Issue 127415 in chromium: Chrome: Crash Report - Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...

2 views
Skip to first unread message

chro...@googlecode.com

unread,
May 9, 2012, 12:52:53 PM5/9/12
to chromi...@chromium.org
Status: Assigned
Owner: yzs...@chromium.org
CC: bre...@chromium.org
Labels: Type-Bug Pri-1 Area-Internals ReleaseBlock-Dev Stability-Crash
Feature-Plugins-Pepper

New issue 127415 by dhar...@google.com: Chrome: Crash Report -
Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

This is #1 renderer crash.

Product: Chrome
Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePlugin()-5871F28
New Signature Label: webkit::ppapi::PluginInstance::IsFullPagePlugin()
New Signature Hash: 96f14d84_c544f8d8_d5193a2d_8ac743ed_e1c28a60

Report link: http://go/crash/reportdetail?reportid=196a54c78746b97d

Meta information:
Product Name: Chrome
Product Version: 20.0.1131.0
Report ID: 196a54c78746b97d
Report Time: 2012/05/09 15:54:17, Wed
Uptime: 55 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.1.7601 Service Pack 1
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 23 stepping 10
ptype: renderer


Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )

0x61c347ac [chrome.dll] - ppapi_plugin_instance.cc:1554
webkit::ppapi::PluginInstance::IsFullPagePlugin()
0x61c40c49 [chrome.dll] - ppb_graphics_2d_impl.cc:534
webkit::ppapi::PPB_Graphics2D_Impl::Paint(SkCanvas *,gfx::Rect const
&,gfx::Rect const &)
0x61c34fe4 [chrome.dll] - ppapi_plugin_instance.cc:412
webkit::ppapi::PluginInstance::Paint(SkCanvas *,gfx::Rect const &,gfx::Rect
const &)
0x621c9337 [chrome.dll] - ppapi_webplugin_impl.cc:142
webkit::ppapi::WebPluginImpl::paint(SkCanvas *,WebKit::WebRect const &)
0x61f8e818 [chrome.dll] - webplugincontainerimpl.cpp:137
WebKit::WebPluginContainerImpl::paint(WebCore::GraphicsContext
*,WebCore::IntRect const &)
0x6148e0a5 [chrome.dll] - renderwidget.cpp:299
WebCore::RenderWidget::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const &)
0x6180fef0 [chrome.dll] - renderembeddedobject.cpp:148
WebCore::RenderEmbeddedObject::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const &)
0x6103eeaf [chrome.dll] - inlinebox.cpp:239
WebCore::InlineBox::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const
&,WebCore::FractionalLayoutUnit,WebCore::FractionalLayoutUnit)
0x6103e337 [chrome.dll] - inlineflowbox.cpp:1078
WebCore::InlineFlowBox::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const
&,WebCore::FractionalLayoutUnit,WebCore::FractionalLayoutUnit)
0x6103e050 [chrome.dll] - rootinlinebox.cpp:206
WebCore::RootInlineBox::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const
&,WebCore::FractionalLayoutUnit,WebCore::FractionalLayoutUnit)
0x60e36f72 [chrome.dll] - renderlineboxlist.cpp:262
WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject
*,WebCore::PaintInfo &,WebCore::FractionalLayoutPoint const &)
0x60e2dda4 [chrome.dll] - renderblock.cpp:2672
WebCore::RenderBlock::paintContents(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const &)
0x60e2ce57 [chrome.dll] - renderblock.cpp:2782
WebCore::RenderBlock::paintObject(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const &)
0x60e2f603 [chrome.dll] - renderblock.cpp:2528
WebCore::RenderBlock::paint(WebCore::PaintInfo
&,WebCore::FractionalLayoutPoint const &)
0x60e2be6d [chrome.dll] - renderlayer.cpp:3102
WebCore::RenderLayer::paintLayerContents(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2b8a2 [chrome.dll] - renderlayer.cpp:2974
WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2a47f [chrome.dll] - renderlayer.cpp:2955
WebCore::RenderLayer::paintLayer(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2db9f [chrome.dll] - renderlayer.cpp:3183
WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0>
*,WebCore::RenderLayer *,WebCore::GraphicsContext
*,WebCore::FractionalLayoutRect const &,unsigned int,WebCore::RenderObject
*,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2bfba [chrome.dll] - renderlayer.cpp:3125
WebCore::RenderLayer::paintLayerContents(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2b8a2 [chrome.dll] - renderlayer.cpp:2974
WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2a47f [chrome.dll] - renderlayer.cpp:2955
WebCore::RenderLayer::paintLayer(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2db9f [chrome.dll] - renderlayer.cpp:3183
WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0>
*,WebCore::RenderLayer *,WebCore::GraphicsContext
*,WebCore::FractionalLayoutRect const &,unsigned int,WebCore::RenderObject
*,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2bfba [chrome.dll] - renderlayer.cpp:3125
WebCore::RenderLayer::paintLayerContents(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2b8a2 [chrome.dll] - renderlayer.cpp:2974
WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2a47f [chrome.dll] - renderlayer.cpp:2955
WebCore::RenderLayer::paintLayer(WebCore::RenderLayer
*,WebCore::GraphicsContext *,WebCore::FractionalLayoutRect const &,unsigned
int,WebCore::RenderObject *,WebCore::RenderRegion
*,WTF::HashMap<WebCore::OverlapTestRequestClient
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x60e2a069 [chrome.dll] - renderlayer.cpp:2768
WebCore::RenderLayer::paint(WebCore::GraphicsContext
*,WebCore::FractionalLayoutRect const &,unsigned int,WebCore::RenderObject
*,WebCore::RenderRegion *,unsigned int)
0x60e29ac4 [chrome.dll] - frameview.cpp:3091
WebCore::FrameView::paintContents(WebCore::GraphicsContext
*,WebCore::IntRect const &)
0x61f79655 [chrome.dll] - webviewimpl.cpp:3239
WebKit::WebViewImplContentPainter::paint(WebCore::GraphicsContext
&,WebCore::IntRect const &)
0x61f8f626 [chrome.dll] - noncompositedcontenthost.cpp:166
WebKit::NonCompositedContentHost::paintContents(WebCore::GraphicsLayer
const *,WebCore::GraphicsContext
&,WebCore::GraphicsLayerPaintingPhase,WebCore::IntRect const &)
0x6169c805 [chrome.dll] - graphicslayer.cpp:318
WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext
&,WebCore::IntRect const &)
...... (16 stack frames dropped.)
0x60e1971d [chrome.dll] - render_widget.cc:818
RenderWidget::InvalidationCallback()
0x60e1969c [chrome.dll] - bind_internal.h:132
base::internal::RunnableAdapter<void (
RenderViewImpl::*)(void)>::Run(RenderViewImpl *)
0x60e1964b [chrome.dll] - bind_internal.h:1170
base::internal::Invoker<1,base::internal::BindState<base::internal::RunnableAdapter<void
( RenderViewImpl::*)(void)>,void (RenderViewImpl *),void
(base::internal::UnretainedWrapper<RenderViewImpl>)>,void (RenderViewImpl
*)>::Run(base::internal::BindStateBase *)
0x60c7772d [chrome.dll] - message_loop.cc:458
MessageLoop::RunTask(base::PendingTask const &)
0x60c76436 [chrome.dll] - message_loop.cc:647 MessageLoop::DoWork()
0x60c88250 [chrome.dll] - message_pump_default.cc:55
base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x60c75fa6 [chrome.dll] - message_loop.cc:390 MessageLoop::RunHandler()
0x60c75f54 [chrome.dll] - message_loop.cc:300 MessageLoop::Run()
0x60cf8893 [chrome.dll] - renderer_main.cc:271
RendererMain(content::MainFunctionParams const &)
0x60c7242b [chrome.dll] - content_main_runner.cc:292 `anonymous
namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char>
> const &,content::MainFunctionParams const &,content::ContentMainDelegate
*)
0x60c723b0 [chrome.dll] - content_main_runner.cc:550 `anonymous
namespace'::ContentMainRunnerImpl::Run()
0x60c644d7 [chrome.dll] - content_main.cc:35
content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo
*,content::ContentMainDelegate *)
0x60c64462 [chrome.dll] - chrome_main.cc:28 ChromeMain
0x01157fa1 [chrome.exe] - client_util.cc:423
MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x011572a4 [chrome.exe] - chrome_exe_main_win.cc:31 RunChrome(HINSTANCE__
*)
0x0115730f [chrome.exe] - chrome_exe_main_win.cc:47 wWinMain
0x01177788 [chrome.exe] - crt0.c:263 __tmainCRTStartup
0x7595ed6b [kernel32.dll] + 0x0004ed6b] BaseThreadInitThunk
0x7736377a [ntdll.dll] + 0x0006377a] __RtlUserThreadStart
0x7736374d [ntdll.dll] + 0x0006374d] _RtlUserThreadStart

chro...@googlecode.com

unread,
May 9, 2012, 12:55:53 PM5/9/12
to chromi...@chromium.org

Comment #1 on issue 127415 by dhar...@google.com: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

slightly different crash -
http://crash.corp.google.com/reportdetail?reportid=0146af22e39d4e80#crashing_thread

chro...@googlecode.com

unread,
May 9, 2012, 4:22:08 PM5/9/12
to chromi...@chromium.org

Comment #3 on issue 127415 by bre...@chromium.org: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

dharani's crash in comment 3 does look like the same root cause. Both cases
are getting the WebFrame via container_->element().document().frame() and
one of these pointers is null.

I'm not sure why this is. We probably should have a helper function to get
the frame that does this properly, and null check the result.

Yuzhu, please feel free to recruit somebody else to look at this if you're
overloaded.

chro...@googlecode.com

unread,
May 9, 2012, 6:36:02 PM5/9/12
to chromi...@chromium.org

Comment #4 on issue 127415 by yzs...@chromium.org: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

Have got repro steps:
- open http://www.suzano.sp.gov.br/
- click the pdf link on the right side
(http://www.suzano.sp.gov.br/bann/publicacoes/viaduto.pdf)
- the pdf document is opened in a new document.
- close the pdf tab.
- the original tab crashes.

I tried it with Canary 20.0.1131.0 and it crashed sometimes. (~20%)
The call stack was the same as the one posted above.

So this does have something to do with PDF as comment #2 mentioned.

I tried to apply the same steps to PDF attachments in Gmail. It crashed,
too.

Some PDF experts may want to take a look at this bug as well.

chro...@googlecode.com

unread,
May 9, 2012, 6:42:02 PM5/9/12
to chromi...@chromium.org
Updates:
Cc: g...@chromium.org

Comment #5 on issue 127415 by kar...@google.com: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

adding gene.

chro...@googlecode.com

unread,
May 9, 2012, 8:20:02 PM5/9/12
to chromi...@chromium.org

Comment #8 on issue 127415 by yzs...@chromium.org: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

Yes. 135901 is the one causing the issue.

chro...@googlecode.com

unread,
May 11, 2012, 12:21:57 PM5/11/12
to chromi...@chromium.org

Comment #9 on issue 127415 by dhar...@google.com: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

why am I seeing this in 1132.1 where ppapi is disabled plus it does have
r135901?

http://crash.corp.google.com/reportdetail?reportid=f875982b71cdddbd#crashing_thread

chro...@googlecode.com

unread,
May 11, 2012, 1:35:00 PM5/11/12
to chromi...@chromium.org

Comment #10 on issue 127415 by yzs...@chromium.org: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

Ppapi is not disabled. Things like PDF plugin use this API as well. What we
turned off is Ppapi Flash.
(According to the URL in the crash report, it is very likely to be PDF in
this case.)

Does the number of IsFullPagePlugin() crashes drop significantly in 1132.1?

chro...@googlecode.com

unread,
May 11, 2012, 1:45:00 PM5/11/12
to chromi...@chromium.org

Comment #13 on issue 127415 by yzs...@chromium.org: Chrome: Crash Report
- Stack Signature: webkit::ppapi::PluginInstance::IsFullPagePl...
http://code.google.com/p/chromium/issues/detail?id=127415

Thanks! Dharani.

Yes, I know that 1132.0 is actually 1129.0. (And I think that doesn't
invalidate my comment #11.)

Reply all
Reply to author
Forward
0 new messages