-serialization.cc [add] https://crrev.com/e11c57fe9e7b7db6a9bd707642ea1cdfa92102f5/test/mjsunit/regress/wasm/regress-803427.js
,
Jan 22 2018
,
Jan 23 2018
ClusterFuzz has detected this issue as fixed in range 50770:50771. Detailed report: https://clusterfuzz.com/testcase?key=4655273041199104 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc v8::internal::wasm::NativeModuleSerializer::NativeModuleSerializer v8::internal::wasm::SerializeNativeModule Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49947:49948 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=50770:50771 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4655273041199104 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 23 2018
ClusterFuzz testcase 4655273041199104 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 8 2018
,
Feb 13 2018
,
Mar 27 2018
,
Apr 27 2018
,
Apr 27 2018
This bug requires manual review: M67 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 27 2018
+awhalley@ for M67 merge review.
,
Apr 27 2018
No merge needed.
,
May 1 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jan 18 2018Labels: Test-Predator-Auto-Components