Issue 719821 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	u...@chromium.org
Closed:	May 2017
Cc:	jochen@chromium.org mlippautz@chromium.org █ hpayer@chromium.org mstarzinger@chromium.org u...@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Bug

Renderer crash Check failed: ObjectMarking::IsGrey(obj, marking_state(obj)) || (obj->IsFiller() && ObjectMarking::IsWhite(obj, marking_state(obj))) || (MemoryChunk::FromAddress(obj->address()) ->IsFlagSet(MemoryChunk::HAS_PROGRESS_BAR) && ObjectMarking::IsBlack(obj, marking_state(obj)))

Project Member Reported by alemate@chromium.org, May 9 2017

Issue description

Renderer (ChromeOS Debug built from ToT 60.0.3090.0 for peppy) crashes on chrome://settings/dateTime :


# Fatal error in v8/src/heap/incremental-marking.cc, line 813
# Check failed: ObjectMarking::IsGrey(obj, marking_state(obj)) || (obj->IsFiller() && ObjectMarking::IsWhite(obj, marking_state(obj))) || (MemoryChunk::FromAddress(obj->address()) ->IsFlagSet(MemoryChunk::HAS_PROGRESS_BAR) && ObjectMarking::IsBlack(obj, marking_state(obj))).
#
#0 0x7fb3806e463d base::debug::StackTrace::StackTrace()
#1 0x7fb3806e330c base::debug::StackTrace::StackTrace()
#2 0x7fb38789c34e gin::(anonymous namespace)::PrintStackTrace()
#3 0x7fb3875d121c V8_Fatal
#4 0x7fb37ecb31f3 v8::internal::IncrementalMarking::UpdateMarkingDequeAfterScavenge()
#5 0x7fb37ec95935 v8::internal::Heap::Scavenge()
#6 0x7fb37ec91ab8 v8::internal::Heap::PerformGarbageCollection()
#7 0x7fb37ec90b2b v8::internal::Heap::CollectGarbage()
#8 0x7fb37ec3e2fc v8::internal::Factory::NewFillerObject()
#9 0x7fb37ef8b277 v8::internal::__RT_impl_Runtime_AllocateInNewSpace()
#10 0x7fb37ef8afa2 v8::internal::Runtime_AllocateInNewSpace()
#11 0x048d66584564 <unknown>


This happens only for the first time I open this page. When I click on "Reload" button (after crash), it works.

Comment 1 by alemate@chromium.org, May 9 2017

This probably doesn't happen on last ToT.

Comment 2 by u...@chromium.org, May 9 2017

Owner: u...@chromium.org
Status: WontFix (was: Untriaged)

There were fixes in this code after 60.0.3090.0. Please reopen if you observe the crash at ToT.

►

Issue 719821 link

Issue metadata

Renderer crash Check failed: ObjectMarking::IsGrey(obj, marking_state(obj)) || (obj->IsFiller() && ObjectMarking::IsWhite(obj, marking_state(obj))) || (MemoryChunk::FromAddress(obj->address()) ->IsFlagSet(MemoryChunk::HAS_PROGRESS_BAR) && ObjectMarking::IsBlack(obj, marking_state(obj)))

Issue description

Comment 1 by alemate@chromium.org, May 9 2017

Comment 1 Deleted

Comment 2 by u...@chromium.org, May 9 2017

Comment 2 Deleted

Sign in to add a comment