New issue
Advanced search Search tips

Issue 865276 link

Starred by 2 users
Status: Started
Owner:
peria@chromium.org
Cc:
kkaluri@chromium.org
lfg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 3
Type: Bug



Sign in to add a comment

CHECK failure: !context.IsEmpty() in local_window_proxy.cc

Project Member Reported by ClusterFuzz, Jul 19 
Detailed report: https://clusterfuzz.com/testcase?key=5922948867948544

Fuzzer: inferno_layout_test_fuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !context.IsEmpty() in local_window_proxy.cc
  blink::LocalWindowProxy::CreateContext
  blink::LocalWindowProxy::Initialize
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5922948867948544

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Aug 30

Cc: kkaluri@chromium.org
Labels: M-69 Test-Predator-Wrong
Owner: peria@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "local_window_proxy.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/8d9ab2bffbc57614331bc24edb50ff4b747238bd

peria@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by peria@chromium.org, Aug 31

Labels: -Pri-1 Pri-2

Comment 3 by peria@chromium.org, Aug 31 

The test case calls itself recursively, and when its stack overflows, each stack opens a new blank window.

I guess the most deep stack does not have enough memory space to create a V8 context, and this issue is a kind of OOM failure.
If so, it depends on the environment if the test crashes or not.

Comment 4 by peria@chromium.org, Oct 1 

 Issue 890567  has been merged into this issue.
Project Member

Comment 5 by ClusterFuzz, Oct 1

Components: Blink>Bindings Blink>JavaScript
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 6 by ClusterFuzz, Dec 13

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6616900749230080 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 7 by ClusterFuzz, Dec 15

Labels: OS-Mac
Project Member

Comment 8 by ClusterFuzz, Dec 20

Labels: Needs-Feedback
ClusterFuzz testcase 5922948867948544 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

Comment 9 by peria@chromium.org, Dec 21

Labels: ClusterFuzz-Wrong
Status: Started (was: Verified)

Comment 10 by peria@chromium.org, Dec 21

Labels: -Pri-2 Pri-3
If we remove --js-flags="--expose-gc", it doesn't reproduce.
I'll deprioritize this, but am not sure why the flag switches the crash behaviors.

Sign in to add a comment