Crash seen here:
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac%20FYI%20Experimental%20Retina%20Release%20%28AMD%29/4166
Test:
WebglConformance_deqp_functional_gles3_transformfeedback_array_interleaved_lines
Swarming shard:
https://chromium-swarm.appspot.com/task?id=3f648b168afbb110&refresh=10&show_raw=1
Log excerpt:
Operating system: char signed char::* OS X
10.13.6 17G65
CPU: amd64
family 6 model 70 stepping 1
8 CPUs
GPU: UNKNOWN
Crash reason: EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE
Crash address: 0x1e19d46018
Process uptime: 363 seconds
Thread 0 (crashed)
0 Chromium Framework!blink::ObjectAliveTrait<blink::Document, false>::IsHeapObjectAlive(blink::Document const*) + 0x16
rax = 0x00000000e51f85df rdx = 0x00000024c8f8a888
rcx = 0x00000000000000a0 rbx = 0x0000001e19d46020
rsi = 0x00000024c8f8a888 rdi = 0x0000001e19d46020
rbp = 0x00007ffeef0c7ff0 rsp = 0x00007ffeef0c7eb0
r8 = 0x0000000000000014 r9 = 0x00007fc747463300
r10 = 0x000007fc747449a8 r11 = 0x0000000000000015
r12 = 0x00000001159b9940 r13 = 0x0000000000000001
r14 = 0x00007fc7474a6dc0 r15 = 0x00007fc74390e7a0
rip = 0x00000001120f6f26
Found by: given as instruction pointer in context
1 Chromium Framework!void blink::Visitor::HandleWeakCell<blink::Document>(blink::Visitor*, void*) + 0x1b
rbp = 0x00007ffeef0c8010 rsp = 0x00007ffeef0c8000
rip = 0x00000001120f6efb
Found by: previous frame'short frame pointer
2 Chromium Framework!blink::ThreadHeap::WeakProcessing(blink::Visitor*) + 0xba
rbp = 0x00007ffeef0c8190 rsp = 0x00007ffeef0c8020
rip = 0x000000010ce151da
Found by: previous frame'short frame pointer
3 Chromium Framework!blink::ThreadState::MarkPhaseEpilogue(blink::BlinkGC::MarkingType) + 0x3f
rbp = 0x00007ffeef0c81c0 rsp = 0x00007ffeef0c81a0
rip = 0x000000010ce37b8f
Found by: previous frame'short frame pointer
4 Chromium Framework!blink::ThreadState::RunAtomicPause(blink::BlinkGC::StackState, blink::BlinkGC::MarkingType, blink::BlinkGC::SweepingType, blink::BlinkGC::GCReason) + 0x1c1
rbp = 0x00007ffeef0c8370 rsp = 0x00007ffeef0c81d0
rip = 0x000000010ce37821
Found by: previous frame'short frame pointer
5 Chromium Framework!blink::ThreadState::CollectGarbage(blink::BlinkGC::StackState, blink::BlinkGC::MarkingType, blink::BlinkGC::SweepingType, blink::BlinkGC::GCReason) + 0x151
rbp = 0x00007ffeef0c8520 rsp = 0x00007ffeef0c8380
rip = 0x000000010ce2fc11
Found by: previous frame'short frame pointer
6 Chromium Framework!blink::ThreadState::IncrementalMarkingFinalize() + 0xd7
rbp = 0x00007ffeef0c8680 rsp = 0x00007ffeef0c8530
rip = 0x000000010ce2f6c7
Found by: previous frame'short frame pointer
7 Chromium Framework!blink::ThreadState::RunScheduledGC(blink::BlinkGC::StackState) + 0xba
rbp = 0x00007ffeef0c87e0 rsp = 0x00007ffeef0c8690
rip = 0x000000010ce35b3a
Found by: previous frame'short frame pointer
8 Chromium Framework!blink::ThreadState::SafePoint(blink::BlinkGC::StackState) + 0x71
rbp = 0x00007ffeef0c8940 rsp = 0x00007ffeef0c87f0
rip = 0x000000010ce36b41
Found by: previous frame'short frame pointer
9 Chromium Framework!base::sequence_manager::internal::SequenceManagerImpl::NotifyDidProcessTask(base::sequence_manager::internal::SequenceManagerImpl::ExecutingTask*, base::sequence_manager::LazyNow*) + 0x3f5
rbp = 0x00007ffeef0c8b50 rsp = 0x00007ffeef0c8950
rip = 0x000000010d858ee5
Found by: previous frame'short frame pointer
10 Chromium Framework!base::sequence_manager::internal::SequenceManagerImpl::DidRunTask() + 0x5f
rbp = 0x00007ffeef0c8ba0 rsp = 0x00007ffeef0c8b60
rip = 0x000000010d858a0f
Found by: previous frame'short frame pointer
...
Demangled excerpt of the test's log is attached.
Have only seen one instance of this crash so far, so marking this P2 and blocking it on previously filed P1s in this area. Can any progress be made on this report without a reliable reproduction?
|
Deleted:
stack-filt.txt
93.4 KB
|
Comment 1 by mlippautz@chromium.org
, Dec 10Status: Duplicate (was: Untriaged)