CHECK failure: input_count == node->InputCount() in verifier.cc |
||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4544669955129344 Fuzzer: binaryen_wasm_fuzzer Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: input_count == node->InputCount() in verifier.cc void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::Instructi v8::internal::compiler::PipelineImpl::SelectInstructions Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=52252:52253 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4544669955129344 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 16 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Jun 16 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/8d29d92f4de952228af5a37b4603640b248bd576 ([wasm] Add I64Atomic Load/Store ops). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jun 16 2018
,
Jun 17 2018
The binaryen fuzzer enables atomic opcodes by default, which is behind a flag in Chrome. Updating this issue with the tracking bug for Atomics in V8.
,
Jun 22 2018
After triage, please leave a comment on if the bug can have security implications.
,
Jun 22 2018
This bug hits unimplemented code on ARM, and is behind a flag (--experimental-wasm-threads). Reducing security severity accordingly.
,
Jun 26 2018
,
Aug 10
ClusterFuzz has detected this issue as fixed in range 55026:55027. Detailed report: https://clusterfuzz.com/testcase?key=4544669955129344 Fuzzer: binaryen_wasm_fuzzer Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: input_count == node->InputCount() in verifier.cc void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::Instructi v8::internal::compiler::PipelineImpl::SelectInstructions Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=52252:52253 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=55026:55027 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4544669955129344 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 10
ClusterFuzz testcase 4544669955129344 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 10
,
Aug 16
,
Aug 17
ClusterFuzz testcase 5614753809170432 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Nov 16
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by infe...@chromium.org
, Jun 16 2018Components: Blink>JavaScript>WebAssembly