Verified
Status Update
No update yet.
Comments
24...@project.gserviceaccount.com
Automatically applying components based on crash stacktrace and information from OWNERS files.
If this is incorrect, please apply the hotlistid:4801165.
If this is incorrect, please apply the hotlistid:4801165.
24...@project.gserviceaccount.com
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/7042ff39c713e5d1e536e14eae6dba2144a350ae ([wasm][jspi] Do not process stack switches eagerly in unwinder
When an exception crosses a stack boundary, do not process the implicit
stack switch immediately, wait until we have found the handler.
Otherwise, the stack switching state is temporarily out of sync with the
thread local top, which is visible and can cause a crash if the
exception causes a deopt deeper in the stack.
R=jkummerow@chromium.org
Fixed: 406053619
Change-Id: Ib1e97227b3fdd0321ba86eec0f2eb856eda97e1f
Reviewed-on:https://chromium-review.googlesource.com/c/v8/v8/+/6404813
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#99542}
).
If this is incorrect, please let us know why and apply the hotlistid:5433122. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
When an exception crosses a stack boundary, do not process the implicit
stack switch immediately, wait until we have found the handler.
Otherwise, the stack switching state is temporarily out of sync with the
thread local top, which is visible and can cause a crash if the
exception causes a deopt deeper in the stack.
R=jkummerow@chromium.org
Fixed: 406053619
Change-Id: Ib1e97227b3fdd0321ba86eec0f2eb856eda97e1f
Reviewed-on:
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#99542}
).
If this is incorrect, please let us know why and apply the hotlistid:5433122. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
24...@project.gserviceaccount.com
ClusterFuzz testcase 5730542326579200 is verified as fixed in https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=99654:99655
If this is incorrect, please add the hotlistid:5433040 and re-open the issue.
If this is incorrect, please add the hotlistid:5433040 and re-open the issue.
Description
Fuzzer: ochang_wasm_fuzzer
Job Type: linux_cfi_d8
Platform Id: linux
Crash Type: Null-dereference READ
Crash Address: 0x000000000070
Crash State:
v8::internal::wasm::StackMemory::base
v8::internal::TickSample::GetStackSample
v8::internal::TickSample::Init
Sanitizer: cfi (CFI)
Regressed:
Reproducer Testcase:
Issue filed automatically.
To reproduce this, please build the target in this report and run it against the reproducer testcase. Please use the GN arguments provided at bottom of this report when building the binary.
If you have trouble reproducing, please also export the environment variables listed under "[Environment]" in the crash stacktrace.
If you have any feedback on reproducing test cases, let us know at