[LayoutNG] Crash Report - blink::NGLineHeightMetrics::NGLineHeightMetrics |
||
Issue descriptionreporter:eae@google.com Magic Signature: blink::NGLineHeightMetrics::NGLineHeightMetrics Crash link: https://crash.corp.google.com/browse?q=product_name%3D%22Chrome%22+AND+EXISTS%28SELECT+1+FROM+UNNEST%28expanded_custom_data.ChromeCrashProto.experiments.ids%29+expId+WHERE+expId%3D%226848cc95-3f4a17df%22%29+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27+AND+product.Version%3D%2773.0.3665.0%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3ANGLineHeightMetrics%3A%3ANGLineHeightMetrics%27&stbtiq=&reportid=&index=0 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome Magic Signature : blink::NGLineHeightMetrics::NGLineHeightMetrics Product Version: 73.0.3665.0 Process type: renderer Report ID: b8caae0622cbfd51 Report Url: https://crash.corp.google.com/b8caae0622cbfd51 Report Time: 2019-01-08T12:16:49.69-08:00 Upload Time: 2019-01-08T12:16:49.69-08:00 Uptime: 15000 ms OS Name: Windows NT OS Version: 10.0.16299 431 CPU Architecture: amd64 CPU Info: family 6 model 60 stepping 3 ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 100%. Thread id: 5164. ------------------------------------------------------------------------------- 0x00007ffccb18fa23 (chrome_child.dll - ng_line_height_metrics.cc: 19) blink::NGLineHeightMetrics::NGLineHeightMetrics(blink::ComputedStyle const &) 0x00007ffccae1fa35 (chrome_child.dll - ng_inline_items_builder.cc: 996) blink::NGInlineItemsBuilderTemplate<blink::EmptyOffsetMappingBuilder>::EnterInline(blink::LayoutObject *) 0x00007ffcca73fae0 (chrome_child.dll - ng_inline_node.cc: 494) blink::NGInlineNode::CollectInlines(blink::NGInlineNodeData *,blink::NGInlineNodeData *) 0x00007ffcca73f76f (chrome_child.dll - ng_inline_node.cc: 376) blink::NGInlineNode::PrepareLayoutIfNeeded() 0x00007ffcca741cb4 (chrome_child.dll - ng_inline_node.cc: 1051) blink::NGInlineNode::ComputeMinMaxSize(blink::WritingMode,blink::MinMaxSizeInput const &,blink::NGConstraintSpace const *) 0x00007ffccb19c11e (chrome_child.dll - ng_layout_input_node.cc: 78) blink::NGLayoutInputNode::ComputeMinMaxSize(blink::WritingMode,blink::MinMaxSizeInput const &,blink::NGConstraintSpace const *) 0x00007ffccb10dc74 (chrome_child.dll - ng_block_layout_algorithm.cc: 244) blink::NGBlockLayoutAlgorithm::ComputeMinMaxSize(blink::MinMaxSizeInput const &) 0x00007ffccad2ff40 (chrome_child.dll - ng_block_node.cc: 413) blink::NGBlockNode::ComputeMinMaxSize(blink::WritingMode,blink::MinMaxSizeInput const &,blink::NGConstraintSpace const *) 0x00007ffccb19c10f (chrome_child.dll - ng_layout_input_node.cc: 79) blink::NGLayoutInputNode::ComputeMinMaxSize(blink::WritingMode,blink::MinMaxSizeInput const &,blink::NGConstraintSpace const *) 0x00007ffccae30a42 (chrome_child.dll - ng_length_utils.cc: 524) blink::ComputeInlineSizeForFragment(blink::NGConstraintSpace const &,blink::NGLayoutInputNode,base::Optional<blink::NGBoxStrut> const &,blink::MinMaxSize const *) 0x00007ffccae32d14 (chrome_child.dll - ng_length_utils.cc: 1028) blink::CalculateBorderBoxSize(blink::NGConstraintSpace const &,blink::NGBlockNode const &,blink::LayoutUnit,base::Optional<blink::NGBoxStrut> const &) 0x00007ffccb10e37d (chrome_child.dll - ng_block_layout_algorithm.cc: 357) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb198a17 (chrome_child.dll - ng_floats_utils.cc: 195) blink::`anonymous namespace'::LayoutFloatWithoutFragmentation 0x00007ffccb198cc3 (chrome_child.dll - ng_floats_utils.cc: 249) blink::PositionFloat(blink::NGLogicalSize const &,blink::NGLogicalSize const &,blink::NGLogicalSize const &,blink::NGBfcOffset const &,blink::NGUnpositionedFloat *,blink::NGConstraintSpace const &,blink::ComputedStyle const &,blink::NGExclusionSpace *) 0x00007ffccb199b13 (chrome_child.dll - ng_floats_utils.cc: 328) blink::PositionFloats(blink::NGLogicalSize const &,blink::NGLogicalSize const &,blink::NGLogicalSize const &,blink::NGBfcOffset const &,WTF::Vector<blink::NGUnpositionedFloat,1,WTF::PartitionAllocator> &,blink::NGConstraintSpace const &,blink::ComputedStyle const &,blink::NGExclusionSpace *,WTF::Vector<blink::NGPositionedFloat,8,WTF::PartitionAllocator> *) 0x00007ffccb111c4c (chrome_child.dll - ng_block_layout_algorithm.cc: 2226) blink::NGBlockLayoutAlgorithm::PositionPendingFloats(blink::LayoutUnit) 0x00007ffccb10f6f5 (chrome_child.dll - ng_block_layout_algorithm.cc: 850) blink::NGBlockLayoutAlgorithm::HandleFloat(blink::NGPreviousInflowPosition const &,blink::NGBlockNode,blink::NGBlockBreakToken const *) 0x00007ffccb10e746 (chrome_child.dll - ng_block_layout_algorithm.cc: 503) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() 0x00007ffccad2ebfb (chrome_child.dll - ng_block_node.cc: 75) blink::`anonymous namespace'::LayoutWithAlgorithm 0x00007ffccad2d984 (chrome_child.dll - ng_block_node.cc: 279) blink::NGBlockNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *) 0x00007ffccb19c0c5 (chrome_child.dll - ng_layout_input_node.cc: 69) blink::NGLayoutInputNode::Layout(blink::NGConstraintSpace const &,blink::NGBreakToken const *,blink::NGInlineChildLayoutContext *) 0x00007ffccb110533 (chrome_child.dll - ng_block_layout_algorithm.cc: 1224) blink::NGBlockLayoutAlgorithm::HandleInflow(blink::NGLayoutInputNode,blink::NGBreakToken const *,blink::NGPreviousInflowPosition *,scoped_refptr<blink::NGBreakToken const > *) 0x00007ffccb10e8ec (chrome_child.dll - ng_block_layout_algorithm.cc: 517) blink::NGBlockLayoutAlgorithm::Layout() ... 48 more 0x00007ffcc8f1a19f (chrome_child.dll + 0x01b8a19f) Builtins_ArgumentsAdaptorTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f1a19f (chrome_child.dll + 0x01b8a19f) Builtins_ArgumentsAdaptorTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f1a19f (chrome_child.dll + 0x01b8a19f) Builtins_ArgumentsAdaptorTrampoline 0x00007ffcc8f1a19f (chrome_child.dll + 0x01b8a19f) Builtins_ArgumentsAdaptorTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f20abe (chrome_child.dll + 0x01b90abe) Builtins_InterpreterEntryTrampoline 0x00007ffcc8f1e283 (chrome_child.dll + 0x01b8e283) Builtins_JSEntryTrampoline 0x00007ffcc8f1de21 (chrome_child.dll + 0x01b8de21) Builtins_JSEntry 0x00007ffccbf799bf (chrome_child.dll + 0x04be99bf) RtlUnwindEx 0x00007ffccbeb278a (chrome_child.dll + 0x04b2278a) RtlUnwindEx 0x00007ffcc8f1dd3f (chrome_child.dll + 0x01b8dd3f) Builtins_ConstructProxy 0x00007ffcc8b89242 (chrome_child.dll - execution.cc: 293) v8::internal::`anonymous namespace'::Invoke 0x00007ffcc77181f1 (chrome_child.dll - execution.cc: 369) v8::internal::Execution::Call(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const) 0x00007ffcc7717e08 (chrome_child.dll - api.cc: 2142) v8::Script::Run(v8::Local<v8::Context>) 0x00007ffcc77163c5 (chrome_child.dll - v8_script_runner.cc: 288) blink::V8ScriptRunner::RunCompiledScript(v8::Isolate *,v8::Local<v8::Script>,blink::ExecutionContext *) 0x00007ffcc770f84c (chrome_child.dll - script_controller.cc: 131) blink::ScriptController::ExecuteScriptAndReturnValue(v8::Local<v8::Context>,blink::ScriptSourceCode const &,blink::KURL const &,blink::SanitizeScriptErrors,blink::ScriptFetchOptions const &) 0x00007ffcc770f5cb (chrome_child.dll - script_controller.cc: 343) blink::ScriptController::EvaluateScriptInMainWorld(blink::ScriptSourceCode const &,blink::KURL const &,blink::SanitizeScriptErrors,blink::ScriptFetchOptions const &,blink::ScriptController::ExecuteScriptPolicy) 0x00007ffcc770f477 (chrome_child.dll - script_controller.cc: 307) blink::ScriptController::ExecuteScriptInMainWorld(blink::ScriptSourceCode const &,blink::KURL const &,blink::SanitizeScriptErrors,blink::ScriptFetchOptions const &) 0x00007ffcc77925bd (chrome_child.dll - classic_script.cc: 19) blink::ClassicScript::RunScript(blink::LocalFrame *,blink::SecurityOrigin const *) 0x00007ffcc7792034 (chrome_child.dll - pending_script.cc: 275) blink::PendingScript::ExecuteScriptBlockInternal(blink::Script *,blink::ScriptElementBase *,bool,bool,bool,base::TimeTicks,bool) 0x00007ffcc7790030 (chrome_child.dll - pending_script.cc: 186) blink::PendingScript::ExecuteScriptBlock(blink::KURL const &) 0x00007ffcc798b6b4 (chrome_child.dll - script_runner.cc: 244) blink::ScriptRunner::ExecuteAsyncTask() 0x00007ffcc798b512 (chrome_child.dll - script_runner.cc: 254) blink::ScriptRunner::ExecuteTask() 0x00007ffcc73e7b72 (chrome_child.dll - task_annotator.cc: 99) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ffcc9873e7d (chrome_child.dll - thread_controller_with_message_pump_impl.cc: 255) base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::TimeTicks *) 0x00007ffcc987431e (chrome_child.dll - thread_controller_with_message_pump_impl.cc: 225) base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoDelayedWork(base::TimeTicks *) 0x00007ffcc73df7eb (chrome_child.dll - message_pump_default.cc: 43) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x00007ffcc98743d3 (chrome_child.dll - thread_controller_with_message_pump_impl.cc: 353) base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool) 0x00007ffcc73df3d0 (chrome_child.dll - run_loop.cc: 102) base::RunLoop::Run() 0x00007ffcc73c46c0 (chrome_child.dll - renderer_main.cc: 233) content::RendererMain(content::MainFunctionParams const &) 0x00007ffcc73be0c0 (chrome_child.dll - content_main_runner_impl.cc: 871) content::ContentMainRunnerImpl::Run(bool) 0x00007ffcc7394d05 (chrome_child.dll - main.cc: 461) service_manager::Main(service_manager::MainParams const &) 0x00007ffcc73949f4 (chrome_child.dll - content_main.cc: 19) content::ContentMain(content::ContentMainParams const &) 0x00007ffcc7391b07 (chrome_child.dll - chrome_main.cc: 102) ChromeMain 0x00007ff724de374b (chrome.exe - main_dll_loader_win.cc: 201) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff724de15ef (chrome.exe - chrome_exe_main_win.cc: 229) wWinMain 0x00007ff724ecee51 (chrome.exe - exe_common.inl: 283) __scrt_common_main_seh 0x00007ffd1e1a1fe3 (KERNEL32.DLL + 0x00011fe3) BaseThreadInitThunk 0x00007ffd1ebbcb80 (ntdll.dll + 0x0006cb80) RtlUserThreadStart ------------------------------------------------------------------------------- Manual regression range finder link ------------------------------------------------------------------------------- https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3ANGLineHeightMetrics%3A%3ANGLineHeightMetrics%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions
,
Jan 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6cc1a10ebd3465e699271b9f1c4ac29c05a228d7 commit 6cc1a10ebd3465e699271b9f1c4ac29c05a228d7 Author: Xiaocheng Hu <xiaochengh@chromium.org> Date: Thu Jan 10 03:44:51 2019 [LayoutNG] Add some temporary CHECKs to catch crbug.com/919990 Bug: 919990 Change-Id: Icb623a7f4b353405eeb5f6f009a3a8611e1e1a3f Reviewed-on: https://chromium-review.googlesource.com/c/1404075 Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org> Commit-Queue: Emil A Eklund <eae@chromium.org> Reviewed-by: Emil A Eklund <eae@chromium.org> Cr-Commit-Position: refs/heads/master@{#621444} [modify] https://crrev.com/6cc1a10ebd3465e699271b9f1c4ac29c05a228d7/third_party/blink/renderer/core/layout/ng/inline/ng_inline_items_builder.cc
,
Jan 14
Weird... The CHECKs didn't catch anything, and new crashes are still coming in and crashing at the same line: https://crash.corp.google.com/browse?q=reportid=1d996fa2334f3b38
,
Jan 18
(4 days ago)
Ah, this one is about style.GetFont().PrimaryFont() beging nullptr, I'll take.
,
Yesterday
(38 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c8c49d9acaccc9d79c09f26a2d1f6b0b3213e0eb commit c8c49d9acaccc9d79c09f26a2d1f6b0b3213e0eb Author: Koji Ishii <kojii@chromium.org> Date: Mon Jan 21 16:02:03 2019 [LayoutNG] Avoid crash in NGLineHeightMetrics when no primary font This patch avoids crashes in NGLineHeightMetrics when the primary font is nullptr. The primary font should not be nullptr, but this happens in several places. Also removes CHECKs added for the investigation in r621444 (CL:1404075). Bug: 919990 Change-Id: Idf5a458dacb9535dfee9fd94c0aa9a8ce7f51973 Reviewed-on: https://chromium-review.googlesource.com/c/1420486 Commit-Queue: Koji Ishii <kojii@chromium.org> Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org> Cr-Commit-Position: refs/heads/master@{#624593} [modify] https://crrev.com/c8c49d9acaccc9d79c09f26a2d1f6b0b3213e0eb/third_party/blink/renderer/core/layout/ng/inline/ng_inline_items_builder.cc [modify] https://crrev.com/c8c49d9acaccc9d79c09f26a2d1f6b0b3213e0eb/third_party/blink/renderer/core/layout/ng/inline/ng_line_height_metrics.cc |
||
►
Sign in to add a comment |
||
Comment 1 by e...@chromium.org
, Jan 8Labels: -Restrict-View-EditIssue allpublic LayoutNG
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Summary: [LayoutNG] Crash Report - blink::NGLineHeightMetrics::NGLineHeightMetrics (was: Chrome: Crash Report - blink::NGLineHeightMetrics::NGLineHeightMetrics)