New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 843274 link

Starred by 3 users
Status: Assigned
Owner:
mlippautz@chromium.org
Cc:
hpayer@chromium.org
jdarpinian@chromium.org
u...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug


Show other hotlists

Hotlists containing this issue:
Hotlist-1
Hotlist-2


Sign in to add a comment

Crash inside chrome!Free<(lambda at ../../v8/src/heap/array-buffer-tracker-inl.h:82:17)> in webgl2_conformance_gl_passthrough_tests

Project Member Reported by kbr@chromium.org, May 15 2018 
In this waterfall build:
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20FYI%20Release%20%28NVIDIA%29/2145

WebglConformance_deqp_functional_gles3_fbocolorbuffer_texcube_05 was seen to fail in https://chromium-swarm.appspot.com/task?id=3d7d5b834d4df210&refresh=10&show_raw=1 because of the following renderer process crash:

	Operating system: Linux
	                  0.0.0 Linux 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64
	CPU: amd64
	     family 6 model 60 stepping 3
	     1 CPU
	
	GPU: UNKNOWN
	
	Crash reason:  SIGSEGV
	Crash address: 0xffffccd06f2dd8f2
	Process uptime: not available
	
	Thread 19 (crashed)
	 0  chrome!Free<(lambda at ../../v8/src/heap/array-buffer-tracker-inl.h:82:17)> [array-buffer-tracker-inl.h : 57 + 0x0]
	    rax = 0x0000000000000ad8   rdx = 0x00003122ea500000
	    rcx = 0x0000000000000000   rbx = 0x0000000000000001
	    rsi = 0x00000000000c0003   rdi = 0x0000000000010000
	    rbp = 0x00007f008280feb0   rsp = 0x00007f008280fe10
	     r8 = 0x0000000000010000    r9 = 0x0000000000001b1b
	    r10 = 0x00007f00828104e0   r11 = 0x000000003b4dab78
	    r12 = 0xffffccd06f2dd8e2   r13 = 0x0000332c690d9c00
	    r14 = 0xffffccd06f2dd8e2   r15 = 0x00003122ea52b601
	    rip = 0x00007f00a5bfd740
	    Found by: given as instruction pointer in context
	 1  chrome!RawSweep [array-buffer-tracker-inl.h : 82 + 0x8]
	    rbx = 0x0000332c690d9c00   rbp = 0x00007f0082810020
	    rsp = 0x00007f008280fec0   r12 = 0x0000332c694b9e90
	    r13 = 0x0000332c684b9700   r14 = 0x0000332c684b9700
	    r15 = 0x00003122ea500000   rip = 0x00007f00a5bf9282
	    Found by: call frame info
	 2  chrome!RunInternal [sweeper.cc : 582 + 0x15]
	    rbx = 0x00003122ea500000   rbp = 0x00007f0082810130
	    rsp = 0x00007f0082810030   r12 = 0x0000332c694b9e90
	    r13 = 0x0000332c684b9700   r14 = 0x0000332c694b9e60
	    r15 = 0x0000332c691ca460   rip = 0x00007f00a5bfde52
	    Found by: call frame info
	 3  chrome!RunTask [callback.h : 96 + 0x3]
	    rbx = 0x00007f00ac17a310   rbp = 0x00007f0082810340
	    rsp = 0x00007f0082810140   r12 = 0x0000332c6840bc68
	    r13 = 0x00007f0082810570   r14 = 0x0000000000000000
	    r15 = 0x00007f00a1b18701   rip = 0x00007f00a67466a0
	    Found by: call frame info
	 4  chrome!RunOrSkipTask [task_tracker.cc : 479 + 0xd]
	    rbx = 0x0000332c6840bc68   rbp = 0x00007f0082810560
	    rsp = 0x00007f0082810350   r12 = 0x00007f00aba5d520
	    r13 = 0x00007f0082810570   r14 = 0x0000000000000000
	    r15 = 0x00007f00a1b18701   rip = 0x00007f00a67b99df
	    Found by: call frame info
	 5  chrome!RunOrSkipTask [task_tracker_posix.cc : 23 + 0x16]
	    rbx = 0x0000332c6840bc60   rbp = 0x00007f0082810760
	    rsp = 0x00007f0082810570   r12 = 0x00007f0082810770
	    r13 = 0x00007f0082810608   r14 = 0x00007f0082810570
	    r15 = 0x0000000000000001   rip = 0x00007f00a681211b
	    Found by: call frame info
	 6  chrome!RunAndPopNextTask [task_tracker.cc : 372 + 0x16]
	    rbx = 0x0000000000000001   rbp = 0x00007f0082810a20
	    rsp = 0x00007f0082810770   r12 = 0x0000332c6840bc60
	    r13 = 0x00007f0082810a01   r14 = 0x00007f0082810770
	    r15 = 0x0000332c6840bc60   rip = 0x00007f00a67b8d66
	    Found by: call frame info
	 7  chrome!RunWorker [scheduler_worker.cc : 313 + 0x13]
	    rbx = 0x0000000000000001   rbp = 0x00007f0082810c00
	    rsp = 0x00007f0082810a30   r12 = 0x0000332c691d5e00
	    r13 = 0x00007f0082810aa0   r14 = 0x0000332c691d5eb8
	    r15 = 0x0000332c691d5e58   rip = 0x00007f00a67b56f7
	    Found by: call frame info
	 8  chrome!base::internal::SchedulerWorker::RunPooledWorker() + 0x14
	    rbx = 0x0000332c6879bf30   rbp = 0x00007f0082810c20
	    rsp = 0x00007f0082810c10   r12 = 0x00007f0082811700
	    r13 = 0x0000000000000000   r14 = 0x0000332c691d5e00
	    r15 = 0x0000332c683ebc60   rip = 0x00007f00a67b5484
	    Found by: call frame info
	 9  chrome!ThreadFunc [platform_thread_posix.cc : 76 + 0x8]
	    rbx = 0x0000332c6879bf30   rbp = 0x00007f0082810c50
	    rsp = 0x00007f0082810c30   r12 = 0x00007f0082811700
	    r13 = 0x0000000000000000   r14 = 0x0000332c691d5e00
	    r15 = 0x0000332c683ebc60   rip = 0x00007f00a6812a2f
	    Found by: call frame info
	10  libpthread-2.19.so + 0x8182
	    rbx = 0x00007f0082811700   rbp = 0x0000000000000000
	    rsp = 0x00007f0082810c60   r12 = 0x0000000000000000
	    r13 = 0x0000000000000000   r14 = 0x00007f00828119c0
	    r15 = 0x00007f0082811700   rip = 0x00007f00a0ef7182
	    Found by: call frame info
	11  libc-2.19.so + 0xfa47d
	    rsp = 0x00007f0082810d00   rip = 0x00007f009b35247d
	    Found by: stack scanning


Minidump is here:
gs://chrome-telemetry-output/minidump-2018-05-15_09-04-25-594138.dmp

V8 GC folks: could you please take a look and see if anything can be learned from this one crash instance? Thanks.

Comment 1 by hpayer@chromium.org, May 16 2018

Cc: -mlippautz@chromium.org hpayer@chromium.org
Owner: mlippautz@chromium.org
Status: Assigned (was: Untriaged)
Michael, Mr. array buffer tracker, can you have a look?

Sign in to add a comment