Issue 883551 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	dtapu...@chromium.org
Closed:	Sep 14
Cc:	kkaluri@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Needs-Feedback Clusterfuzz Test-Predator-Wrong M-69 ClusterFuzz-Ignore

CHECK failure: count <= MaxElementCountInBackingStore<T>() in partition_allocator.h

Project Member Reported by ClusterFuzz, Sep 12

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5518106573930496

Fuzzer: inferno_twister
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  count <= MaxElementCountInBackingStore<T>() in partition_allocator.h
  QuantizedSize<char>
  AllocationSize
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5518106573930496

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Sep 13

Cc: kkaluri@chromium.org
Labels: M-69 Test-Predator-Wrong
Owner: dtapu...@chromium.org
Status: Assigned (was: Untriaged)

Predator and CL could not provide any possible suspects.

Using Code Search for the file, "vector.h" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/9d0fd86cf833cd7f35eea342f15c827516938d67

dtapuska@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by dtapu...@chromium.org, Sep 13

kkaluri@ this is a checked OOM failure. We cannot expand vector sizes larger than 2GB. 

What is normally done with clusterfuzz issues such as these that are well known failures.

Comment 3 by dtapu...@chromium.org, Sep 14

Status: WontFix (was: Assigned)

Closing. Standard OOM error.

Project Member

Comment 4 by ClusterFuzz, Sep 21

Labels: Needs-Feedback

ClusterFuzz testcase 5518106573930496 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 5 by dtapu...@chromium.org, Sep 21

Labels: ClusterFuzz-Ignore

►

Issue 883551 link

Issue metadata

CHECK failure: count <= MaxElementCountInBackingStore<T>() in partition_allocator.h

Issue description

Comment 1 by kkaluri@chromium.org, Sep 13

Comment 1 Deleted

Comment 2 by dtapu...@chromium.org, Sep 13

Comment 2 Deleted

Comment 3 by dtapu...@chromium.org, Sep 14

Comment 3 Deleted

Comment 4 by ClusterFuzz, Sep 21

Comment 4 Deleted

Comment 5 by dtapu...@chromium.org, Sep 21

Comment 5 Deleted

Sign in to add a comment