Issue metadata
Sign in to add a comment
|
V8 crash on WebGL 2 deqp/functional/gles3/shaderprecision_float.html |
||||||||||||||||||||||
Issue descriptionChrome Version: 58.0.3013.2, V8 5.8.207 OS: Windows 10.0.14393.693 GPU: Intel HD 620, new 21.20.16.4590 driver (presumably irrelevant) Go to https://www.khronos.org/registry/webgl/sdk/tests/deqp/functional/gles3/shaderprecision_float.html Renderer process crashes. Here are the crash reports, but they aren't visible yet for some reason: https://crash.corp.google.com/9ec8159240000000 https://crash.corp.google.com/ce404e0440000000 Dump and manually symbolized (crsym/) report attached. Looks like null pointer. Thread 0 ( * CRASHED * EXCEPTION_ACCESS_VIOLATION_WRITE @ 0x4 ) 0 [ + 0x34436578] 1 [ + 0x251998a5] 2 [ + 0x1a071abf] 3 [ + 0x251990c7] 4 [ + 0x1a071abf] 5 [ + 0x1a070b9e] 6 [ + 0x1a0175d8] 7 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\v8\src\execution.cc:146] v8::internal::`anonymous namespace'::Invoke 8 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\v8\src\execution.cc:180] v8::internal::`anonymous namespace'::CallInternal 9 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\v8\src\api.cc:5107] v8::Function::Call(v8::Local<v8::Context>,v8::Local<v8::Value>,int,v8::Local<v8::Value> * const) 10 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\bindings\core\v8\v8scriptrunner.cpp:659] blink::V8ScriptRunner::callFunction(v8::Local<v8::Function>,blink::ExecutionContext *,v8::Local<v8::Value>,int,v8::Local<v8::Value> * const,v8::Isolate *) 11 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\bindings\core\v8\scheduledaction.cpp:135] blink::ScheduledAction::execute(blink::LocalFrame *) 12 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\core\frame\domtimer.cpp:170] blink::DOMTimer::fired() 13 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\platform\timer.cpp:175] blink::TimerBase::runInternal() 14 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:214] base::internal::FunctorTraits<void ( media::remoting::DemuxerStreamAdapter::*)(void),void>::Invoke<base::WeakPtr<media::remoting::DemuxerStreamAdapter> const &>(void ( media::remoting::DemuxerStreamAdapter::*)(void),base::WeakPtr<media::remoting::DemuxerStreamAdapter> const &) 15 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:305] base::internal::InvokeHelper<1,void>::MakeItSo<void ( media::remoting::DemuxerStreamAdapter::*const &)(void),base::WeakPtr<media::remoting::DemuxerStreamAdapter> const &>(void ( media::remoting::DemuxerStreamAdapter::*const &)(void),base::WeakPtr<media::remoting::DemuxerStreamAdapter> const &) 16 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:339] base::internal::Invoker<base::internal::BindState<void ( media::remoting::DemuxerStreamAdapter::*)(void),base::WeakPtr<media::remoting::DemuxerStreamAdapter> >,void >::Run(base::internal::BindStateBase *) 17 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\debug\task_annotator.cc:59] base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 18 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc:522] blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *) 19 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc:316] blink::scheduler::TaskQueueManager::DoWork(bool) 20 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:214] base::internal::FunctorTraits<void ( media::WebMediaPlayerImpl::*)(bool),void>::Invoke<base::WeakPtr<media::WebMediaPlayerImpl> const &,bool>(void ( media::WebMediaPlayerImpl::*)(bool),base::WeakPtr<media::WebMediaPlayerImpl> const &,bool &&) 21 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:305] base::internal::InvokeHelper<1,void>::MakeItSo<void ( gpu::GpuWatchdogThread::*const &)(bool),base::WeakPtr<gpu::GpuWatchdogThread> const &,bool const &>(void ( gpu::GpuWatchdogThread::*const &)(bool),base::WeakPtr<gpu::GpuWatchdogThread> const &,bool const &) 22 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\bind_internal.h:339] base::internal::Invoker<base::internal::BindState<void ( gpu::GpuWatchdogThread::*)(bool),base::WeakPtr<gpu::GpuWatchdogThread>,bool>,void >::Run(base::internal::BindStateBase *) 23 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\debug\task_annotator.cc:59] base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 24 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\message_loop\message_loop.cc:424] base::MessageLoop::RunTask(base::PendingTask *) 25 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\message_loop\message_loop.cc:527] base::MessageLoop::DoWork() 26 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\message_loop\message_pump_default.cc:34] base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 27 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\base\run_loop.cc:38] base::RunLoop::Run() 28 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\content\renderer\renderer_main.cc:200] content::RendererMain(content::MainFunctionParams const &) 29 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\content\app\content_main_runner.cc:476] content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 30 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\content\app\content_main_runner.cc:836] content::ContentMainRunnerImpl::Run() 31 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\content\app\content_main.cc:20] content::ContentMain(content::ContentMainParams const &) 32 [chrome_child.dll - c:\b\build\slave\win-asan\build\src\chrome\app\chrome_main.cc:116] ChromeMain 33 [chrome.exe - c:\b\build\slave\win-asan\build\src\chrome\app\main_dll_loader_win.cc:203] MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 34 [chrome.exe - c:\b\build\slave\win-asan\build\src\chrome\app\chrome_exe_main_win.cc:284] wWinMain 35 [chrome.exe - f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:253] __scrt_common_main_seh 36 [KERNEL32.DLL - 0x162c4] BaseThreadInitThunk 37 [ntdll.dll - 0x60fd9] __RtlUserThreadStart 38 [ntdll.dll - 0x60fa4] _RtlUserThreadStart
,
Apr 5 2017
,
Apr 5 2017
Are these crashes gone? I suspect they're related to the new compilation pipeline, and may already be fixed.
,
Apr 6 2017
,
Apr 6 2017
I will try to test this tonight (the crash was seen on my personal machine).
,
Apr 7 2017
Seems fine on 58.0.3029.41 (with --enable-features=V8Future since that should be the configuration of the original crashes) |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kainino@chromium.org
, Feb 17 2017