New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 137498 link

Starred by 4 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Aug 2012
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

  • Only users with EditIssue permission may comment.

Sign in to add a comment

Chrome: Crash Report - Stack Signature: WebCore::FrameLoader::outgoingReferrer()-23...

Project Member Reported by, Jul 16 2012

Issue description

abarth@ gavinp@: could one of you triage this bug? thanks!

Product: Chrome
Stack Signature: WebCore::FrameLoader::outgoingReferrer()-13AD60E
New Signature Label: WebCore::FrameLoader::outgoingReferrer()
New Signature Hash: 23d8aab0_1c110312_3df1ce29_ea7ba2b8_8405d894

Report link: http://go/crash/reportdetail?reportid=5388ae49da1f9df2

Meta information:
Product Name: Chrome
Product Version: 22.0.1207.0
Report ID: 5388ae49da1f9df2
Report Time: 2012/07/15 23:25:23, Sun
Uptime: 36 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.1.7600 
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 28 stepping 10
ptype: renderer


0x61038887	 [chrome.dll]	 - frameloader.cpp:854	
0x615b7024	 [chrome.dll]	 - prerenderer.cpp:75	
WebCore::Prerenderer::render(WebCore::KURL const &)
0x61034d65	 [chrome.dll]	 - linkloader.cpp:137	
WebCore::LinkLoader::loadLink(WebCore::LinkRelAttribute const &,WTF::String const &,WTF::String const &,WebCore::KURL const &,WebCore::Document *)
0x610344ec	 [chrome.dll]	 - htmllinkelement.cpp:184	
0x61034b12	 [chrome.dll]	 - htmllinkelement.cpp:259	
WebCore::HTMLLinkElement::insertedInto(WebCore::ContainerNode *)
0x60e8407c	 [chrome.dll]	 - containernodealgorithms.h:195	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x61042a44	 [chrome.dll]	 - documentorderedmap.cpp:72	
WebCore::DocumentOrderedMap::add(WTF::AtomicStringImpl *,WebCore::Element *)
0x61042984	 [chrome.dll]	 - element.h:622	
WebCore::Element::updateId(WebCore::TreeScope *,WTF::AtomicString const &,WTF::AtomicString const &)
0x60e8408f	 [chrome.dll]	 - containernodealgorithms.h:198	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x60e8451b	 [chrome.dll]	 - containernodealgorithms.cpp:44	
WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode *)
0x60e8408f	 [chrome.dll]	 - containernodealgorithms.h:198	
WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node *)
0x60e83eb5	 [chrome.dll]	 - containernodealgorithms.h:235	
WebCore::ChildNodeInsertionNotifier::notify(WebCore::Node *)
0x610e1175	 [chrome.dll]	 - containernode.cpp:978	
0x610e0c0e	 [chrome.dll]	 - containernode.cpp:567	
WebCore::ContainerNode::appendChild(WTF::PassRefPtr,int &,bool)
0x611aff41	 [chrome.dll]	 - markup.cpp:1127	
WebCore::replaceChildrenWithFragment(WebCore::ContainerNode *,WTF::PassRefPtr,int &)
0x611aeade	 [chrome.dll]	 - htmlelement.cpp:347	
WebCore::HTMLElement::setInnerHTML(WTF::String const &,int &)
0x611ae8fe	 [chrome.dll]	 - v8htmlelement.cpp:240	
0x610ea247	 [chrome.dll]	 -	
v8::internal::StoreCallbackProperty(v8::internal::Arguments,v8::internal::Isolate *)

Comment 1 by, Jul 16 2012

interestingly almost all the crashes happens when user access this extension -

Comment 2 by, Jul 16 2012

Status: Assigned
nate any chance u can take a look?

Comment 3 by, Jul 16 2012

I think gavinp knows this code better, so I'll let him have first crack at it.

Gavin, feel free to punt back to me if you disagree.
Labels: ReleaseBlock-Beta
any updates?

Comment 5 by, Jul 24 2012

No. I'll take some time for it tomorrow and report back.

Comment 6 by, Jul 24 2012

So this crash seems to be outgoing crashes while launching prerenders. Most of them are coming from an extension. More later.

Comment 7 by, Jul 26 2012

ping? this is on beta too.

Comment 8 by, Jul 26 2012

My main suspicion is that the Frame has been removed from the document during shutdown, but a Prerender launches at just the wrong moment. I'm double checking that in some crash dumps, but the fix should be easy if that's the case. It's a WebKit fix, so it will need to be backported to any channels you want the fix in, and it should be a clean backport. has landed in WebKit, in webkit . With some luck, WebKit will garden past that today and it makes the Canary. I'll update on Sunday/Monday with crash results from Canary.
Sadly, this wasn't in last night's canary due to gardening only getting to 123712.
It's in Canary now. I'll report on crashes soon.
No crashes on this since it went into canary is 22.0.1220, over two days ago. Does anyone want to request a backport, or shall we let it bake?

Comment 14 by, Jul 30 2012

Labels: -Mstone-22 Mstone-21 Merge-Requested

Comment 15 by, Jul 30 2012

we'll give it a bit more bake, make sure nothing weird comes up.

Comment 17 by, Aug 2 2012

Labels: -Merge-Requested Merge-Approved
Tested the same on Chrome 21.0.1180.74 on Windows7. Through Comment1# i am able to add PriceGond to extensions successfully. No crash encountered. 

Comment 20 by, Aug 9 2012

Status: Fixed
closing as fixe.d

Comment 21 by, Aug 9 2012

closing as fixe.d

Comment 22 by, Aug 9 2012

Labels: -Merge-Approved Merge-Merged
Project Member

Comment 23 by, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 24 by, Mar 10 2013

Labels: -Area-WebKit -WebKit-Loader -Mstone-21 Cr-Content M-21 Cr-Content-Loader
Project Member

Comment 25 by, Mar 14 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member

Comment 26 by, Apr 6 2013

Labels: -Cr-Content Cr-Blink
Project Member

Comment 27 by, Apr 6 2013

Labels: -Cr-Content-Loader Cr-Blink-Loader

Sign in to add a comment