v8 related crash in WebGL2 conformance tests on Linux NVidia |
||||||
Issue description
Operating system: Linux
0.0.0 Linux 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64
CPU: amd64
family 6 model 60 stepping 3
1 CPU
GPU: UNKNOWN
Crash reason: SIGSEGV
Crash address: 0x20
Process uptime: not available
Thread 0 (crashed)
0 chrome!std::_Rb_tree_iterator<std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> > > std::_Rb_tree<v8::internal::JSArrayBuffer*, std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> >, std::_Select1st<std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> > >, std::less<v8::internal::JSArrayBuffer*>, std::allocator<std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> > > >::_M_insert_unique_<std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> > >(std::_Rb_tree_const_iterator<std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> > >, std::pair<v8::internal::JSArrayBuffer* const, std::pair<void*, unsigned long> >&&) + 0x9a
rax = 0x00000b9e4e8022b8 rdx = 0x00007fffad4efd50
rcx = 0x00007fffad4efd58 rbx = 0x00000b9e4e8022b8
rsi = 0x00000b9e4e8022b8 rdi = 0x00000b9e4e8022b0
rbp = 0x00002867e3906d11 rsp = 0x00007fffad4efd00
r8 = 0x00000b9e4e7a6828 r9 = 0x0000000000000fdb
r10 = 0x00007f6a3479a9d0 r11 = 0x000000002d547ab1
r12 = 0x00007fffad4efd50 r13 = 0x00000b9e4f282080
r14 = 0x00000b9e4e8022b0 r15 = 0x0000000000000000
rip = 0x00007f6a48feff7a
Found by: given as instruction pointer in context
1 chrome!void v8::internal::LocalArrayBufferTracker::Process<void v8::internal::LocalArrayBufferTracker::ScanAndFreeDead<(v8::internal::LocalArrayBufferTracker::LivenessIndicator)0>()::{lambda(v8::internal::JSArrayBuffer*, v8::internal::JSArrayBuffer**)#1}>(void v8::internal::LocalArrayBufferTracker::ScanAndFreeDead<(v8::internal::LocalArrayBufferTracker::LivenessIndicator)0>()::{lambda(v8::internal::JSArrayBuffer*, v8::internal::JSArrayBuffer**)#1}) + 0x142
rbx = 0x00000b9e4e8022b0 rbp = 0x00002867e3906d11
rsp = 0x00007fffad4efd40 r12 = 0x00000b9e4e7a6858
r13 = 0x00000b9e4f282080 r14 = 0x00000b9e4e7a6820
r15 = 0x00002867e3900000 rip = 0x00007f6a48ff03a2
Found by: call frame info
2 chrome!void v8::internal::ArrayBufferTracker::ScanAndFreeDeadArrayBuffers<(v8::internal::LocalArrayBufferTracker::LivenessIndicator)0>(v8::internal::Page*) + 0x24
rbx = 0x00000b9e4e7a6820 rbp = 0x0000000000000001
rsp = 0x00007fffad4efda0 r12 = 0x0000000000000001
r13 = 0x00000b9e4ec81ae0 r14 = 0x00000b9e4e7a6828
r15 = 0x00000b9e4e695020 rip = 0x00007f6a48fef474
Found by: call frame info
3 chrome!v8::internal::MarkCompactCollector::Evacuator::EvacuatePage(v8::internal::Page*) + 0x62
rbx = 0x000005a0fb700000 rbp = 0x0000000000000001
rsp = 0x00007fffad4efdc0 r12 = 0x0000000000000001
r13 = 0x00000b9e4ec81ae0 r14 = 0x00000b9e4e912600
r15 = 0x00000b9e4e695020 rip = 0x00007f6a49022f82
Found by: call frame info
4 chrome!v8::internal::PageParallelJob<v8::internal::EvacuationJobTraits>::Task::RunInternal() + 0x59
rbx = 0x00000b9e4e772a40 rbp = 0x00000b9e4e914a00
rsp = 0x00007fffad4efe00 r12 = 0x0000000000000001
r13 = 0x00000b9e4ec81ae0 r14 = 0x00000b9e4ec81ae0
r15 = 0x0000000000000002 rip = 0x00007f6a49022ed9
Found by: call frame info
5 chrome!v8::internal::MarkCompactCollector::EvacuatePagesInParallel() + 0x5c7
rbx = 0x0000000000000003 rbp = 0x00000b9e4e914a00
rsp = 0x00007fffad4efe30 r12 = 0x0000000000000012
r13 = 0x00000b9e4ec81ae0 r14 = 0x0000000000000010
r15 = 0x00000b9e4ec81ae0 rip = 0x00007f6a490187b7
Found by: call frame info
6 chrome!v8::internal::MarkCompactCollector::EvacuateNewSpaceAndCandidates() + 0x1af
rbx = 0x00007f6a4d9f1c70 rbp = 0x0000000001f27bd8
rsp = 0x00007fffad4eff10 r12 = 0x00007f6a4c3a63d4
r13 = 0x0000000000000005 r14 = 0x00000b9e4e695020
r15 = 0x00000b9e4e653180 rip = 0x00007f6a4901325f
Found by: call frame info
7 chrome!v8::internal::MarkCompactCollector::CollectGarbage() + 0x21
rbx = 0x00000b9e4e653180 rbp = 0x0000000001f27bd8
rsp = 0x00007fffad4efff0 r12 = 0x00007f6a4c3a63d4
r13 = 0x0000000000000005 r14 = 0x00000b9e4e695020
r15 = 0x00000b9e4e695c30 rip = 0x00007f6a49011b61
Found by: call frame info
8 chrome!v8::internal::Heap::MarkCompact() + 0xe5
rbx = 0x0000000001f27bd8 rbp = 0x0000000001f27bd8
rsp = 0x00007fffad4f0000 r12 = 0x00007f6a4c3a63d4
r13 = 0x0000000000000005 r14 = 0x00000b9e4e695020
r15 = 0x00000b9e4e695c30 rip = 0x00007f6a48ff9675
Found by: call frame info
9 chrome!v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) + 0x4d4
rbx = 0x000000001b2282a0 rbp = 0x000000001b939cc8
rsp = 0x00007fffad4f0060 r12 = 0x0000000000000001
r13 = 0x00000b9e4e695020 r14 = 0x00000000004bc8c0
r15 = 0x0000000000000001 rip = 0x00007f6a48ff8704
Found by: call frame info
10 chrome!v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, char const*, char const*, v8::GCCallbackFlags) + 0x277
rbx = 0x00007f6a4d9f1c55 rbp = 0x00000b9e4e69b1c0
rsp = 0x00007fffad4f0120 r12 = 0x00007f6a4bf8dfcc
r13 = 0x00000b9e4e695001 r14 = 0x0000000000000001
r15 = 0x00000b9e4e695020 rip = 0x00007f6a48ff7e17
Found by: call frame info
11 chrome!v8::internal::Heap::HandleGCRequest() + 0xd9
rbx = 0x00000b9e4e695020 rbp = 0x00000b9e4e69b000
rsp = 0x00007fffad4f01a0 r12 = 0x00002e75e7530991
r13 = 0x00000b9e4e6950c0 r14 = 0x0000000000000000
r15 = 0x00000b9e4e696a78 rip = 0x00007f6a48ff7029
Found by: call frame info
12 chrome!v8::internal::StackGuard::HandleInterrupts() + 0x62
rbx = 0x00000b9e4e696a48 rbp = 0x0000000000000008
rsp = 0x00007fffad4f01c0 r12 = 0x00002e75e7530991
r13 = 0x00000b9e4e6950c0 r14 = 0x0000000000000000
r15 = 0x00000b9e4e696a78 rip = 0x00007f6a48fc5102
Found by: call frame info
13 chrome!v8::internal::Runtime_StackGuard(int, v8::internal::Object**, v8::internal::Isolate*) + 0x4f
rbx = 0x00000b9e4e696a78 rbp = 0x00007fffad4f02a8
rsp = 0x00007fffad4f01f0 r12 = 0x00002e75e7530991
r13 = 0x00000b9e4e6950c0 r14 = 0x0000000000000000
r15 = 0x00007fffad4f02b0 rip = 0x00007f6a491ba94f
Found by: call frame info
14 0x9872bc08507
rbx = 0x00007f6a491ba900 rbp = 0x00007fffad4f02a8
rsp = 0x00007fffad4f0210 r12 = 0x00002e75e7530991
r13 = 0x00000b9e4e6950c0 r14 = 0x0000000000000000
r15 = 0x00007fffad4f02b0 rip = 0x000009872bc08507
Found by: call frame info
15 0x9872c686788
rbp = 0x00007fffad4f0398 rsp = 0x00007fffad4f02b8
rip = 0x000009872c686788
Found by: previous frame's frame pointer
16 0x9872c68ac00
rbp = 0x00007fffad4f04f0 rsp = 0x00007fffad4f03a8
rip = 0x000009872c68ac00
Found by: previous frame's frame pointer
17 0x9872c5feb84
rbp = 0x00007fffad4f0540 rsp = 0x00007fffad4f0500
rip = 0x000009872c5feb84
Found by: previous frame's frame pointer
18 0x9872c46b529
rbp = 0x00007fffad4f0610 rsp = 0x00007fffad4f0550
rip = 0x000009872c46b529
Found by: previous frame's frame pointer
19 0x9872c0b4f79
rbp = 0x00007fffad4f0668 rsp = 0x00007fffad4f0620
rip = 0x000009872c0b4f79
Found by: previous frame's frame pointer
20 0x9872c4569d2
rbp = 0x00007fffad4f0698 rsp = 0x00007fffad4f0678
rip = 0x000009872c4569d2
Found by: previous frame's frame pointer
21 0x9872bc43b43
rbp = 0x00007fffad4f06c8 rsp = 0x00007fffad4f06a8
rip = 0x000009872bc43b43
Found by: previous frame's frame pointer
22 0x9872bc2742f
rbp = 0x00007fffad4f0730 rsp = 0x00007fffad4f06d8
rip = 0x000009872bc2742f
Found by: previous frame's frame pointer
23 chrome!v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>) + 0x1c7
rsp = 0x00007fffad4f0740 rip = 0x00007f6a48fc4877
Found by: stack scanning
24 chrome!v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 0x134
rbx = 0x00000b9e4e695000 rbp = 0x00000b9e4e6d0018
rsp = 0x00007fffad4f07e0 r12 = 0x0000000000000000
r13 = 0x00000b9e4e6d0008 r14 = 0x00007fffad4f0890
r15 = 0x0000000000000000 rip = 0x00007f6a48fc4674
Found by: call frame info
25 chrome!v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) + 0x1fb
rbx = 0x00000b9e4e695000 rbp = 0x00007f6a4d9f1c55
rsp = 0x00007fffad4f0850 r12 = 0x00000b9e4e69b600
r13 = 0x0000000000000000 r14 = 0x00000b9e4e6d0030
r15 = 0x0000000000000000 rip = 0x00007f6a48d6978b
Found by: call frame info
26 chrome!blink::V8ScriptRunner::callFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) + 0x2e7
rbx = 0x00000b9e4e6d0008 rbp = 0x00007f6a4c603c0b
rsp = 0x00007fffad4f0910 r12 = 0x00000b9e4e695000
r13 = 0x0000000000000000 r14 = 0x00007fffad4f0980
r15 = 0x00001cc05532b038 rip = 0x00007f6a4a48d007
Found by: call frame info
27 chrome!blink::ScheduledAction::execute(blink::LocalFrame*) + 0x172
rbx = 0x00001c1076a41850 rbp = 0x0000000000000000
rsp = 0x00007fffad4f09d0 r12 = 0x00001d1458b04f48
r13 = 0x00007fffad4f0ee0 r14 = 0x00001e81d4861960
r15 = 0x00000b9e4e6d0008 rip = 0x00007f6a4a459e32
Found by: call frame info
28 chrome!blink::DOMTimer::fired() + 0x227
rbx = 0x00001d1458b04f48 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0ad0 r12 = 0x00000b9e4e63f6d0
r13 = 0x00007fffad4f0ee0 r14 = 0x00001cc05532b038
r15 = 0x00001b6147b671c0 rip = 0x00007f6a4aa71f37
Found by: call frame info
29 chrome!blink::TimerBase::runInternal() + 0x1b6
rbx = 0x00001b6147b671c0 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0b90 r12 = 0x00000b9e4e63f6d0
r13 = 0x00007fffad4f0ee0 r14 = 0x00007f6a4d8d4890
r15 = 0x00007f6a47d2bbd0 rip = 0x00007f6a4a16b5e6
Found by: call frame info
30 chrome!blink::TimerBase::CancellableTimerTask::run() + 0x1e
rbx = 0x00000b9e4e943060 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0be0 r12 = 0x00000b9e4e63f6d0
r13 = 0x00007fffad4f0ee0 r14 = 0x00007f6a4c09a7dc
r15 = 0x00007f6a47d2bbd0 rip = 0x00007f6a4a16b6ae
Found by: call frame info
31 chrome!base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void (*)(std::unique_ptr<safe_browsing::IncidentReceiver, std::default_delete<safe_browsing::IncidentReceiver> >)>, void (std::unique_ptr<safe_browsing::IncidentReceiver, std::default_delete<safe_browsing::IncidentReceiver> >), base::internal::PassedWrapper<std::unique_ptr<safe_browsing::IncidentReceiver, std::default_delete<safe_browsing::IncidentReceiver> > > >, base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (*)(std::unique_ptr<safe_browsing::IncidentReceiver, std::default_delete<safe_browsing::IncidentReceiver> >)> >, void ()>::Run(base::internal::BindStateBase*) + 0x6f
rbx = 0x00000b9e4e77fc30 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0bf0 r12 = 0x00000b9e4e63f6d0
r13 = 0x00007fffad4f0ee0 r14 = 0x00007f6a4c09a7dc
r15 = 0x00007f6a47d2bbd0 rip = 0x00007f6a4746acdf
Found by: call frame info
32 chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) + 0xb6
rbx = 0x00007fffad4f0df8 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0da0 r12 = 0x00000b9e4e63f6d0
r13 = 0x00007fffad4f0ee0 r14 = 0x00007f6a4c09a7dc
r15 = 0x00007f6a4d9f1c3d rip = 0x00007f6a4b473266
Found by: call frame info
33 chrome!scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*) + 0x2c7
rbx = 0x00000b9e4e63f600 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0e50 r12 = 0x00007fffad4f0ee0
r13 = 0x00000b9e4e619000 r14 = 0x00007fffad4f0fb0
r15 = 0x00000b9e4e5faf60 rip = 0x00007f6a4a14bfc7
Found by: call frame info
34 chrome!scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool) + 0x129
rbx = 0x0000000000000000 rbp = 0x0000000000000000
rsp = 0x00007fffad4f0f70 r12 = 0x0000000000000000
r13 = 0x00000b9e4e63f600 r14 = 0x00007fffad4f0f78
r15 = 0x00007fffad4f0fb0 rip = 0x00007f6a4a14b0f9
Found by: call frame info
35 chrome!base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, void (scheduler::TaskQueueManager*, base::TimeTicks, bool), base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks&, bool>, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)> >, void ()>::Run(base::internal::BindStateBase*) + 0x74
rbx = 0x00000b9e4e64f800 rbp = 0x00000b9e4e5fec40
rsp = 0x00007fffad4f1060 r12 = 0x0000000000000000
r13 = 0x00007fffad4f1218 r14 = 0x00007fffad4f1068
r15 = 0x00007f6a4a14afd0 rip = 0x00007f6a4a14c964
Found by: call frame info
36 chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) + 0xb6
rbx = 0x00007fffad4f10f8 rbp = 0x00000b9e4e5fec40
rsp = 0x00007fffad4f10a0 r12 = 0x00000b9e4e5fedc8
r13 = 0x00007fffad4f1218 r14 = 0x00007f6a4c169994
r15 = 0x00007f6a4d9f1c3d rip = 0x00007f6a4b473266
Found by: call frame info
37 chrome!base::MessageLoop::RunTask(base::PendingTask const&) + 0x205
rbx = 0x00007f6a4d9f1c30 rbp = 0x00000b9e4e5fec40
rsp = 0x00007fffad4f1150 r12 = 0x00000b9e4e5feda0
r13 = 0x00007f6a4c09a775 r14 = 0x00007fffad4f1218
r15 = 0x00007f6a4d9f1b70 rip = 0x00007f6a4b4897d5
Found by: call frame info
38 chrome!base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) + 0x28
rbx = 0x00007fffad4f1218 rbp = 0x00007fffad4f1218
rsp = 0x00007fffad4f11f0 r12 = 0x00000b9e4e5feca8
r13 = 0x00007fffad4f1230 r14 = 0x00000b9e4e5fec40
r15 = 0x00000b9e4efecb90 rip = 0x00007f6a4b489ac8
Found by: call frame info
39 chrome!base::MessageLoop::DoWork() + 0xeb
rbx = 0x00000b9e4e5fec40 rbp = 0x00007fffad4f1218
rsp = 0x00007fffad4f1210 r12 = 0x00000b9e4e5feca8
r13 = 0x00007fffad4f1230 r14 = 0x00000b9e4efecb90
r15 = 0x00000b9e4efecb90 rip = 0x00007f6a4b489deb
Found by: call frame info
40 chrome!base::MessagePumpDefault::Run(base::MessagePump::Delegate*) + 0xba
rbx = 0x0000000000000001 rbp = 0x00000b9e4e5fec40
rsp = 0x00007fffad4f12a0 r12 = 0x00000b9e4e64dc30
r13 = 0x00007fffad4f12a0 r14 = 0x00000b9e4e64dc20
r15 = 0x00000b9e4e64dc38 rip = 0x00007f6a4b48b1ca
Found by: call frame info
41 chrome!base::RunLoop::Run() + 0x6e
rbx = 0x00007fffad4f1328 rbp = 0x0000000041d3de01
rsp = 0x00007fffad4f12e0 r12 = 0x00007fffad4f14c8
r13 = 0x0000000041d3de01 r14 = 0x00007fffad4f12e8
r15 = 0x00000b9e4e5ecd00 rip = 0x00007f6a4b4a484e
Found by: call frame info
42 chrome!base::MessageLoop::Run() + 0x1a
rbx = 0x00007fffad4f1328 rbp = 0x0000000041d3de01
rsp = 0x00007fffad4f1320 r12 = 0x00007fffad4f14c8
r13 = 0x0000000041d3de01 r14 = 0x00000b9e4e5fec40
r15 = 0x00000b9e4e5ecd00 rip = 0x00007f6a4b488fda
Found by: call frame info
43 chrome!content::RendererMain(content::MainFunctionParams const&) + 0x251
rbx = 0x00007f6a4d9f1c30 rbp = 0x0000000041d3de01
rsp = 0x00007fffad4f1360 r12 = 0x00007fffad4f14c8
r13 = 0x0000000041d3de01 r14 = 0x00000b9e4e5fec40
r15 = 0x00000b9e4e5ecd00 rip = 0x00007f6a4b250321
Found by: call frame info
44 chrome!content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) + 0x1cd
rbx = 0x00000b9e4e5ecd00 rbp = 0x00007fffad4f14b8
rsp = 0x00007fffad4f14b0 r12 = 0x00007fffad4f14c8
r13 = 0x0000000041d3de01 r14 = 0x0000000000000001
r15 = 0x00007fffad4f1608 rip = 0x00007f6a4b44bc5d
Found by: call frame info
45 chrome!content::ContentMainRunnerImpl::Run() + 0xa7
rbx = 0x0000000000000000 rbp = 0x00007fffad4f1560
rsp = 0x00007fffad4f1560 r12 = 0x00007f6a472098c0
r13 = 0x00007fffad4f1730 r14 = 0x00000b9e4e5e82d0
r15 = 0x00000b9e4e5ecd00 rip = 0x00007f6a4b44ccf7
Found by: call frame info
46 chrome!content::ContentMain(content::ContentMainParams const&) + 0x30
rbx = 0x00000b9e4e5e82d0 rbp = 0x00000000ffffffff
rsp = 0x00007fffad4f15c0 r12 = 0x00007f6a472098c0
r13 = 0x00007fffad4f1730 r14 = 0x00007fffad4f1608
r15 = 0x0000000000000000 rip = 0x00007f6a4b44b830
Found by: call frame info
47 chrome!ChromeMain + 0x3b
rbx = 0x00007fffad4f1738 rbp = 0x0000000000000007
rsp = 0x00007fffad4f15e0 r12 = 0x00007f6a472098c0
r13 = 0x00007fffad4f1730 r14 = 0x00007fffad4f1608
r15 = 0x0000000000000000 rip = 0x00007f6a47209a0b
Found by: call frame info
48 libc-2.19.so + 0x21ec5
rbx = 0x0000000000000000 rbp = 0x0000000000000000
rsp = 0x00007fffad4f1660 r12 = 0x00007f6a472098c0
r13 = 0x00007fffad4f1730 r14 = 0x0000000000000000
r15 = 0x0000000000000000 rip = 0x00007f6a40138ec5
Found by: call frame info
49 chrome!frame_dummy + 0x30
rsp = 0x00007fffad4f1680 rip = 0x00007f6a472099c0
Found by: stack scanning
50 chrome!__cxx_global_array_dtor + 0x70
rsp = 0x00007fffad4f1698 rip = 0x00007f6a472098c0
Found by: stack scanning
,
May 25 2016
Here is a link for an affected run: https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Release%20%28NVIDIA%29/builds/40293
,
May 25 2016
Sorry, but to reproduce, also need the --use-gl=angle switch chrome --enable-unsafe-es3-apis --use-gl=angle
,
May 25 2016
Reverted the v8 roll in https://codereview.chromium.org/2015563002/ Let's see if the bot turns green
,
May 25 2016
It also affects mac at least, and also maps test: https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20Retina%20Release/builds/4101/steps/maps_pixel_test%20on%20NVIDIA%20GPU%20on%20Mac%20Retina%20on%20Mac/logs/stdio
,
May 25 2016
,
May 25 2016
Thanks for the report! I reverted the CL in question: https://codereview.chromium.org/2011563003/ You should be able to roll again. Will likely investigate on Monday. Will add further tests to cover any corner cases I discover. Again it's very unfortunate that no bots even flaked. GC stress, sanitizers, and clusterfuzz are pretty quiet on this one.
,
May 25 2016
It's pure bad luck, because the CQ gpu bots are affected, but apparently they all pass during the run and decided to fail later.
,
May 25 2016
Well, I just realized that I prematurely reverted the last version we had in the tree. The roll 3.5.40. chrome picked up contained a flawed implementation. The follow up roll did not compile because of infra changes, so chrome was stuck with a roll it should've never seen.
,
May 25 2016
After offline discussion: The revert of V8 should stabilize your bots. The next roll will not contain any of my changes (because of prematurely reverting the good CL). After stabilizing, I will reland the supposedly good CL.
,
May 25 2016
fyi: I just saw that the current roll 5.3.48 [1] did not pick up the premature revert. I will keep an eye on the bots. [1] https://codereview.chromium.org/2014633002/
,
May 25 2016
Alright, 5.3.48 [1] also crashed. I will not reland and thus starting from 5.3.49. [2] which is already on the way the GPU bots should be all green again. [1] https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Debug%20%28NVIDIA%29/builds/29860 [2] https://codereview.chromium.org/2007213003/
,
May 25 2016
,
May 30 2016
FYI: I identified an issue (using the repro in #3) where we would not properly track the buffers when we are close to OOM (and have to abort compaction). This will lead to a new stress mode (https://codereview.chromium.org/2019343002/) that could've caught this one on the trybots and waterfalls. Note that this might also be the reason the GPU tests flush out all sorts of issues: The tests operate under high system pressure and are very close to running OOM.
,
May 30 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c commit bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c Author: mlippautz <mlippautz@chromium.org> Date: Mon May 30 14:51:08 2016 Reland "[heap] Fine-grained JSArrayBuffer tracking" Track based on JSArrayBuffer addresses on pages instead of the attached backing store. Details of tracking: - Scavenge: New space pages are processes in bulk on the main thread - MC: Unswept pages are processed in bulk in parallel. All other pages are processed by the sweeper concurrently. BUG= chromium:614730 , chromium:611688 LOG=N CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel Review-Url: https://codereview.chromium.org/2026463002 Cr-Commit-Position: refs/heads/master@{#36592} [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/BUILD.gn [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/include/v8.h [add] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/array-buffer-tracker-inl.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/array-buffer-tracker.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/array-buffer-tracker.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/heap.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/heap.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/incremental-marking.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/mark-compact.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/objects-visiting-inl.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/scavenger.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/spaces-inl.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/spaces.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/spaces.h [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/v8.gyp [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/test/cctest/cctest.gyp [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/test/cctest/heap/heap-utils.cc [modify] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/test/cctest/heap/heap-utils.h [add] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/test/cctest/heap/test-array-buffer-tracker.cc
,
May 30 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/ecb2ec8ff30289c59804afdd5359f3634e1c8921 commit ecb2ec8ff30289c59804afdd5359f3634e1c8921 Author: mlippautz <mlippautz@chromium.org> Date: Mon May 30 15:48:28 2016 Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:60001 of https://codereview.chromium.org/2026463002/ ) Reason for revert: Investigating new arm simulator failure: https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/851/steps/Check%20-%20novfp3/logs/box2d Original issue's description: > Reland "[heap] Fine-grained JSArrayBuffer tracking" > > Track based on JSArrayBuffer addresses on pages instead of the attached > backing store. > > Details of tracking: > - Scavenge: New space pages are processes in bulk on the main thread > - MC: Unswept pages are processed in bulk in parallel. All other pages > are processed by the sweeper concurrently. > > BUG= chromium:614730 , chromium:611688 > LOG=N > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel > > Committed: https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c > Cr-Commit-Position: refs/heads/master@{#36592} TBR=hpayer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= chromium:614730 , chromium:611688 Review-Url: https://codereview.chromium.org/2021893002 Cr-Commit-Position: refs/heads/master@{#36593} [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/BUILD.gn [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/include/v8.h [delete] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/src/heap/array-buffer-tracker-inl.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/array-buffer-tracker.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/array-buffer-tracker.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/heap.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/heap.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/incremental-marking.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/mark-compact.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/objects-visiting-inl.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/scavenger.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/spaces-inl.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/spaces.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/heap/spaces.h [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/src/v8.gyp [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/test/cctest/cctest.gyp [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/test/cctest/heap/heap-utils.cc [modify] https://crrev.com/ecb2ec8ff30289c59804afdd5359f3634e1c8921/test/cctest/heap/heap-utils.h [delete] https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c/test/cctest/heap/test-array-buffer-tracker.cc
,
Jun 1 2016
Thanks for persisting with this issue Michael. I'm surprised to hear that the issue is that the GPU tests run the machine close to OOM conditions. OOM is fatal and non-recoverable in Chromium -- there is an OOM killer which takes effect if a malloc() would return 0. Is there some other trigger that might be causing similar behavior?
,
Jun 2 2016
#17: Indeed, there exists a similar corner case with incremental marking that shows the same symptoms. So, it could very well be that they are still fine memory wise. FYI: The new implementation landed w/ V8 5.3.104 which unfortunately again breaks the maps_pixel test. I hope I can reproduce this locally now, as the new version is greatly simplified. (https://docs.google.com/document/d/1-uvPXNqnEHsahiteUd4mIxDI9yjwdu9TZ1nXyQG3CbU/edit is you are interested in the whys and hows)
,
Jun 7 2016
Heads up: this has re-landed today as crrev.com/839f3fd406426a221d74eb7a33a72794c3c7a548 Along with more tests it comes with ~10% decrease of scavenging time on oortonline_tbm (see doc in #18).
,
Jun 7 2016
Thanks for the heads up. That's an awesome improvement.
,
Jun 10 2016
Let's declare victory here. I have not seen crashers related to my change on the GPU waterfall. If you think differently just open a new issue or reopen this one.
,
Jun 10 2016
Excellent! Thank you for following up. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by zmo@chromium.org
, May 25 2016