Core files are uploaded to https://drive.google.com/corp/drive/u/0/folders/18EPJ59K0DWvl069J24Z4gAa1Shzziu1O.

Assign to Chrome Gardener to take a first look at.

chrome.20180110.075026.4466.dmp (from #1) appears to have the same symbolization issues described in https://crbug.com/775919. minidump_stackwalk reports two modules for Chrome, one of which has a bogus-seeming all-zero ID:

Loaded modules:
0x5e36c7266000 - 0x5e36c73fffff  chrome  ???  (WARNING: No symbols, chrome, 667B9EA080491A19FF5C36B61A70601D0)
0x5e36c9200000 - 0x5e36cf745fff  chrome  ???  (main)  (WARNING: No symbols, chrome, 000000000000000000000000000000000)
...

As a result, symbolization fails:

Crash reason:  SIGSEGV
Crash address: 0x0
Process uptime: not available

Thread 0 (crashed)
 0  0x5e36c808c3e0
    rax = 0x0000000000000000   rdx = 0x0000000000000085
    rcx = 0xffffffffffffffff   rbx = 0x0000000000000085
    rsi = 0x00007c75cc9672e8   rdi = 0x0000000000000000
    rbp = 0x00007c75cc967400   rsp = 0x00007c75cc9672b8
     r8 = 0x0000000000000040    r9 = 0xcccccccccccccccd
    r10 = 0x00005e36cf0af5a0   r11 = 0x0000000000000000
    r12 = 0x00007c75cc967401   r13 = 0x00007c75cc967410
    r14 = 0x00007c75cc9672e8   r15 = 0x0000000000000001
    rip = 0x00005e36c808c3e0
    Found by: given as instruction pointer in context
 1  chrome + 0x5a7e52b
    rbp = 0x00007c75cc9674a0   rsp = 0x00007c75cc967410
    rip = 0x00005e36cec7e52b
    Found by: previous frame's frame pointer
...

However, it looks like I *am* able to symbolize the core file using tovep@'s instructions from https://crbug.com/775919#c23:

Core was generated by `/opt/google/chrome/chrome --type=renderer --enable-logging --enable-smooth-scro'.
Program terminated with signal SIGSEGV, Segmentation fault.
...
#0  tcmalloc::Abort () at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/base/abort.cc:15
#1  0x00005e36c808ee76 in tcmalloc::Log (mode=tcmalloc::kCrash, filename=<optimized out>, line=<optimized out>, a=..., b=..., c=..., d=...) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/internal_logging.cc:120
#2  0x00005e36cec7e52b in tcmalloc::FL_EqualityCheck<void*> (line=118, v0=<optimized out>, v1=<optimized out>, file=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/free_list.h:65
#3  tcmalloc::FL_Next (t=0x30aea9e93b60) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/free_list.h:118
#4  tcmalloc::FL_Pop (list=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/free_list.h:130
#5  tcmalloc::ThreadCache::FreeList::Pop (this=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/thread_cache.h:209
#6  tcmalloc::ThreadCache::Allocate (size=<optimized out>, cl=<optimized out>, this=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/thread_cache.h:375
#7  (anonymous namespace)::do_malloc (size=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/tcmalloc.cc:1122
#8  (anonymous namespace)::do_malloc_or_cpp_alloc (size=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/tcmalloc.cc:1045
#9  tc_malloc (size=4) at ../../../../../../../home/chrome-bot/chrome_root/src/third_party/tcmalloc/chromium/src/tcmalloc.cc:1579
#10 0x00005e36ce5a36cb in ShimCppNew (size=4) at ../../../../../../../home/chrome-bot/chrome_root/src/base/allocator/allocator_shim.cc:159
#11 operator new (size=4) at ../../../../../../../home/chrome-bot/chrome_root/src/base/allocator/allocator_shim_override_cpp_symbols.h:19
#12 0x00005e36cccb9e44 in std::__1::__allocate (__size=<optimized out>) at /usr/bin/../include/c++/v1/new:227
#13 std::__1::allocator<unsigned int>::allocate (__n=1, this=<optimized out>) at /usr/bin/../include/c++/v1/memory:1771
#14 std::__1::allocator_traits<std::__1::allocator<unsigned int> >::allocate (__n=1, __a=...) at /usr/bin/../include/c++/v1/memory:1526
#15 std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >::allocate (__n=1, this=<optimized out>) at /usr/bin/../include/c++/v1/vector:925
#16 std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >::vector (__x=..., this=<optimized out>) at /usr/bin/../include/c++/v1/vector:1200
#17 std::__1::__tuple_leaf<3ul, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >, false>::__tuple_leaf<std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, void> (__t=..., this=<optimized out>)
    at /usr/bin/../include/c++/v1/tuple:226
#18 std::__1::__tuple_impl<std::__1::__tuple_indices<0ul, 1ul, 2ul, 3ul>, base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > >::__tuple_impl<0ul, 1ul, 2ul, 3ul, base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >, , , base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&>(std::__1::__tuple_indices<0ul, 1ul, 2ul, 3ul>, std::__1::__tuple_types<base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > >, std::__1::__tuple_indices<>, std::__1::__tuple_types<>, base::WeakPtr<content::RTCVideoDecoder>&&, media::GpuVideoAcceleratorFactories* const&, int&&, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&) (__u=..., __u=..., __u=..., __u=..., 
    this=<optimized out>) at /usr/bin/../include/c++/v1/tuple:385
#19 std::__1::tuple<base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > >::tuple<base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, false, false> (this=0x30aea9d9b808, __u=..., __u=..., __u=..., __u=...) at /usr/bin/../include/c++/v1/tuple:738
#20 base::internal::BindState<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > >::BindState<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&> (this=0x30aea9d9b7e0, invoke_func=<optimized out>, 
    functor=@0x7c75cc967568: 0x5e36cccb8f80 <content::RTCVideoDecoder::ReleaseMailbox(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&)>, 
    bound_args=..., bound_args=..., bound_args=..., bound_args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:467
#21 0x00005e36cccb8e94 in base::internal::BindState<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > >::BindState<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&> (this=0x30aea9d9b7e0, invoke_func=0x7c75cc9672e8, 
    functor=@0x5e36cccb8f80: 0x56415741e5894855, bound_args=..., bound_args=..., bound_args=..., bound_args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:437
#22 base::BindRepeating<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&> (functor=@0x5e36cccb8f80: 0x56415741e5894855, args=..., args=..., args=..., args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind.h:230
#23 base::Bind<void (*)(base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories*, long, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, gpu::SyncToken const&), base::WeakPtr<content::RTCVideoDecoder>, media::GpuVideoAcceleratorFactories* const&, int, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&> (functor=@0x5e36cccb8f80: 0x56415741e5894855, args=..., args=..., args=..., args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind.h:242
#24 content::RTCVideoDecoder::CreateVideoFrame (this=<optimized out>, picture=..., pb=..., timestamp=<optimized out>, visible_rect=..., pixel_format=<optimized out>)
    at ../../../../../../../home/chrome-bot/chrome_root/src/content/renderer/media/gpu/rtc_video_decoder.cc:455
#25 0x00005e36cccb8911 in content::RTCVideoDecoder::PictureReady (this=0x30aeaa19a2c0, picture=...) at ../../../../../../../home/chrome-bot/chrome_root/src/content/renderer/media/gpu/rtc_video_decoder.cc:400
#26 0x00005e36c85239d7 in media::GpuVideoDecodeAcceleratorHost::OnPictureReady (this=0x30aeaa187b40, params=...) at ../../../../../../../home/chrome-bot/chrome_root/src/media/gpu/ipc/client/gpu_video_decode_accelerator_host.cc:269
#27 0x00005e36c852382e in base::DispatchToMethodImpl<media::GpuVideoDecodeAcceleratorHost*, void (media::GpuVideoDecodeAcceleratorHost::*)(AcceleratedVideoDecoderHostMsg_PictureReady_Params const&), std::__1::tuple<AcceleratedVideoDecoderHostMsg_PictureReady_Params>, 0ul>
    (method=<optimized out>, args=..., obj=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/base/tuple.h:52
#28 base::DispatchToMethod<media::GpuVideoDecodeAcceleratorHost*, void (media::GpuVideoDecodeAcceleratorHost::*)(AcceleratedVideoDecoderHostMsg_PictureReady_Params const&), std::__1::tuple<AcceleratedVideoDecoderHostMsg_PictureReady_Params> > (obj=<optimized out>, 
    method=<optimized out>, args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/tuple.h:60
#29 IPC::DispatchToMethod<media::GpuVideoDecodeAcceleratorHost, void (media::GpuVideoDecodeAcceleratorHost::*)(AcceleratedVideoDecoderHostMsg_PictureReady_Params const&), void, std::__1::tuple<AcceleratedVideoDecoderHostMsg_PictureReady_Params> > (obj=<optimized out>, 
    method=<optimized out>, tuple=...) at ../../../../../../../home/chrome-bot/chrome_root/src/ipc/ipc_message_templates.h:51
#30 IPC::MessageT<AcceleratedVideoDecoderHostMsg_PictureReady_Meta, std::__1::tuple<AcceleratedVideoDecoderHostMsg_PictureReady_Params>, void>::Dispatch<media::GpuVideoDecodeAcceleratorHost, media::GpuVideoDecodeAcceleratorHost, void, void (media::GpuVideoDecodeAcceleratorHost::*)(AcceleratedVideoDecoderHostMsg_PictureReady_Params const&)> (msg=0x30aea9f509c0, obj=<optimized out>, sender=<optimized out>, parameter=<optimized out>, func=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/ipc/ipc_message_templates.h:146
#31 0x00005e36c8523204 in media::GpuVideoDecodeAcceleratorHost::OnMessageReceived (this=0x85, msg=...) at ../../../../../../../home/chrome-bot/chrome_root/src/media/gpu/ipc/client/gpu_video_decode_accelerator_host.cc:55
#32 0x00005e36c83390bc in base::internal::FunctorTraits<bool (IPC::Listener::*)(IPC::Message const&), void>::Invoke<base::WeakPtr<IPC::Listener> const&, IPC::Message const&> (method=<optimized out>, receiver_ptr=..., args=...)
    at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:194
#33 base::internal::FunctorTraits<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)>, void>::Invoke<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)> const&, base::WeakPtr<IPC::Listener> const&, IPC::Message const&> (args=..., ignore_result_helper=..., args=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:222
#34 base::internal::InvokeHelper<true, void>::MakeItSo<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)> const&, base::WeakPtr<IPC::Listener> const&, IPC::Message const&> (weak_ptr=..., functor=..., args=...)
    at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:297
#35 base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)>, base::WeakPtr<IPC::Listener>, IPC::Message>, void ()>::RunImpl<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)> const&, std::__1::tuple<base::WeakPtr<IPC::Listener>, IPC::Message> const&, 0ul, 1ul>(base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)> const&, std::__1::tuple<base::WeakPtr<IPC::Listener>, IPC::Message> const&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) (bound=..., functor=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:351
#36 base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (IPC::Listener::*)(IPC::Message const&)>, base::WeakPtr<IPC::Listener>, IPC::Message>, void ()>::Run(base::internal::BindStateBase*) (base=<optimized out>)
    at ../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:333
#37 0x00005e36ce595e45 in base::OnceCallback<void ()>::Run() && (this=<optimized out>) at ../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:65
#38 base::debug::TaskAnnotator::RunTask (this=0x30aea9a50b4c, queue_function=<optimized out>, pending_task=0x7c75cc967c00) at ../../../../../../../home/chrome-bot/chrome_root/src/base/debug/task_annotator.cc:55
#39 0x00005e36ce597cda in base::MessageLoop::RunTask (this=0x30aea9a72a00, pending_task=0x7c75cc967c00) at ../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_loop.cc:391
#40 0x00005e36ce5988f7 in base::MessageLoop::DeferOrRunPendingTask (this=<optimized out>, pending_task=...) at ../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_loop.cc:403
#41 base::MessageLoop::DoWork (this=0x30aea9a72a00) at ../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_loop.cc:447
#42 0x00005e36ce598cdd in base::MessagePumpDefault::Run (this=0x30aea9ab94c0, delegate=0x30aea9a72a00) at ../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_pump_default.cc:37
#43 0x00005e36c9e31a04 in base::RunLoop::Run (this=0x7c75cc967e30) at ../../../../../../../home/chrome-bot/chrome_root/src/base/run_loop.cc:114
#44 0x00005e36c9e4ee19 in base::Thread::ThreadMain (this=0x30aea9ab2000) at ../../../../../../../home/chrome-bot/chrome_root/src/base/threading/thread.cc:338
#45 0x00005e36c9e49c6d in base::(anonymous namespace)::ThreadFunc (params=0x30aea9968940) at ../../../../../../../home/chrome-bot/chrome_root/src/base/threading/platform_thread_posix.cc:75
#46 0x00007c75de43f2b8 in ?? () from r/lib64/libpthread.so.0
#47 0x00007c75dd57ffad in clone () from r/lib64/libc.so.6

----

I think that this is the relevant tcmalloc code:

template <typename T> inline void FL_EqualityCheck(const T& v0,
                                                   const T& v1,
                                                   const char* file,
                                                   int line) {
  if (v0 != v1) Log(kCrash, file, line, "Memory corruption detected.");
}

So, maybe not much to go on there. :-/

Pawel, are you the right person to look at this?

Another chrome crash: 
Gaudo running R65-10323.55.0 in Thor meet mode. 

2018-03-15T12:20:19.066739-05:00 INFO kernel: [38803.998515] Media[3928]: segfault at 39 ip 00005d4e791e6bc0 sp 00007775579d82a8 error 6
2018-03-15T12:20:19.088769-05:00 INFO crash_reporter[20759]: libminijail[20759]: mount /dev/log -> /dev/log type ''
2018-03-15T12:20:19.100265-05:00 WARNING crash_reporter[20761]: Received crash notification for chrome[3888] user 1000 (called directly)
2018-03-15T12:20:19.129903-05:00 WARNING crash_reporter[20759]: [user] Received crash notification for chrome[3888] sig 11, user 1000 (developer build - not testing - always dumping)
2018-03-15T12:20:19.131050-05:00 INFO crash_reporter[20759]: State of crashed process [3888]: D (disk sleep)
2018-03-15T12:20:19.138869-05:00 WARNING crash_reporter[20761]: Error writing sanitized log to /var/spool/crash/chrome.20180315.122019.3888.chrome.txt
2018-03-15T12:20:19.160274-05:00 ERR crash_reporter[20761]: Could not write file /var/spool/crash/chrome.20180315.122019.3888.i915_error_state.log.xz Written: -1 Len: 84
2018-03-15T12:20:19.160493-05:00 ERR crash_reporter[20761]: Unable to write /var/spool/crash/chrome.20180315.122019.3888.meta


localhost ~ # ls -altr /var/spool/crash                                                                                                                     
-rw-r--r-- 1 root root  5738 Mar 15 12:20 chrome.20180315.122019.3888.log
-rw-r--r-- 1 root root 15641 Mar 15 12:20 chrome.20180315.122032.3888.log
-rw-r--r-- 1 root root   229 Mar 15 12:20 chrome.20180315.122032.3888.meta
drwxr-xr-t 2 root root  4096 Mar 15 12:20 .
localhost ~ # cat /etc/lsb-release                                                                                                                          
CHROMEOS_RELEASE_APPID={8AA6D9AC-6EBC-4288-A615-171F56F66B4E}
CHROMEOS_BOARD_APPID={8AA6D9AC-6EBC-4288-A615-171F56F66B4E}
CHROMEOS_CANARY_APPID={90F229CE-83E2-4FAF-8479-E368A34938B1}
DEVICETYPE=CHROMEBOX
CHROMEOS_RELEASE_BUILDER_PATH=guado-release/R65-10323.55.0
GOOGLE_RELEASE=10323.55.0

Deleted: chrome.20180315.122032.3888.meta 229 bytes

chrome.20180315.122032.3888.meta 229 bytes Download

Deleted: chrome.20180315.122032.3888.log 15.3 KB

chrome.20180315.122032.3888.log 15.3 KB View Download