search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.99k stars 2.36k forks source link

Crashes in PageGraph #37885

Open iefremov opened 7 months ago

iefremov commented 7 months ago

There are crashes in page graph, see https://share.backtrace.io/api/share/33uvkMHJtXO06etET1a6f0

[ 00 ] base::ImmediateCrash() ( immediate_crash.h:176 )
[ 01 ] logging::CheckFailure() ( check.h:212 )
[ 02 ] brave_page_graph::NodeHTMLElement::PlaceChildNodeAfterSiblingNode(brave_page_graph::NodeHTML*, brave_page_graph::NodeHTML*) ( node_html_element.cc:111 )
[ 03 ] blink::PageGraph::AddGraphItem(std::__Cr::unique_ptr<brave_page_graph::GraphItem, std::__Cr::default_delete<brave_page_graph::GraphItem>>) ( page_graph.cc:1021 )
[ 04 ] blink::PageGraph::DidInsertDOMNode(blink::Node*) ( page_graph.cc:0 )
[ 05 ] blink::probe::DidInsertDOMNodeImpl(blink::Node*)::$_3::operator()(blink::PageGraph*) const ( core_probes_impl.cc:1119 )
[ 06 ] void blink::AgentRegistry<blink::PageGraph>::ForEachAgent<blink::probe::DidInsertDOMNodeImpl(blink::Node*)::$_3>(blink::probe::DidInsertDOMNodeImpl(blink::Node*)::$_3 const&) const ( agent_registry.h:75 )
[ 07 ] blink::probe::DidInsertDOMNodeImpl(blink::Node*) ( core_probes_impl.cc:1118 )
[ 08 ] blink::probe::DidInsertDOMNode(blink::Node*) ( core_probes_inl.h:153 )
[ 09 ] void blink::ContainerNode::InsertNodeVector<blink::ContainerNode::AdoptAndAppendChild>(blink::HeapVector<cppgc::internal::BasicMember<blink::Node, cppgc::internal::StrongMemberTag, cppgc::internal::DijkstraWriteBarrierPolicy, cppgc::internal::DisabledCheckingPolicy, cppgc::internal::CompressedPointer>, 11u> const&, blink::Node*, blink::ContainerNode::AdoptAndAppendChild const&, blink::HeapVector<cppgc::internal::BasicMember<blink::Node, cppgc::internal::StrongMemberTag, cppgc::internal::DijkstraWriteBarrierPolicy, cppgc::internal::DisabledCheckingPolicy, cppgc::internal::CompressedPointer>, 11u>&) ( container_node.cc:344 )
[ 10 ] blink::ContainerNode::AppendChild(blink::Node*, blink::ExceptionState&) ( container_node.cc:935 )
[ 11 ] blink::Node::appendChild(blink::Node*, blink::ExceptionState&) ( node.cc:644 )
[ 12 ] blink::(anonymous namespace)::v8_node::AppendChildOperationCallbackForMainWorld(v8::FunctionCallbackInfo<v8::Value> const&) ( v8_node.cc:538 )
[ 13 ] Builtins_CallApiCallbackGeneric
iefremov commented 7 months ago 
[ 00 ] base::ImmediateCrash() ( immediate_crash.h:176 )
[ 01 ] logging::CheckFailure() ( check.h:212 )
[ 02 ] blink::PageGraph::GetHTMLElementNode(absl::variant<int, blink::Node*>) ( page_graph.cc:1153 )
[ 03 ] blink::PageGraph::RegisterRequestStartFromElm(int, unsigned long, blink::KURL const&, WTF::String const&) ( page_graph.cc:1459 )
[ 04 ] blink::PageGraph::WillSendRequest(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks) ( page_graph.cc:472 )
[ 05 ] blink::probe::WillSendRequestImpl(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks)::$_2::operator()(blink::PageGraph*) const ( core_probes_impl.cc:1499 )
[ 06 ] void blink::AgentRegistry<blink::PageGraph>::ForEachAgent<blink::probe::WillSendRequestImpl(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks)::$_2>(blink::probe::WillSendRequestImpl(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks)::$_2 const&) const ( agent_registry.h:75 )
[ 07 ] blink::probe::WillSendRequestImpl(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks) ( core_probes_impl.cc:1498 )
[ 08 ] blink::probe::WillSendRequest(blink::ExecutionContext*, blink::DocumentLoader*, blink::KURL const&, blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceLoaderOptions const&, blink::ResourceType, blink::RenderBlockingBehavior, base::TimeTicks) ( core_probes_inl.h:393 )
[ 09 ] blink::ResourceLoadObserverForFrame::WillSendRequest(blink::ResourceRequest const&, blink::ResourceResponse const&, blink::ResourceType, blink::ResourceLoaderOptions const&, blink::RenderBlockingBehavior, blink::Resource const*) ( resource_load_observer_for_frame.cc:159 )
[ 10 ] blink::ResourceFetcher::DidLoadResourceFromMemoryCache(blink::Resource*, blink::ResourceRequest const&, bool, blink::RenderBlockingBehavior) ( resource_fetcher.cc:765 )
[ 11 ] blink::ResourceFetcher::RequestResource(blink::FetchParameters&, blink::ResourceFactory const&, blink::ResourceClient*) ( resource_fetcher.cc:1258 )
[ 12 ] blink::CSSStyleSheetResource::Fetch(blink::FetchParameters&, blink::ResourceFetcher*, blink::ResourceClient*) ( css_style_sheet_resource.cc:62 )
iefremov commented 7 months ago

cc @pes10k @goodov

iefremov commented 1 week ago

https://share.backtrace.io/api/share/fx2nEcaKhDfyqKhQne3YjD2

[ 00 ] base::ImmediateCrash() ( immediate_crash.h:186 )
[ 01 ] logging::CheckFailure() ( check.h:212 )
[ 02 ] brave_page_graph::ScriptTracker::GetScriptNode(v8::Isolate*, int) const ( script_tracker.cc:85 )
[ 03 ] WTF::HashMap<std::__Cr::pair<v8::Isolate*, int>, brave_page_graph::NodeScriptLocal*, WTF::HashTraits<std::__Cr::pair<v8::Isolate*, int>>, WTF::HashTraits<brave_page_graph::NodeScriptLocal*>, WTF::PartitionAllocator>::find(std::__Cr::pair<v8::Isolate*, int> const&) ( hash_map.h:408 )
[ 04 ] brave_page_graph::ScriptTracker::GetScriptNode(v8::Isolate*, int) const ( script_tracker.cc:84 )
[ 05 ] blink::PageGraph::GetCurrentActingNode(blink::ExecutionContext*, int*) ( page_graph.cc:2070 )
[ 06 ] blink::PageGraph::RegisterJSBuiltInCall(blink::ExecutionContext*, char const*, base::Value::List const&) ( page_graph.cc:1995 )
[ 07 ] blink::PageGraph::RegisterV8JSBuiltinCall(blink::ExecutionContext*, char const*, base::Value::List const&, std::__Cr::optional<base::Value> const&) ( page_graph.cc:1016 )
[ 08 ] blink::(anonymous namespace)::V8PageGraphDelegate::OnBuiltinCall(v8::Local<v8::Context>, char const*, std::__Cr::vector<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>, std::__Cr::allocator<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>> const&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const*) ( page_graph.cc:284 )
[ 09 ] v8::internal::ReportBuiltinCallAndResponse(v8::internal::Isolate*, char const*, v8::internal::BuiltinArguments const&, v8::internal::Tagged<v8::internal::Object> const&) ( builtins.cc:71 )
[ 10 ] 0x147fcbdd0
[ 11 ] 0x147fcbdd0
[ 12 ] 0x147fc7e50
[ 13 ] 0x147e7aeb8
[ 14 ] 0x147fc7238
[ 15 ] 0x147fc7238
[ 16 ] 0x147fc6e64
[ 17 ] 0x147fc6ab0
[ 18 ] v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**>::Call(unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**) ( simulator.h:191 )
[ 19 ] v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) ( execution.cc:420 )
[ 20 ] v8::internal::Execution::CallScript(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>) ( execution.cc:517 )
[ 21 ] v8::internal::DebugEvaluate::Global(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>, v8::debug::EvaluateGlobalMode, v8::internal::REPLMode) ( debug-evaluate.cc:71 )
[ 22 ] v8_inspector::V8InspectorSessionImpl::evaluate(v8::Local<v8::Context>, v8_inspector::StringView, bool) ( v8-inspector-session-impl.cc:525 )
[ 23 ] blink::InspectorPageAgent::EvaluateScriptOnNewDocument(blink::LocalFrame&, WTF::String const&) ( inspector_page_agent.cc:1080 )
[ 24 ] blink::InspectorPageAgent::addScriptToEvaluateOnNewDocument(WTF::String const&, crdtp::detail::ValueMaybe<WTF::String>, crdtp::detail::ValueMaybe<bool>, crdtp::detail::ValueMaybe<bool>, WTF::String*) ( inspector_page_agent.cc:608 )
[ 25 ] non-virtual thunk to blink::InspectorPageAgent::addScriptToEvaluateOnNewDocument(WTF::String const&, crdtp::detail::ValueMaybe<WTF::String>, crdtp::detail::ValueMaybe<bool>, crdtp::detail::ValueMaybe<bool>, WTF::String*) ( inspector_page_agent.cc:0 )
[ 26 ] blink::protocol::Page::DomainDispatcherImpl::addScriptToEvaluateOnNewDocument(crdtp::Dispatchable const&) ( page.cc:1282 )
[ 27 ] non-virtual thunk to blink::InspectorPageAgent::addScriptToEvaluateOnNewDocument(WTF::String const&, crdtp::detail::ValueMaybe<WTF::String>, crdtp::detail::ValueMaybe<bool>, crdtp::detail::ValueMaybe<bool>, WTF::String*) ( inspector_page_agent.cc:0 )
[ 28 ] blink::protocol::Page::DomainDispatcherImpl::addScriptToEvaluateOnNewDocument(crdtp::Dispatchable const&) ( page.cc:1282 )
[ 29 ] std::__Cr::__function::__policy_func<void ()>::operator()() const ( function.h:717 )
[ 30 ] std::__Cr::function<void ()>::operator()() const ( function.h:990 )
[ 31 ] crdtp::UberDispatcher::DispatchResult::Run() ( dispatch.cc:509 )
[ 32 ] blink::DevToolsSession::DispatchProtocolCommandImpl(int, WTF::String const&, base::span<unsigned char const, 18446744073709551615ul, unsigned char const*>) ( devtools_session.cc:272 )
[ 33 ] blink::mojom::blink::DevToolsSessionStubDispatch::Accept(blink::mojom::blink::DevToolsSession*, mojo::Message*) ( devtools_agent.mojom-blink.cc:1376 )
[ 34 ] mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) ( interface_endpoint_client.cc:1051 )
[ 35 ] mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) ( interface_endpoint_client.cc:371 )
[ 36 ] mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) ( interface_endpoint_client.cc:1051 )
[ 37 ] mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) ( interface_endpoint_client.cc:371 )
[ 38 ] mojo::MessageDispatcher::Accept(mojo::Message*) ( message_dispatcher.cc:43 )
[ 39 ] mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*) ( interface_endpoint_client.cc:724 )
[ 40 ] IPC::ChannelAssociatedGroupController::AcceptOnEndpointThread(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification) ( ipc_mojo_bootstrap.cc:1215 )
[ 41 ] void base::internal::DecayedFunctorTraits<void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), IPC::ChannelAssociatedGroupController*&&, mojo::Message&&, IPC::(anonymous namespace)::ScopedUrgentMessageNotification&&>::Invoke<void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>(void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), scoped_refptr<IPC::ChannelAssociatedGroupController>&&, mojo::Message&&, IPC::(anonymous namespace)::ScopedUrgentMessageNotification&&) ( bind_internal.h:738 )
[ 42 ] void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), IPC::ChannelAssociatedGroupController*&&, mojo::Message&&, IPC::(anonymous namespace)::ScopedUrgentMessageNotification&&>, void, 0ul, 1ul, 2ul>::MakeItSo<void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>>(void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>&&) ( bind_internal.h:930 )
[ 43 ] void base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), IPC::ChannelAssociatedGroupController*&&, mojo::Message&&, IPC::(anonymous namespace)::ScopedUrgentMessageNotification&&>, base::internal::BindState<true, true, false, void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>, void ()>::RunImpl<void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>, 0ul, 1ul, 2ul>(void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>) ( bind_internal.h:1067 )
[ 44 ] base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), IPC::ChannelAssociatedGroupController*&&, mojo::Message&&, IPC::(anonymous namespace)::ScopedUrgentMessageNotification&&>, base::internal::BindState<true, true, false, void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification), scoped_refptr<IPC::ChannelAssociatedGroupController>, mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification>, void ()>::RunOnce(base::internal::BindStateBase*) ( bind_internal.h:980 )
[ 45 ] base::OnceCallback<void ()>::Run() && ( callback.h:156 )
[ 46 ] base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ( task_annotator.cc:202 )
[ 47 ] void base::TaskAnnotator::RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3>(perfetto::StaticString, base::PendingTask&, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3&&) ( task_annotator.h:98 )
[ 48 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ( thread_controller_with_message_pump_impl.cc:471 )
[ 49 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:332 )
[ 50 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:0 )
[ 51 ] base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ( message_pump_default.cc:40 )
[ 52 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( run_loop.cc:0 )
[ 53 ] base::RunLoop::Run(base::Location const&) ( run_loop.cc:133 )
[ 54 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( run_loop.cc:0 )
[ 55 ] base::RunLoop::Run(base::Location const&) ( run_loop.cc:133 )
[ 56 ] content::RendererMain(content::MainFunctionParams) ( renderer_main.cc:361 )
[ 57 ] content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) ( content_main.cc:356 )
[ 58 ] content::ContentMain(content::ContentMainParams) ( content_main.cc:369 )
[ 59 ] content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) ( content_main.cc:356 )
[ 60 ] content::ContentMain(content::ContentMainParams) ( content_main.cc:369 )
[ 61 ] ChromeMain ( chrome_main.cc:231 )
[ 62 ] 0x1000cdee4
[ 63 ] start