New issue
Advanced search Search tips

Issue 715818 link

Starred by 1 user
Status: Fixed
Owner: ----
Closed: Apr 2017
Cc:
mvstan...@chromium.org
jkummerow@chromium.org
verwa...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

[v8] DCHECK(!constructor_or_backpointer()->IsMap()) failure

Project Member Reported by trchen@chromium.org, Apr 26 2017 
Chrome Version: ToT (r467464)
OS: Linux

What steps will reproduce the problem?
(1) Build chrome with DCHECKs enabled
(2) Goto https://app.bugsee.com/#/apps

What is the expected result?
No renderer crash.

What happens instead?
Renderer crashed with the following trace:

#
# Fatal error in ../../v8/src/objects-inl.h, line 5548
# Check failed: !constructor_or_backpointer()->IsMap().
#
#0 0x7fc0acb71b9c base::debug::StackTrace::StackTrace()
#1 0x7fc0a7b0264b gin::(anonymous namespace)::PrintStackTrace()
#2 0x7fc09daca5cc V8_Fatal
#3 0x7fc0a74bf015 v8::internal::JSFunction::SetPrototype()
#4 0x7fc0a6ea46f5 v8::internal::Accessors::FunctionPrototypeSetter()
#5 0x7fc0a73ebad4 v8::internal::PropertyCallbackArguments::Call()
#6 0x7fc0a748463d v8::internal::Object::SetPropertyWithAccessor()
#7 0x7fc0a74969e7 v8::internal::Object::SetPropertyInternal()
#8 0x7fc0a7496666 v8::internal::Object::SetProperty()
#9 0x7fc0a73dde6c v8::internal::StoreIC::Store()
#10 0x7fc0a73e3ebe v8::internal::__RT_impl_Runtime_StoreIC_Miss()
#11 0x302d8e604564 <unknown>
Received signal 4 ILL_ILLOPN 7fc09daccbc2
#0 0x7fc0acb71b9c base::debug::StackTrace::StackTrace()
#1 0x7fc0acb71701 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fc0acd08330 <unknown>
#3 0x7fc09daccbc2 v8::base::OS::Abort()
#4 0x7fc0a74bf015 v8::internal::JSFunction::SetPrototype()
#5 0x7fc0a6ea46f5 v8::internal::Accessors::FunctionPrototypeSetter()
#6 0x7fc0a73ebad4 v8::internal::PropertyCallbackArguments::Call()
#7 0x7fc0a748463d v8::internal::Object::SetPropertyWithAccessor()
#8 0x7fc0a74969e7 v8::internal::Object::SetPropertyInternal()
#9 0x7fc0a7496666 v8::internal::Object::SetProperty()
#10 0x7fc0a73dde6c v8::internal::StoreIC::Store()
#11 0x7fc0a73e3ebe v8::internal::__RT_impl_Runtime_StoreIC_Miss()
#12 0x302d8e604564 <unknown>
  r8: 00007fc097b2ca00  r9: 00007ffc0b1f0660 r10: 000000000000000e r11: 0000000000000000
 r12: 00007fc0a1718868 r13: 00007ffc0b1f12a8 r14: 00007fc0a78992ce r15: 00000000000015ac
  di: 00007fc0a17181c0  si: 00007fc0a17199d0  bp: 00007ffc0b1f0dc0  bx: 00007fc0a7899830
  dx: 0000000000000000  ax: 0000000000000000  cx: 00007fc0acd0734d  sp: 00007ffc0b1f0cc8
  ip: 00007fc09daccbc2 efl: 0000000000010202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000006 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Comment 1 by hablich@chromium.org, Apr 28 2017

Cc: mvstan...@chromium.org verwa...@chromium.org jkummerow@chromium.org
Status: Available (was: Untriaged)

Comment 2 by jkummerow@chromium.org, Apr 28 2017

Status: Fixed (was: Available)
Cannot repro with 467933 (several V8 rolls after 467464); assuming it's fixed.

Sign in to add a comment