My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 47080: Reliability regression in WebCore::HTML5DocumentParser::write
1 person starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  tonyg@chromium.org
Closed:  Jun 2010
Cc:  esei...@chromium.org, abarth@chromium.org, tkent@chromium.org
M-6

Restricted
  • Only users with EditIssue permission may comment.


Sign in to add a comment
 
Project Member Reported by robertsh...@chromium.org, Jun 21, 2010 
Build log:

http://build.chromium.org/buildbot/waterfall/builders/Chromium%20Reliability/builds/10586/steps/reliability:%20partial%20result%20of%20current%20build/logs/stdio

REGRESSION: NEW crash stack traces found
--------------------
Repro information:
Unfiltered URL: http://images.hollywoodgrind.com:9000/images/2008/5/selena-gomez-and-demi-lovato-1.png

Stack trace:
chrome_2580000!WebCore::HTML5DocumentParser::write+0x93 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 295]
chrome_2580000!WebCore::Document::write+0x69 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp @ 1980]
chrome_2580000!WebCore::Document::write+0x21 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp @ 1991]
chrome_2580000!WebCore::V8HTMLDocument::writeCallback+0x3d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\custom\v8htmldocumentcustom.cpp @ 115]
chrome_2580000!v8::internal::HandleApiCallHelper<0>+0x167 [c:\b\slave\chromium-rel-xp\build\src\v8\src\builtins.cc @ 971]
chrome_2580000!v8::internal::Builtin_HandleApiCall+0xf [c:\b\slave\chromium-rel-xp\build\src\v8\src\builtins.cc @ 988]
chrome_2580000!v8::internal::Invoke+0xc8 [c:\b\slave\chromium-rel-xp\build\src\v8\src\execution.cc @ 96]
chrome_2580000!v8::internal::Execution::Call+0x26 [c:\b\slave\chromium-rel-xp\build\src\v8\src\execution.cc @ 121]
chrome_2580000!v8::Script::Run+0x156 [c:\b\slave\chromium-rel-xp\build\src\v8\src\api.cc @ 1250]
chrome_2580000!WebCore::V8Proxy::runScript+0x109 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\v8proxy.cpp @ 452]
chrome_2580000!WebCore::V8Proxy::evaluate+0x169 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\v8proxy.cpp @ 403]
chrome_2580000!WebCore::ScriptController::evaluate+0x10d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\scriptcontroller.cpp @ 251]
chrome_2580000!WebCore::ScriptController::executeScript+0x8c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\scriptcontrollerbase.cpp @ 62]
chrome_2580000!WebCore::HTML5DocumentParser::executeScript+0x8a [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 403]
chrome_2580000!WebCore::HTML5ScriptRunner::runScript+0xed [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5scriptrunner.cpp @ 275]
chrome_2580000!WebCore::HTML5ScriptRunner::execute+0x14 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5scriptrunner.cpp @ 180]
chrome_2580000!WebCore::HTML5DocumentParser::pumpLexer+0x179 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 214]
chrome_2580000!WebCore::HTML5DocumentParser::write+0x8c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 294]
chrome_2580000!WebCore::Document::write+0x69 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp @ 1980]
chrome_2580000!WebCore::Document::write+0x21 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp @ 1991]
chrome_2580000!WebCore::V8HTMLDocument::writeCallback+0x3d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\custom\v8htmldocumentcustom.cpp @ 115]
chrome_2580000!v8::internal::HandleApiCallHelper<0>+0x167 [c:\b\slave\chromium-rel-xp\build\src\v8\src\builtins.cc @ 971]
chrome_2580000!v8::internal::Builtin_HandleApiCall+0xf [c:\b\slave\chromium-rel-xp\build\src\v8\src\builtins.cc @ 988]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0x61f010e
0x6891612
chrome_2580000!v8::internal::Invoke+0xc8 [c:\b\slave\chromium-rel-xp\build\src\v8\src\execution.cc @ 96]
chrome_2580000!v8::internal::Execution::Call+0x26 [c:\b\slave\chromium-rel-xp\build\src\v8\src\execution.cc @ 121]
chrome_2580000!v8::Script::Run+0x156 [c:\b\slave\chromium-rel-xp\build\src\v8\src\api.cc @ 1250]
chrome_2580000!WebCore::V8Proxy::runScript+0x109 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\v8proxy.cpp @ 452]
chrome_2580000!WebCore::V8Proxy::evaluate+0x169 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\v8proxy.cpp @ 403]
chrome_2580000!WebCore::ScriptController::evaluate+0x10d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\v8\scriptcontroller.cpp @ 251]
chrome_2580000!WebCore::ScriptController::executeScript+0x8c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\bindings\scriptcontrollerbase.cpp @ 62]
chrome_2580000!WebCore::HTML5DocumentParser::executeScript+0x8a [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 403]
chrome_2580000!WebCore::HTML5ScriptRunner::executePendingScript+0xda [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5scriptrunner.cpp @ 122]
chrome_2580000!WebCore::HTML5ScriptRunner::executeParsingBlockingScripts+0x50 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5scriptrunner.cpp @ 200]
chrome_2580000!WebCore::HTML5ScriptRunner::executeScriptsWaitingForLoad+0x5 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5scriptrunner.cpp @ 216]
chrome_2580000!WebCore::HTML5DocumentParser::notifyFinished+0x2c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\html5documentparser.cpp @ 422]
chrome_2580000!WebCore::CachedImage::checkNotify+0x3a [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\cachedimage.cpp @ 323]
chrome_2580000!WebCore::CachedScript::data+0x6d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\cachedscript.cpp @ 97]
chrome_2580000!WebCore::Loader::Host::didFinishLoading+0xd2 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\loader.cpp @ 407]
chrome_2580000!WebCore::SubresourceLoader::didFinishLoading+0x26 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\subresourceloader.cpp @ 196]
chrome_2580000!WebCore::ResourceLoader::didFinishLoading+0x7 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\resourceloader.cpp @ 444]
chrome_2580000!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest+0x18c [c:\b\slave\chromium-rel-xp\build\src\webkit\glue\weburlloader_impl.cc @ 580]
chrome_2580000!ResourceDispatcher::OnRequestComplete+0x8f [c:\b\slave\chromium-rel-xp\build\src\chrome\common\resource_dispatcher.cc @ 469]
chrome_2580000!IPC::MessageWithTuple<Tuple3<int,URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >::Dispatch<ResourceDispatcher,void (__thiscall ResourceDispatcher::*)(int,URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)>+0x5b [c:\b\slave\chromium-rel-xp\build\src\ipc\ipc_message_utils.h @ 1044]
chrome_2580000!ResourceDispatcher::DispatchMessageW+0xa1 [c:\b\slave\chromium-rel-xp\build\src\chrome\common\resource_dispatcher.cc @ 536]
chrome_2580000!ResourceDispatcher::OnMessageReceived+0x27f [c:\b\slave\chromium-rel-xp\build\src\chrome\common\resource_dispatcher.cc @ 302]
chrome_2580000!ChildThread::OnMessageReceived+0x1d [c:\b\slave\chromium-rel-xp\build\src\chrome\common\child_thread.cc @ 124]
chrome_2580000!RunnableMethod<BrowsingDataLocalStorageHelper,void (__thiscall BrowsingDataLocalStorageHelper::*)(FilePath const &),Tuple1<FilePath> >::Run+0x17 [c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 323]
chrome_2580000!MessageLoop::RunTask+0xff [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 341]
chrome_2580000!MessageLoop::DoWork+0x176 [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 456]
chrome_2580000!base::MessagePumpDefault::Run+0x117 [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_default.cc @ 50]
chrome_2580000!MessageLoop::RunInternal+0x92 [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 214]
chrome_2580000!MessageLoop::Run+0x5b [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 165]
chrome_2580000!RendererMain+0x33f [c:\b\slave\chromium-rel-xp\build\src\chrome\renderer\renderer_main.cc @ 294]
chrome_2580000!ChromeMain+0xab2 [c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_dll_main.cc @ 759]
chrome!MainDllLoader::Launch+0x199 [c:\b\slave\chromium-rel-xp\build\src\chrome\app\client_util.cc @ 201]
chrome!wWinMain+0x97 [c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_exe_main.cc @ 47]
chrome!__tmainCRTStartup+0x112 [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 263]
kernel32!RegisterWaitForInputIdle+0x49
Jun 21, 2010
#1 bugdroid1@gmail.com 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=50380 

------------------------------------------------------------------------
r50380 | robertshield@chromium.org | 2010-06-21 13:41:16 -0700 (Mon, 21 Jun 2010) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=50380&r2=50379

Updating reliability crashers list to include crash in WebCore::HTML5DocumentParser::write.

BUG=47080
TEST=none
TBR=avi

Review URL: http://codereview.chromium.org/2813023
------------------------------------------------------------------------
Jun 21, 2010
#2 willchan@chromium.org 
(No comment was entered for this change.)
Cc: to...@chromium.org
Labels: -Area-Undefined Area-WebKit
Jun 21, 2010
#3 tonyg@chromium.org 
(No comment was entered for this change.)
Status: Assigned
Owner: to...@chromium.org
Cc: -to...@chromium.org esei...@chromium.org aba...@chromium.org
Labels: -Pri-2 Pri-1
Jun 21, 2010
#4 abarth@chromium.org 
Looks like we're re-entering write three times.  Might be related to https://bugs.webkit.org/show_bug.cgi?id=39891
Jun 22, 2010
#5 tonyg@chromium.org 
We believe this has been fixed upstream.

After WebKit r61610 rolls, we should remove this from known_crashes.txt to make sure it's gone.
Status: Started
Cc: tk...@chromium.org
Labels: Mstone-6
Jun 29, 2010
#6 bugdroid1@gmail.com 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=51152 

------------------------------------------------------------------------
r51152 | tonyg@chromium.org | 2010-06-29 12:17:04 -0700 (Tue, 29 Jun 2010) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=51152&r2=51151

Remove a known crash in HTML5DocumentParser::write() which has been fixed
upstream. This is guaranteed to work as the HTML5DocumentParser class has since
been renamed to HTMLDocumentParser.

BUG=47080
TEST=None
Review URL: http://codereview.chromium.org/2807030
------------------------------------------------------------------------
Jun 29, 2010
#7 tonyg@chromium.org 
(No comment was entered for this change.)
Status: Fixed
Oct 12, 2012
#8 bugdroid1@chromium.org 
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels: Restrict-AddIssueComment-Commit
Mar 10, 2013
#9 bugdroid1@chromium.org 
(No comment was entered for this change.)
Labels: -Area-WebKit -Mstone-6 Cr-Content M-6
Mar 13, 2013
#10 bugdroid1@chromium.org 
(No comment was entered for this change.)
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Apr 5, 2013
#11 bugdroid1@chromium.org 
(No comment was entered for this change.)
Labels: -Cr-Content Cr-Blink
Sign in to add a comment

Powered by Google Project Hosting