[Webkit-unassigned] [Bug 101673] New: [V8] IndexedDB: Assertion failure hit in v8 during storage/indexeddb/create-object-store-options.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 8 17:24:00 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=101673

           Summary: [V8] IndexedDB: Assertion failure hit in v8 during
                    storage/indexeddb/create-object-store-options.html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jsbell at chromium.org
                CC: hayato at chromium.org, dgrogan at chromium.org,
                    alecflett at chromium.org


This just came across the bots. No precedent for it occurring, and it did not correspond to a particular range:

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=storage%2Findexeddb%2Fcreate-object-store-options.html

WebKit blame range: http://trac.webkit.org/log/?verbose=on&rev=133957&stop_rev=133954
Chromium blame range: http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&mode=html&range=166797:166786

Could be (very) unexpected fallout of http://trac.webkit.org/changeset/133940 which is the most recent IDB change, or could be residue of the v8 churn that went on today.

Ignoring for now, but we should watch it.

Stack, which may or may not be useful:

16:29:30.698 1107 worker/0 storage/indexeddb/create-object-store-options.html crashed, (stderr lines):
16:29:30.698 1107   
16:29:30.698 1107   
16:29:30.699 1107   #
16:29:30.699 1107   # Fatal error in ../../src/heap-inl.h, line 292
16:29:30.699 1107   # CHECK(!result || gc_state_ != NOT_IN_GC || InToSpace(object)) failed
16:29:30.699 1107   #
16:29:30.699 1107   
16:29:30.699 1107   
16:29:30.699 1107   
16:29:30.699 1107   Attempt to print stack while printing stack (double fault)
16:29:30.699 1107   If you are lucky you may find a partial stack dump on stdout.
16:29:30.699 1107   
16:29:30.699 1107   [2499:-1398119744:2300102005264:ERROR:stack_trace_posix.cc(155)] Received signal 6
16:29:30.699 1107       0   libbase.dylib                       0x09354d0f base::debug::StackTrace::StackTrace() + 63
16:29:30.699 1107       1   libbase.dylib                       0x09354cab base::debug::StackTrace::StackTrace() + 43
16:29:30.699 1107       2   libbase.dylib                       0x09354977 base::debug::(anonymous namespace)::StackDumpSignalHandler(int, __siginfo*, __darwin_ucontext*) + 295
16:29:30.699 1107       3   libsystem_c.dylib                   0x96f1059b _sigtramp + 43
16:29:30.699 1107       4   ???                                 0xffffffff 0x0 + 4294967295
16:29:30.699 1107       5   libsystem_c.dylib                   0x96eabbdd abort + 167
16:29:30.700 1107       6   libv8.dylib                         0x08320f5b v8::internal::OS::Abort() + 11
16:29:30.700 1107       7   libv8.dylib                         0x083000c8 V8_Fatal + 264
16:29:30.700 1107       8   libv8.dylib                         0x082f41aa v8::internal::Smi::cast(v8::internal::Object*) + 106
16:29:30.700 1107       9   libv8.dylib                         0x082f3d65 v8::internal::String::length() + 53
16:29:30.700 1107       10  libv8.dylib                         0x08316cb7 v8::internal::StringStream::PrintObject(v8::internal::Object*) + 103
16:29:30.700 1107       11  libv8.dylib                         0x083166cd v8::internal::StringStream::Add(v8::internal::Vector<char const>, v8::internal::Vector<v8::internal::FmtElm>) + 1325
16:29:30.700 1107       12  libv8.dylib                         0x08317105 v8::internal::StringStream::Add(char const*, v8::internal::FmtElm, v8::internal::FmtElm) + 197
16:29:30.700 1107       13  libv8.dylib                         0x08317b88 v8::internal::StringStream::PrintFixedArray(v8::internal::FixedArray*, unsigned int) + 360
16:29:30.700 1107       14  libv8.dylib                         0x083181d3 v8::internal::StringStream::PrintMentionedObjectCache() + 787
16:29:30.700 1107       15  libv8.dylib                         0x0830b6c5 v8::internal::Isolate::PrintStack(v8::internal::StringStream*) + 357
16:29:30.700 1107       16  libv8.dylib                         0x0830b81e v8::internal::Isolate::PrintStack() + 238
16:29:30.701 1107       17  libv8.dylib                         0x083000be V8_Fatal + 254
16:29:30.701 1107       18  libv8.dylib                         0x0832b7a6 v8::internal::Heap::InNewSpace(v8::internal::Object*) + 182
16:29:30.701 1107       19  libv8.dylib                         0x08327451 v8::internal::FixedArray::set(int, v8::internal::Object*) + 385
16:29:30.701 1107       20  libv8.dylib                         0x08693b7d v8::internal::ObjectHashTable::AddEntry(int, v8::internal::Object*, v8::internal::Object*) + 141
16:29:30.701 1107       21  libv8.dylib                         0x08670509 v8::internal::ObjectHashTable::Put(v8::internal::Object*, v8::internal::Object*) + 553
16:29:30.701 1107       22  libv8.dylib                         0x0866ed95 v8::internal::JSObject::SetHiddenProperty(v8::internal::String*, v8::internal::Object*) + 693
16:29:30.701 1107       23  libv8.dylib                         0x0866fd90 v8::internal::JSObject::SetHiddenProperty(v8::internal::Handle<v8::internal::JSObject>, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>) + 480
16:29:30.701 1107       24  libv8.dylib                         0x083481ac v8::Object::SetHiddenValue(v8::Handle<v8::String>, v8::Handle<v8::Value>) + 620
16:29:30.701 1107       25  libwebkit.dylib                     0x023c69c7 WebCore::V8DOMWrapper::setNamedHiddenReference(v8::Handle<v8::Object>, char const*, v8::Handle<v8::Value>) + 247
16:29:30.701 1107       26  libwebkit.dylib                     0x00e1ddbc _ZN7WebCore20IDBRequestV8InternalL16resultAttrGetterEN2v85LocalINS1_6StringEEERKNS1_12AccessorInfoE + 572
16:29:30.701 1107       27  libv8.dylib                         0x0865a850 v8::internal::JSObject::GetPropertyWithCallback(v8::internal::Object*, v8::internal::Object*, v8::internal::String*) + 960
16:29:30.701 1107       28  libv8.dylib                         0x0865a342 v8::internal::Object::GetProperty(v8::internal::Object*, v8::internal::LookupResult*, v8::internal::String*, PropertyAttributes*) + 1122
16:29:30.701 1107       29  libv8.dylib                         0x0859fb32 v8::internal::LoadIC::Load(v8::internal::InlineCacheState, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::String>) + 3138
16:29:30.701 1107       30  libv8.dylib                         0x085a756e v8::internal::LoadIC_Miss(v8::internal::Arguments, v8::internal::Isolate*) + 366
16:29:30.701 1107       31  ???                                 0x3fe0a376 0x0 + 1071686518
16:29:30.701 1107   ax: 0, bx: 8a95d83, cx: c00de69c, dx: 90e429c6
16:29:30.701 1107   di: acaa62c0, si: 6, bp: c00de6b8, sp: c00de69c, ss: 23, flags: 246
16:29:30.701 1107   ip: 90e429c6, cs: b, ds: 23, es: 23, fs: 0, gs: f
16:29:30.712 1091 [21045/25915] storage/indexeddb/create-object-store-options.html failed unexpectedly (DumpRenderTree crashed [pid=2499])

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list