Issue metadata
Sign in to add a comment
|
LayoutTest crash : fast/css/giant-stylesheet-crash.html |
||||||||||||||||||||||||||||||||
Issue descriptionFailing on Win7, Win10, Win7 (dbg) fast/css/giant-stylesheet-crash.html Suspecting V8 roll. fast/css/giant-stylesheet-crash-crash-log.txt crash log for renderer (pid <unknown>): STDOUT: #CRASHED - renderer STDERR: Backtrace: STDERR: WTF::Partitions::initialize [0x06C5E318+344] STDERR: WTF::Partitions::handleOutOfMemory [0x06C5E0D1+49] STDERR: WTF::partitionFreeSlowPath [0x06C5C540+1056] STDERR: WTF::partitionAllocSlowPath [0x06C5A5BA+1050] STDERR: WTF::partitionBucketAlloc [0x06C49E6C+252] STDERR: WTF::partitionAllocGenericFlags [0x06C49D18+136] STDERR: WTF::partitionAllocGeneric [0x06C49C76+22] STDERR: WTF::Partitions::bufferMalloc [0x06C49426+22] STDERR: WTF::StringImpl::createUninitialized [0x06C8011F+63] STDERR: WTF::String::createUninitialized [0x06C50824+20] STDERR: (No symbol) [0x1454F8DF] STDERR: (No symbol) [0x1454FF35] STDERR: (No symbol) [0x14455B17] STDERR: (No symbol) [0x14457943] STDERR: (No symbol) [0x14701937] STDERR: (No symbol) [0x14701A3C] STDERR: std::`dynamic initializer for 'nothrow'' [0x088BFF2A+4555418] STDERR: std::_Atomic_int::store [0x06C4AE98+24] STDERR: WTF::SpinLock::unlock [0x06C4AF23+19] STDERR: WTF::partitionFreeGeneric [0x06C4A348+200] Revision range is 399411 ... 399413 commit ee5a916c898a0831596336e0c7e3eff87dcba8c9 Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Mon Jun 13 00:19:31 2016 -0700 Force FrameView::checkDoesNotNeedLayout() not inlined in FrameView.cpp Some new crash reports just report the line calling checkDoesNotNeedLayout() but not which line in the function crashes. BUG=590856 TBR=chrishtr@chromium.org Review URL: https://codereview.chromium.org/2062693002 . Cr-Commit-Position: refs/heads/master@{#399413} commit 9e6a14d7d4c03bc038c775c1aac4a6ffd8c9e2b4 Author: v8-autoroll <v8-autoroll@chromium.org> Date: Mon Jun 13 00:16:06 2016 -0700 Update V8 to version 5.3.214. Summary of changes available at: https://chromium.googlesource.com/v8/v8/+log/245b66c2..580a3b99 Please follow these instructions for assigning/CC'ing issues: https://github.com/v8/v8/wiki/Triaging%20issues Please close rolling in case of a roll revert: https://v8-roll.appspot.com/ This only works with a Google account. CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel TBR=hablich@chromium.org,machenbach@chromium.org,yangguo@chromium.org,vogelheim@chromium.org Review-Url: https://codereview.chromium.org/2059083002 Cr-Commit-Position: refs/heads/master@{#399412} commit c364ba363241859f8fb92069293e30feee583e8b Author: yabinh <yabinh@chromium.org> Date: Mon Jun 13 00:11:45 2016 -0700 Add events tests for inputText in IME test BUG= 614937 Review-Url: https://codereview.chromium.org/2010803005 Cr-Commit-Position: refs/heads/master@{#399411}
,
Jun 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cd259d4d6fccd45d7febe940625f002b4fb45c3a commit cd259d4d6fccd45d7febe940625f002b4fb45c3a Author: Dominic Mazzoni <dmazzoni@chromium.org> Date: Tue Jun 14 17:31:00 2016 Disable crashing test: fast/css/giant-stylesheet-crash.html BUG= 619978 TBR=hcarmona@chromium.org Review URL: https://codereview.chromium.org/2061253002 . Cr-Commit-Position: refs/heads/master@{#399736} [modify] https://crrev.com/cd259d4d6fccd45d7febe940625f002b4fb45c3a/third_party/WebKit/LayoutTests/TestExpectations
,
Jun 15 2016
Chrome-TE, please bisect down to the Chromium commit.
,
Jun 15 2016
,
Jun 17 2016
,
Jun 17 2016
Looks like the test has been disabled. If the bisect is still needed, please attach the test file as we(Chrome-TE) are unable to access the giant-stylesheet-crash.html file.
,
Jul 25 2016
Removing the Needs-Bisect label and requesting dmazzoni@ to close the issue if there is no further work to be done on this.
,
Jul 26 2016
I was unable to reproduce this on the official build without the Fix(53.0.2765.0(Official Build) (64-bit) master@{#399323}) with the attached 'giant-stylesheet-crash.html' file on Windows-7.
This is specific to Debug build and don't have set up to do bisect on the same. Labeling accordingly for help in bisecting this further.
,
Aug 4 2016
,
Aug 5 2016
Assigning to me for debug bisect.
,
Aug 9 2016
,
Aug 10 2016
,
Oct 18 2016
#11 did not happen.
,
Oct 18 2016
,
Oct 24 2016
,
Feb 12 2017
,
Mar 27 2017
I don't think this ever got fully triaged, and it's now quite old. Bumping back to Unconfirmed. Can we get this reconfirmed and if appropriate bisected please?
,
Mar 27 2017
The test is still disabled. Someone needs to create a patch to re-enable it.
,
Mar 28 2017
,
Mar 28 2017
Created https://codereview.chromium.org/2781813002 to re-enable the test and verified that crash occurred on win_chromium_rel_ng. Next step is to bisect on a Windows machine.
,
Mar 31 2017
I could repro the crash (OOM) on a 32 bit Canary on Windows 10 59.0.3056.0 (Official Build) canary (32-bit)
,
Apr 3 2017
I ran a bisect on this just now, from the last time that test file was touched to today. This test has been reproducibly crashing since June 2016. python tools\bisect-builds.py -a win -g 160683 --verify-range --use-local-cache -- --no-first-run file:///C:/src/chromium-fresh/src/third_party/WebKit/LayoutTests/fast/css/giant-stylesheet-crash.html Note that you need to use the 32-bit Windows builds, as this does not repro on 64 bit builds. And the results were exactly the same as in comment #1 (there are only 3 commits in it). I strongly suspect the V8 roll in commit 399412. I don't know how to bisect within a V8 roll, so assigning to the V8 team.
,
Apr 3 2017
Hi test team - can you please do a per-commit bisect on this to confirm the suspicion that this is the V8 roll? The test file is attached in comment #8. See my notes in comment #23 about reproducing it.
,
Apr 3 2017
Able to reproduce the issue on the latest Windows canary version: 59.0.3060.0(32 bit), works fine on 64 bit with the same chrome version. Crash id: bf070f1640000000 Stack trace: ============ Thread 0 CRASHED [Out of Memory @ 0x7714a6f2 ] MAGIC SIGNATURE THREAD Stack Quality92%Show frame trust levels 0x7714a6f2 (KERNELBASE.dll + 0x000da6f2 ) RaiseException 0x66575c83 (chrome_child.dll -partitions.cpp:119 ) WTF::partitionsOutOfMemoryUsing2G 0x66575b1e (chrome_child.dll -partitions.cpp:177 ) WTF::Partitions::handleOutOfMemory() 0x6614c767 (chrome_child.dll -partition_alloc.cc:266 ) base::PartitionOutOfMemory 0x65a7599c (chrome_child.dll -partition_alloc.cc:818 ) base::PartitionAllocSlowPath(base::PartitionRootBase *,int,unsigned int,base::PartitionBucket *) 0x65432b3a (chrome_child.dll -v8stringresource.cpp:81 ) blink::StringTraits<WTF::String>::fromV8String<blink::V8StringOneByteTrait>(v8::Local<v8::String>,int) 0x65432902 (chrome_child.dll -v8stringresource.cpp:127 ) blink::v8StringToWebCoreString<WTF::String>(v8::Local<v8::String>,blink::ExternalMode) 0x65432881 (chrome_child.dll -v8stringresource.h:207 ) blink::V8StringResource<0>::operator WTF::String() 0x65432788 (chrome_child.dll -v8document.cpp:2756 ) blink::DocumentV8Internal::createTextNodeMethod 0x266060ca 0x266063b3 0x0fa0fc7d 0x0b796657 0x653014ba (chrome_child.dll -execution.cc:145 ) v8::internal::`anonymous namespace'::Invoke 0x653026c2 (chrome_child.dll -execution.cc:191 ) v8::internal::Execution::Call(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const) 0x65428228 (chrome_child.dll -api.cc:2023 ) v8::Script::Run(v8::Local<v8::Context>) 0x654280e6 (chrome_child.dll -v8scriptrunner.cpp:544 ) blink::V8ScriptRunner::runCompiledScript(v8::Isolate *,v8::Local<v8::Script>,blink::ExecutionContext *) 0x65427fe1 (chrome_child.dll -scriptcontroller.cpp:135 ) blink::ScriptController::executeScriptAndReturnValue(v8::Local<v8::Context>,blink::ScriptSourceCode const &,blink::AccessControlStatus) 0x65427e19 (chrome_child.dll -scriptcontroller.cpp:325 ) blink::ScriptController::evaluateScriptInMainWorld(blink::ScriptSourceCode const &,blink::AccessControlStatus,blink::ScriptController::ExecuteScriptPolicy) 0x65427d5e (chrome_child.dll -scriptcontroller.cpp:296 ) blink::ScriptController::executeScriptInMainWorld(blink::ScriptSourceCode const &,blink::AccessControlStatus) 0x65426bd2 (chrome_child.dll -scriptloader.cpp:773 ) blink::ScriptLoader::doExecuteScript(blink::ScriptSourceCode const &) 0x65427c91 (chrome_child.dll -scriptloader.cpp:648 ) blink::ScriptLoader::executeScript(blink::ScriptSourceCode const &) 0x654267ce (chrome_child.dll -scriptloader.cpp:500 ) blink::ScriptLoader::prepareScript(WTF::TextPosition const &,blink::ScriptLoader::LegacyTypeSupport) 0x654206d5 (chrome_child.dll -htmlparserscriptrunner.cpp:642 ) blink::HTMLParserScriptRunner::processScriptElementInternal(blink::Element *,WTF::TextPosition const &) 0x654205b3 (chrome_child.dll -htmlparserscriptrunner.cpp:406 ) blink::HTMLParserScriptRunner::processScriptElement(blink::Element *,WTF::TextPosition const &) 0x65420584 (chrome_child.dll -htmldocumentparser.cpp:291 ) blink::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 0x65413a9e (chrome_child.dll -htmldocumentparser.cpp:567 ) blink::HTMLDocumentParser::processTokenizedChunkFromBackgroundParser(std::unique_ptr<blink::HTMLDocumentParser::TokenizedChunk,std::default_delete<blink::HTMLDocumentParser::TokenizedChunk> >) 0x65421b6b (chrome_child.dll -htmldocumentparser.cpp:625 ) blink::HTMLDocumentParser::pumpPendingSpeculations() 0x65234970 (chrome_child.dll -callback.h:80 ) ?Run@?$Callback@$$A6AXXZ$00$00@base@@QGBEXXZ 0x6559894d (chrome_child.dll -webtaskrunner.cpp:75 ) blink::TaskHandle::Runner::run(blink::TaskHandle const &) 0x65598921 (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<void ( blink::TaskHandle::Runner::*)(blink::TaskHandle const &),base::WeakPtr<blink::TaskHandle::Runner>,blink::TaskHandle>,void >::Run(base::internal::BindStateBase *) 0x652df196 (chrome_child.dll -task_annotator.cc:59 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x65256145 (chrome_child.dll -task_queue_manager.cc:539 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *) 0x65257297 (chrome_child.dll -task_queue_manager.cc:337 ) blink::scheduler::TaskQueueManager::DoWork(bool) 0x6576703c (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<void ( blink::scheduler::TaskQueueManager::*)(bool),base::WeakPtr<blink::scheduler::TaskQueueManager>,bool>,void >::Run(base::internal::BindStateBase *) 0x652df196 (chrome_child.dll -task_annotator.cc:59 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x65255e0d (chrome_child.dll -message_loop.cc:423 ) base::MessageLoop::RunTask(base::PendingTask *) 0x652dedc3 (chrome_child.dll -message_loop.cc:527 ) base::MessageLoop::DoWork() 0x652de985 (chrome_child.dll -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x6536e825 (chrome_child.dll -run_loop.cc:37 ) base::RunLoop::Run() 0x6579165b (chrome_child.dll -renderer_main.cc:200 ) content::RendererMain(content::MainFunctionParams const &) 0x65369506 (chrome_child.dll -content_main_runner.cc:437 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x65369488 (chrome_child.dll -content_main_runner.cc:729 ) content::ContentMainRunnerImpl::Run() 0x6536879a (chrome_child.dll -main.cc:179 ) service_manager::Main(service_manager::MainParams const &) 0x6536843d (chrome_child.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x65368357 (chrome_child.dll -chrome_main.cc:123 ) ChromeMain 0x008d59a8 (chrome.exe -main_dll_loader_win.cc:202 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x008d21ca (chrome.exe -chrome_exe_main_win.cc:271 ) wWinMain 0x00943587 (chrome.exe -exe_common.inl:253 ) __scrt_common_main_seh 0x778262c3 (KERNEL32.DLL + 0x000162c3 ) BaseThreadInitThunk 0x77a90718 (ntdll.dll + 0x00060718 ) __RtlUserThreadStart 0x77a906e3 (ntdll.dll + 0x000606e3 ) _RtlUserThreadStart Regressed in M-53. ================== Last good build: 53.0.2766.0 First bad build: 53.0.2767.0 Changelog: ========== https://chromium.googlesource.com/chromium/src/+log/8e411d16171d27612776a2f05356b0ed9f06b848..ee5a916c898a0831596336e0c7e3eff87dcba8c9 V8 changelog: ============= https://chromium.googlesource.com/v8/v8/+log/245b66c2..580a3b99 Suspecting: https://codereview.chromium.org/2046933002 from the above V8 changelog. peria@: Could this be related to the above change. Note: Unable to provide per revision bisect as Win32 bit bisect is not supported in that range.
,
Apr 3 2017
Users experienced this crash on the following builds: Win Canary 59.0.3060.0 - 8.60 CPM, 121 reports, 97 clients (signature base::PartitionOutOfMemory) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Apr 4 2017
I did not reproduce this issue yet, but I agree my change can trigger it.
,
Apr 12 2017
Any updates?
,
Apr 14 2017
I confirmed reverting the change http://crrev.com/2046933002 fixes the crash, but the behavior seems to depend on parameters. As far as I searched, we have no crash reports based on this issue (#26 is wrong), and the change improved performance, so I think this issue is not so critical and would like to hold it as-is for a while.
,
Apr 24 2017
Issue 714366 has been merged into this issue.
,
May 4 2017
Just to update the latest behavior, Still crashes observed on latest beta channel. Last crash is observed on #60.0.3080.5 with 1 instance. Currently this crash is ranked as number #4 for Windows platform under renderer process. Below information provides the comparison between previous and latest channels including total number of instances. +--------------------------------------------------+ |Latest Channel | Previous Channel | +--------------------------------------------------+ |59.0.3071.36 55 | 59.0.3071.29 1568 |--> Beta +--------------------------------------------------+ Link to the list of the builds getting crash: --------------------------------------------- https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20%20AND%20custom_data.ChromeCrashProto.channel%3D%27beta%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3APartitionOutOfMemory%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D peria@ Since the crash instances are high, could you please let us know is there any latest update available on this issue. Thanks!
,
May 4 2017
In cases that top of the stack is "base::PartitionOutOfMemory", it means OOM, and it doesn't mean this issue is the root cause. This issue cares only the case OOMs happen through " blink::V8StringResource::operator WTF::AtomicString()", and as far as I see some reports, I couldn't find such example.
,
May 10 2017
,
May 19 2017
,
May 23 2017
,
May 23 2017
@ neis: Request you to please take a look into it and help us triage it. Issue is tagged with M59 and has a stable blocker with it. Thanks.!
,
May 23 2017
I can't agree to set ReleaseBlock-Stable on this issue, because we already released Stable Chrome for >1 year, and I can't find suitable crash reports. Please add ReleaseBlock label again if you feel this is a release blocker.
,
May 24 2017
I agree that this is not a release block. I'm not aware of any problems caused by the mentioned CL other than that one extreme test sometimes running out of memory. From what I can tell, none of the chrome-crashes reported here have anything to do with it.
,
May 29 2017
This crash has high impact on Chrome's stability. Signature: base::PartitionOutOfMemory. Channel: dev. Platform: win. Labeling issue 619978 with ReleaseBlock-Dev. If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
May 29 2017
Let me repeat saying this issue is not the reason.
,
Aug 9 2017
|
|||||||||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||||||||
Comment 1 by bugdroid1@chromium.org
, Jun 14 2016