Ill in v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5161980912205824 Fuzzer: libFuzzer_v8_wasm_compile_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Ill Crash Address: 0x565531983da7 Crash State: v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule wasm-compile.cc Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=609145:609147 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5161980912205824 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 20
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/e5847dd82ae591bd3ba2d3d3dd42a9a73158a548 ([fuzzer] Improve wasm-compile fuzzer). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 20
Not a bug. The wasm function returns 0xdeadbeef, and that's the special value we return on trap. So the fuzzer thinks that the interpreter trapped, but it actually did not. We will have to fix this anyway.
,
Nov 20
,
Nov 20
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/41b34f2a5572efc2376c5d3086319b2c49b85dd5 commit 41b34f2a5572efc2376c5d3086319b2c49b85dd5 Author: Clemens Hammacher <clemensh@chromium.org> Date: Tue Nov 20 17:05:51 2018 [wasm][fuzzer] Fix detection of traps Instead of returning 0xDEADBEEF, return a struct with proper information. Otherwise a function returning 0xDEADBEEF would be misidentified as trapping in the interpreter. R=ahaas@chromium.org Bug: chromium:906997 Change-Id: I92fc3a9972d76d2f8a5b313bf6be6eb027cfc1e9 Reviewed-on: https://chromium-review.googlesource.com/c/1344111 Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57658} [modify] https://crrev.com/41b34f2a5572efc2376c5d3086319b2c49b85dd5/test/common/wasm/wasm-module-runner.cc [modify] https://crrev.com/41b34f2a5572efc2376c5d3086319b2c49b85dd5/test/common/wasm/wasm-module-runner.h [modify] https://crrev.com/41b34f2a5572efc2376c5d3086319b2c49b85dd5/test/fuzzer/wasm-fuzzer-common.cc
,
Nov 20
,
Nov 24
ClusterFuzz has detected this issue as fixed in range 610606:610607. Detailed report: https://clusterfuzz.com/testcase?key=5161980912205824 Fuzzer: libFuzzer_v8_wasm_compile_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Ill Crash Address: 0x565531983da7 Crash State: v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule wasm-compile.cc Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=609145:609147 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=610606:610607 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5161980912205824 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 24
ClusterFuzz testcase 5161980912205824 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Nov 20Labels: Test-Predator-Auto-Components