webgl2_conformance_tests failing on chromium.gpu.fyi/Mac FYI GPU ASAN Release |
|||||
Issue descriptionFiled by sheriff-o-matic@appspot.gserviceaccount.com on behalf of sunnyps@chromium.org webgl2_conformance_tests failing on chromium.gpu.fyi/Mac FYI GPU ASAN Release Builders failed on: - Mac FYI GPU ASAN Release: https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac%20FYI%20GPU%20ASAN%20Release Stack trace: [111/139] gpu_tests.webgl_conformance_integration_test.WebGLConformanceIntegrationTest.WebglConformance_deqp_functional_gles3_shaderoperator_binary_operator_00 passed 137.0312s Received signal 11 SEGV_MAPERR 5e9fd4280008 0 Chromium Framework 0x00000001199e99dc base::debug::StackTrace::StackTrace(unsigned long) + 28 1 Chromium Framework 0x00000001199e96d7 base::debug::(anonymous namespace)::StackDumpSignalHandler(int, __siginfo*, void*) + 4135 2 libsystem_platform.dylib 0x00007fff979b9b3a _sigtramp + 26 3 Chromium Framework 0x0000000115cb1837 v8::internal::AlignedAllocVirtualMemory(unsigned long, unsigned long, void*, v8::internal::VirtualMemory*) + 359 4 Chromium Framework 0x0000000116b3330e v8::internal::ScavengingTask::RunInParallel() + 1470 5 Chromium Framework 0x0000000116b5974e v8::internal::ItemParallelJob::Task::RunInternal() + 318 6 Chromium Framework 0x0000000119772e18 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 856 7 Chromium Framework 0x00000001199264bc base::internal::TaskTracker::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, bool) + 2204 8 Chromium Framework 0x0000000119a0fa98 base::internal::TaskTrackerPosix::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, bool) + 392 9 Chromium Framework 0x0000000119923fcd base::internal::TaskTracker::RunAndPopNextTask(scoped_refptr<base::internal::Sequence>, base::internal::CanScheduleSequenceObserver*) + 1389 10 Chromium Framework 0x0000000119905614 base::internal::SchedulerWorker::RunWorker() + 1412 11 Chromium Framework 0x0000000119904d96 base::internal::SchedulerWorker::RunPooledWorker() + 198 12 Chromium Framework 0x0000000119a10a4e base::(anonymous namespace)::ThreadFunc(void*) + 206 13 libsystem_pthread.dylib 0x00007fff979c393b _pthread_body + 180 14 libsystem_pthread.dylib 0x00007fff979c3887 _pthread_body + 0 15 libsystem_pthread.dylib 0x00007fff979c308d thread_start + 13 [end of stack trace] There's a v8 autoroll in the regression range: https://chromium.googlesource.com/v8/v8/+log/b12c0e2e..6856800e But nothing there seems related. sigurds@ can you please confirm?
,
Sep 10
These definitely look flaky
,
Sep 10
The most recent failure: https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac%20FYI%20GPU%20ASAN%20Release/1863 https://chromium-swarm.appspot.com/task?id=3fdc005b45d52710&refresh=10&show_raw=1 is a crash in Blink's incremental marking for Oilpan. Could someone from the Oilpan team please look into this? Operating system: Mac OS X 10.13.6 17G65 CPU: amd64 family 6 model 70 stepping 1 8 CPUs GPU: UNKNOWN Crash reason: EXC_BREAKPOINT / EXC_I386_BPT Crash address: 0x1158be8f1 Process uptime: 611 seconds Thread 0 (crashed) 0 Chromium Framework!__ZN4base5debug13BreakDebuggerEv + 0x11 rax = 0x0000000115997a90 rdx = 0x0000622000169936 rcx = 0x0000000000000019 rbx = 0x00007ffeea6af680 rsi = 0x000000000000039b rdi = 0x000000012c4bac8c rbp = 0x00007ffeea6aea30 rsp = 0x00007ffeea6aea30 r8 = 0x000062200016994f r9 = 0x0000000000001364 r10 = 0x0000622000169936 r11 = 0x00007ffeea6aec38 r12 = 0x00007ffeea6af788 r13 = 0x00007ffeea6af660 r14 = 0x00007ffeea6af100 r15 = 0x00001fffdd4d5d48 rip = 0x00000001158be8f1 Found by: given as instruction pointer in context 1 Chromium Framework!__ZN7logging10LogMessageD2Ev + 0x1349 rbp = 0x00007ffeea6af770 rsp = 0x00007ffeea6aea40 rip = 0x00000001155c6179 Found by: previous frame's frame pointer 2 Chromium Framework!__ZNK5blink16HeapObjectHeader11CheckHeaderEv + 0x56 rbp = 0x00007ffeea6af8c0 rsp = 0x00007ffeea6af780 rip = 0x00000001138785a6 Found by: previous frame's frame pointer 3 Chromium Framework!__ZN5blink7Visitor14HandleWeakCellINS_8DocumentEEEvPS0_Pv + 0x4a rbp = 0x00007ffeea6af8f0 rsp = 0x00007ffeea6af8d0 rip = 0x0000000123c90d1a Found by: previous frame's frame pointer 4 Chromium Framework!__ZN5blink10ThreadHeap14WeakProcessingEPNS_7VisitorE + 0x2d2 rbp = 0x00007ffeea6afea0 rsp = 0x00007ffeea6af900 rip = 0x000000011387ebb2 Found by: previous frame's frame pointer 5 Chromium Framework!__ZN5blink11ThreadState17MarkPhaseEpilogueENS_7BlinkGC11MarkingTypeE + 0x92 rbp = 0x00007ffeea6afef0 rsp = 0x00007ffeea6afeb0 rip = 0x00000001138e1592 Found by: previous frame's frame pointer 6 Chromium Framework!__ZN5blink11ThreadState14RunAtomicPauseENS_7BlinkGC10StackStateENS1_11MarkingTypeENS1_12SweepingTypeENS1_8GCReasonE + 0x4aa rbp = 0x00007ffeea6b03b0 rsp = 0x00007ffeea6aff00 rip = 0x00000001138e0bba Found by: previous frame's frame pointer 7 Chromium Framework!__ZN5blink11ThreadState14CollectGarbageENS_7BlinkGC10StackStateENS1_11MarkingTypeENS1_12SweepingTypeENS1_8GCReasonE + 0x30b rbp = 0x00007ffeea6b0810 rsp = 0x00007ffeea6b03c0 rip = 0x00000001138cd3cb Found by: previous frame's frame pointer 8 Chromium Framework!__ZN5blink11ThreadState26IncrementalMarkingFinalizeEv + 0x3e2 rbp = 0x00007ffeea6b0d70 rsp = 0x00007ffeea6b0820 rip = 0x00000001138cc2d2 Found by: previous frame's frame pointer 9 Chromium Framework!__ZN5blink11ThreadState14RunScheduledGCENS_7BlinkGC10StackStateE + 0x305 rbp = 0x00007ffeea6b0fb0 rsp = 0x00007ffeea6b0d80 rip = 0x00000001138d7b75 Found by: previous frame's frame pointer 10 Chromium Framework!__ZN5blink11ThreadState9SafePointENS_7BlinkGC10StackStateE + 0x128 rbp = 0x00007ffeea6b11d0 rsp = 0x00007ffeea6b0fc0 rip = 0x00000001138de3a8 Found by: previous frame's frame pointer 11 Chromium Framework!__ZN4base16sequence_manager8internal19SequenceManagerImpl20NotifyDidProcessTaskEPNS2_13ExecutingTaskEPNS0_7LazyNowE + 0x4b7 rbp = 0x00007ffeea6b1dd0 rsp = 0x00007ffeea6b11e0 rip = 0x0000000115758c17 Found by: previous frame's frame pointer 12 Chromium Framework!__ZN4base16sequence_manager8internal19SequenceManagerImpl10DidRunTaskEv + 0x17e rbp = 0x00007ffeea6b1ef0 rsp = 0x00007ffeea6b1de0 rip = 0x00000001157584ae Found by: previous frame's frame pointer 13 Chromium Framework!__ZN4base16sequence_manager8internal20ThreadControllerImpl6DoWorkENS2_8WorkTypeE + 0xc09 rbp = 0x00007ffeea6b3570 rsp = 0x00007ffeea6b1f00 rip = 0x00000001157882f9 Found by: previous frame's frame pointer 14 Chromium Framework!__ZN4base8internal7InvokerINS0_9BindStateIMNS_16sequence_manager8internal20ThreadControllerImplEFvNS5_8WorkTypeEEJNS_7WeakPtrIS5_EES6_EEEFvvEE3RunEPNS0_13BindStateBaseE + 0x245 rbp = 0x00007ffeea6b37b0 rsp = 0x00007ffeea6b3580 rip = 0x000000011578d105 Found by: previous frame's frame pointer 15 Chromium Framework!__ZN4base5debug13TaskAnnotator7RunTaskEPKcPNS_11PendingTaskE + 0x358 rbp = 0x00007ffeea6b3b30 rsp = 0x00007ffeea6b37c0 rip = 0x000000011557e908 Found by: previous frame's frame pointer 16 Chromium Framework!__ZN4base11MessageLoop7RunTaskEPNS_11PendingTaskE + 0x351 rbp = 0x00007ffeea6b3e70 rsp = 0x00007ffeea6b3b40 rip = 0x0000000115611e21 Found by: previous frame's frame pointer 17 Chromium Framework!__ZN4base11MessageLoop6DoWorkEv + 0x501 rbp = 0x00007ffeea6b41f0 rsp = 0x00007ffeea6b3e80 rip = 0x0000000115612c51 Found by: previous frame's frame pointer 18 Chromium Framework!__ZN4base24MessagePumpCFRunLoopBase7RunWorkEv + 0x14d rbp = 0x00007ffeea6b42e0 rsp = 0x00007ffeea6b4200 rip = 0x000000011561f5ad Found by: previous frame's frame pointer 19 Chromium Framework!__ZN4base3mac15CallWithEHFrameEU13block_pointerFvvE + 0xa rbp = 0x00007ffeea6b42f0 rsp = 0x00007ffeea6b42f0 rip = 0x00000001155ce08a Found by: previous frame's frame pointer 20 Chromium Framework!__ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv + 0x176 rbp = 0x00007ffeea6b43f0 rsp = 0x00007ffeea6b4300 rip = 0x000000011561db36 Found by: previous frame's frame pointer 21 CoreFoundation + 0xa3a11 rbp = 0x00007ffeea6b4400 rsp = 0x00007ffeea6b4400 rip = 0x00007fff4c710a11 Found by: previous frame's frame pointer 22 CoreFoundation + 0x15d42c rbp = 0x00007ffeea6b4430 rsp = 0x00007ffeea6b4410 rip = 0x00007fff4c7ca42c Found by: previous frame's frame pointer 23 CoreFoundation + 0x86470 rbp = 0x00007ffeea6b4490 rsp = 0x00007ffeea6b4440 rip = 0x00007fff4c6f3470 Found by: previous frame's frame pointer
,
Sep 11
That's a crash in the atomic pause of marking where we encounter a broken object during weakness processing. It's triggered by the incremental marker but the weak processing is the same for all GC types. The interesting part here is Framework!__ZN5blink7Visitor14HandleWeakCellINS_8DocumentEEEvPS0_Pv + 0x4a which supposedly means that a WeakMember<Document> is somehow broken. The uses are https://cs.chromium.org/search/?q=WeakMember%3CDocument%3E&sq=package:chromium Unfortunately, the handlers are mostly aliased as they all just reset the a memory address after checking an objects mark bits. Unless there's a somewhat reproducing case I don't think there's anything we can do.
,
Sep 11
Will try to run the conformance tests with the blink flag HeapIncrementalMarkingStress. Maybe we can flush something out.
,
Sep 14
cc'ing pixel wrangler for awareness. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by sunn...@chromium.org
, Jul 2