New issue
Advanced search Search tips

Issue 860481 link

Starred by 1 user
Status: Verified
Owner:
mslekova@chromium.org
Closed: Jul 5
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Ill in v8::AsyncHooks::CreateHook

Project Member Reported by ClusterFuzz, Jul 5 
Detailed report: https://clusterfuzz.com/testcase?key=5243478867705856

Fuzzer: ochang_js_fuzzer
Job Type: linux_ubsan_vptr_d8
Platform Id: linux

Crash Type: Ill
Crash Address: 0x5589e708e6be
Crash State:
  v8::AsyncHooks::CreateHook
  v8::Shell::AsyncHooksCreateHook
  v8::internal::FunctionCallbackArguments::Call
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=54217:54218

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5243478867705856

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Jul 5

Labels: Test-Predator-Auto-Owner
Owner: mslekova@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/916e35d72f4cdc6aaf39174e4f4a1a6b4297e393 (Reland ^3 "[async] Expose async hooks to d8").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 2 by mslekova@chromium.org, Jul 5

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 5 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/dd704218bb96bd8251ae72657bd7fad0cd66f23b

commit dd704218bb96bd8251ae72657bd7fad0cd66f23b
Author: Maya Lekova <mslekova@chromium.org>
Date: Thu Jul 05 14:49:03 2018

[async] Improve error handling for async hooks

Replace CHECK with throwing exception when no or invalid arguments
are passed to async_hooks.createHook.

Bug:  chromium:860481 
Change-Id: Ie5a915ee66f2a0ff79c4df5aef94ff883866ecda
Reviewed-on: https://chromium-review.googlesource.com/1127054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54264}
[modify] https://crrev.com/dd704218bb96bd8251ae72657bd7fad0cd66f23b/src/async-hooks-wrapper.cc
[modify] https://crrev.com/dd704218bb96bd8251ae72657bd7fad0cd66f23b/test/mjsunit/async-hooks/api-methods.js

Comment 4 by mslekova@chromium.org, Jul 5

Status: Fixed (was: Started)
Project Member

Comment 5 by ClusterFuzz, Jul 6 

ClusterFuzz has detected this issue as fixed in range 54263:54264.

Detailed report: https://clusterfuzz.com/testcase?key=5243478867705856

Fuzzer: ochang_js_fuzzer
Job Type: linux_ubsan_vptr_d8
Platform Id: linux

Crash Type: Ill
Crash Address: 0x5589e708e6be
Crash State:
  v8::AsyncHooks::CreateHook
  v8::Shell::AsyncHooksCreateHook
  v8::internal::FunctionCallbackArguments::Call
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=54217:54218
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=54263:54264

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5243478867705856

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Jul 6

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 5243478867705856 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment