Fatal error in ../../v8/src/base/platform/semaphore.cc, line 97: Check failed: (0)==(result). |
||||||||||||||
Issue descriptionSeen only once so far: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/215865 # # Fatal error in ../../v8/src/base/platform/semaphore.cc, line 97 # Check failed: (0)==(result). # Thread 10 (crashed) 0 chrome!v8::base::OS::Abort() + 0xf rax = 0x0000000000000000 rdx = 0x0000000000000000 rcx = 0xffffffffffffffff rbx = 0x00007fc525fe5a5f rsi = 0x00007fc5197a69d0 rdi = 0x00007fc5197a51c0 rbp = 0x0000000000000061 rsp = 0x00007fc50ca579a8 r8 = 0x00007fc50ca58700 r9 = 0x00007fc519489927 r10 = 0x00007fc5197a2be0 r11 = 0x0000000000000000 r12 = 0x0000259dddef9b20 r13 = 0x00007fc50ca57b60 r14 = 0x00007fc525f987ca r15 = 0x00007fc5197a5868 rip = 0x00007fc522cb9d9f Found by: given as instruction pointer in context 1 0x3000000020 rbx = 0x00007fc525fe5a5f rbp = 0x0000000000000061 rsp = 0x00007fc50ca579b8 r12 = 0x0000259dddef9b20 r13 = 0x00007fc50ca57b60 r14 = 0x00007fc525f987ca r15 = 0x00007fc5197a5868 rip = 0x0000003000000020 Found by: call frame info 2 chrome!_fini + 0x3df12b rsp = 0x00007fc50ca579f0 rip = 0x00007fc525fe5a87 Found by: stack scanning 3 chrome!<name omitted> [spaces.cc : 1008 + 0x8] rsp = 0x00007fc50ca57a10 rip = 0x00007fc5229c30d5 Found by: stack scanning 4 chrome!ProcessPageInParallel [remembered-set.h : 199 + 0x8] rbx = 0x0000259dde396d10 rsp = 0x00007fc50ca57a40 r12 = 0x0000259ddde60020 r13 = 0x00000288af600000 r14 = 0x0000000000000000 r15 = 0x00007ffd4bab22c8 rip = 0x00007fc5229ab625 Found by: call frame info 5 0x7fc50ca57bc0 rbx = 0x0000259ddfc6a700 rbp = 0x00007fc528387340 rsp = 0x00007fc50ca57a90 r12 = 0x0000000000000001 r13 = 0x00007fc50ca57b60 r14 = 0x0000259dde70b360 r15 = 0x0000000000000002 rip = 0x00007fc50ca57bc0 Found by: call frame info 6 chrome!_fini + 0x4d7b23 rbp = 0x00007fc528387340 rsp = 0x00007fc50ca57aa0 rip = 0x00007fc5260de47f Found by: stack scanning 7 chrome!v8::base::Semaphore::Signal() + 0x2d rbp = 0x00007fc528387340 rsp = 0x00007fc50ca57ab0 rip = 0x00007fc522cb955d Found by: stack scanning 8 chrome!ThreadMain [callback.h : 397 + 0x7] rbp = 0x00007fc528387340 rsp = 0x00007fc50ca57ac0 rip = 0x00007fc52534d68a Found by: call frame info 9 chrome!ThreadFunc [platform_thread_posix.cc : 70 + 0x8] rbx = 0x0000259dde035f70 rbp = 0x0000000000000000 rsp = 0x00007fc50ca57c30 r12 = 0x00007fc50ca58700 r13 = 0x0000000000000000 r14 = 0x0000259dddef9b20 r15 = 0x0000259ddddd8a90 rip = 0x00007fc525345335 Found by: call frame info 10 libpthread-2.19.so + 0x8182 rbx = 0x00007fc50ca58700 rbp = 0x0000000000000000 rsp = 0x00007fc50ca57c60 r12 = 0x0000000000000000 r13 = 0x0000000000000000 r14 = 0x00007fc50ca589c0 r15 = 0x00007fc50ca58700 rip = 0x00007fc51c2f2182 Found by: call frame info 11 libc-2.19.so + 0xfa47d rsp = 0x00007fc50ca57d00 rip = 0x00007fc5194e047d Found by: stack scanning Not sure whether this might be related to Issue 598471 or Issue 536813 . Also not sure how to reproduce reliably. Have only seen one instance of this on the bots.
,
Apr 21 2016
Seen again: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/216575 [ RUN ] WebglConformance.conformance_ogles_GL_degrees_degrees_001_to_006 # # Fatal error in ../../v8/src/base/platform/semaphore.cc, line 97 # Check failed: (0)==(result). # ==== C stack trace =============================== 1: 0x7f32832d3635 2: 0x7f32832d383d 3: 0x7f328595b0da 4: 0x7f3285952ea5 5: 0x7f327c926182 6: clone (INFO) 2016-04-21 10:47:49,992 desktop_browser_backend.GetStackTrace:484 Minidump found: /tmp/tmpZunzkP/tmptAN4gg/chromium-renderer-minidump-e294237a8450607e.dmp (INFO) 2016-04-21 10:47:49,992 cloud_storage._GetLocked:254 Downloading gs://chromium-telemetry/binary_dependencies/minidump_stackwalk_9eac751ac8618d7cc3514792719c05e7722e9bdc to /tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/bin/linux/x86_64/minidump_stackwalk (INFO) 2016-04-21 10:47:50,897 desktop_browser_backend.GenerateBreakpadSymbols:78 Dumping breakpad symbols. (INFO) 2016-04-21 10:47:50,897 cloud_storage._GetLocked:254 Downloading gs://chromium-telemetry/binary_dependencies/minidump_dump_7e3711b77837f7851f0be5022ecf086f82225809 to /tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/bin/linux/x86_64/minidump_dump Cannot find /usr/share/fonts/truetype/dejavu/DejaVuSansMono-Bold.ttf. (WARNING) 2016-04-21 10:48:08,241 desktop_browser_backend.GenerateBreakpadSymbols:96 Failed to execute "/usr/bin/python /tmp/runC7AeWq/components/crash/content/tools/generate_breakpad_symbols.py --binary=/usr/share/fonts/truetype/dejavu/DejaVuSansMono-Bold.ttf --symbols-dir=/tmp/tmpZunzkP/tmptAN4gg/symbols --build-dir=/tmp/runC7AeWq/out/Release" [16639:16639:0421/104809:ERROR:process_metrics_linux.cc(136)] opendir(/proc/0/task): No such file or directory Can't get standard output with --show-stdout Traceback (most recent call last): File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/story_runner.py", line 84, in _RunStoryAndProcessErrorIfNeeded state.RunStory(results) File "/tmp/runC7AeWq/content/test/gpu/gpu_tests/gpu_test_base.py", line 122, in RunStory RunStoryWithRetries(DesktopGpuSharedPageState, self, results) File "/tmp/runC7AeWq/content/test/gpu/gpu_tests/gpu_test_base.py", line 72, in RunStoryWithRetries super(cls, shared_page_state).RunStory(results) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/page/shared_page_state.py", line 324, in RunStory self._current_page.Run(self) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/page/__init__.py", line 86, in Run shared_state.page_test.RunNavigateSteps(self, current_tab) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/page/page_test.py", line 182, in RunNavigateSteps page.RunNavigateSteps(action_runner) File "/tmp/runC7AeWq/content/test/gpu/gpu_tests/webgl_conformance.py", line 192, in RunNavigateSteps 'webglTestHarness._finished', timeout_in_seconds=300) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/actions/action_runner.py", line 186, in WaitForJavaScriptCondition self._tab.WaitForJavaScriptExpression(condition, timeout_in_seconds) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/browser/web_contents.py", line 98, in WaitForJavaScriptExpression util.WaitFor(IsJavaScriptExpressionTrue, timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/core/util.py", line 86, in WaitFor res = condition() File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/browser/web_contents.py", line 91, in IsJavaScriptExpressionTrue return bool(self.EvaluateJavaScript(expr)) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/browser/web_contents.py", line 162, in EvaluateJavaScript expr, context_id=None, timeout=timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/browser/web_contents.py", line 190, in EvaluateJavaScriptInContext expr, context_id=context_id, timeout=timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_backend.py", line 32, in inner return func(inspector_backend, *args, **kwargs) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_backend.py", line 203, in EvaluateJavaScript return self._runtime.Evaluate(expr, context_id, timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_runtime.py", line 45, in Evaluate res = self._inspector_websocket.SyncRequest(request, timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_websocket.py", line 110, in SyncRequest res = self._Receive(timeout) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_websocket.py", line 166, in _Receive self._HandleNotification(result) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_websocket.py", line 179, in _HandleNotification self._domain_handlers[domain_name](result) File "/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_backend.py", line 288, in _HandleInspectorDomainNotification raise exception DevtoolsTargetCrashException: Devtools target crashed ******************************************************************************** (/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_backend.py:341 _AddDebuggingInformation) Received a socket error in the browser connection and the tab no longer exists. The tab probably crashed. ******************************************************************************** (/tmp/runC7AeWq/third_party/catapult/telemetry/telemetry/internal/backends/chrome_inspector/inspector_backend.py:342 _AddDebuggingInformation) Debugger url: ws://127.0.0.1:51866/devtools/page/D7E94887-15F3-4296-8130-A78A8504A75A Found Minidump: True Stack Trace: ******************************************************************************** Operating system: Linux 0.0.0 Linux 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 CPU: amd64 family 6 model 60 stepping 3 1 CPU GPU: UNKNOWN Crash reason: SIGILL Crash address: 0x7f32832d407f Process uptime: not available Thread 11 (crashed) 0 chrome!v8::base::OS::Abort() + 0xf rax = 0x0000000000000000 rdx = 0x0000000000000000 rcx = 0xffffffffffffffff rbx = 0x00007f32865ee6aa rsi = 0x00007f3279dda9d0 rdi = 0x00007f3279dd91c0 rbp = 0x0000000000000061 rsp = 0x00007f326d88d9a8 r8 = 0x00007f326d88e700 r9 = 0x00007f3279abd927 r10 = 0x00007f3279dd6be0 r11 = 0x0000000000000000 r12 = 0x00003a8735d7e1a0 r13 = 0x00007f326d88db60 r14 = 0x00007f32865a13b8 r15 = 0x00007f3279dd9868 rip = 0x00007f32832d407f Found by: given as instruction pointer in context 1 0x3000000020 rbx = 0x00007f32865ee6aa rbp = 0x0000000000000061 rsp = 0x00007f326d88d9b8 r12 = 0x00003a8735d7e1a0 r13 = 0x00007f326d88db60 r14 = 0x00007f32865a13b8 r15 = 0x00007f3279dd9868 rip = 0x0000003000000020 Found by: call frame info 2 chrome!WaitForTask [lock.h : 50 + 0x8] rsp = 0x00007f326d88d9d0 rip = 0x00007f328595addd Found by: stack scanning 3 chrome!ThreadMain [callback.h : 397 + 0x7] rbx = 0x00007f328898f370 rsp = 0x00007f326d88dac0 r12 = 0x00007f32866e7143 r13 = 0x00007f328898f430 r14 = 0x00007f32832d383d r15 = 0x0000000000000002 rip = 0x00007f328595b0da Found by: call frame info 4 chrome!ThreadFunc [platform_thread_posix.cc : 70 + 0x8] rbx = 0x00003a8735cf5c80 rbp = 0x0000000000000000 rsp = 0x00007f326d88dc30 r12 = 0x00007f326d88e700 r13 = 0x0000000000000000 r14 = 0x00003a8735d7e1a0 r15 = 0x00003a87356a8a90 rip = 0x00007f3285952ea5 Found by: call frame info 5 libpthread-2.19.so + 0x8182 rbx = 0x00007f326d88e700 rbp = 0x0000000000000000 rsp = 0x00007f326d88dc60 r12 = 0x0000000000000000 r13 = 0x0000000000000000 r14 = 0x00007f326d88e9c0 r15 = 0x00007f326d88e700 rip = 0x00007f327c926182 Found by: call frame info 6 libc-2.19.so + 0xfa47d rsp = 0x00007f326d88dd00 rip = 0x00007f3279b1447d Found by: stack scanning Thread 0 0 chrome!addToFreeList [HeapPage.cpp : 917 + 0x0] rax = 0x0000000000011123 rdx = 0x0000000000000018 rcx = 0x000000000000002a rbx = 0x000000000001c8b8 rsi = 0x0000152b5a722748 rdi = 0x0000152b5a720000 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c8833d0 r8 = 0x0000000057191245 r9 = 0x0000000000000001 r10 = 0x0000000000000001 r11 = 0x0000000000000000 r12 = 0x00000000fbadbeef r13 = 0x00000000000110fb r14 = 0x0000152b5a722748 r15 = 0x00002440b2e98838 rip = 0x00007f32832de540 Found by: given as instruction pointer in context 1 chrome!setAllocationPoint [HeapPage.cpp : 671 + 0x8] rbx = 0x00002440b2e98810 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c883400 r12 = 0x00002440b2e98810 r13 = 0x00000000fbadbeef r14 = 0x0000000000000000 r15 = 0x0000000000000000 rip = 0x00007f32832dc34f Found by: call frame info 2 chrome!<name omitted> [HeapPage.cpp : 357 + 0x9] rbx = 0x00002440b2e98810 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c883430 r12 = 0x00001aac05210050 r13 = 0x0000000000000034 r14 = 0x00002440b2e98810 r15 = 0x00000000fbadbeef rip = 0x00007f32832dc27d Found by: call frame info 3 chrome!makeConsistentForGC [HeapPage.cpp : 174 + 0x6] rbx = 0x00007f328896f480 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c883440 r12 = 0x00001aac05210050 r13 = 0x0000000000000034 r14 = 0x00002440b2e98810 r15 = 0x00000000fbadbeef rip = 0x00007f32832db9e4 Found by: call frame info 4 chrome!makeConsistentForGC [ThreadState.cpp : 979 + 0x69] rbx = 0x00007f328896f480 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c883460 r12 = 0x00001aac05210050 r13 = 0x0000000000000034 r14 = 0x00007f328898f446 r15 = 0x00002440b2e2c0f0 rip = 0x00007f32832e6ea1 Found by: call frame info 5 chrome!preGC [ThreadState.cpp : 993 + 0x8] rbx = 0x00007f328896f480 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c8834d0 r12 = 0x00001aac05210050 r13 = 0x0000000000000034 r14 = 0x00000000fbadbeef r15 = 0x00002440b2e2c0f0 rip = 0x00007f32832e705f Found by: call frame info 6 chrome!preGC [Heap.cpp : 386 + 0x5] rbx = 0x00001aac05210040 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c8834e0 r12 = 0x00001aac05210050 r13 = 0x0000000000000034 r14 = 0x00000000fbadbeef r15 = 0x00002440b2e2c0f0 rip = 0x00007f32832d885e Found by: call frame info 7 chrome!collectGarbage [Heap.cpp : 452 + 0x5] rbx = 0x00007f328898f477 rbp = 0x00007ffc1c8835f0 rsp = 0x00007ffc1c883510 r12 = 0x00007f328725ac3f r13 = 0x00007f328896f480 r14 = 0x00002440b2e33010 r15 = 0x0000000000000001 rip = 0x00007f32832d8d51 Found by: call frame info 8 chrome!safePoint [ThreadState.cpp : 1235 + 0xb] rbx = 0x00007f328896f480 rbp = 0x0000000000000001 rsp = 0x00007ffc1c883600 r12 = 0x00007ffc1c883730 r13 = 0x00003a873583e000 r14 = 0x00000000fbadbeef r15 = 0x0000000000000000 rip = 0x00007f32832e9620 Found by: call frame info 9 chrome!ProcessTaskFromWorkQueue [task_queue_manager.cc : 299 + 0x9] rbx = 0x00007ffc1c8836c0 rbp = 0x00007ffc1c883708 rsp = 0x00007ffc1c883630 r12 = 0x00007ffc1c883730 r13 = 0x00003a873583e000 r14 = 0x00007ffc1c8839a8 r15 = 0x00003a87356e3f50 rip = 0x00007f328557e4e7 Found by: call frame info 10 chrome!DoWork [task_queue_manager.cc : 201 + 0xb] rbx = 0x0000000000000000 rbp = 0x00007ffc1c8839a8 rsp = 0x00007ffc1c883920 r12 = 0x0000000000000002 r13 = 0x00003a873569da80 r14 = 0x00003a873583e000 r15 = 0x00007ffc1c883978 rip = 0x00007f328557cfe5 Found by: call frame info 11 chrome!Run [bind_internal.h : 181 + 0x7] rbx = 0x00003a87356ea0c0 rbp = 0x00003a87356a0c40 rsp = 0x00007ffc1c883d60 r12 = 0x0000000000000000 r13 = 0x00007ffc1c884148 r14 = 0x00007ffc1c883d68 r15 = 0x00007f328557cdd0 rip = 0x00007f328557f2e4 Found by: call frame info 12 chrome!RunTask [callback.h : 397 + 0x4] rbx = 0x00007ffc1c883e48 rbp = 0x00003a87356a0c40 rsp = 0x00007ffc1c883da0 r12 = 0x00003a87356a0da0 r13 = 0x00007ffc1c884148 r14 = 0x00007f328705c9ec r15 = 0x00007f328898f43d rip = 0x00007f32858f4bdc Found by: call frame info 13 chrome!RunTask [message_loop.cc : 479 + 0x16] rbx = 0x00007f328898f430 rbp = 0x00003a87356a0c40 rsp = 0x00007ffc1c883eb0 r12 = 0x00003a87356a0d78 r13 = 0x00007f3287028383 r14 = 0x00007ffc1c884148 r15 = 0x00007f328898f370 rip = 0x00007f3285912285 Found by: call frame info 14 chrome!DeferOrRunPendingTask [message_loop.cc : 488 + 0xb] rbx = 0x00007ffc1c884148 rbp = 0x00007ffc1c884148 rsp = 0x00007ffc1c884120 r12 = 0x00003a87356a0ca8 r13 = 0x00007ffc1c884160 r14 = 0x00003a87356a0c40 r15 = 0x00003a87360c4390 rip = 0x00007f32859125c8 Found by: call frame info 15 chrome!DoWork [message_loop.cc : 600 + 0xb] rbx = 0x00003a87356a0c40 rbp = 0x00007ffc1c884148 rsp = 0x00007ffc1c884140 r12 = 0x00003a87356a0ca8 r13 = 0x00007ffc1c884160 r14 = 0x00003a87360c4250 r15 = 0x00003a87360c4390 rip = 0x00007f328591277b Found by: call frame info 16 chrome!Run [message_pump_default.cc : 33 + 0x6] rbx = 0x00003a87356a0c01 rbp = 0x00007ffc1c884901 rsp = 0x00007ffc1c8841d0 r12 = 0x00003a873568b708 r13 = 0x00003a87356a0c40 r14 = 0x00003a873568b6c0 r15 = 0x00003a873568b710 rip = 0x00007f328591406f Found by: call frame info 17 chrome!RunHandler [message_loop.cc : 443 + 0x6] rbx = 0x00003a87356a0c40 rbp = 0x00007ffc1c884948 rsp = 0x00007ffc1c8843a0 r12 = 0x00003a873568cc80 r13 = 0x00003a873568ed00 r14 = 0x00007ffc1c884560 r15 = 0x00007ffc1c884d00 rip = 0x00007f3285911db1 Found by: call frame info 18 chrome!Run [run_loop.cc : 35 + 0x8] rbx = 0x00007ffc1c884700 rbp = 0x00007ffc1c884948 rsp = 0x00007ffc1c884560 r12 = 0x00003a873568cc80 r13 = 0x00003a873568ed00 r14 = 0x00007ffc1c884560 r15 = 0x00007ffc1c884d00 rip = 0x00007f32859347dc Found by: call frame info 19 chrome!Run [message_loop.cc : 295 + 0x8] rbx = 0x00007ffc1c884700 rbp = 0x00007ffc1c884948 rsp = 0x00007ffc1c884700 r12 = 0x00003a873568cc80 r13 = 0x00003a873568ed00 r14 = 0x00003a87356a0c40 r15 = 0x00007ffc1c884d00 rip = 0x00007f32859110b0 Found by: call frame info 20 chrome!RendererMain [renderer_main.cc : 219 + 0x8] rbx = 0x00007f328898f430 rbp = 0x00007ffc1c884948 rsp = 0x00007ffc1c8848c0 r12 = 0x00003a873568cc80 r13 = 0x00003a873568ed00 r14 = 0x00003a87356a0c40 r15 = 0x00007ffc1c884d00 rip = 0x00007f32856b14ce Found by: call frame info 21 chrome!RunZygote [content_main_runner.cc : 306 + 0x4] rbx = 0x00003a873568ed00 rbp = 0x00007ffc1c884d18 rsp = 0x00007ffc1c884d10 r12 = 0x00007ffc1c884d28 r13 = 0x00007ffc1c885501 r14 = 0x0000000000000001 r15 = 0x00007ffc1c885490 rip = 0x00007f32858cac8b Found by: call frame info 22 chrome!RunNamedProcessTypeMain [content_main_runner.cc : 389 + 0xb] rbx = 0x0000000000000005 rbp = 0x00000000ffffffff rsp = 0x00007ffc1c884f40 r12 = 0x00007ffc1c8850f8 r13 = 0x00007ffc1c8855c0 r14 = 0x00007ffc1c885100 r15 = 0x00007ffc1c885490 rip = 0x00007f32858cb212 Found by: call frame info 23 chrome!Run [content_main_runner.cc : 742 + 0x8] rbx = 0x00003a873568ed00 rbp = 0x00000000ffffffff rsp = 0x00007ffc1c8850f0 r12 = 0x00007f3280b41b18 r13 = 0x00007ffc1c8855c0 r14 = 0x00007ffc1c8850f8 r15 = 0x00003a873568a2d0 rip = 0x00007f32858cbc53 Found by: call frame info 24 chrome!ContentMain [content_main.cc : 20 + 0x6] rbx = 0x00003a873568a2d0 rbp = 0x00000000ffffffff rsp = 0x00007ffc1c885450 r12 = 0x00007f3280b41b18 r13 = 0x00007ffc1c8855c0 r14 = 0x00007ffc1c885490 r15 = 0x0000000000000000 rip = 0x00007f32858ca850 Found by: call frame info 25 chrome!ChromeMain [chrome_main.cc : 84 + 0x5] rbx = 0x00007ffc1c8855c8 rbp = 0x0000000000000007 rsp = 0x00007ffc1c885470 r12 = 0x00007f3280b41b18 r13 = 0x00007ffc1c8855c0 r14 = 0x00007ffc1c885490 r15 = 0x0000000000000000 rip = 0x00007f3280b41c76 Found by: call frame info 26 libc-2.19.so + 0x21ec5 rbx = 0x0000000000000000 rbp = 0x0000000000000000 rsp = 0x00007ffc1c8854f0 r12 = 0x00007f3280b41b18 r13 = 0x00007ffc1c8855c0 r14 = 0x0000000000000000 r15 = 0x0000000000000000 rip = 0x00007f3279a3bec5 Found by: call frame info 27 chrome!frame_dummy + 0x30 rsp = 0x00007ffc1c885510 rip = 0x00007f3280b41c20 Found by: stack scanning 28 chrome + 0xb53b18 rsp = 0x00007ffc1c885528 rip = 0x00007f3280b41b18 Found by: stack scanning 29 ld-2.19.so + 0x10223 rsp = 0x00007ffc1c885580 rip = 0x00007f327fdd9223 Found by: stack scanning 30 chrome + 0xb53b18 rsp = 0x00007ffc1c885598 rip = 0x00007f3280b41b18 Found by: stack scanning 31 chrome!_start + 0x29 rsp = 0x00007ffc1c8855b0 rip = 0x00007f3280b41b41 Found by: stack scanning It seems clear that V8 is doing a GC when this crash happens. hpayer@, could you please take and investigate or reassign this? It must be due to recent changes.
,
Apr 22 2016
Woah, hard to conclude anything from the stack traces. Getting this one reproducible would be nice. Probably hard because of thread timing. Remembered set is on the stack trace. Ulan, do you see a problem there?
,
Apr 22 2016
#0 seems to be the issue where we stack-allocated semaphores. The theory behind this was unaligned semaphore access. This has never been seen since we allocate on them on the heap. #2 I don't see a V8 GC in there? Only Chrome stack.
,
Apr 22 2016
I guess #2 comes from Thread 11. No symbols.
,
Apr 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/8d24472acfaf7e67ca20106cb1f405fc0590c849 commit 8d24472acfaf7e67ca20106cb1f405fc0590c849 Author: ulan <ulan@chromium.org> Date: Fri Apr 22 10:14:50 2016 Check for semaphore alignment on posix platforms. BUG= chromium:605349 LOG=NO Review URL: https://codereview.chromium.org/1912923003 Cr-Commit-Position: refs/heads/master@{#35717} [modify] https://crrev.com/8d24472acfaf7e67ca20106cb1f405fc0590c849/src/base/platform/semaphore.cc
,
Apr 22 2016
I guess I misinterpreted the Oilpan entry points and thought that Oilpan collections were initiated because of V8's GC. haraken, sigjbornf: do the stack traces in #1 and #2 look familiar?
,
Apr 22 2016
Unfortunately the assertion added in #6 is firing on the Nexus 9 Android device: https://build.chromium.org/p/chromium.gpu.fyi/builders/Android%20Debug%20%28Nexus%209%29/builds/172 E/v8 ( 3391): E/v8 ( 3391): E/v8 ( 3391): # E/v8 ( 3391): # Fatal error in ../../v8/src/base/platform/semaphore.cc, line 83 E/v8 ( 3391): # E/v8 ( 3391): Check failed: 0 == reinterpret_cast<uintptr_t>(&native_handle_) & kPointerAlignmentMask (0 vs. 4). E/v8 ( 3391): E/v8 ( 3391): # Full stdout from the pixel_tests step attached. I'm reverting the last V8 roll and disabling autorolls for the moment.
,
Apr 22 2016
We could have caught that earlier: https://paste.googleplex.com/4905601284964352
,
Apr 22 2016
FYI: Other rolls landed inbetween. This error should also be caught when simply running mjsunit tests on a real ARM64 device, right? Maybe we should add them to the ARM64 (not sim) builder?
,
Apr 22 2016
Yes, I saw the conflicts and am manually unrolling V8 to the version before https://codereview.chromium.org/1906313003/ . Hopefully this could have been caught earlier on V8's waterfall.
,
Apr 22 2016
Lets discuss our options next week.
,
Apr 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/80c73e2cde6020f8a3879408bee72828e887e3d5 commit 80c73e2cde6020f8a3879408bee72828e887e3d5 Author: hablich <hablich@chromium.org> Date: Mon Apr 25 09:24:51 2016 Revert of Check for semaphore alignment on posix platforms. (patchset #1 id:1 of https://codereview.chromium.org/1912923003/ ) Reason for revert: blocks rolling. See https://bugs.chromium.org/p/chromium/issues/detail?id=605349 for more information. This CL only triggers the problem earlier but is not the culprit. The real bug is under investigation by the GC team. Original issue's description: > Check for semaphore alignment on posix platforms. > > BUG= chromium:605349 > LOG=NO > > Committed: https://crrev.com/8d24472acfaf7e67ca20106cb1f405fc0590c849 > Cr-Commit-Position: refs/heads/master@{#35717} TBR=mlippautz@chromium.org,ulan@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= chromium:605349 LOG=N Review URL: https://codereview.chromium.org/1921533002 Cr-Commit-Position: refs/heads/master@{#35755} [modify] https://crrev.com/80c73e2cde6020f8a3879408bee72828e887e3d5/src/base/platform/semaphore.cc
,
Apr 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/67f3103a26055e166b67b9769bfaf0c575b92154 commit 67f3103a26055e166b67b9769bfaf0c575b92154 Author: ulan <ulan@chromium.org> Date: Mon Apr 25 18:11:09 2016 Reland "Check for semaphore alignment on posix platforms. (patchset #1 id:1 of https://codereview.chromium.org/1912923003/ )" This patch also fixed three misaligned semaphores. This reverts commit 80c73e2cde6020f8a3879408bee72828e887e3d5. BUG= chromium:605349 LOG=NO Review URL: https://codereview.chromium.org/1917923002 Cr-Commit-Position: refs/heads/master@{#35773} [modify] https://crrev.com/67f3103a26055e166b67b9769bfaf0c575b92154/src/base/platform/semaphore.cc [modify] https://crrev.com/67f3103a26055e166b67b9769bfaf0c575b92154/src/heap/mark-compact.cc [modify] https://crrev.com/67f3103a26055e166b67b9769bfaf0c575b92154/src/heap/mark-compact.h [modify] https://crrev.com/67f3103a26055e166b67b9769bfaf0c575b92154/src/libplatform/task-queue.h
,
Apr 26 2016
Another flake (not sure whether the above commit may have already fixed it): https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/218283 # # Fatal error in ../../v8/src/base/platform/semaphore.cc, line 97 # Check failed: (0)==(result). # ==== C stack trace =============================== 1: 0x7f46178a8bc5 2: 0x7f46178a8dcd 3: 0x7f4619f4a54a 4: 0x7f4619f42315 5: 0x7f4610ee3182 6: clone Thread 11 (crashed) 0 chrome!v8::base::OS::Abort() + 0xf 1 0x3000000020 2 chrome!WaitForTask [lock.h : 50 + 0x8] 3 chrome!ThreadMain [callback.h : 397 + 0x7] 4 chrome!ThreadFunc [platform_thread_posix.cc : 70 + 0x8] 5 libpthread-2.19.so + 0x8182 6 libc-2.19.so + 0xfa47d
,
Apr 26 2016
Failure in #15 was using V8 d90dcc50937359946914b3493f8e03b87cd which was still using the commit form #6 and not #14. https://chromium.googlesource.com/v8/v8/+log/d90dcc50937359946914b3493f8e03b87cd
,
Apr 26 2016
Thanks for confirming Michael.
,
Apr 27 2016
Two new flakes: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/219034 built at: got_v8_revision 34b5eb4982b4038a1873ef90f27ead42eef3cfa0 got_v8_revision_cp refs/heads/5.2.141@{#1} https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/219128 built at: got_v8_revision ea682869f8c7b14dfc9d8fa2cf5a52a4ebe162d4 got_v8_revision_cp refs/heads/5.2.142@{#1} What's the next step toward diagnosing / fixing this?
,
Apr 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/75f05161d7963f9f7cea50e0cafd7f0fb6efd798 commit 75f05161d7963f9f7cea50e0cafd7f0fb6efd798 Author: ulan <ulan@chromium.org> Date: Wed Apr 27 15:08:08 2016 Print more debug info on semaphore failure. BUG= chromium:605349 LOG=NO Review URL: https://codereview.chromium.org/1921213004 Cr-Commit-Position: refs/heads/master@{#35825} [modify] https://crrev.com/75f05161d7963f9f7cea50e0cafd7f0fb6efd798/src/base/platform/semaphore.cc
,
May 3 2016
The latest clang roll most likely fixed this issue.
,
May 3 2016
That's great -- thank you -- but we *really* should add some sort of test which would prevent a buggy version of Clang from rolling in and affecting things like this.
,
May 3 2016
,
May 4 2016
,
Aug 30 2016
Hello Folks. I am trying to piece together whether the assertion added in #14 was actually necessary or whether this issue was due was a compiler bug as suggested by #20? The compiler should have guaranteed the alignment of a sem_t field inside a struct/object, so I am not sure if the assertion was actually necessary. We are running into the assertion on Node.js when built against the musl c library.
,
Sep 1 2016
ulan@, or someone else from the V8 team, can you chime in since both hpayer@ and mlippautz@ seem to be away.
,
Sep 1 2016
ofrobots@, I think the assertion is necessary. In the sense that if the semaphore handle is not aligned then the semaphore will not work. Do you have the stack trace of the crash?
,
Sep 2 2016
ulan: But it is the compiler's job to guarantee alignment of each field within an aggregate (struct/class). Lack of alignment of the semaphore would be a compiler bug. With the musl c library, sem_t is type is an aggregate rather than a scalar; it happens ot be an array of ints even on 64-bit. musl c intentionally doesn't export a macro to detect that it is in use (there no __MUSL__ macro similar to __GCLIB__), so it is not going to easy to fix the (unnecessary, IMO) alignment checking code.
,
Sep 2 2016
The check was useful to find code in V8 that stack allocated sem_t, which led to unaligned handle. I understand the problem with musl now: the handle is not pointer aligned, but int aligned. If you're sure that musl semaphore works correctly with unaligned sem_t, then we can remove the check.
,
Sep 2 2016
Did you mean that the check can be removed only for musl, or in general (as I am suggesting)? If a stack allocated semaphore ended up not being aligned, then that would, again, have been a compiler bug.
,
Sep 5 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f09e8cf5e369fbd61e1878446a7c38e0422cd908 commit f09e8cf5e369fbd61e1878446a7c38e0422cd908 Author: ulan <ulan@chromium.org> Date: Mon Sep 05 10:55:20 2016 Remove semaphore alignment check for posix platform. BUG= chromium:605349 LOG=NO Review-Url: https://codereview.chromium.org/2304203002 Cr-Commit-Position: refs/heads/master@{#39157} [modify] https://crrev.com/f09e8cf5e369fbd61e1878446a7c38e0422cd908/src/base/platform/semaphore.cc
,
Sep 6 2016
Thanks! Adding a merge-request-5.4 label. We need f09e8cf5e369fbd61e1878446a7c38e0422cd908 merged to pick it up for upcoming Node.js v7.0.
,
Sep 6 2016
Your change meets the bar and is auto-approved for M54 (branch: 2840)
,
Sep 7 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c320e30317a6f56a263c9d36882a576780c7b880 commit c320e30317a6f56a263c9d36882a576780c7b880 Author: Ulan Degenbaev <ulan@chromium.org> Date: Wed Sep 07 10:40:05 2016 Merged: Remove semaphore alignment check for posix platform. Revision: f09e8cf5e369fbd61e1878446a7c38e0422cd908 BUG= chromium:605349 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=mlippautz@chromium.org Review URL: https://codereview.chromium.org/2321473002 . Cr-Commit-Position: refs/branch-heads/5.4@{#33} Cr-Branched-From: 5ce282769772d94937eb2cb88eb419a6890c8b2d-refs/heads/5.4.500@{#2} Cr-Branched-From: ad07b49d7b47b40a2d6f74d04d1b76ceae2a0253-refs/heads/master@{#38841} [modify] https://crrev.com/c320e30317a6f56a263c9d36882a576780c7b880/src/base/platform/semaphore.cc
,
Sep 7 2016
If there is no pending work in M54, please remove - Merge-Approved-54.
,
Sep 8 2016
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by hablich@chromium.org
, Apr 21 2016Status: Available (was: Untriaged)