New issue
Advanced search Search tips

Issue 904759 link

Starred by 2 users
Status: Duplicate
Merged: issue 904546
Owner:
mlippautz@chromium.org
Closed: Nov 13
Cc:
keishi@chromium.org
u...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Speedometer2 crashes somewhere in GC / weak hash table handling

Project Member Reported by jgruber@chromium.org, Nov 13 
On current ToT / Linux x64 I reliably get this crash when running speedometer2:

$ out/release/chrome https://browserbench.org/Speedometer2.0/ 
Received signal 11 SEGV_MAPERR 000000000000
#0 0x558480c4d87f base::debug::StackTrace::StackTrace()
#1 0x558480c4d3f1 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f5556f6b0c0 <unknown>
#3 0x5584804dd100 WTF::HashTraits<>::IsAlive()
#4 0x5584804dd225 WTF::WeakProcessingHashTableHelper<>::Process()
#5 0x5584804b17ea blink::ThreadHeap::WeakProcessing()
#6 0x5584804c394e blink::ThreadState::MarkPhaseEpilogue()
#7 0x5584804c35dc blink::ThreadState::RunAtomicPause()
#8 0x5584804bdeac blink::ThreadState::CollectGarbage()
#9 0x5584804bfe2f blink::ThreadState::ScheduleGCIfNeeded()
#10 0x5584804b74cc blink::BaseArena::AllocateLargeObject()
#11 0x5584804b922f blink::NormalPageArena::OutOfLineAllocate()
#12 0x5584804cc7e2 blink::ThreadHeap::AllocateOnArenaIndex()
#13 0x5584832108c6 WTF::HashTable<>::Rehash()
#14 0x55848321084a WTF::HashTable<>::Expand()
#15 0x55848321077d WTF::HashTable<>::insert<>()
#16 0x55848320f773 blink::V8PerIsolateData::AddActiveScriptWrappable()
#17 0x558483a0a07b blink::HTMLInputElement::HTMLInputElement()
#18 0x558483a0a25c blink::HTMLInputElement::Create()
#19 0x558483316a75 blink::Document::CreateRawElement()
#20 0x5584839df4c5 blink::CustomElement::CreateUncustomizedOrUndefinedElementTemplate<>()
#21 0x558483aeb133 blink::HTMLConstructionSite::CreateElement()
#22 0x558483aeb563 blink::HTMLConstructionSite::InsertSelfClosingHTMLElementDestroyingToken()
#23 0x558483b158f1 blink::HTMLTreeBuilder::ProcessStartTagForInBody()
#24 0x558483b13199 blink::HTMLTreeBuilder::ProcessStartTag()
#25 0x558483b11c2e blink::HTMLTreeBuilder::ConstructTree()
#26 0x558483adcd2a blink::HTMLDocumentParser::PumpTokenizer()
#27 0x558483ae0113 blink::HTMLDocumentParser::Append()
#28 0x558483ae0cb6 blink::HTMLDocumentParser::ParseDocumentFragment()
#29 0x558483629812 blink::DocumentFragment::ParseHTML()
#30 0x55848388c12e blink::CreateFragmentForInnerOuterHTML()
#31 0x5584833e5b13 blink::Element::SetInnerHTMLFromString()
#32 0x5584833e5ca3 blink::Element::setInnerHTML()
#33 0x558483558b84 blink::V8Element::innerHTMLAttributeSetterCustom()
#34 0x55848354100b blink::V8Element::innerHTMLAttributeSetterCallback()
#35 0x558480442126 <unknown>
  r8: 0000000000000000  r9: 000000000000003f r10: 00007ffceb185a30 r11: 0000000000000001
 r12: 000022310f614010 r13: 0000000000000000 r14: 000029ceddfa8d01 r15: 00003e425e184870
  di: 00003e425e184870  si: 0000000000000001  bp: 00007ffceb185b80  bx: 0000000000000000
  dx: 0000000000000000  ax: 00000000c702ec0e  cx: 00000000000001f0  sp: 00007ffceb185a30
  ip: 00005584804dd100 efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

$ cat out/release/args.gn 
is_debug = false
enable_nacl = false
use_goma = true

v8_enable_disassembler = true
v8_enable_embedded_builtins = true
v8_enable_object_print = true

$ git log --oneline
cdc86f4ba591 (HEAD -> master, origin/master, origin/HEAD) Make PendingAppManager::AppInfo an editable struct.

Comment 1 by jgruber@chromium.org, Nov 13

Components: Blink

Comment 2 by mlippautz@google.com, Nov 13

Cc: -mlippautz@chromium.org
Components: -Blink Blink>MemoryAllocator>GarbageCollection
Mergedinto: 904546
Owner: mlippautz@chromium.org
Status: Duplicate (was: Available)
Thanks, this should be a dupe.

Sign in to add a comment