Crash in ConcurrentMarkingVisitor::VisitEphemeronHashTable on ToT |
|||
Issue descriptionSteps to reproduce: visit youtube.com and scroll around a bit (not sure how easily reproducible this is). Received signal 11 SEGV_MAPERR 22a1d8600008 #0 0x7efd6daa1b0c base::debug::StackTrace::StackTrace() #1 0x7efd6daa1671 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7efd646fd0c0 <unknown> #3 0x7efd68310827 v8::internal::ConcurrentMarkingVisitor::VisitEphemeronHashTable() #4 0x7efd6830e3ee v8::internal::ConcurrentMarking::Run() #5 0x7efd6d9fb5fc base::debug::TaskAnnotator::RunTask() #6 0x7efd6da6834d base::internal::TaskTracker::RunOrSkipTask() #7 0x7efd6daaf263 base::internal::TaskTrackerPosix::RunOrSkipTask() #8 0x7efd6da67aa9 base::internal::TaskTracker::RunAndPopNextTask() #9 0x7efd6da60ed7 base::internal::SchedulerWorker::RunWorker() #10 0x7efd6da60d04 base::internal::SchedulerWorker::RunPooledWorker() #11 0x7efd6daaf89d base::(anonymous namespace)::ThreadFunc() #12 0x7efd646f3494 start_thread #13 0x7efd62646a8f clone r8: 0000000000000001 r9: 0000000000000000 r10: 00003914f70009ec r11: 0000000000000206 r12: 0000000000000000 r13: 000022a1d862d451 r14: 00003914f7023761 r15: 0000000000000030 di: 00001231bd2a13a8 si: 00000000000000bf bp: 00007efd393b7340 bx: 0000000000000030 dx: 00003914f7000000 ax: 000022a1d8600000 cx: 0000000000000009 sp: 00007efd393b72e0 ip: 00007efd68310827 efl: 0000000000010206 cgf: 002b000000000033 erf: 0000000000000004 trp: 000000000000000e msk: 0000000000000000 cr2: 000022a1d8600008 [end of stack trace] Calling _exit(1). Core file will not be generated.
,
Jun 12 2018
Issue 851713 has been merged into this issue.
,
Jun 12 2018
Issue 851866 has been merged into this issue.
,
Jun 12 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/25fbd95079de647d039c1e8b89d64e55b66c43e7 commit 25fbd95079de647d039c1e8b89d64e55b66c43e7 Author: Dominik Inführ <dinfuehr@google.com> Date: Tue Jun 12 11:40:34 2018 [heap] Record slots in atomic pause Bug: chromium:851877 Change-Id: Ib3b4ec7086ecf2115e42a30fab10be1ae6b67593 Reviewed-on: https://chromium-review.googlesource.com/1096943 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@google.com> Cr-Commit-Position: refs/heads/master@{#53663} [modify] https://crrev.com/25fbd95079de647d039c1e8b89d64e55b66c43e7/src/heap/concurrent-marking.cc [modify] https://crrev.com/25fbd95079de647d039c1e8b89d64e55b66c43e7/src/heap/mark-compact.cc
,
Jun 12 2018
ClusterFuzz testcase 6564842249650176 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 13 2018
Issue 852113 has been merged into this issue.
,
Jun 13 2018
The V8 roll with the fix (6.9.120): https://chromium-review.googlesource.com/c/chromium/src/+/1097205
,
Jun 13 2018
Hello! I reported this on Windows yesterday at #852136 (seems to be the same behavior). Could you please indicate when this fix lands in the Canary channel to test it? Thanks!
,
Jun 13 2018
Issue 852288 has been merged into this issue.
,
Jun 13 2018
No crashes on Windows,Mac and Android canary version:69.0.3457.0. |
|||
►
Sign in to add a comment |
|||
Comment 1 by dinfuehr@google.com
, Jun 12 2018