Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Looks like the fuzzer is buggy.

Can't repro locally on debug/x64/asan at dd866a81448a8966096af31d9d65c8fe0a17b52b:

$ export ASAN_OPTIONS redzone=64:print_summary=1:external_symbolizer_path="c:\clusterfuzz\resources\platform\windows\llvm-symbolizer.exe":handle_sigill=1:strict_string_check=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=0:alloc_dealloc_mismatch=0:detect_leaks=0:print_scariness=1:allocator_may_return_null=1:handle_abort=1:check_malloc_usable_size=0:detect_container_overflow=0:quarantine_size_mb=256:detect_odr_violation=0:symbolize=1:handle_segv=1:fast_unwind_on_fatal=1
$ out/debug-asan/v8_simple_regexp_builtins_fuzzer ~/Downloads/clusterfuzz-testcase-v8_regexp_builtins_fuzzer-4871506700795904

Lowering prio, will recheck in a bit.

jgruber@ this bug is only reproducible on Windows. I was able to successfully repro locally. 

I also investigated because the stacktrace looked suspicious to me.
When I added print statements, which weirdly seemed to change the stacktrace (maybe because of optimization), I found that the crash occurs on line 106: https://cs.chromium.org/chromium/src/v8/test/fuzzer/regexp-builtins.cc?q=regexp-builtins.cc&sq=package:chromium&g=0&l=106

in the condition specifically.

Hmm is `out` empty at that point?

Yes

Thanks for debugging, uploaded https://chromium-review.googlesource.com/c/v8/v8/+/1282565.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/34ec9ec7ca650c0c7217d2f8211e9f889270c573

commit 34ec9ec7ca650c0c7217d2f8211e9f889270c573
Author: Jakob Gruber <jgruber@chromium.org>
Date: Tue Oct 16 08:17:24 2018

[regexp] Fix invalid access into empty string

If `out` is empty accessing `out.back()` is invalid.

TBR=yangguo@chromium.org

Bug:  chromium:894934 
Change-Id: I7286c5b6a9857f1cdb2bcaf383094bee65bac393
Reviewed-on: https://chromium-review.googlesource.com/c/1282565
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56669}
[modify] https://crrev.com/34ec9ec7ca650c0c7217d2f8211e9f889270c573/test/fuzzer/regexp-builtins.cc

This crash occurs very frequently on windows platform and is likely preventing the fuzzer v8_regexp_builtins_fuzzer from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

ClusterFuzz has detected this issue as fixed in range 600152:600154.

Detailed report: https://clusterfuzz.com/testcase?key=4871506700795904

Fuzzer: libFuzzer_v8_regexp_builtins_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00ddf73dd2df
Crash State:
  v8::internal::GenerateSourceString
  regexp-builtins.cc
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=600152:600154

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871506700795904

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4871506700795904 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 600152:600154.

Detailed report: https://clusterfuzz.com/testcase?key=4871506700795904

Fuzzer: libFuzzer_v8_regexp_builtins_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00ddf73dd2df
Crash State:
  v8::internal::GenerateSourceString
  regexp-builtins.cc
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=600152:600154

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871506700795904

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 600152:600154.

Detailed report: https://clusterfuzz.com/testcase?key=4871506700795904

Fuzzer: libFuzzer_v8_regexp_builtins_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00ddf73dd2df
Crash State:
  v8::internal::GenerateSourceString
  regexp-builtins.cc
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=600152:600154

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871506700795904

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 600152:600154.

Detailed report: https://clusterfuzz.com/testcase?key=4871506700795904

Fuzzer: libFuzzer_v8_regexp_builtins_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00ddf73dd2df
Crash State:
  v8::internal::GenerateSourceString
  regexp-builtins.cc
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=600152:600154

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871506700795904

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The NextAction date has arrived: 2018-11-15

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot