Pixel_OffscreenCanvas2DResizeOnWorker is crashing in the renderer.
This looks like a mis-use of the viz client API by the OffscreenCanvas code?
Operating system: Linux
0.0.0 Linux 3.13.0-105-generic #152-Ubuntu SMP Fri Dec 2 15:37:11 UTC 2016 x86_64
CPU: amd64
family 6 model 94 stepping 3
1 CPU
GPU: UNKNOWN
Crash reason: SIGSEGV
Crash address: 0x0
Process uptime: not available
Thread 15 (crashed)
0 libc-2.19.so + 0x3a177
rax = 0x0000000000000006 rdx = 0x0000000000000006
rcx = 0xffffffffffffffff rbx = 0x0000000000000000
rsi = 0x0000000000000010 rdi = 0x0000000000000001
rbp = 0x00007f964adf6810 rsp = 0x00007f964adf66e0
r8 = 0x0000000000000000 r9 = 0x00007f964adf6630
r10 = 0x0000000000000008 r11 = 0x0000000000000202
r12 = 0x0000000000000000 r13 = 0x0000000000000000
r14 = 0x00007f964adff9c0 r15 = 0x00007f964adff700
rip = 0x00007f965dc80177
Found by: given as instruction pointer in context
1 libbase.so!base::debug::BreakDebugger() + 0x18
rbp = 0x00007f964adf6820 rsp = 0x00007f964adf6820
rip = 0x00007f967e7b74a8
Found by: previous frame's frame pointer
2 chrome!logging::(anonymous namespace)::SilentRuntimeAssertHandler(char const*, int, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >) + 0x24
rbp = 0x00007f964adf6860 rsp = 0x00007f964adf6830
rip = 0x00007f9682e36614
Found by: call frame info
3 chrome!Invoke<void (*const &)(const char *, int, base::BasicStringPiece<std::string>, base::BasicStringPiece<std::string>), const char *, int, base::BasicStringPiece<std::string>, base::BasicStringPiece<std::string> > [bind_internal.h : 402 + 0x20]
rbp = 0x00007f964adf68f0 rsp = 0x00007f964adf6870
rip = 0x00007f9682e38b61
Found by: call frame info
4 chrome!MakeItSo<void (*const &)(const char *, int, base::BasicStringPiece<std::string>, base::BasicStringPiece<std::string>), const char *, int, base::BasicStringPiece<std::string>, base::BasicStringPiece<std::string> > [bind_internal.h : 547 + 0x5]
rbp = 0x00007f964adf6950 rsp = 0x00007f964adf6900
rip = 0x00007f9682e38aad
Found by: call frame info
5 chrome!RunImpl<void (*const &)(const char *, int, base::BasicStringPiece<std::string>, base::BasicStringPiece<std::string>), const std::__1::tuple<> &> [bind_internal.h : 621 + 0x5]
rbp = 0x00007f964adf69c0 rsp = 0x00007f964adf6960
rip = 0x00007f9682e38a41
Found by: call frame info
6 chrome!Run [bind_internal.h : 603 + 0x10]
rbp = 0x00007f964adf6a30 rsp = 0x00007f964adf69d0
rip = 0x00007f9682e389d3
Found by: call frame info
7 libbase.so!Run [callback.h : 125 + 0x9]
rbp = 0x00007f964adf6ab0 rsp = 0x00007f964adf6a40
rip = 0x00007f967e555bac
Found by: call frame info
8 libbase.so!~LogMessage [logging.cc : 835 + 0x3e]
rbp = 0x00007f964adf7720 rsp = 0x00007f964adf6ac0
rip = 0x00007f967e553f7d
Found by: call frame info
9 libviz_common.so!viz::RenderPass::SetNew(unsigned long, gfx::Rect const&, gfx::Rect const&, gfx::Transform const&) + 0x24e
rbp = 0x00007f964adf7c90 rsp = 0x00007f964adf7730
rip = 0x00007f9675024e7e
Found by: call frame info
10 libblink_platform.so!DispatchFrame [offscreen_canvas_frame_dispatcher.cc : 165 + 0x21]
rbp = 0x00007f964adf8940 rsp = 0x00007f964adf7ca0
rip = 0x00007f9665bce9b9
Found by: call frame info
11 libblink_core.so!PushFrame [offscreen_canvas.cc : 303 + 0x10]
rbx = 0x0000000000000000 rbp = 0x00007f964adf89a0
rsp = 0x00007f964adf8950 r14 = 0x00007f964adff9c0
rip = 0x00007f9668cfb81e
Found by: call frame info
12 libblink_modules.so!blink::OffscreenCanvasRenderingContext2D::PushFrame() + 0x7f
rbx = 0x0000000000000000 rbp = 0x00007f964adf89e0
rsp = 0x00007f964adf89b0 r14 = 0x00007f964adff9c0
rip = 0x00007f96644f7b2f
Found by: call frame info
13 libblink_core.so!blink::WorkerAnimationFrameProvider::BeginFrame() + 0xbc
rbx = 0x0000000000000000 rbp = 0x00007f964adf8a40
rsp = 0x00007f964adf89f0 r14 = 0x00007f964adff9c0
rip = 0x00007f966908d08c
Found by: call frame info
14 libblink_platform.so!blink::BeginFrameProvider::OnBeginFrame(viz::BeginFrameArgs const&) + 0x46
rbx = 0x0000000000000000 rbp = 0x00007f964adf8a90
rsp = 0x00007f964adf8a50 r14 = 0x00007f964adff9c0
rip = 0x00007f9665991e56
Found by: call frame info
15 libblink_platform.so!Accept [compositor_frame_sink.mojom-blink.cc : 1037 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adf9570
rsp = 0x00007f964adf8aa0 r14 = 0x00007f964adff9c0
rip = 0x00007f96665770e6
Found by: call frame info
16 libblink_platform.so!viz::mojom::blink::CompositorFrameSinkClientStub<mojo::RawPtrImplRefTraits<viz::mojom::blink::CompositorFrameSinkClient> >::Accept(mojo::Message*) + 0x53
rbx = 0x0000000000000000 rbp = 0x00007f964adf95a0
rsp = 0x00007f964adf9580 r14 = 0x00007f964adff9c0
rip = 0x00007f9665992aa3
Found by: call frame info
17 libbindings.so!HandleValidatedMessage [interface_endpoint_client.cc : 419 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfa190
rsp = 0x00007f964adf95b0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8b0c65
Found by: call frame info
18 libbindings.so!mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) + 0x21
rbx = 0x0000000000000000 rbp = 0x00007f964adfa1b0
rsp = 0x00007f964adfa1a0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8af6b1
Found by: call frame info
19 libbindings.so!Accept [filter_chain.cc : 40 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfa410
rsp = 0x00007f964adfa1c0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8adb32
Found by: call frame info
20 libbindings.so!mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*) + 0xe5
rbx = 0x0000000000000000 rbp = 0x00007f964adfa580
rsp = 0x00007f964adfa420 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8b3895
Found by: call frame info
21 libbindings.so!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) + 0x61b
rbx = 0x0000000000000000 rbp = 0x00007f964adface0
rsp = 0x00007f964adfa590 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8bfddb
Found by: call frame info
22 libbindings.so!Accept [multiplex_router.cc : 589 + 0x1c]
rbx = 0x0000000000000000 rbp = 0x00007f964adfb1c0
rsp = 0x00007f964adfacf0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8bf325
Found by: call frame info
23 libbindings.so!Accept [filter_chain.cc : 40 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfb420
rsp = 0x00007f964adfb1d0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8adb32
Found by: call frame info
24 libbindings.so!mojo::Connector::ReadSingleMessage(unsigned int*) + 0x3af
rbx = 0x0000000000000000 rbp = 0x00007f964adfb7f0
rsp = 0x00007f964adfb430 r14 = 0x00007f964adff9c0
rip = 0x00007f967c89f9ef
Found by: call frame info
25 libbindings.so!ReadAllAvailableMessages [connector.cc : 472 + 0x13]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbc00
rsp = 0x00007f964adfb800 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a0a3a
Found by: call frame info
26 libbindings.so!mojo::Connector::OnHandleReadyInternal(unsigned int) + 0x105
rbx = 0x0000000000000000 rbp = 0x00007f964adfbd60
rsp = 0x00007f964adfbc10 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a0805
Found by: call frame info
27 libbindings.so!mojo::Connector::OnWatcherHandleReady(unsigned int) + 0x1b
rbx = 0x0000000000000000 rbp = 0x00007f964adfbd80
rsp = 0x00007f964adfbd70 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a06eb
Found by: call frame info
28 libbindings.so!Invoke<void (mojo::Connector::*)(unsigned int), mojo::Connector *, unsigned int> [bind_internal.h : 447 + 0x6]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbde0
rsp = 0x00007f964adfbd90 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a42cf
Found by: call frame info
29 libbindings.so!MakeItSo<void (mojo::Connector::*const &)(unsigned int), mojo::Connector *, unsigned int> [bind_internal.h : 547 + 0x20]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbe40
rsp = 0x00007f964adfbdf0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a422f
Found by: call frame info
30 libbindings.so!RunImpl<void (mojo::Connector::*const &)(unsigned int), const std::__1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > &, 0> [bind_internal.h : 621 + 0xd]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbeb0
rsp = 0x00007f964adfbe50 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a41c5
Found by: call frame info
31 libbindings.so!Run [bind_internal.h : 603 + 0x8]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbef0
rsp = 0x00007f964adfbec0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a40fb
Found by: call frame info
32 libbindings.so!Run [callback.h : 125 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbf30
rsp = 0x00007f964adfbf00 r14 = 0x00007f964adff9c0
rip = 0x00007f967c89b0ae
Found by: call frame info
33 libbindings.so!mojo::SimpleWatcher::DiscardReadyState(base::RepeatingCallback<void (unsigned int)> const&, unsigned int, mojo::HandleSignalsState const&) + 0x1f
rbx = 0x0000000000000000 rbp = 0x00007f964adfbf60
rsp = 0x00007f964adfbf40 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a333f
Found by: call frame info
34 libbindings.so!Invoke<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &> [bind_internal.h : 402 + 0x2]
rbx = 0x0000000000000000 rbp = 0x00007f964adfbfb0
rsp = 0x00007f964adfbf70 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a35bf
Found by: call frame info
35 libbindings.so!MakeItSo<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &> [bind_internal.h : 547 + 0x5]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc000
rsp = 0x00007f964adfbfc0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a355d
Found by: call frame info
36 libbindings.so!RunImpl<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &), const std::__1::tuple<base::RepeatingCallback<void (unsigned int)> > &, 0> [bind_internal.h : 621 + 0xc]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc070
rsp = 0x00007f964adfc010 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a3500
Found by: call frame info
37 libbindings.so!Run [bind_internal.h : 603 + 0x13]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc0c0
rsp = 0x00007f964adfc080 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8a3436
Found by: call frame info
38 libmojo_public_system_cpp.so!Run [callback.h : 125 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc110
rsp = 0x00007f964adfc0d0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c83475e
Found by: call frame info
39 libmojo_public_system_cpp.so!mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) + 0x1b9
rbx = 0x0000000000000000 rbp = 0x00007f964adfc2c0
rsp = 0x00007f964adfc120 r14 = 0x00007f964adff9c0
rip = 0x00007f967c8340a9
Found by: call frame info
40 libmojo_public_system_cpp.so!Invoke<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &), const base::WeakPtr<mojo::SimpleWatcher> &, const int &, const unsigned int &, const mojo::HandleSignalsState &> [bind_internal.h : 447 + 0x6]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc340
rsp = 0x00007f964adfc2d0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c834f53
Found by: call frame info
41 libmojo_public_system_cpp.so!MakeItSo<void (mojo::SimpleWatcher::*const &)(int, unsigned int, const mojo::HandleSignalsState &), const base::WeakPtr<mojo::SimpleWatcher> &, const int &, const unsigned int &, const mojo::HandleSignalsState &> [bind_internal.h : 567 + 0x20]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc3c0
rsp = 0x00007f964adfc350 r14 = 0x00007f964adff9c0
rip = 0x00007f967c834e95
Found by: call frame info
42 libmojo_public_system_cpp.so!RunImpl<void (mojo::SimpleWatcher::*const &)(int, unsigned int, const mojo::HandleSignalsState &), const std::__1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> &, 0, 1, 2, 3> [bind_internal.h : 621 + 0x24]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc470
rsp = 0x00007f964adfc3d0 r14 = 0x00007f964adff9c0
rip = 0x00007f967c834df2
Found by: call frame info
43 libmojo_public_system_cpp.so!base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState>, void ()>::Run(base::internal::BindStateBase*) + 0x2c
rbx = 0x0000000000000000 rbp = 0x00007f964adfc4a0
rsp = 0x00007f964adfc480 r14 = 0x00007f964adff9c0
rip = 0x00007f967c834c6c
Found by: call frame info
44 libbase.so!Run [callback.h : 96 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc4e0
rsp = 0x00007f964adfc4b0 r14 = 0x00007f964adff9c0
rip = 0x00007f967e4901fe
Found by: call frame info
45 libbase.so!RunTask [task_annotator.cc : 101 + 0x5]
rbx = 0x0000000000000000 rbp = 0x00007f964adfc6c0
rsp = 0x00007f964adfc4f0 r14 = 0x00007f964adff9c0
rip = 0x00007f967e4e2af2
Found by: call frame info
46 libblink_platform.so!blink::scheduler::internal::ThreadControllerImpl::DoWork(blink::scheduler::internal::SequencedTaskSource::WorkType) + 0x44d
rbx = 0x0000000000000000 rbp = 0x00007f964adfccd0
rsp = 0x00007f964adfc6d0 r14 = 0x00007f964adff9c0
rip = 0x00007f9665e6200d
Found by: call frame info
47 libblink_platform.so!Invoke<void (blink::scheduler::WorkerThreadScheduler::*)(blink::FrameScheduler::ThrottlingState), base::WeakPtr<blink::scheduler::WorkerThreadScheduler>, blink::FrameScheduler::ThrottlingState> [bind_internal.h : 447 + 0x6]
rbx = 0x0000000000000000 rbp = 0x00007f964adfcd30
rsp = 0x00007f964adfcce0 r14 = 0x00007f964adff9c0
rip = 0x00007f9665e64dd1
Found by: call frame info
48 libblink_platform.so!MakeItSo<void (blink::scheduler::WorkerThreadScheduler::*)(blink::FrameScheduler::ThrottlingState), base::WeakPtr<blink::scheduler::WorkerThreadScheduler>, blink::FrameScheduler::ThrottlingState> [bind_internal.h : 567 + 0x20]
rbx = 0x0000000000000000 rbp = 0x00007f964adfcd90
rsp = 0x00007f964adfcd40 r14 = 0x00007f964adff9c0
rip = 0x00007f9665e64d35
Found by: call frame info
49 libblink_platform.so!RunImpl<void (blink::scheduler::WorkerThreadScheduler::*)(blink::FrameScheduler::ThrottlingState), std::__1::tuple<base::WeakPtr<blink::scheduler::WorkerThreadScheduler>, blink::FrameScheduler::ThrottlingState>, 0, 1> [bind_internal.h : 621 + 0x10]
rbx = 0x0000000000000000 rbp = 0x00007f964adfce00
rsp = 0x00007f964adfcda0 r14 = 0x00007f964adff9c0
rip = 0x00007f9665e64cad
Found by: call frame info
50 libblink_platform.so!base::internal::Invoker<base::internal::BindState<void (blink::scheduler::internal::ThreadControllerImpl::*)(blink::scheduler::internal::SequencedTaskSource::WorkType), base::WeakPtr<blink::scheduler::internal::ThreadControllerImpl>, blink::scheduler::internal::SequencedTaskSource::WorkType>, void ()>::Run(base::internal::BindStateBase*) + 0x2c
rbx = 0x0000000000000000 rbp = 0x00007f964adfce30
rsp = 0x00007f964adfce10 r14 = 0x00007f964adff9c0
rip = 0x00007f9665e64bbc
Found by: call frame info
51 libbase.so!Run [callback.h : 96 + 0x9]
rbx = 0x0000000000000000 rbp = 0x00007f964adfce70
rsp = 0x00007f964adfce40 r14 = 0x00007f964adff9c0
rip = 0x00007f967e4901fe
Found by: call frame info
52 libbase.so!RunTask [task_annotator.cc : 101 + 0x5]
rbx = 0x0000000000000000 rbp = 0x00007f964adfd050
rsp = 0x00007f964adfce80 r14 = 0x00007f964adff9c0
rip = 0x00007f967e4e2af2
Found by: call frame info
53 libbase.so!base::internal::IncomingTaskQueue::RunTask(base::PendingTask*) + 0xe9
rbx = 0x0000000000000000 rbp = 0x00007f964adfd1c0
rsp = 0x00007f964adfd060 r14 = 0x00007f964adff9c0
rip = 0x00007f967e5727e9
Found by: call frame info
54 libbase.so!base::MessageLoop::RunTask(base::PendingTask*) + 0x367
rbx = 0x0000000000000000 rbp = 0x00007f964adfd480
rsp = 0x00007f964adfd1d0 r14 = 0x00007f964adff9c0
rip = 0x00007f967e57b8d7
Found by: call frame info
55 libbase.so!DeferOrRunPendingTask [message_loop.cc : 329 + 0x13]
rbx = 0x0000000000000000 rbp = 0x00007f964adfd540
rsp = 0x00007f964adfd490 r14 = 0x00007f964adff9c0
rip = 0x00007f967e57bb48
Found by: call frame info
56 libbase.so!DoWork [message_loop.cc : 373 + 0x13]
rbx = 0x0000000000000000 rbp = 0x00007f964adfd700
rsp = 0x00007f964adfd550 r14 = 0x00007f964adff9c0
rip = 0x00007f967e57be79
Found by: call frame info
57 libbase.so!base::MessagePumpDefault::Run(base::MessagePump::Delegate*) + 0x47
rbx = 0x0000000000000000 rbp = 0x00007f964adfd750
rsp = 0x00007f964adfd710 r14 = 0x00007f964adff9c0
rip = 0x00007f967e57f4a7
Found by: call frame info
58 libbase.so!Run [message_loop.cc : 271 + 0xc]
rbx = 0x0000000000000000 rbp = 0x00007f964adfda10
rsp = 0x00007f964adfd760 r14 = 0x00007f964adff9c0
rip = 0x00007f967e57b0cb
Found by: call frame info
59 libbase.so!Run [run_loop.cc : 131 + 0x20]
rbx = 0x0000000000000000 rbp = 0x00007f964adfde20
rsp = 0x00007f964adfda20 r14 = 0x00007f964adff9c0
rip = 0x00007f967e624a3d
Found by: call frame info
60 libbase.so!base::Thread::Run(base::RunLoop*) + 0x178
rbx = 0x0000000000000000 rbp = 0x00007f964adfe0d0
rsp = 0x00007f964adfde30 r14 = 0x00007f964adff9c0
rip = 0x00007f967e6d6ad8
Found by: call frame info
61 libbase.so!base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity(base::internal::LockImpl const*) + 0x2d
rbp = 0x00007f964adfe0d0 rsp = 0x00007f964adfde90
rip = 0x00007f967e7e0c8d
Found by: stack scanning
62 libbase.so!base::debug::ScopedTaskRunActivity::~ScopedTaskRunActivity() + 0x15
rbp = 0x00007f964adfe0d0 rsp = 0x00007f964adfdea0
rip = 0x00007f967e4e2f85
Found by: stack scanning
63 libbase.so!base::internal::LockImpl::Unlock() + 0x60
rbp = 0x00007f964adfe0d0 rsp = 0x00007f964adfdef0
rip = 0x00007f967e48ba60
Found by: stack scanning
64 libbase.so!base::internal::LockImpl::Unlock() + 0x60
rbp = 0x00007f964adfe0d0 rsp = 0x00007f964adfdf30
rip = 0x00007f967e48ba60
Found by: stack scanning
65 libbase.so!SignalAll [list : 1020 + 0x8]
rbp = 0x00007f964adfe0d0 rsp = 0x00007f964adfdf80
rip = 0x00007f967e7e103c
Found by: stack scanning
Comment 1 by fs...@chromium.org
, May 15 2018Status: Duplicate (was: Assigned)