Issue 670714 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 670426
Owner:	█ kbr@chromium.org OOO until 2019-01-24
Closed:	Dec 2016
Components:	Blink>WebGL
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	3
Type:	Bug

FreeList::checkFreedMemoryIsZapped failure during webgl_conformance_tests on Mac10.10

Project Member Reported by jbroman@chromium.org, Dec 2 2016

Issue description

I've seen this only once:
https://build.chromium.org/p/chromium.gpu/builders/Mac%2010.10%20Debug%20%28Intel%29/builds/20662

Nonetheless, it seems to suggest that memory corruption is happening somewhere, which Oilpan is detecting when it sweeps. Abbreviated stack trace from the debug failure:

ASSERTION FAILED: address[i] == reuseAllowedZapValue || address[i] == reuseForbiddenZapValue
../../third_party/WebKit/Source/platform/heap/HeapPage.cpp(1075) : static void blink::FreeList::checkFreedMemoryIsZapped(Address, size_t)
1   0x12efcf339 blink::FreeList::checkFreedMemoryIsZapped(unsigned char*, unsigned long)
2   0x12efd16d2 blink::NormalPage::sweep()
3   0x12efcd229 blink::BaseArena::sweepUnsweptPage()
4   0x12efcd447 blink::BaseArena::lazySweepWithDeadline(double)
5   0x12efddc92 blink::ThreadState::performIdleLazySweep(double)
6   0x12efe5a59 void base::internal::FunctorTraits<void (blink::ThreadState::*)(double), void>::Invoke<blink::ThreadState*, double>(void (blink::ThreadState::*)(double), blink::ThreadState*&&, double&&)
7   0x12efe595f void base::internal::InvokeHelper<false, void>::MakeItSo<void (blink::ThreadState::* const&)(double), blink::ThreadState*, double>(void (blink::ThreadState::* const&&&)(double), blink::ThreadState*&&, double&&)
8   0x12efe58db void base::internal::Invoker<base::internal::BindState<void (blink::ThreadState::*)(double), WTF::UnretainedWrapper<blink::ThreadState, (WTF::FunctionThreadAffinity)1> >, void (double)>::RunImpl<void (blink::ThreadState::* const&)(double), std::__1::tuple<WTF::UnretainedWrapper<blink::ThreadState, (WTF::FunctionThreadAffinity)1> > const&, 0ul>(void (blink::ThreadState::* const&&&)(double), std::__1::tuple<WTF::UnretainedWrapper<blink::ThreadState, (WTF::FunctionThreadAffinity)1> > const&&&, base::IndexSequence<0ul>, double&&)
9   0x12efe57e4 base::internal::Invoker<base::internal::BindState<void (blink::ThreadState::*)(double), WTF::UnretainedWrapper<blink::ThreadState, (WTF::FunctionThreadAffinity)1> >, void (double)>::Run(base::internal::BindStateBase*, double&&)
10  0x12ea4e95d base::internal::RunMixin<base::Callback<void (double), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> >::Run(double) const
11  0x12ea4e8d3 WTF::Function<void (double), (WTF::FunctionThreadAffinity)1>::operator()(double)
12  0x12ea4e62e blink::(anonymous namespace)::IdleTaskRunner::run(double)
13  0x12eed4f7c blink::scheduler::WebSchedulerImpl::runIdleTask(std::__1::unique_ptr<blink::WebThread::IdleTask, std::__1::default_delete<blink::WebThread::IdleTask> >, base::TimeTicks)

	Operating system: Mac OS X
	                  10.10.5 14F1808
	CPU: amd64
	     family 6 model 69 stepping 1
	     4 CPUs
	
	GPU: UNKNOWN
	
	Crash reason:  EXC_BAD_INSTRUCTION / EXC_I386_INVOP
	Crash address: 0x12efcf339
	Process uptime: 303 seconds
	
	Thread 0 (crashed)
	 0  libblink_platform.dylib!__ZN5blink8FreeList24checkFreedMemoryIsZappedEPhm + 0x79
	    rax = 0xbc007664ee46f1f4   rdx = 0x0000000000121b30
	    rcx = 0xbc007664ee46f1f4   rbx = 0x00007f8f2bc32f80
	    rsi = 0x0000000102f7aa00   rdi = 0x0000000102f7aa00
	    rbp = 0x00007fff5cc86640   rsp = 0x00007fff5cc86620
	     r8 = 0x0000000000000003    r9 = 0x00007f8f2be00000
	    r10 = 0x0000000000000040   r11 = 0x00007f8f2be00000
	    r12 = 0x00007f8f2bc347a0   r13 = 0x0000000000002503
	    r14 = 0x00007f8f2bc347b8   r15 = 0x00007f8f2bc33688
	    rip = 0x000000012efcf339
	    Found by: given as instruction pointer in context
	 1  libblink_platform.dylib!__ZN5blink10NormalPage5sweepEv + 0x1a2
	    rbp = 0x00007fff5cc866e0   rsp = 0x00007fff5cc86650
	    rip = 0x000000012efd16d2
	    Found by: previous frame's frame pointer
	 2  libblink_platform.dylib!__ZN5blink9BaseArena16sweepUnsweptPageEv + 0x69
	    rbp = 0x00007fff5cc86710   rsp = 0x00007fff5cc866f0
	    rip = 0x000000012efcd229
	    Found by: previous frame's frame pointer
	 3  libblink_platform.dylib!__ZN5blink9BaseArena21lazySweepWithDeadlineEd + 0x187
	    rbp = 0x00007fff5cc86770   rsp = 0x00007fff5cc86720
	    rip = 0x000000012efcd447
	    Found by: previous frame's frame pointer
	 4  libblink_platform.dylib!__ZN5blink11ThreadState20performIdleLazySweepEd + 0x2e2
	    rbp = 0x00007fff5cc86870   rsp = 0x00007fff5cc86780
	    rip = 0x000000012efddc92
	    Found by: previous frame's frame pointer

Comment 1 by kbr@chromium.org, Dec 2 2016

Mergedinto: 670426
Status: Duplicate (was: Untriaged)

Thanks, this was reported yesterday by Yuly.

►

Issue 670714 link

Issue metadata

FreeList::checkFreedMemoryIsZapped failure during webgl_conformance_tests on Mac10.10

Issue description

Comment 1 by kbr@chromium.org, Dec 2 2016

Comment 1 Deleted

Sign in to add a comment