100287 – REGRESSION(r132303): Triggering crashes on many popular websites (Requested by leviw|gardening on #webkit).

Bug 100287 - REGRESSION(r132303): Triggering crashes on many popular websites (Requested by leviw|gardening on #webkit).

Summary: REGRESSION(r132303): Triggering crashes on many popular websites (Requested b...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	WebKit Review Bot

URL:
Keywords:

Depends on:
Blocks:	88606
	Show dependency tree / graph

Reported:	2012-10-24 14:17 PDT by WebKit Review Bot
Modified:	2012-10-24 18:45 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
ROLLOUT of r132303 (39.60 KB, patch) 2012-10-24 14:18 PDT, WebKit Review Bot	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description WebKit Review Bot 2012-10-24 14:17:40 PDT

http://trac.webkit.org/changeset/132303 broke the build:
Triggering crashes on many popular websites (Requested by leviw|gardening on #webkit).

This is an automatic bug report generated by the sheriff-bot. If this bug
report was created because of a flaky test, please file a bug for the flaky
test (if we don't already have one on file) and dup this bug against that bug
so that we can track how often these flaky tests case pain.

"Only you can prevent forest fires." -- Smokey the Bear

Comment 1 WebKit Review Bot 2012-10-24 14:18:27 PDT

Created attachment 170470 [details]
ROLLOUT of r132303

Any committer can land this patch automatically by marking it commit-queue+.  The commit-queue will build and test the patch before landing to ensure that the rollout will be successful.  This process takes approximately 15 minutes.

If you would like to land the rollout faster, you can use the following command:

  webkit-patch land-attachment ATTACHMENT_ID

where ATTACHMENT_ID is the ID of this attachment.

Comment 2 Levi Weintraub 2012-10-24 14:22:43 PDT

Apologies if this isn't the right fix, but some major sites are crashing in style calculation in this window and this is the most likely culprit.

Regression window: http://trac.webkit.org/log?action=stop_on_copy&mode=stop_on_copy&rev=132314&stop_rev=132252&limit=300&verbose=on

Internal link for details: http://chromegw/chromebot/?action=buildsummary&id=4002

Example backtrace:
eax=00000000 ebx=003dd518 ecx=00000016 edx=00000000 esi=00000002 edi=003dd538
eip=77e6013d esp=003dd4c8 ebp=003dd564 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
ntdll!ZwWaitForMultipleObjects+0x15:
77e6013d 83c404          add     esp,4
0:000> .ecxr;k50;.logclose;q
eax=00000000 ebx=00000000 ecx=00000016 edx=00000000 esi=00000004 edi=02a8ba00
eip=6ace66ba esp=003ddb18 ebp=003ddb44 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
chrome_6a1d0000!WebCore::Element::recalcStyle+0xda:
6ace66ba 8b7328          mov     esi,dword ptr [ebx+28h] ds:002b:00000028=????????
ChildEBP RetAddr  
003ddb44 6ace6ab6 chrome_6a1d0000!WebCore::Element::recalcStyle+0xda [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\element.cpp @ 1125]
003ddb78 6acdad62 chrome_6a1d0000!WebCore::Element::recalcStyle+0x4d6 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\element.cpp @ 1222]
003ddba4 6acdaec4 chrome_6a1d0000!WebCore::Document::recalcStyle+0x1e2 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\document.cpp @ 1851]
003ddbb4 6b1a51b3 chrome_6a1d0000!WebCore::Document::updateStyleIfNeeded+0x44 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\document.cpp @ 1905]
003de418 6b1ac563 chrome_6a1d0000!WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue+0xe3 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\css\csscomputedstyledeclaration.cpp @ 1441]
003de430 6c22a901 chrome_6a1d0000!WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal+0x13 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\css\csscomputedstyledeclaration.cpp @ 1179]
003de454 6adb5cdb chrome_6a1d0000!WebCore::V8CSSStyleDeclaration::namedPropertyGetter+0x91 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\bindings\v8\custom\v8cssstyledeclarationcustom.cpp @ 207]
003de4b8 6adb6959 chrome_6a1d0000!v8::internal::JSObject::GetPropertyWithInterceptor+0x1ab [c:\b\build\slave\win\build\src\v8\src\objects.cc @ 10505]
003de4d8 6adb88d6 chrome_6a1d0000!v8::internal::Object::GetProperty+0x189 [c:\b\build\slave\win\build\src\v8\src\objects.cc @ 656]
003de500 6ae5405c chrome_6a1d0000!v8::internal::Object::GetProperty+0x66 [c:\b\build\slave\win\build\src\v8\src\objects.cc @ 586]
003de57c 6ae54fd9 chrome_6a1d0000!v8::internal::LoadIC::Load+0x4ac [c:\b\build\slave\win\build\src\v8\src\ic.cc @ 923]
003de5b0 0c80a376 chrome_6a1d0000!v8::internal::LoadIC_Miss+0x79 [c:\b\build\slave\win\build\src\v8\src\ic.cc @ 2088]
WARNING: Frame IP not in any known module. Following frames may be wrong.
003de5d0 0c847df9 0xc80a376
003de5fc 0c84848b 0xc847df9
003de6fc 6adcd007 0xc84848b
003de73c 6adcdc8b chrome_6a1d0000!v8::internal::Invoke+0xf7 [c:\b\build\slave\win\build\src\v8\src\execution.cc @ 118]
003de778 6ad903ed chrome_6a1d0000!v8::internal::Execution::Call+0x17b [c:\b\build\slave\win\build\src\v8\src\execution.cc @ 179]
003de7cc 6b20d8a6 chrome_6a1d0000!v8::Script::Run+0x1bd [c:\b\build\slave\win\build\src\v8\src\api.cc @ 1621]
003de7e4 6b0ca9f8 chrome_6a1d0000!WebCore::ScriptRunner::runCompiledScript+0x76 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\bindings\v8\scriptrunner.cpp @ 52]
003de83c 6b0cab3b chrome_6a1d0000!WebCore::ScriptController::compileAndRunScript+0x2a8 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\bindings\v8\scriptcontroller.cpp @ 282]
003de870 6ad1c940 chrome_6a1d0000!WebCore::ScriptController::evaluate+0xab [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\bindings\v8\scriptcontroller.cpp @ 308]
003de8ec 6afbe97d chrome_6a1d0000!WebCore::ScriptElement::executeScript+0x100 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\scriptelement.cpp @ 303]
003de978 6afbed7c chrome_6a1d0000!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent+0xbd [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmlscriptrunner.cpp @ 140]
003de9e0 6afbf0c1 chrome_6a1d0000!WebCore::HTMLScriptRunner::executeParsingBlockingScripts+0x6c [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmlscriptrunner.cpp @ 190]
003de9f0 6af8ca59 chrome_6a1d0000!WebCore::HTMLScriptRunner::execute+0x51 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmlscriptrunner.cpp @ 180]
003dea18 6af8cad3 chrome_6a1d0000!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder+0x69 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmldocumentparser.cpp @ 201]
003dea2c 6af8d818 chrome_6a1d0000!WebCore::HTMLDocumentParser::canTakeNextToken+0x43 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmldocumentparser.cpp @ 218]
003dea6c 6af8dc42 chrome_6a1d0000!WebCore::HTMLDocumentParser::pumpTokenizer+0xf8 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmldocumentparser.cpp @ 269]
003dea7c 6af8dd41 chrome_6a1d0000!WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution+0x62 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmldocumentparser.cpp @ 477]
003dea84 6acdc0ef chrome_6a1d0000!WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets+0x31 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\parser\htmldocumentparser.cpp @ 536]
003dea8c 6acde9c3 chrome_6a1d0000!WebCore::Document::didRemoveAllPendingStylesheet+0x2f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\document.cpp @ 2889]
003dea94 6af7bc47 chrome_6a1d0000!WebCore::DocumentStyleSheetCollection::removePendingSheet+0x23 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\documentstylesheetcollection.cpp @ 222]
003deaa0 6b08c28f chrome_6a1d0000!WebCore::HTMLLinkElement::sheetLoaded+0x57 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\htmllinkelement.cpp @ 363]
003deaac 6af7c55f chrome_6a1d0000!WebCore::StyleSheetContents::checkLoaded+0x6f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\css\stylesheetcontents.cpp @ 347]
003deb2c 6b1c0ea4 chrome_6a1d0000!WebCore::HTMLLinkElement::setCSSStyleSheet+0x33f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\htmllinkelement.cpp @ 335]
003deb6c 6b1c0aaf chrome_6a1d0000!WebCore::CachedCSSStyleSheet::checkNotify+0x74 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\loader\cache\cachedcssstylesheet.cpp @ 122]
003deb7c 6b2d33d7 chrome_6a1d0000!WebCore::CachedCSSStyleSheet::data+0x13f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\loader\cache\cachedcssstylesheet.cpp @ 112]
003deb98 6b1c2393 chrome_6a1d0000!WebCore::SubresourceLoader::didFinishLoading+0x67 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\loader\subresourceloader.cpp @ 272]
003deba8 6c1f9cfd chrome_6a1d0000!WebCore::ResourceLoader::didFinishLoading+0x13 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\loader\resourceloader.cpp @ 443]
003debbc 6bd34a3c chrome_6a1d0000!WebCore::ResourceHandleInternal::didFinishLoading+0x3d [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\platform\network\chromium\resourcehandle.cpp @ 157]
003dece0 6aae7de4 chrome_6a1d0000!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest+0x1fc [c:\b\build\slave\win\build\src\webkit\glue\weburlloader_impl.cc @ 680]
003ded14 6aae7239 chrome_6a1d0000!content::ResourceDispatcher::OnRequestComplete+0xb4 [c:\b\build\slave\win\build\src\content\common\resource_dispatcher.cc @ 465]
003ded6c 6aae995d chrome_6a1d0000!ResourceMsg_RequestComplete::Dispatch,std::allocator > const &,base::TimeTicks const &)>+0x59 [c:\b\build\slave\win\build\src\content\common\resource_messages.h @ 250]
003dee14 6aae9e5b chrome_6a1d0000!content::ResourceDispatcher::DispatchMessageW+0x25d [c:\b\build\slave\win\build\src\content\common\resource_dispatcher.cc @ 557]
003deef0 6aad582e chrome_6a1d0000!content::ResourceDispatcher::OnMessageReceived+0x23b [c:\b\build\slave\win\build\src\content\common\resource_dispatcher.cc @ 272]
003def5c 6aa872f0 chrome_6a1d0000!content::ChildThread::OnMessageReceived+0x1e [c:\b\build\slave\win\build\src\content\common\child_thread.cc @ 242]
003defa0 6b61be96 chrome_6a1d0000!IPC::ChannelProxy::Context::OnDispatchMessage+0xe0 [c:\b\build\slave\win\build\src\ipc\ipc_channel_proxy.cc @ 267]
003defb0 6a6ba187 chrome_6a1d0000!base::internal::Invoker<2,base::internal::BindState,void __cdecl(content::UtilityProcessHostClient *,IPC::Message const &),void __cdecl(content::UtilityProcessHostClient *,IPC::Message)>,void __cdecl(content::UtilityProcessHostClient *,IPC::Message const &)>::Run+0x16 [c:\b\build\slave\win\build\src\base\bind_internal.h @ 1256]
003df244 6a6bc49a chrome_6a1d0000!MessageLoop::RunTask+0x317 [c:\b\build\slave\win\build\src\base\message_loop.cc @ 472]
003df2e0 6a6f406d chrome_6a1d0000!MessageLoop::DoWork+0x4ba [c:\b\build\slave\win\build\src\base\message_loop.cc @ 662]
003df3b4 6a6bb5fd chrome_6a1d0000!base::MessagePumpDefault::Run+0x11d [c:\b\build\slave\win\build\src\base\message_pump_default.cc @ 29]
003df47c 6a6dfd23 chrome_6a1d0000!MessageLoop::RunInternal+0x9d [c:\b\build\slave\win\build\src\base\message_loop.cc @ 427]
003df484 6a6b99b6 chrome_6a1d0000!base::RunLoop::Run+0x13 [c:\b\build\slave\win\build\src\base\run_loop.cc @ 46]
003df4a8 6bad9c55 chrome_6a1d0000!MessageLoop::Run+0x16 [c:\b\build\slave\win\build\src\base\message_loop.cc @ 308]
003df878 6a6244ca chrome_6a1d0000!content::RendererMain+0x385 [c:\b\build\slave\win\build\src\content\renderer\renderer_main.cc @ 242]
003df954 6a6246bd chrome_6a1d0000!content::RunNamedProcessTypeMain+0xca [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 448]
003dfa70 6a621590 chrome_6a1d0000!content::ContentMainRunnerImpl::Run+0x14d [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 741]
003dfa80 6a1d6540 chrome_6a1d0000!content::ContentMain+0x30 [c:\b\build\slave\win\build\src\content\app\content_main.cc @ 35]
003dfab4 012aab2b chrome_6a1d0000!ChromeMain+0x20 [c:\b\build\slave\win\build\src\chrome\app\chrome_main.cc @ 28]
003dfb30 012aac18 chrome!MainDllLoader::Launch+0x16b [c:\b\build\slave\win\build\src\chrome\app\client_util.cc @ 441]
003dfb54 012aac96 chrome!RunChrome+0x68 [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 77]
003dfb9c 01333bce chrome!wWinMain+0x56 [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 92]
003dfc2c 75b1339a chrome!__tmainCRTStartup+0x11a [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 275]
003dfc38 77e79ef2 kernel32!BaseThreadInitThunk+0x12
003dfc78 77e79ec5 ntdll!RtlInitializeExceptionChain+0x63
003dfc90 00000000 ntdll!RtlInitializeExceptionChain+0x36

Comment 3 WebKit Review Bot 2012-10-24 14:41:59 PDT

Comment on attachment 170470 [details]
ROLLOUT of r132303

Clearing flags on attachment: 170470

Committed r132403: <http://trac.webkit.org/changeset/132403>

Comment 4 WebKit Review Bot 2012-10-24 14:42:02 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Hajime Morrita 2012-10-24 18:45:04 PDT

Thanks for taking care of this. I and tasak@ is taking a look.