New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 595101 link

Starred by 1 user
Status: Duplicate
Merged: issue 595092
Owner:
hpayer@chromium.org
Last visit > 30 days ago
Closed: Mar 2016
Cc:
jochen@chromium.org
mlippautz@chromium.org
kbr@chromium.org
yangguo@chromium.org
hpayer@chromium.org
ccameron@chromium.org
u...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug

Blocking:
issue 594974



Sign in to add a comment

Intermittent crashes in incremental marking

Project Member Reported by kbr@chromium.org, Mar 15 2016 
A couple of flaky crashes have been seen over the past day in WebGL conformance tests on the Mac Retina Release bot:

https://build.chromium.org/p/chromium.gpu/builders/Mac%20Retina%20Release/builds/50439
https://build.chromium.org/p/chromium.gpu/builders/Mac%20Retina%20Release/builds/50428

WebglConformance.conformance_ogles_GL_swizzlers_swizzlers_001_to_008
WebglConformance.conformance_ogles_GL_sqrt_sqrt_001_to_006

excerpt:

	Thread 0 (crashed)
	 0  Chromium Framework!__ZN2v88internal18BodyDescriptorBase15IteratePointersINS0_32IncrementalMarkingMarkingVisitorEEEvPNS0_4HeapEPNS0_10HeapObjectEii + 0x5d
	    rbx = 0x000016b9683ec7f8   r12 = 0x00007fd72a715f00
	    r13 = 0x00007fd72a716080   r14 = 0x00003e1ab2f00000
	    r15 = 0x00003e1ab2fafed9   rip = 0x000000011105b33d
	    rsp = 0x00007fff509d68b0   rbp = 0x00007fff509d6900
	    Found by: given as instruction pointer in context
	 1  Chromium Framework!__ZN2v88internal18IncrementalMarking4StepElNS1_16CompletionActionENS1_18ForceMarkingActionENS1_21ForceCompletionActionE + 0x359
	    rbx = 0x0000000000239108   r12 = 0x00007fd72a715f00
	    r13 = 0x00007fd72a716080   r14 = 0x000016b9683ec7e1
	    r15 = 0x00003c9eebe05021   rip = 0x0000000111058e09
	    rsp = 0x00007fff509d6910   rbp = 0x00007fff509d69d0
	    Found by: call frame info
	 2  Chromium Framework!__ZN2v88internal16LargeObjectSpace11AllocateRawEiNS0_13ExecutabilityE + 0x1c1
	    rbx = 0x0000000003f9cd83   r12 = 0x00003f9cd8204101
	    r13 = 0x00003f9cd8200000   r14 = 0x00000000000cf600
	    r15 = 0x00007fd72a716000   rip = 0x0000000111092bc1
	    rsp = 0x00007fff509d69e0   rbp = 0x00007fff509d6a20
	    Found by: call frame info
	 3  Chromium Framework!__ZN2v88internal4Heap11AllocateRawEiNS0_15AllocationSpaceENS0_19AllocationAlignmentE + 0xdc
	    rbx = 0x0000000000019ebe   r12 = 0x0000000000019ebe
	    r13 = 0x00007fd72c016020   r14 = 0x00000000000cf600
	    r15 = 0x00007fd72c016020   rip = 0x000000011104081c
	    rsp = 0x00007fff509d6a30   rbp = 0x00007fff509d6a60
	    Found by: call frame info
	 4  Chromium Framework!__ZN2v88internal4Heap37AllocateUninitializedFixedDoubleArrayEiNS0_13PretenureFlagE + 0x4d
	    rbx = 0x0000000000019ebe   r12 = 0x0000000000019ebe
	    r13 = 0x00007fd72c016020   r14 = 0x00007fd72c016020
	    r15 = 0x0000000000000000   rip = 0x000000011104dccd
	    rsp = 0x00007fff509d6a70   rbp = 0x00007fff509d6a90
	    Found by: call frame info
	 5  Chromium Framework!__ZN2v88internal7Factory19NewFixedDoubleArrayEiNS0_13PretenureFlagE + 0x23
	    rbx = 0x0000024379404101   r12 = 0x0000000000019ebe
	    r13 = 0x00007fd72c016020   r14 = 0x0000000000000000
	    r15 = 0x00007fd72c016000   rip = 0x0000000111013143
	    rsp = 0x00007fff509d6aa0   rbp = 0x00007fff509d6ad0
	    Found by: call frame info
	 6  Chromium Framework!__ZN2v88internal12_GLOBAL__N_120ElementsAccessorBaseINS1_32FastPackedDoubleElementsAccessorENS1_18ElementsKindTraitsILNS0_12ElementsKindE4EEEE26GrowCapacityAndConvertImplENS0_6HandleINS0_8JSObjectEEEj + 0xc0
	    rbx = 0x0000024379404101   r12 = 0x00007fd72c04f758
	    r13 = 0x0000000000000004   r14 = 0x00007fff509d6c90
	    r15 = 0x00007fd72c016000   rip = 0x0000000110ff9920
	    rsp = 0x00007fff509d6ae0   rbp = 0x00007fff509d6b20
	    Found by: call frame info
	 7  Chromium Framework!__ZN2v88internal25Runtime_GrowArrayElementsEiPPNS0_6ObjectEPNS0_7IsolateE + 0x4d2
	    rbx = 0x00007fd72c04f750   r12 = 0x00007fd72c016000
	    r13 = 0x00007fff509d6c90   r14 = 0x0000000000019ebe
	    r15 = 0x00007fd72c0515f0   rip = 0x00000001111e1702
	    rsp = 0x00007fff509d6b30   rbp = 0x00007fff509d6bd0
	    Found by: call frame info
	 8  0x39ed66706627
	    rbx = 0x00000001111e1230   r12 = 0x00000000beeddead
	    r13 = 0x00007fd72c0160b8   r14 = 0x0000000000000002
	    r15 = 0x00007fff509d6c90   rip = 0x000039ed66706627
	    rsp = 0x00007fff509d6be0   rbp = 0x00007fff509d6c78
	    Found by: call frame info
	 9  Chromium Framework!__ZN2v88internal11Deoptimizer21DoComputeOutputFramesEv + 0x8d4
	    rip = 0x0000000110fe1b04   rsp = 0x00007fff509d6be8
	    rbp = 0x00007fff509d6c78
	    Found by: stack scanning
	10  Chromium Framework!__ZN2v88internal25FunctionCallbackArguments4CallEPFvRKNS_20FunctionCallbackInfoINS_5ValueEEEE + 0x16d
	    rip = 0x0000000110d71bdd   rsp = 0x00007fff509d6cd0
	    Found by: stack scanning


V8 team, could you please investigate? This looks like a recent regression. Thanks.
stdout.txt
55.1 KB View Download

Comment 1 by kbr@chromium.org, Mar 15 2016

Cc: ccameron@chromium.org
Status: Untriaged (was: Available)

Comment 2 by jochen@chromium.org, Mar 15 2016

Cc: mlippautz@chromium.org
Owner: hpayer@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by ccameron@chromium.org, Mar 15 2016 

Adding cross-references:

 Issue 595092  is on an intermittent maps_pixel_test v8 assertion (sounds *very* related)

 Issue 595000  (now  issue 594974 ) on larger-scale carnage.

Comment 4 by kbr@chromium.org, Mar 15 2016

Cc: kbr@chromium.org
 Issue 594922  has been merged into this issue.

Comment 5 by kbr@chromium.org, Mar 15 2016

Blocking: 594974

Comment 6 by kbr@chromium.org, Mar 15 2016

Mergedinto: 595092
Status: Duplicate (was: Assigned)
These are probably all the same issue. Duplicating this into  Issue 595092 .

Comment 7 by mlippautz@chromium.org, Mar 15 2016 

hpayer@: This trace looks like the issue I've been trying to repro today that seems related to black allocation.

The dupe might be related but I've not seen the trace in today's debugging session.

Sign in to add a comment