Found with m-c 20190228-2ea0c1db7e60

I am currently reducing the test case and will attach it once complete. The machine does kernel panic frequently while reducing this test case (MacOS 10.13.6).

rax = 0x0000000000000003   rdx = 0x0000000000000006
rcx = 0x00000001441d8fe8   rbx = 0x0000000146f1ce64
rsi = 0x0000000000000008   rdi = 0x0000000143202000
rbp = 0x00007000065c59a0   rsp = 0x00007000065c5930
r8 = 0x0000000000000000    r9 = 0x0000000000000000
r10 = 0x0000000143d1ca60   r11 = 0x0000000000000001
r12 = 0x0000000000000000   r13 = 0x0000000104010000
r14 = 0x0000000000000006   r15 = 0x0000000000000006
rip = 0x000000011279fa8f
OS|Mac OS X|10.13.6 17G5019
CPU|amd64|family 6 model 23 stepping 10|2
GPU|||
Crash|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS|0x441d9000|19
19|0|GeForceTeslaGLDriver||||0x59fa8f
19|1|GeForceTeslaGLDriver||||0x59eb89
19|2|GeForceTeslaGLDriver||||0x2c6441
19|3|GLEngine|glDrawElementsInstanced_ACC_GL3Exec|||0x161
19|4|XUL|<gleam::gl::ErrorCheckingGl as gleam::gl::Gl>::draw_elements_instanced|hg:hg.mozilla.org/mozilla-central:third_party/rust/gleam/src/gl.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|85|0xa
19|5|XUL|webrender::renderer::Renderer::draw_instanced_batch|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/device/gl.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|2570|0x1b
19|6|XUL|webrender::renderer::Renderer::draw_color_target::{{closure}}|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|3382|0x5
19|7|XUL|webrender::renderer::Renderer::draw_color_target|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|3250|0xc
19|8|XUL|webrender::renderer::Renderer::draw_tile_frame|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|4110|0x42
19|9|XUL|webrender::profiler::TimeProfileCounter::profile|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|2635|0x25
19|10|XUL|webrender::renderer::Renderer::render_impl|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|2585|0x8
19|11|XUL|webrender::renderer::Renderer::render|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|2510|0x5
19|12|XUL|wr_renderer_render|hg:hg.mozilla.org/mozilla-central:gfx/webrender_bindings/src/bindings.rs:d4e19870e27fbe3552bec2b961acc96f3222ea80|679|0x8
19|13|XUL|mozilla::wr::RendererOGL::UpdateAndRender(mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool, mozilla::wr::RendererStats*)|hg:hg.mozilla.org/mozilla-central:gfx/webrender_bindings/RendererOGL.cpp:d4e19870e27fbe3552bec2b961acc96f3222ea80|121|0xe
19|14|XUL|mozilla::wr::RenderThread::UpdateAndRender(mozilla::wr::WrWindowId, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType> const&, mozilla::TimeStamp const&, bool, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool)|hg:hg.mozilla.org/mozilla-central:gfx/webrender_bindings/RenderThread.cpp:d4e19870e27fbe3552bec2b961acc96f3222ea80|369|0x1a
19|15|XUL|mozilla::wr::RenderThread::HandleFrame(mozilla::wr::WrWindowId, bool)|hg:hg.mozilla.org/mozilla-central:gfx/webrender_bindings/RenderThread.cpp:d4e19870e27fbe3552bec2b961acc96f3222ea80|262|0xd
19|16|XUL|mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), true, (mozilla::RunnableKind)0, mozilla::wr::WrWindowId, bool>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:d4e19870e27fbe3552bec2b961acc96f3222ea80|1122|0x2
19|17|XUL|MessageLoop::RunTask(already_AddRefed<nsIRunnable>)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|442|0x6
19|18|XUL|MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|450|0x8
19|19|XUL|MessageLoop::DoWork()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|523|0xb
19|20|XUL|base::MessagePumpDefault::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_default.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|35|0xa
19|21|XUL|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|308|0x5
19|22|XUL|base::Thread::ThreadMain()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/thread.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|192|0x8
19|23|XUL|ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/platform_thread_posix.cc:d4e19870e27fbe3552bec2b961acc96f3222ea80|40|0x6
19|24|libsystem_pthread.dylib|_pthread_body|||0x154
19|25|libsystem_pthread.dylib|_pthread_start|||0x179
19|26|libsystem_pthread.dylib|thread_start|||0xd
19|27|XUL||||0x7d0c30

Sounds like maybe a hardware issue? Bug 1525056 looks similar. Jeff, this might be interesting for you, as it sounds like this failure is at least somewhat reproduceable.

Tyson, do you still see anything like this?

(In reply to Jeff Muizelaar [:jrmuizel] from comment #2)

Tyson, do you still see anything like this?

The test case I have no longer reproduces the issue. The fuzzers also have not reported the issue since March. I will run one MacOS machine exclusively with webrender enabled and see if I hit it again. In the meantime feel free to close this.