103833 – REGRESSION(r136236): [chromium] Flakey crashes in SpeechRecognitionEvent::emma during GC. (Requested by mkwst on #webkit).

RESOLVED FIXED 103833

REGRESSION(r136236): [chromium] Flakey crashes in SpeechRecognitionEvent::emma during GC. (Requested by mkwst on #webkit).

https://bugs.webkit.org/show_bug.cgi?id=103833

Summary REGRESSION(r136236): [chromium] Flakey crashes in SpeechRecognitionEvent::emm...

WebKit Review Bot

Reported 2012-12-02 00:48:15 PST

http://trac.webkit.org/changeset/136236 broke the build: [chromium] Flakey crashes in SpeechRecognitionEvent::emma during GC. (Requested by mkwst on #webkit). This is an automatic bug report generated by the sheriff-bot. If this bug report was created because of a flaky test, please file a bug for the flaky test (if we don't already have one on file) and dup this bug against that bug so that we can track how often these flaky tests case pain. "Only you can prevent forest fires." -- Smokey the Bear

Attachments
ROLLOUT of r136236 (35.49 KB, patch) 2012-12-02 00:48 PST, WebKit Review Bot	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

WebKit Review Bot

Comment 1 2012-12-02 00:48:59 PST

Created attachment 177133 [details] ROLLOUT of r136236 Any committer can land this patch automatically by marking it commit-queue+. The commit-queue will build and test the patch before landing to ensure that the rollout will be successful. This process takes approximately 15 minutes. If you would like to land the rollout faster, you can use the following command: webkit-patch land-attachment ATTACHMENT_ID where ATTACHMENT_ID is the ID of this attachment.

Mike West

Comment 2 2012-12-02 00:55:53 PST

Seeing a variety of crashes on and off, here are some examples: fast/events/constructors/webgl-context-event-constructor.html: crash log for DumpRenderTree (pid 2685): STDOUT: <empty> STDERR: Received signal 11 STDERR: base::debug::StackTrace::StackTrace() [0x7feffe40cdfa] STDERR: base::debug::(anonymous namespace)::StackDumpSignalHandler() [0x7feffe40caaf] STDERR: <unknown> [0x7feff7eafaf0] STDERR: WTF::Vector<>::size() [0x7ff00091cb24] STDERR: WebCore::SpeechRecognitionResultList::length() [0x7ff000c4c110] STDERR: WebCore::SpeechRecognitionEvent::emma() [0x7ff00196745d] STDERR: WebCore::V8SpeechRecognitionEvent::opaqueRootForGC() [0x7ff001ac3d89] STDERR: WebCore::WrapperTypeInfo::opaqueRootForGC() [0x7ff001a7cf01] STDERR: WebCore::WrapperVisitor::VisitPersistentHandle() [0x7ff001a7d6d4] STDERR: v8::V8::VisitHandlesWithClassIds()::VisitorAdapter::VisitEmbedderReference() [0x7feffe851219] STDERR: v8::internal::GlobalHandles::IterateAllRootsWithClassIds() [0x7feffe92d98e] STDERR: v8::V8::VisitHandlesWithClassIds() [0x7feffe85134a] STDERR: WebCore::V8GCController::majorGCPrologue() [0x7ff001a7c8bf] STDERR: WebCore::V8GCController::gcPrologue() [0x7ff001a7c6c8] STDERR: v8::internal::Heap::PerformGarbageCollection() [0x7feffe93f38f] STDERR: v8::internal::Heap::CollectGarbage() [0x7feffe93eae7] STDERR: v8::internal::Heap::CollectGarbage() [0x7feffe8a8147] STDERR: v8::internal::AbortIncrementalMarkingAndCollectGarbage() [0x7feffe93ece7] STDERR: v8::internal::Heap::ReserveSpace() [0x7feffe93ee07] STDERR: v8::internal::Deserializer::DeserializePartial() [0x7feffeb601e8] STDERR: v8::internal::Snapshot::NewContextFromSnapshot() [0x7feffeb679b6] STDERR: v8::internal::Genesis::Genesis() [0x7feffe88a362] STDERR: v8::internal::Bootstrapper::CreateEnvironment() [0x7feffe87f17a] STDERR: v8::Context::New() [0x7feffe8518b8] STDERR: WebCore::V8DOMWindowShell::createContext() [0x7ff001a76cc0] STDERR: WebCore::V8DOMWindowShell::initializeIfNeeded() [0x7ff001a764b8] STDERR: WebCore::ScriptController::windowShell() [0x7ff001a4f455] STDERR: WebCore::ScriptController::initializeMainWorld() [0x7ff001a4efae] STDERR: WebCore::ScriptController::updateDocument() [0x7ff001a50b25] STDERR: WebCore::Frame::setDocument() [0x7ff001f781ce] STDERR: WebCore::DocumentWriter::begin() [0x7ff001e97014] STDERR: WebCore::DocumentLoader::commitData() [0x7ff001e84649] STDERR: WebKit::WebFrameImpl::commitDocumentData() [0x7ff0009512e1] STDERR: WebKit::FrameLoaderClientImpl::committedLoad() [0x7ff0008f2f2b] STDERR: WebCore::DocumentLoader::commitLoad() [0x7ff001e84586] STDERR: WebCore::DocumentLoader::receivedData() [0x7ff001e84afe] STDERR: WebCore::MainResourceLoader::addData() [0x7ff001ebf85b] STDERR: WebCore::ResourceLoader::didReceiveData() [0x7ff001ed6377] STDERR: WebCore::MainResourceLoader::didReceiveData() [0x7ff001ec0d58] STDERR: WebCore::ResourceLoader::didReceiveData() [0x7ff001ed6c5f] STDERR: WebCore::ResourceHandleInternal::didReceiveData() [0x7ff0018239b6] STDERR: webkit_glue::WebURLLoaderImpl::Context::OnReceivedData() [0x7feffcd18012] STDERR: (anonymous namespace)::RequestProxy::NotifyReceivedData() [0x5d1887] STDERR: base::internal::RunnableAdapter<>::Run() [0x5d7dfb] STDERR: base::internal::InvokeHelper<>::MakeItSo() [0x5d77c4] STDERR: base::internal::Invoker<>::Run() [0x5d7062] STDERR: base::Callback<>::Run() [0x7feffe4047e9] STDERR: MessageLoop::RunTask() [0x7feffe447cb9] STDERR: MessageLoop::DeferOrRunPendingTask() [0x7feffe447dd4] STDERR: MessageLoop::DoWork() [0x7feffe448669] STDERR: base::MessagePumpGlib::HandleDispatch() [0x7feffe3e9549] STDERR: (anonymous namespace)::WorkSourceDispatch() [0x7feffe3e8c5b] STDERR: <unknown> [0x7feff8c098c2] STDERR: <unknown> [0x7feff8c0d748] STDERR: <unknown> [0x7feff8c0d8fc] STDERR: base::MessagePumpGlib::RunWithDispatcher() [0x7feffe3e91f8] STDERR: base::MessagePumpGlib::Run() [0x7feffe3e9626] STDERR: MessageLoop::RunInternal() [0x7feffe4478a9] STDERR: MessageLoop::RunHandler() [0x7feffe447760] STDERR: base::RunLoop::Run() [0x7feffe47f04a] STDERR: MessageLoop::Run() [0x7feffe44708e] STDERR: webkit_support::RunMessageLoop() [0x51b15a] fast/events/constructors/webkit-animation-event-constructor.html: crash log for DumpRenderTree (pid 6390): STDOUT: <empty> STDERR: Received signal 11 STDERR: base::debug::StackTrace::StackTrace() [0x70119e] STDERR: base::debug::(anonymous namespace)::StackDumpSignalHandler() [0x7012a5] STDERR: <unknown> [0x7f074d707af0] STDERR: WebCore::SpeechRecognitionEvent::emma() [0xd2b5d7] STDERR: WebCore::V8SpeechRecognitionEvent::opaqueRootForGC() [0x1de6b99] STDERR: WebCore::WrapperVisitor::VisitPersistentHandle() [0xd936eb] STDERR: v8::internal::GlobalHandles::IterateAllRootsWithClassIds() [0x82eab9] STDERR: v8::V8::VisitHandlesWithClassIds() [0x7af520] STDERR: WebCore::V8GCController::majorGCPrologue() [0xd9316e] STDERR: WebCore::V8GCController::gcPrologue() [0xd935c5] STDERR: v8::internal::Heap::PerformGarbageCollection() [0x8503d7] STDERR: v8::internal::Heap::CollectGarbage() [0x850ed8] STDERR: v8::internal::Runtime::PerformGC() [0x96f88d] STDERR: <unknown> [0xab8e92065d4] I can reproduce them locally by running the fast/speech/scripted suite, followed by a few hundred other tests. At least one of those following tests will crash. Running `./Tools/Scripts/new-run-webkit-tests --no-build --chromium fast/speech/scripted/start-exception.html --repeat 13` is generally enough on its own (the 13th run consistently crashes on my machine).

Mike West

Comment 3 2012-12-02 01:41:35 PST

Confirmed that rolling out the patch locally stops the crashes. I'm going to land this manually, since we have ~25 patches stuck in the CQ.

Mike West

Comment 4 2012-12-02 01:46:43 PST

Comment on attachment 177133 [details] ROLLOUT of r136236 Clearing flags on attachment: 177133 Committed r136319: <http://trac.webkit.org/changeset/136319>

Mike West

Comment 5 2012-12-02 01:46:48 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

WebKit Review Bot

Reported

2012-12-02 00:48 PST

Modified

2012-12-02 01:46 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks

103407

Dependencies

tree graph