Hi,
I got the following segfault when V8 was doing the GC. This segfault could
be recreated, and the stacks always ends at
v8::internal::HeapObject::map_word(this=0x79).
The invalid memory address 0x79 comes from the thread->context_ (at frame
5). The pointer thread->context_ is invalid. Sometimes it is 0x79, and
sometimes 0x7c. Have no idea how the context_ became invalid after several
hours' test run. Any suggestion for debugging this invalid context pointer?
Could it be related to bad ThreadLocalTop? Any comment is appreciated.
ps: this issue is found with v8-3.22.24.19 debug build.
mjjuang
==
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed5bd700 (LWP 6487)]
0x00007ffff6a36028 in v8::internal::HeapObject::map_word (this=0x79) at
../src/objects-inl.h:1225
1225 return MapWord(reinterpret_cast<uintptr_t>(READ_FIELD(this,
kMapOffset)));
(gdb) bt
#0 0x00007ffff6a36028 in v8::internal::HeapObject::map_word (*this=0x79*)
at ../src/objects-inl.h:1225
#1 0x00007ffff6a36002 in v8::internal::HeapObject::map (this=0x79) at
../src/objects-inl.h:1204
#2 0x00007ffff6cc1950 in v8::internal::ShortCircuitConsString
(p=0x7fff923ab170) at ../src/mark-compact.cc:1315
#3 0x00007ffff6cc37cb in
v8::internal::RootMarkingVisitor::MarkObjectByPointer (this=0x7fffed5bbca0,
p=0x7fff923ab170) at ../src/mark-compact.cc:1825
#4 0x00007ffff6cc3749 in v8::internal::RootMarkingVisitor::VisitPointer
(this=0x7fffed5bbca0, p=0x7fff923ab170) at ../src/mark-compact.cc:1813
#5 0x00007ffff6c733a4 in v8::internal::Isolate::Iterate
(this=0x7fff923a8008, v=0x7fffed5bbca0, thread=0x7fff923ab168) at
../src/isolate.cc:480
#6 0x00007ffff6c735bd in v8::internal::Isolate::Iterate
(this=0x7fff923a8008, v=0x7fffed5bbca0) at ../src/isolate.cc:507
#7 0x00007ffff6bc0544 in v8::internal::Heap::IterateStrongRoots
(this=0x7fff923a8018, v=0x7fffed5bbca0,
mode=v8::internal::VISIT_ONLY_STRONG) at ../src/heap.cc:6428
#8 0x00007ffff6cc4501 in v8::internal::MarkCompactCollector::MarkRoots
(this=0x7fff923aac28, visitor=0x7fffed5bbca0) at ../src/mark-compact.cc:2103
#9 0x00007ffff6cc52fb in
v8::internal::MarkCompactCollector::MarkLiveObjects (this=0x7fff923aac28)
at ../src/mark-compact.cc:2355
#10 0x00007ffff6cbec66 in
v8::internal::MarkCompactCollector::CollectGarbage (this=0x7fff923aac28) at
../src/mark-compact.cc:410
#11 0x00007ffff6bb0888 in v8::internal::Heap::MarkCompact
(this=0x7fff923a8018, tracer=0x7fffed5bbee0) at ../src/heap.cc:1128
#12 0x00007ffff6bb0049 in v8::internal::Heap::PerformGarbageCollection
(this=0x7fff923a8018, collector=v8::internal::MARK_COMPACTOR,
tracer=0x7fffed5bbee0) at ../src/heap.cc:977
#13 0x00007ffff6baf41b in v8::internal::Heap::CollectGarbage
(this=0x7fff923a8018, space=v8::internal::OLD_POINTER_SPACE,
collector=v8::internal::MARK_COMPACTOR, gc_reason=0x7ffff6f73080
"StackGuard GC request",
collector_reason=0x7ffff6f9108f "GC in old space requested") at
../src/heap.cc:713
#14 0x00007ffff6a3a2a1 in v8::internal::Heap::CollectGarbage
(this=0x7fff923a8018, space=v8::internal::OLD_POINTER_SPACE,
gc_reason=0x7ffff6f73080 "StackGuard GC request") at ../src/heap-inl.h:516
#15 0x00007ffff6baefea in v8::internal::Heap::CollectAllGarbage
(this=0x7fff923a8018, flags=0, gc_reason=0x7ffff6f73080 "StackGuard GC
request") at ../src/heap.cc:615
#16 0x00007ffff6b361b1 in
v8::internal::Execution::HandleStackGuardInterrupt (isolate=0x7fff923a8008)
at ../src/execution.cc:929
#17 0x00007ffff6daaef9 in v8::internal::__RT_impl_Runtime_Interrupt
(args=..., isolate=0x7fff923a8008) at ../src/runtime.cc:9465
#18 0x00007ffff6daae86 in v8::internal::Runtime_Interrupt (args_length=0,
args_object=0x7fffed5bc1a8, isolate=0x7fff923a8008) at
../src/runtime.cc:9462
#19 0x000000004080824e in ?? ()
#20 0x00000000408081a1 in ?? ()
....
#94 0x0000000000000000 in ?? ()
(gdb) f 5
#5 0x00007ffff6c733a4 in v8::internal::Isolate::Iterate
(this=0x7fff923a8008, v=0x7fffed5bbca0, thread=0x7fff923ab168) at
../src/isolate.cc:480
480 v->VisitPointer(BitCast<Object**>(&(thread->context_)));
(gdb) list
475 v->VisitPointer(&pending);
476 thread->pending_exception_ = pending; // In case GC updated it.
477 }
478 v->VisitPointer(&(thread->pending_message_obj_));
479
v->VisitPointer(BitCast<Object**>(&(thread->pending_message_script_)));
480 v->VisitPointer(BitCast<Object**>(&(thread->context_)));
481 Object* scheduled;
482 if (thread->scheduled_exception_->ToObject(&scheduled)) {
483 v->VisitPointer(&scheduled);
484 thread->scheduled_exception_ = scheduled;
(gdb) p (thread->context_)
$13 = (v8::internal::Context *) 0x79
(gdb) p &(thread->pending_message_script_)
$14 = (v8::internal::Object **) 0x7fff923ab198
(gdb) p thread
$15 = (v8::internal::ThreadLocalTop *) 0x7fff923ab168
(gdb) p *thread
$16 = {
<v8::internal::Embedded> = {<No data fields>},
members of v8::internal::ThreadLocalTop:
isolate_ = 0x7fff923a8008,
context_ = 0x79,
thread_id_ = {
static kInvalidId = -1,
id_ = 1,
static highest_thread_id_ = 13
},
pending_exception_ = 0x31d7a2704141,
has_pending_message_ = false,
rethrowing_message_ = false,
pending_message_obj_ = 0x31d7a2704141,
pending_message_script_ = 0x31d7a2704141,
pending_message_start_pos_ = 124,
pending_message_end_pos_ = 125,
scheduled_exception_ = 0x31d7a2704141,
external_caught_exception_ = false,
save_context_ = 0x7fffed5bc4c0,
catcher_ = 0x0,
c_entry_fp_ = 0x7fffed5bc1a0 "\310\301[\355\377\177",
handler_ = 0x7fffed5bc400 "",
js_entry_sp_ = 0x7fffed5bc470 "\260\305[\355\377\177",
external_callback_scope_ = 0x0,
current_vm_state_ = v8::internal::GC,
formal_count_ = 1397965275,
failed_access_check_callback_ = 0x0,
top_lookup_result_ = 0x0,
ignore_out_of_memory_ = true,
try_catch_handler_address_ = 0x7fffed5bc7a0 "\b\200:\222\377\177"
}
--
--
v8-users mailing list
[email protected]
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
