WebglConformance_conformance_textures_image_bitmap_from_blob failing on Linux Debug GPU FYI bot |
|||
Issue descriptionStarting from this build https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Debug%20%28NVIDIA%29/builds/39621 The WebGL conformance "bitmap from blob" tests crash in Blink with the stack trace below. It seems very related to https://chromium-review.googlesource.com/700334 that is in the regression range and changes WTF::RefPtr to alias scoped_refptr. tzik@ can you take a look? I understand the code crashing is probably not in your area, but could you still help triage? The stack trace: Crash reason: SIGSEGV Crash address: 0x0 Process uptime: not available Thread 0 (crashed) 0 libc-2.19.so + 0x3a177 rax = 0x0000000000000006 rdx = 0x0000000000000006 rcx = 0xffffffffffffffff rbx = 0x00007f0e4e9c9000 rsi = 0x0000000000000001 rdi = 0x0000000000000001 rbp = 0x00007f0e62eb13b8 rsp = 0x00007fff88962690 r8 = 0x0000000000000000 r9 = 0x00007fff889625e0 r10 = 0x0000000000000008 r11 = 0x0000000000000202 r12 = 0x00007f0e6821c0e7 r13 = 0x00007f0e68226212 r14 = 0x0000000000000000 r15 = 0x0000000000000000 rip = 0x00007f0e62d6b177 Found by: given as instruction pointer in context 1 libc-2.19.so + 0x1803b8 rsp = 0x00007fff889627b8 rip = 0x00007f0e62eb13b8 Found by: stack scanning 2 libc-2.19.so + 0x2fbf6 rsp = 0x00007fff889627c0 rip = 0x00007f0e62d60bf6 Found by: stack scanning 3 libc-2.19.so + 0x17c904 rsp = 0x00007fff889627d0 rip = 0x00007f0e62ead904 Found by: stack scanning 4 libc-2.19.so + 0x2fca2 rsp = 0x00007fff88962840 rip = 0x00007f0e62d60ca2 Found by: stack scanning 5 chrome + 0x1f24000 rsp = 0x00007fff88962860 rip = 0x00007f0e7ec10000 Found by: stack scanning 6 libblink_platform.so!scoped_refptr<blink::RawData>::operator->() const + 0x42 rsp = 0x00007fff88962870 rip = 0x00007f0e688bd7a2 Found by: stack scanning 7 libblink_platform.so!blink::BlobDataItem::DetachFromCurrentThread() + 0x29 rsp = 0x00007fff88962890 rip = 0x00007f0e688bff69 Found by: stack scanning 8 libblink_platform.so!operator= [ref_counted.h : 607 + 0x5] rsp = 0x00007fff889628c0 rip = 0x00007f0e687f7681 Found by: stack scanning 9 libblink_platform.so!WTF::String::operator=(WTF::String&&) + 0x2f rsp = 0x00007fff88962900 rip = 0x00007f0e687f73cf Found by: stack scanning 10 libblink_platform.so!WTF::String::~String() + 0x15 rsp = 0x00007fff88962920 rip = 0x00007f0e687deb05 Found by: stack scanning 11 libblink_platform.so!blink::BlobData::DetachFromCurrentThread() + 0x87 rsp = 0x00007fff88962940 rip = 0x00007f0e688c05f7 Found by: stack scanning 12 libblink_platform.so!SetDownloadedFilePath [ResourceResponse.cpp : 609 + 0x5] rsp = 0x00007fff88962980 rip = 0x00007f0e68f08dff Found by: stack scanning 13 libblink_platform.so!scoped_refptr<WTF::StringImpl>::Release(WTF::StringImpl*) + 0x15 rsp = 0x00007fff889629c0 rip = 0x00007f0e687e2525 Found by: stack scanning 14 libblink_platform.so!scoped_refptr<WTF::StringImpl>::~scoped_refptr() + 0x2a rsp = 0x00007fff889629e0 rip = 0x00007f0e687e250a Found by: stack scanning 15 libblink_platform.so!WTF::String::~String() + 0x15 rsp = 0x00007fff88962a00 rip = 0x00007f0e687deb05 Found by: stack scanning 16 libblink_platform.so!FromUTF8 [WebString.h : 131 + 0x16] rsp = 0x00007fff88962a60 rip = 0x00007f0e688d2009 Found by: stack scanning 17 libblink_platform.so!scoped_refptr<WTF::StringImpl>::AddRef(WTF::StringImpl*) + 0x15 rsp = 0x00007fff88962ab0 rip = 0x00007f0e687def25 Found by: stack scanning 18 libblink_platform.so!scoped_refptr<WTF::StringImpl>::scoped_refptr(WTF::StringImpl*) + 0x35 rsp = 0x00007fff88962ad0 rip = 0x00007f0e687f7625 Found by: stack scanning 19 libblink_platform.so!WTF::String::String(WTF::StringImpl*) + 0x1d rsp = 0x00007fff88962b00 rip = 0x00007f0e687f738d Found by: stack scanning 20 libblink_platform.so!blink::WebString::operator WTF::String() const + 0x2f rsp = 0x00007fff88962b20 rip = 0x00007f0e6893b0cf Found by: stack scanning 21 libblink_platform.so!blink::WebURLResponse::SetDownloadFilePath(blink::WebString const&) + 0x39 rsp = 0x00007fff88962b50 rip = 0x00007f0e689423c9 Found by: stack scanning 22 libcontent.so!PopulateURLResponse [web_url_loader_impl.cc : 1216 + 0xc] rsp = 0x00007fff88962b80 rip = 0x00007f0e75820f98 Found by: stack scanning 23 libbase.so!tcmalloc::PageHeap::GetDescriptor(unsigned long) const + 0x1d rsp = 0x00007fff88962bc0 rip = 0x00007f0e7c62fa6d Found by: stack scanning 24 libbase.so!tcmalloc::UnmaskPtr(void*) + 0x15 rsp = 0x00007fff88962c90 rip = 0x00007f0e7c62fa15 Found by: stack scanning 25 libbase.so!PackedCache<36, unsigned long>::GetOrDefault(unsigned long, unsigned long) const + 0x114 rsp = 0x00007fff88962cc0 rip = 0x00007f0e7c655d94 Found by: stack scanning 26 libbase.so!tcmalloc::FL_SetPrevious(void*, void*) + 0x26 rsp = 0x00007fff88962ce0 rip = 0x00007f0e7c62fbd6 Found by: stack scanning 27 libbase.so!tcmalloc::FL_Pop(void**) + 0xfd rsp = 0x00007fff88962d00 rip = 0x00007f0e7c62f82d Found by: stack scanning 28 libblink_core.so!blink::Document::SetReadyState(blink::Document::DocumentReadyState) + 0xd9 rsp = 0x00007fff88962d08 rip = 0x00007f0e6ab22209 Found by: stack scanning 29 libbase.so!tc_free + 0x23 rsp = 0x00007fff88962d30 rip = 0x00007f0e7c67f1f3 Found by: stack scanning 30 libbase.so!(anonymous namespace)::TCFree(base::allocator::AllocatorDispatch const*, void*, void*) + 0x1d rsp = 0x00007fff88962d38 rip = 0x00007f0e7c6154cd Found by: stack scanning 31 libbase.so!tcmalloc::PageHeap::GetSizeClassIfCached(unsigned long) const + 0x30 rsp = 0x00007fff88962d80 rip = 0x00007f0e7c655c70 Found by: stack scanning 32 libbase.so!(anonymous namespace)::GetSizeWithCallback(void const*, unsigned long (*)(void const*)) + 0x65 rsp = 0x00007fff88962db0 rip = 0x00007f0e7c64f895 Found by: stack scanning 33 libbase.so!(anonymous namespace)::GetSizeWithCallback(void const*, unsigned long (*)(void const*)) + 0x130 rsp = 0x00007fff88962dd0 rip = 0x00007f0e7c64f960 Found by: stack scanning 34 libbase.so!GetMarkLocation(void*) + 0x1f rsp = 0x00007fff88962df0 rip = 0x00007f0e7c65202f Found by: stack scanning 35 libbase.so!MallocHook::GetNewHook() + 0x10 rsp = 0x00007fff88962e10 rip = 0x00007f0e7c62a730 Found by: stack scanning 36 libbase.so!tcmalloc::PageHeap::GetDescriptor(unsigned long) const + 0x1d rsp = 0x00007fff88962e60 rip = 0x00007f0e7c62fa6d Found by: stack scanning 37 libbase.so!MallocBlock::magic2_addr() + 0x15 rsp = 0x00007fff88962f70 rip = 0x00007f0e7c657705 Found by: stack scanning 38 libbase.so!MallocBlock::Initialize(unsigned long, int) + 0x1e0 rsp = 0x00007fff88962f90 rip = 0x00007f0e7c658bd0 Found by: stack scanning 39 libbase.so!MallocBlock::Allocate(unsigned long, int) + 0x207 rsp = 0x00007fff88963010 rip = 0x00007f0e7c653c67 Found by: stack scanning 40 libbase.so!base::internal::AtomicPtr<void (*)(void const*)>::Get() const + 0x15 rsp = 0x00007fff88963090 rip = 0x00007f0e7c62a715 Found by: stack scanning 41 libbase.so!MallocHook::GetNewHook() + 0x10 rsp = 0x00007fff889630b0 rip = 0x00007f0e7c62a730 Found by: stack scanning 42 libbase.so!MallocHook::InvokeNewHook(void const*, unsigned long) + 0x39 rsp = 0x00007fff889630c0 rip = 0x00007f0e7c62a5a9 Found by: stack scanning 43 libbase.so!tc_malloc + 0x26 rsp = 0x00007fff889630f0 rip = 0x00007f0e7c67f226 Found by: stack scanning 44 libbase.so!(anonymous namespace)::TCMalloc(base::allocator::AllocatorDispatch const*, unsigned long, void*) + 0x1d rsp = 0x00007fff88963110 rip = 0x00007f0e7c61540d Found by: stack scanning 45 libblink_platform.so!WTF::VectorBuffer<blink::ContextMenuItem, 0ul, WTF::PartitionAllocator>::VectorBuffer() + 0x15 rsp = 0x00007fff88963160 rip = 0x00007f0e687e2745 Found by: stack scanning 46 libblink_platform.so!WTF::Vector<blink::ContextMenuItem, 0ul, WTF::PartitionAllocator>::Vector() + 0x1f rsp = 0x00007fff88963180 rip = 0x00007f0e687dea2f Found by: stack scanning 47 libblink_platform.so!blink::ResourceResponse::ResourceResponse() + 0x2ec rsp = 0x00007fff889631a0 rip = 0x00007f0e68f048ac Found by: stack scanning 48 libcontent.so!OnReceivedResponse [web_url_loader_impl.cc : 743 + 0xb] rsp = 0x00007fff88963240 rip = 0x00007f0e758227eb Found by: stack scanning 49 libnet.so!__push_back_slow_path<const net::HttpByteRange &> [vector : 1577 + 0x5] rsp = 0x00007fff88963310 rip = 0x00007f0e799c4829 Found by: stack scanning 50 libc++.so!std::__1::char_traits<char>::find(char const*, unsigned long, char const&) + 0x51 rsp = 0x00007fff88963320 rip = 0x00007f0e7c825541 Found by: stack scanning 51 libc++.so!find [__string : 642 + 0xb] rsp = 0x00007fff88963360 rip = 0x00007f0e7c8068ff Found by: stack scanning 52 libbase.so!tcmalloc::UnmaskPtr(void*) + 0x15 rsp = 0x00007fff88963450 rip = 0x00007f0e7c62fa15 Found by: stack scanning 53 libbase.so!PackedCache<36, unsigned long>::GetOrDefault(unsigned long, unsigned long) const + 0x114 rsp = 0x00007fff88963480 rip = 0x00007f0e7c655d94 Found by: stack scanning 54 libbase.so!tcmalloc::FL_SetPrevious(void*, void*) + 0x26 rsp = 0x00007fff889634a0 rip = 0x00007f0e7c62fbd6 Found by: stack scanning 55 libbase.so!tcmalloc::FL_Pop(void**) + 0xfd rsp = 0x00007fff889634c0 rip = 0x00007f0e7c62f82d Found by: stack scanning 56 libc++.so!reserve [memory : 2218 + 0x8] rsp = 0x00007fff88963530 rip = 0x00007f0e7c7fbda6 Found by: stack scanning 57 libbase.so!tcmalloc::PageHeap::GetSizeClassIfCached(unsigned long) const + 0x30 rsp = 0x00007fff88963540 rip = 0x00007f0e7c655c70 Found by: stack scanning 58 libbase.so!(anonymous namespace)::GetSizeWithCallback(void const*, unsigned long (*)(void const*)) + 0x65 rsp = 0x00007fff88963570 rip = 0x00007f0e7c64f895 Found by: stack scanning 59 libbase.so!(anonymous namespace)::GetSizeWithCallback(void const*, unsigned long (*)(void const*)) + 0x130 rsp = 0x00007fff88963590 rip = 0x00007f0e7c64f960 Found by: stack scanning
,
Oct 5 2017
Thanks for reporting. Looks like it was reverted in 33a814529d1f6bb7e88e2268ee1a38d9d7aebf2d for breaking other bots.
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/654f5efa1d0fea72a82393d203a7af14bf9fb764 commit 654f5efa1d0fea72a82393d203a7af14bf9fb764 Author: tzik <tzik@chromium.org> Date: Mon Oct 09 01:51:25 2017 Remove blink::RawData::DetachFromCurrentThread As |data| there can be null, its usage causes UB on the existing code, and will hit an assertion failure after the unification of WTF::RefPtr and scoped_refptr. This CL removes RawData::DetachFromCurrentThread itself, as it's nop and there's no other user. Bug: 763844 , 772026 Change-Id: I4984b3f104fc6ba430e1e6d9a2ec342fc93b6fb2 Reviewed-on: https://chromium-review.googlesource.com/706435 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#507316} [modify] https://crrev.com/654f5efa1d0fea72a82393d203a7af14bf9fb764/third_party/WebKit/Source/platform/blob/BlobData.cpp [modify] https://crrev.com/654f5efa1d0fea72a82393d203a7af14bf9fb764/third_party/WebKit/Source/platform/blob/BlobData.h
,
Oct 9 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by cwallez@chromium.org
, Oct 5 2017