Mac GPU ASAN: v8::internal::NewSpace::AllocatedSinceLastGC(): Check failed: allocated <= Size() (16507368 vs. 16498664). |
||||||
Issue descriptionThe Chrome GPU team has deployed a physical Mac bot running ASAN builds in order to try to catch memory corruption errors earlier. Intermittently, running the WebGL 2.0 conformance tests, the following assertion is seen: # Fatal error in ../../v8/src/heap/spaces.h, line 2471 # Check failed: allocated <= Size() (16507368 vs. 16498664). # ==== C stack trace =============================== 0 Chromium Framework 0x000000010e078f93 v8::base::debug::StackTrace::StackTrace() + 19 1 Chromium Framework 0x000000010e073667 V8_Fatal + 423 2 Chromium Framework 0x0000000104f5f172 v8::internal::NewSpace::AllocatedSinceLastGC() + 1570 3 Chromium Framework 0x0000000104f5548d v8::internal::GCTracer::Start(v8::internal::GarbageCollector, v8::internal::GarbageCollectionReason, char const*) + 765 4 Chromium Framework 0x0000000104f6df36 v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, v8::internal::GarbageCollectionReason, char const*, v8::GCCallbackFlags) + 1622 5 Chromium Framework 0x0000000104ea35f6 v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationSpace) + 310 6 Chromium Framework 0x000000010575032c v8::internal::__RT_impl_Runtime_AllocateInTargetSpace(v8::internal::Arguments, v8::internal::Isolate*) + 460 7 Chromium Framework 0x000000010574f936 v8::internal::Runtime_AllocateInTargetSpace(int, v8::internal::Object**, v8::internal::Isolate*) + 694 8 ??? 0x000000012840e58d 0x0 + 4970309005 This affected the following two builds: https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/881 - WebglConformance_deqp_functional_gles3_texturespecification_texstorage2d_format_2d_01 - https://chromium-swarm.appspot.com/task?id=32f83ea865811410&refresh=10&show_raw=1 https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/882 - WebglConformance_deqp_functional_gles3_framebufferblit_default_framebuffer_01 - https://chromium-swarm.appspot.com/task?id=32f8f279f5634310&refresh=10&show_raw=1 V8 GC folks, could you please look into this? It isn't the highest priority, but it would be great if we could get this bot reliably green. It could catch a significant class of memory errors in Chrome's graphics stack. Thanks.
,
Dec 13 2016
I will have a look at the code paths involved. Without repro I wouldn't be to optimistic though. We haven't changed any of the involved code paths recently.
,
Jan 6 2017
Issue 678853 has been merged into this issue.
,
Jan 6 2017
This is still happening. See Issue 678853 . Could you please try to look into this? We don't have a way to apply test expectations only on our ASAN bot, so we would lose coverage by marking these tests flaky.
,
Jan 25 2017
This is actually pretty frequent. https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1401 https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1400 https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1395 https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1393 https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1384
,
Jan 27 2017
Could some attention please be paid to this issue? It's not as important as other recent regressions but should still be fixed so that this bot can be reliably green. Thanks.
,
Jan 31 2017
,
Feb 1 2017
FYI the GC team is currently traveling and will be back next week. Do you perhaps have a repro we can use? Does this happen only on Macs? Only on ASAN builds?
,
Feb 1 2017
We already talked about this one in MTV. I will have a look later this week.
,
Feb 1 2017
,
Feb 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/70a31eeb4abbc76005077f76812c71bc9aba38cc commit 70a31eeb4abbc76005077f76812c71bc9aba38cc Author: mlippautz <mlippautz@chromium.org> Date: Thu Feb 02 00:14:08 2017 [heap] Refactor AllocatedSinceLastGC Remove the cases that deal with a top pointer that is reset. We should always be in a sane state wrt. top and age mark. Also add more DCHECKs. BUG= chromium:672678 Review-Url: https://codereview.chromium.org/2674493002 Cr-Commit-Position: refs/heads/master@{#42873} [modify] https://crrev.com/70a31eeb4abbc76005077f76812c71bc9aba38cc/src/heap/spaces.h
,
Feb 7 2017
Is this still happening? The CL in #11 didn't fix anything but merely removed outdated branches and added more DCHECKs.
,
Feb 7 2017
The last I see it is https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1524 from Jan 31st. So, I guess it stopped.
,
Feb 15 2017
Bot is green from https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1696 to https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20GPU%20ASAN%20Release/builds/1766 (With two unrelated failures) I think this is a "Won't Fix", since we don't know why the problem is gone. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by hablich@chromium.org
, Dec 12 2016Status: Available (was: Untriaged)