Flaky CHECK in v8::internal::Heap::ProtectUnprotectedMemoryChunks() during webgl2_conformance_tests on Linux and Win NVIDIA |
|||||
Issue descriptionGot this here: https://ci.chromium.org/buildbot/tryserver.chromium.win/win_optional_gpu_tests_rel/23408 and here: https://ci.chromium.org/buildbot/chromium.gpu.fyi/Win10%20FYI%20Release%20%28NVIDIA%29/714 both times during WebglConformance_conformance_ogles_GL_cross_cross_001_to_002, but not certain if the particular test is responsible. # # Fatal error in ../../v8/src/heap/heap.cc, line 2252 # Check failed: memory_allocator()->IsMemoryChunkExecutable(*chunk). # # # #FailureMessage Object: 04BCBD10Backtrace: base::debug::StackTrace::StackTrace [0x698855C0+32] base::debug::StackTrace::StackTrace [0x69873FED+13] gin::V8Platform::GetStackTracePrinter [0x6A987F6F+39] V8_Fatal [0x6A97B1E7+183] v8::internal::Heap::ProtectUnprotectedMemoryChunks [0x6913304D+445] v8::internal::Factory::NewCode [0x69113B5E+974] v8::internal::compiler::CodeGenerator::FinalizeCode [0x68EB7009+217] v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::FinalizeCodePhase> [0x68FB719D+77] v8::internal::compiler::PipelineImpl::FinalizeCode [0x68FB2DD9+41] v8::internal::compiler::PipelineCompilationJob::FinalizeJobImpl [0x68FB2D14+36] v8::internal::OptimizedCompilationJob::FinalizeJob [0x68E8183C+156] v8::internal::Compiler::Compile [0x68E83586+3222] v8::internal::Compiler::CompileOptimized [0x68E83FEC+92] v8::internal::Runtime_CompileOptimized_NotConcurrent [0x69393AC2+866] v8::internal::Runtime_CompileOptimized_NotConcurrent [0x69393827+199] Received fatal exception EXCEPTION_ACCESS_VIOLATION Backtrace: base::win::SetAbortBehaviorForCrashReporting [0x697FDC90+32] v8::base::OS::Abort [0x6A97D6F0+48] V8_Fatal [0x6A97B1FF+207] v8::internal::Heap::ProtectUnprotectedMemoryChunks [0x6913304D+445] v8::internal::Factory::NewCode [0x69113B5E+974] v8::internal::compiler::CodeGenerator::FinalizeCode [0x68EB7009+217] v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::FinalizeCodePhase> [0x68FB719D+77] v8::internal::compiler::PipelineImpl::FinalizeCode [0x68FB2DD9+41] v8::internal::compiler::PipelineCompilationJob::FinalizeJobImpl [0x68FB2D14+36] v8::internal::OptimizedCompilationJob::FinalizeJob [0x68E8183C+156] v8::internal::Compiler::Compile [0x68E83586+3222] v8::internal::Compiler::CompileOptimized [0x68E83FEC+92] v8::internal::Runtime_CompileOptimized_NotConcurrent [0x69393AC2+866] v8::internal::Runtime_CompileOptimized_NotConcurrent [0x69393827+199] (No symbol) [0x3E406CCA] (No symbol) [0x3E419015] (No symbol) [0x3E419244] (No symbol) [0x3E419244] (No symbol) [0x3E419244] (No symbol) [0x3E419244] (No symbol) [0x3E419244] (No symbol) [0x3E40FD3D] (No symbol) [0x3E414BDC] (No symbol) [0x3E407D71] v8::internal::Execution::New [0x690D52AE+894] v8::internal::Execution::Call [0x690D4E07+247] v8::internal::Execution::Call [0x690D4D31+33] v8::Function::Call [0x68D719E3+563] blink::V8ScriptRunner::CallFunction [0x6B713B4D+577] blink::V8EventListener::CallListenerFunction [0x6B77538B+371] blink::V8AbstractEventListener::InvokeEventHandler [0x6B7321E5+307] blink::V8AbstractEventListener::HandleEvent [0x6B732051+179] blink::V8AbstractEventListener::handleEvent [0x6B731F7C+188] blink::EventTarget::FireEventListeners [0x6A995971+1063] blink::EventTarget::FireEventListeners [0x6A99538C+418] blink::EventTarget::DispatchEventInternal [0x6A9951DD+43] blink::XMLHttpRequestProgressEventThrottle::DispatchReadyStateChangeEvent [0x6AF7B7DB+155] blink::XMLHttpRequest::DispatchReadyStateChangeEvent [0x6AF75A1B+165] blink::XMLHttpRequest::EndLoading [0x6AF798BF+127] blink::XMLHttpRequest::DidFinishLoadingInternal [0x6AF7982B+215] blink::XMLHttpRequest::DidFinishLoading [0x6AF796D8+296] blink::DocumentThreadableLoader::HandleSuccessfulFinish [0x6BC7CC70+156] blink::DocumentThreadableLoader::NotifyFinished [0x6BC7BB41+283] blink::Resource::NotifyFinished [0x69634A4A+150] blink::Resource::Finish [0x69635577+151] blink::ResourceFetcher::HandleLoaderFinish [0x6964181E+952] blink::ResourceLoader::DidFinishLoading [0x6964FCAA+224] content::WebURLLoaderImpl::Context::OnCompletedRequest [0x6B11914E+338] content::ResourceDispatcher::OnRequestComplete [0x6B130DC7+915] content::URLResponseBodyConsumer::NotifyCompletionIfAppropriate [0x6B2208BF+63] content::URLResponseBodyConsumer::OnComplete [0x6B220879+93] content::ThrottlingURLLoader::OnComplete [0x68A5C5E9+169] network::mojom::URLLoaderClientStubDispatch::Accept [0x68538FDA+1166] network::mojom::URLLoaderClientStub<mojo::RawPtrImplRefTraits<network::mojom::URLLoaderClient> >::Accept [0x685221BD+19] mojo::InterfaceEndpointClient::HandleValidatedMessage [0x698C9D0D+541] mojo::FilterChain::Accept [0x698CD697+131] mojo::InterfaceEndpointClient::HandleIncomingMessage [0x698CABA6+106] mojo::internal::MultiplexRouter::ProcessIncomingMessage [0x698C4A56+698] mojo::internal::MultiplexRouter::Accept [0x698C45DD+295] mojo::FilterChain::Accept [0x698CD697+131] mojo::Connector::ReadSingleMessage [0x698C7F76+364] mojo::Connector::ReadAllAvailableMessages [0x698C863F+87] Found crashpad_database_util Minidump found: c:\b\s\w\itc_gpgc\tmpisnf3m\reports\4ded8014-049c-46ba-a99b-0075eed92f48.dmp Uploading c:\b\s\w\itc_gpgc\tmpisnf3m\reports\4ded8014-049c-46ba-a99b-0075eed92f48.dmp to gs://chrome-telemetry-output/minidump-2018-04-10_05-00-47-158202.dmp
,
Apr 10 2018
,
Apr 11 2018
Also seeing this on Linux: https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20FYI%20Release%20%28NVIDIA%29/1302 WebglConformance_deqp_functional_gles3_shadertexturefunction_textureprojoffset
,
Apr 11 2018
,
Apr 11 2018
Also seen on numfuzzer with V8 stand-alone: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.clusterfuzz%2FV8_NumFuzz_-_debug%2F1013%2F%2B%2Frecipes%2Fsteps%2FNum_Fuzz_-_endurance%2F0%2Flogs%2Fmjsunit-59%2F0
,
Apr 11 2018
Issue 831698 has been merged into this issue.
,
Apr 12 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mlippautz@chromium.org
, Apr 10 2018Components: -Blink>JavaScript -Blink>WebGL Blink>JavaScript>GC
Owner: hpayer@chromium.org
Status: Assigned (was: Untriaged)