Flaky crash in v8 during webgl2_conformance_tests WebglConformance_deqp_functional_gles3_multisample |
||||||
Issue descriptionSeen during this v8 roll: https://chromium-review.googlesource.com/c/598248 https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/12968 failed, but https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/12970 passed Crashing stack in WebglConformance_deqp_functional_gles3_multisample was: Backtrace: (No symbol) [0x2BF42AF8] (No symbol) [0x1EB4E690] v8::internal::StackGuard::ThreadLocal::Initialize [0x67BC9918+728] WTF::HashTableHelper<blink::Member<blink::XMLHttpRequest>,WTF::IdentityExtractor,WTF::HashTraits<blink::Member<blink::XMLHttpRequest> > >::IsEmptyOrDeletedBucket [0x6A1592C3+13]
,
Aug 2 2017
Sorry, missed the top of the stack v8::internal::MarkCompactCollector::RecordSlot [0x67D879A7+23] v8::internal::IncrementalMarkingMarkingVisitor::VisitPointer [0x67DB1D2B+91] v8::internal::MarkingVisitor<v8::internal::IncrementalMarkingMarkingVisitor>::VisitBytecodeArray [0x67DB11A8+24] v8::internal::HeapVisitor<int,v8::internal::IncrementalMarkingMarkingVisitor>::Visit [0x67DB0E7A+74] v8::internal::IncrementalMarking::VisitObject [0x67DB1C4C+268] v8::internal::IncrementalMarking::ProcessMarkingWorklist [0x67DAFD87+119] v8::internal::IncrementalMarking::Step [0x67DB0A3B+283] v8::internal::IncrementalMarking::AdvanceIncrementalMarking [0x67DACD1A+778] v8::internal::IncrementalMarkingJob::Task::RunInternal [0x67DAAD2F+191] base::debug::TaskAnnotator::RunTask [0x6828C4CE+398] blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue [0x6811ED36+966] blink::scheduler::TaskQueueManager::DoWork [0x6811DC72+610] base::internal::FunctorTraits<void (__thiscall content::WebMediaPlayerMS::*)(bool),void>::Invoke<base::WeakPtr<content::WebMediaPlayerMS> const &,bool const &> [0x693F9C15+26] base::internal::InvokeHelper<1,void>::MakeItSo<void (__thiscall content::WebMediaPlayerMS::*const &)(bool),base::WeakPtr<content::WebMediaPlayerMS> const &,bool const &> [0x689DABA4+36] base::internal::Invoker<base::internal::BindState<void (__thiscall content::WebMediaPlayerMS::*)(bool),base::WeakPtr<content::WebMediaPlayerMS>,bool>,void __cdecl(void)>::Run [0x689DB99A+23] base::debug::TaskAnnotator::RunTask [0x6828C4CE+398] base::MessageLoop::RunTask [0x682578DE+1374] base::MessageLoop::DoWork [0x68256CAF+639] base::MessagePumpDefault::Run [0x682AA2EB+219] base::MessageLoop::Run [0x6825736B+107] base::RunLoop::Run [0x6827584C+156] content::RendererMain [0x692E16EA+476] content::RunNamedProcessTypeMain [0x68212B03+176] content::ContentMainRunnerImpl::Run [0x68212A22+280] service_manager::Main [0x68218709+558] content::ContentMain [0x682120DA+39] ChromeMain [0x6778D14B+200] MainDllLoader::Launch [0x00186284+445] wWinMain [0x00184092+436] __scrt_common_main_seh [0x0046C5C8+246] (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:253) BaseThreadInitThunk [0x7534338A+18] RtlInitializeExceptionChain [0x776A9902+99] RtlInitializeExceptionChain [0x776A98D5+54]
,
Aug 2 2017
Also failed on Linux Intel HD 630 with yet another stack: https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Release%20%28Intel%20HD%20630%29/builds/182 (prior to roll in #0) Operating system: Linux 0.0.0 Linux 4.10.0-26-generic #30-Ubuntu SMP Tue Jun 27 09:30:12 UTC 2017 x86_64 CPU: amd64 family 6 model 158 stepping 9 1 CPU GPU: UNKNOWN Crash reason: SIGSEGV Crash address: 0x3f9712781cf0 Process uptime: not available Thread 0 (crashed) 0 chrome!Visit [marking.h : 72 + 0x0] rax = 0x0000000000001b30 rdx = 0x00003f97127ecce1 rcx = 0x00003f9712780000 rbx = 0x00000000127ecc1c rsi = 0x00001d4f9f802991 rdi = 0x00007ffc4aeb8008 rbp = 0x0000000000000004 rsp = 0x00007ffc4aeb7fb0 r8 = 0x00000329f7456609 r9 = 0x000021bdde2111e0 r10 = 0x003716cfbdebf5b8 r11 = 0x00007f6d137953b0 r12 = 0x00001d4f9f802991 r13 = 0x0000000000000010 r14 = 0x00007ffc4aeb8008 r15 = 0x00000329f7456609 rip = 0x0000563539860cfd Found by: given as instruction pointer in context 1 chrome!VisitObject [incremental-marking.cc : 836 + 0xb] rbx = 0x00000329f7400000 rbp = 0x0000000000000004 rsp = 0x00007ffc4aeb7ff0 r12 = 0x00001d4f9f802991 r13 = 0x0000000000000002 r14 = 0x00000329f7401758 r15 = 0x00000329f7401758 rip = 0x0000563539863cbb Found by: call frame info 2 chrome!ProcessMarkingWorklist [incremental-marking.cc : 876 + 0x16] rbx = 0x00000329f7456609 rbp = 0x0000000000000001 rsp = 0x00007ffc4aeb8060 r12 = 0x00007ffc4aeb8068 r13 = 0x000021bdde2111e0 r14 = 0x000000000005e4b8 r15 = 0x0000000000000010 rip = 0x000056353986234f Found by: call frame info 3 chrome!Step [incremental-marking.cc : 1157 + 0x10] rbx = 0x000021bdde2111e0 rbp = 0x0000563540f17a20 rsp = 0x00007ffc4aeb80b0 r12 = 0x0000000000000001 r13 = 0x0000000000000001 r14 = 0x0000000000150fc1 r15 = 0x0000000000000001 rip = 0x000056353986316f Found by: call frame info 4 chrome!AdvanceIncrementalMarking [incremental-marking.cc : 1049 + 0x1a] rbx = 0x000021bdde2111e0 rbp = 0x0000563540f17a20 rsp = 0x00007ffc4aeb81b0 r12 = 0x0000000000000000 r13 = 0x0000000000000001 r14 = 0x0000000000000001 r15 = 0x000021bdde24e018 rip = 0x0000563539862aba Found by: call frame info 5 chrome!RunInternal [incremental-marking-job.cc : 36 + 0x11] rbx = 0x000021bdde3895c0 rbp = 0x0000563540f11e29 rsp = 0x00007ffc4aeb8340 r12 = 0x000021bdde247000 r13 = 0x000021bdde2111e0 r14 = 0x000021bdde247000 r15 = 0x000021bdde247020 rip = 0x000056353985dc24 Found by: call frame info 6 chrome!RunTask [callback.h : 91 + 0x3] rbx = 0x00007ffc4aeb83b8 rbp = 0x000021bdde154e00 rsp = 0x00007ffc4aeb83b0 r12 = 0x000021bdde166098 r13 = 0x00007ffc4aeb8608 r14 = 0x000056353f052457 r15 = 0x0000563540f175a0 rip = 0x000056353a26cafb Found by: call frame info 7 chrome!ProcessTaskFromWorkQueue [task_queue_manager.cc : 532 + 0x14] rbx = 0x0000000000000000 rbp = 0x000021bdde154e00 rsp = 0x00007ffc4aeb8520 r12 = 0x000056353f35b769 r13 = 0x0000563540f175e0 r14 = 0x000021bdde166000 r15 = 0x000021bdde154e00 rip = 0x0000563539db2575 Found by: call frame info 8 chrome!DoWork [task_queue_manager.cc : 330 + 0x12] rbx = 0x000021bdde166000 rbp = 0x00007ffc4aeb8838 rsp = 0x00007ffc4aeb8770 r12 = 0x000021bdde166218 r13 = 0x0000000000000002 r14 = 0x0000000000000000 r15 = 0x00007ffc4aeb8838 rip = 0x0000563539db0194 Found by: call frame info 9 chrome!MakeItSo<void (AppMenuButton::*)(bool), base::WeakPtr<AppMenuButton>, bool> [bind_internal.h : 196 + 0x1b] rbx = 0x000021bdde1d4490 rbp = 0x00007ffc4aeb8e88 rsp = 0x00007ffc4aeb89a0 r12 = 0x0000563539dafe70 r13 = 0x0000000000000000 r14 = 0x000021bdde1d44a0 r15 = 0x000021bdde1d4480 rip = 0x00005635385a3eee Found by: call frame info 10 chrome!RunTask [callback.h : 91 + 0x3] rbx = 0x00007ffc4aeb8b08 rbp = 0x00007ffc4aeb8e88 rsp = 0x00007ffc4aeb8b00 r12 = 0x000021bdde157da0 r13 = 0x00007ffc4aeb8f40 r14 = 0x000056353f0995d1 r15 = 0x0000563540f175a0 rip = 0x000056353a26cafb Found by: call frame info 11 chrome!RunTask [message_loop.cc : 403 + 0xf] rbx = 0x00007ffc4aeb8ca0 rbp = 0x00007ffc4aeb8e88 rsp = 0x00007ffc4aeb8c70 r12 = 0x000021bdde157d78 r13 = 0x00007ffc4aeb8f40 r14 = 0x000021bdde157c00 r15 = 0x0000563540f60f00 rip = 0x000056353a28d0fa Found by: call frame info 12 chrome!DeferOrRunPendingTask [message_loop.cc : 414 + 0xb] rbx = 0x000021bdde157c00 rbp = 0x00007ffc4aeb8e88 rsp = 0x00007ffc4aeb8e40 r12 = 0x00007ffc4aeb8e70 r13 = 0x00007ffc4aeb8ed8 r14 = 0x00007ffc4aeb8f40 r15 = 0x00007ffc4aeb8f40 rip = 0x000056353a28d432 Found by: call frame info 13 chrome!DoWork [message_loop.cc : 521 + 0xb] rbx = 0x000021bdde157c00 rbp = 0x00007ffc4aeb8e88 rsp = 0x00007ffc4aeb8e60 r12 = 0x00007ffc4aeb8e70 r13 = 0x00007ffc4aeb8ed8 r14 = 0x000021bdde157ce8 r15 = 0x00007ffc4aeb8f40 rip = 0x000056353a28d714 Found by: call frame info 14 chrome!Run [message_pump_default.cc : 33 + 0xa] rbx = 0x0000000050460401 rbp = 0x0000000050460401 rsp = 0x00007ffc4aeb8fe0 r12 = 0x000021bdde1cc0f0 r13 = 0x000021bdde157c00 r14 = 0x000021bdde1cc0e0 r15 = 0x000021bdde1cc0f8 rip = 0x000056353a28ed80 Found by: call frame info 15 chrome!Run [message_loop.cc : 350 + 0x9] rbx = 0x000021bdde157c00 rbp = 0x0000000050460401 rsp = 0x00007ffc4aeb9140 r12 = 0x000021bdde157c00 r13 = 0x0000000000000000 r14 = 0x00007ffc4aeb9510 r15 = 0x00007ffc4aeb9298 rip = 0x000056353a28ccbf Found by: call frame info 16 chrome!Run [run_loop.cc : 111 + 0x5] rbx = 0x00007ffc4aeb9520 rbp = 0x0000000050460401 rsp = 0x00007ffc4aeb9290 r12 = 0x000021bdde157c00 r13 = 0x0000000000000000 r14 = 0x00007ffc4aeb9510 r15 = 0x00007ffc4aeb9298 rip = 0x000056353a2b5f77 Found by: call frame info 17 chrome!RendererMain [renderer_main.cc : 219 + 0x8] rbx = 0x0000563540f17510 rbp = 0x0000000050460401 rsp = 0x00007ffc4aeb94a0 r12 = 0x000021bdde157c00 r13 = 0x0000000000000000 r14 = 0x00007ffc4aeb9510 r15 = 0x00007ffc4aeb9510 rip = 0x000056353cf8eced Found by: call frame info 18 chrome!RunZygote [content_main_runner.cc : 337 + 0x4] rbx = 0x0000000000000000 rbp = 0x0000000000000072 rsp = 0x00007ffc4aeb95c0 r12 = 0x0000000000000001 r13 = 0x0000000000000000 r14 = 0x00007ffc4aeba008 r15 = 0x0000000050460401 rip = 0x0000563539ec9b7a Found by: call frame info 19 chrome!RunNamedProcessTypeMain [content_main_runner.cc : 416 + 0xb] rbx = 0x000000000000000c rbp = 0x00007ffc4aeb9918 rsp = 0x00007ffc4aeb9790 r12 = 0x00007ffc4aeb9918 r13 = 0x0000000000000000 r14 = 0x00007ffc4aeb9900 r15 = 0x00007ffc4aeba008 rip = 0x0000563539eca45b Found by: call frame info 20 chrome!Run [content_main_runner.cc : 687 + 0x8] rbx = 0x0000000000000000 rbp = 0x00007ffc4aeb9918 rsp = 0x00007ffc4aeb98f0 r12 = 0x0000563540f5e460 r13 = 0x00007ffc4aeb9fa0 r14 = 0x000021bdde10d1e0 r15 = 0x000021bdde1257e0 rip = 0x0000563539ecad98 Found by: call frame info 21 chrome!Main [main.cc : 469 + 0xa] rbx = 0x00007ffc4aeb9a98 rbp = 0x00000000ffffffff rsp = 0x00007ffc4aeb9a70 r12 = 0x0000563540f5e460 r13 = 0x00007ffc4aeb9fa0 r14 = 0x0000000000000003 r15 = 0x0000000000000000 rip = 0x0000563539ed55e6 Found by: call frame info 22 chrome!content::ContentMain(content::ContentMainParams const&) + 0x52 rbx = 0x00007ffc4aeba070 rbp = 0x0000000000000006 rsp = 0x00007ffc4aeb9f80 r12 = 0x000056353845d6c7 r13 = 0x00007ffc4aeba190 r14 = 0x00007ffc4aeb9fa0 r15 = 0x00007ffc4aeb9f88 rip = 0x0000563539ec9842 Found by: call frame info 23 chrome!ChromeMain [chrome_main.cc : 110 + 0x5] rbx = 0x00007ffc4aeba198 rbp = 0x0000000000000006 rsp = 0x00007ffc4aeba000 r12 = 0x000056353845d6c7 r13 = 0x00007ffc4aeba190 r14 = 0x00007ffc4aeba008 r15 = 0x0000000000000000 rip = 0x000056353845d894 Found by: call frame info 24 libc-2.24.so + 0x203f1 rbx = 0x0000000000000000 rbp = 0x000056353ee73c90 rsp = 0x00007ffc4aeba0c0 r12 = 0x000056353845d6c7 r13 = 0x00007ffc4aeba190 r14 = 0x0000000000000000 r15 = 0x0000000000000000 rip = 0x00007f6d136223f1 Found by: call frame info 25 chrome!frame_dummy + 0x40 rsp = 0x00007ffc4aeba0e0 rip = 0x000056353845d7f0 Found by: stack scanning 26 chrome!__cxx_global_array_dtor [new : 234 + 0x6] rsp = 0x00007ffc4aeba0f8 rip = 0x000056353845d6c7 Found by: stack scanning
,
Aug 3 2017
Also failed on Mac Retina Release (AMD) here: https://build.chromium.org/p/chromium.gpu.fyi/builders/Mac%20Retina%20Release%20%28AMD%29/builds/4856 But the stack is missing symbols on 10 top functions.
,
Aug 8 2017
Ulan, could you please help direct this bug appropriately? Hopefully it's reproducible locally and not just on the bots. Thanks.
,
Aug 8 2017
Thank you for the report. This is most likely caused by: https://chromium-review.googlesource.com/596868. That CL was reverted and later relanded with fix. The recent builds on the bots look green.
,
Aug 8 2017
OK, thanks Ulan. Let's link these bugs together and close this one as WontFix instead. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ynovikov@chromium.org
, Aug 2 2017