Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 4 users
Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Aug 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Chrome: Crash Report - Stack Signature: WebCore::FrameLoader::outgoingReferrer()-23...
Project Member Reported by dharani@google.com, Jul 16 2012 Back to list
abarth@ gavinp@: could one of you triage this bug? thanks!

Product: Chrome
Stack Signature: WebCore::FrameLoader::outgoingReferrer()-13AD60E
New Signature Label: WebCore::FrameLoader::outgoingReferrer()
New Signature Hash: 23d8aab0_1c110312_3df1ce29_ea7ba2b8_8405d894

Report link: http://go/crash/reportdetail?reportid=5388ae49da1f9df2

Meta information:
Product Name: Chrome
Product Version: 22.0.1207.0
Report ID: 5388ae49da1f9df2
Report Time: 2012/07/15 23:25:23, Sun
Uptime: 36 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.1.7600 
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 28 stepping 10
ptype: renderer


Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000040 )

0x61038887	 [chrome.dll]	 - frameloader.cpp:854	
WebCore::FrameLoader::outgoingReferrer()
0x615b7024	 [chrome.dll]	 - prerenderer.cpp:75	
WebCore::Prerenderer::render(WebCore::KURL const &)
0x61034d65	 [chrome.dll]	 - linkloader.cpp:137	
WebCore::LinkLoader::loadLink(WebCore::LinkRelAttribute const &,WTF::String const &,WTF::String const &,WebCore::KURL const &,WebCore::Document *)
0x610344ec	 [chrome.dll]	 - htmllinkelement.cpp:184	
WebCore::HTMLLinkElement::process()
0x61034b12	 [chrome.dll]	 - htmllinkelement.cpp:259	
WebCore::HTMLLinkElement::insertedInto(WebCore::ContainerNode *)
0x60e8407c	 [chrome.dll]	 - containernodealgorithms.h:195	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x61042a44	 [chrome.dll]	 - documentorderedmap.cpp:72	
WebCore::DocumentOrderedMap::add(WTF::AtomicStringImpl *,WebCore::Element *)
0x61042984	 [chrome.dll]	 - element.h:622	
WebCore::Element::updateId(WebCore::TreeScope *,WTF::AtomicString const &,WTF::AtomicString const &)
0x60e8408f	 [chrome.dll]	 - containernodealgorithms.h:198	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x60e8451b	 [chrome.dll]	 - containernodealgorithms.cpp:44	
WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode *)
0x60e8408f	 [chrome.dll]	 - containernodealgorithms.h:198	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x60e83eb5	 [chrome.dll]	 - containernodealgorithms.h:235	
WebCore::ChildNodeInsertionNotifier::notify(WebCore::Node *)
0x610e1175	 [chrome.dll]	 - containernode.cpp:978	
WebCore::updateTreeAfterInsertion
0x610e0c0e	 [chrome.dll]	 - containernode.cpp:567	
WebCore::ContainerNode::appendChild(WTF::PassRefPtr,int &,bool)
0x611aff41	 [chrome.dll]	 - markup.cpp:1127	
WebCore::replaceChildrenWithFragment(WebCore::ContainerNode *,WTF::PassRefPtr,int &)
0x611aeade	 [chrome.dll]	 - htmlelement.cpp:347	
WebCore::HTMLElement::setInnerHTML(WTF::String const &,int &)
0x611ae8fe	 [chrome.dll]	 - v8htmlelement.cpp:240	
WebCore::HTMLElementV8Internal::innerHTMLAttrSetter
0x610ea247	 [chrome.dll]	 - stub-cache.cc:1027	
v8::internal::StoreCallbackProperty(v8::internal::Arguments,v8::internal::Isolate *)
0x0020eb0f			
0x40faa1d4	
 
Comment 1 by dharani@google.com, Jul 16 2012
interestingly almost all the crashes happens when user access this extension - https://chrome.google.com/webstore/detail/bkomkajifikmkfnjgphkjcfeepbnojok
Comment 2 by kareng@google.com, Jul 16 2012
Owner: japhet@chromium.org
Status: Assigned
nate any chance u can take a look?
Comment 3 by japhet@chromium.org, Jul 16 2012
Cc: -gavinp@chromium.org japhet@chromium.org
Owner: gavinp@chromium.org
I think gavinp knows this code better, so I'll let him have first crack at it.

Gavin, feel free to punt back to me if you disagree.
Labels: ReleaseBlock-Beta
any updates?
Comment 5 by gavinp@chromium.org, Jul 24 2012
No. I'll take some time for it tomorrow and report back.
Comment 6 by gavinp@chromium.org, Jul 24 2012
So this crash seems to be outgoing crashes while launching prerenders. Most of them are coming from an extension. More later.
Comment 7 by kareng@google.com, Jul 26 2012
ping? this is on beta too.
Comment 8 by gavinp@chromium.org, Jul 26 2012
My main suspicion is that the Frame has been removed from the document during shutdown, but a Prerender launches at just the wrong moment. I'm double checking that in some crash dumps, but the fix should be easy if that's the case. It's a WebKit fix, so it will need to be backported to any channels you want the fix in, and it should be a clean backport.
https://bugs.webkit.org/show_bug.cgi?id=92401 has landed in WebKit, in webkit http://trac.webkit.org/changeset/123798 . With some luck, WebKit will garden past that today and it makes the Canary. I'll update on Sunday/Monday with crash results from Canary.
Sadly, this wasn't in last night's canary due to gardening only getting to 123712.
It's in Canary now. I'll report on crashes soon.
No crashes on this since it went into canary is 22.0.1220, over two days ago. Does anyone want to request a backport, or shall we let it bake?
Comment 14 by kareng@google.com, Jul 30 2012
Labels: -Mstone-22 Mstone-21 Merge-Requested
Comment 15 by kareng@google.com, Jul 30 2012
we'll give it a bit more bake, make sure nothing weird comes up.
Comment 17 by kareng@google.com, Aug 2 2012
Labels: -Merge-Requested Merge-Approved
Tested the same on Chrome 21.0.1180.74 on Windows7. Through Comment1# i am able to add PriceGond to extensions successfully. No crash encountered. 
Cc: rponnada@chromium.org
Comment 20 by kareng@google.com, Aug 9 2012
Status: Fixed
closing as fixe.d
Comment 21 by kareng@google.com, Aug 9 2012
closing as fixe.d
Comment 22 by kareng@google.com, Aug 9 2012
Labels: -Merge-Approved Merge-Merged
Project Member Comment 23 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 24 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Area-WebKit -WebKit-Loader -Mstone-21 Cr-Content M-21 Cr-Content-Loader
Project Member Comment 25 by bugdroid1@chromium.org, Mar 14 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 26 by bugdroid1@chromium.org, Apr 6 2013
Labels: -Cr-Content Cr-Blink
Project Member Comment 27 by bugdroid1@chromium.org, Apr 6 2013
Labels: -Cr-Content-Loader Cr-Blink-Loader
Sign in to add a comment