Upgrading to P1 -- should at least triage quickly.

Talked with hpayer@ offline and it sounds like these crashes are not really actionable since the heap corruption happened earlier.

Looking back through the crash logs though it does seem like the behavior is new within the past 24 or 48 hours. Here is the first build I could find which failed somewhat similarly:

https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/5192
https://chromium-swarm.appspot.com/task?id=327e781d7843fd10&refresh=10&show_raw=1

WebglConformance_deqp_functional_gles3_shaderoperator_geometric (gpu_tests.webgl_conformance_integration_test.WebGLConformanceIntegrationTest) ... 

#
# Fatal error in e:\b\c\b\win\src\v8\src\heap\spaces-inl.h, line 244
# Check failed: static_cast<size_t>(live_byte_count_) <= size_ (200211900 vs. 524288).
#
Error initializing symbols (87). Dumping unresolved backtrace:
60C46810
5FE7CBF1
5FEC819A
5FEC9396
5FEC667F
5FEF673A
5FE7AEF4
5FE7AB85
5FEAA9AE
5FE7F492
600772D9
60072267
Backtrace:
(No symbol) [0x00000000]
v8::base::OS::Abort [0x60C3EFCD+13]
V8_Fatal [0x60C3EAEC+124]
v8::internal::MemoryChunk::IncrementLiveBytes [0x5FE7CBF1+321]
v8::internal::IncrementalMarking::ProcessMarkingDeque [0x5FEC819A+570]
v8::internal::IncrementalMarking::Step [0x5FEC9396+886]
v8::internal::IncrementalMarking::AdvanceIncrementalMarkingOnAllocation [0x5FEC667F+191]
v8::internal::IncrementalMarking::Observer::Step [0x5FEC94C8+8]
v8::internal::NewSpace::InlineAllocationStep [0x5FEF8DC5+101]
v8::internal::NewSpace::EnsureAllocation [0x5FEF673A+202]
v8::internal::NewSpace::AllocateRawUnaligned [0x5FE7AEF4+36]
v8::internal::Heap::AllocateRaw [0x5FE7AB85+437]
v8::internal::Heap::AllocateFillerObject [0x5FEAA9AE+30]
v8::internal::Factory::NewFillerObject [0x5FE7F492+34]
v8::internal::Runtime_UnwindAndFindExceptionHandler [0x600772D9+11721]
v8::internal::Runtime_AllocateInNewSpace [0x60072267+215]
(No symbol) [0x3910625E]
(No symbol) [0x1E1274A8]
VirtualAllocEx [0x759FEFA9+68]
VirtualAlloc [0x759FF01A+24]
WTF::setSystemPagesAccessible [0x60B7C76C+67]
base::allocator::WinHeapMalloc [0x5F9BE278+29]
ShimMalloc [0x5F9BE091+17]



There's another failure here which is something different:
https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/5165

WebglConformance_deqp_functional_gles3_fboinvalidate_target (gpu_tests.webgl_conformance_integration_test.WebGLConformanceIntegrationTest) ... CSA_ASSERT failed: IsFixedDoubleArray(object) [e:\b\c\b\win\src\v8\src\code-stub-assembler.cc:1232]
Backtrace:
(No symbol) [0x2E1BFBB3]
(No symbol) [0x397FB15D]
(No symbol) [0x392DFA7F]
(No symbol) [0x34DDA54F]
(No symbol) [0x34DD9F62]
(No symbol) [0x392DE640]
(No symbol) [0x34D99E64]
(No symbol) [0x34D957C1]
(No symbol) [0x34D91A83]
(No symbol) [0x34D9151F]
(No symbol) [0x34D9143C]
(No symbol) [0x397FC17F]
(No symbol) [0x397EDDC7]
(No symbol) [0x2E1F1814]
(No symbol) [0x2E1E253B]
v8::internal::StackGuard::ThreadLocal::Initialize [0x601E2263+931]
RtlFreeHeap [0x77C6E023+126]
v8::internal::Execution::Call [0x601E1AC9+137]
v8::Function::Call [0x5FEC620E+462]
blink::V8ScriptRunner::callFunction [0x611C1E57+397]
blink::ScheduledAction::execute [0x6250874A+450]
blink::ScheduledAction::execute [0x62508C4D+299]
blink::DOMTimer::fired [0x61572101+379]
blink::TimerBase::runInternal [0x61121868+406]
??$MakeItSo@ABQ8WebMediaPlayerMSCompositor@content@@AEXXZABV?$WeakPtr@VWebMediaPlayerMSCompositor@content@@@base@@$$V@?$InvokeHelper@$00X@internal@base@@SAXABQ8WebMediaPlayerMSCompositor@content@@AEXXZABV?$WeakPtr@VWebMediaPlayerMSCompositor@content@@@2@@ [0x60E13D74+33]
base::internal::Invoker<base::internal::BindState<void (__thiscall content::WebMediaPlayerMSCompositor::*)(void),base::WeakPtr<content::WebMediaPlayerMSCompositor> >,void __cdecl(void)>::Run [0x60E180A2+19]
base::debug::TaskAnnotator::RunTask [0x6077799E+286]
blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue [0x61117FC3+720]
blink::scheduler::TaskQueueManager::DoWork [0x6111752B+462]
base::internal::FunctorTraits<void (__thiscall blink::scheduler::TaskQueueManager::*)(base::TimeTicks,bool),void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const &,base::TimeTicks const &,bool const &> [0x611169AF+34]
base::internal::InvokeHelper<1,void>::MakeItSo<void (__thiscall blink::scheduler::TaskQueueManager::*const &)(base::TimeTicks,bool),base::WeakPtr<blink::scheduler::TaskQueueManager> const &,base::TimeTicks const &,bool const &> [0x611169F5+37]
...

Triaging to Hannes. If this bug isn't actionable, please close it appropriately.

Thanks for reporting, three issues in one. I will have a look at the live bytes crasher first.

What is the status of this bug? We aren't seeing it any more on the bots, but per #4 above, we only see one associated bug fix ( Issue 669270 ). Thanks.

Since I was not able to reproduce, I was not 100% sure what the root cause was. However, the crasher in  Issue 669270  may result in various strange crashes. I guess the fix also fixed the crashes reported in here. Feel free to close this one.