New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: WontFix
Owner: ----
Closed: Oct 2009
Cc:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment
Renderer crash (Aw snap!) when viewing emergentchaos.com
Reported by openvcd...@gmail.com, Jul 1 2009 Back to list
Chrome Version       : 2.0.172.33
URLs (if applicable) : http://www.emergentchaos.com/
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Chrome 3.0.190.0 on Mac OS X: OK
Safari 4.0.530.17 on Windows: OK
       Firefox 3.0.11 on Mac: OK
                        IE 7: OK

What steps will reproduce the problem?
1. Visit the site http://www.emergentchaos.com/

What is the expected result?

The blog site should be displayed without errors.

What happens instead?

The "dead tab" icon is displayed with the message "Aw, snap!  Something 
went wrong while displaying this webpage.  To continue, press Reload or go 
to another page."

Please provide any additional information below. Attach a screenshot if
possible.

 
renderer_crash_on_emergentchaos.doc
61.5 KB Download
Comment 2 by jar@chromium.org, Jul 1 2009
Status: Available
As noted above, it does not crash on 3.0.190.0 for Mac (which is a relatively recent 
trunk build).  I also tried a personal tip-of-tree build on Windows today, and it did 
not crash, which suggests that this is fixed on the trunk.

As a result, I could mark this "fixed on trunk," but it would be nice to get some 
more info as to the cause (if not a work-around).

I ran a debug version of a recent stable build, which is probably around 2.0.172.33, 
(in single process mode to make it easier to catch this renderer crash), and it first 
hit a DCHECK() in WebKit/WebCore/dom/node.h:

    // Returns the document associated with this node. This method never returns 
NULL, except in the case 
    // of a DocumentType node that is not used with any Document yet. A Document node 
returns itself.
    Document* document() const
    {
        ASSERT(this);   // <<<<----- This is where the assert fired.
        ASSERT(m_document || (nodeType() == DOCUMENT_TYPE_NODE && !inDocument()));
        return m_document.get();
    }


and then (when I let it run anyway) crashed in:

>	chrome.dll!WebCore::DocPtr<WebCore::Document>::operator WebCore::Document * 
(__thiscall WebCore::DocPtr<WebCore::Document>::*)(void)const ()  Line 51 + 0x3 bytes	
C++
 	chrome.dll!WebCore::Node::document()  Line 318 + 0xb bytes	C++
 	chrome.dll!WebCore::RenderObject::RenderObject(WebCore::Node * 
node=0x00000000)  Line 201 + 0x101 bytes	C++
 	chrome.dll!WebCore::RenderBoxModelObject::RenderBoxModelObject(WebCore::Node 
* node=0x00000000)  Line 48 + 0x1a bytes	C++
 	chrome.dll!WebCore::RenderInline::RenderInline(WebCore::Node * 
node=0x00000000)  Line 50 + 0x1a bytes	C++
 	chrome.dll!WebCore::RenderBlock::handleRunInChild(WebCore::RenderBox * 
child=0x08a094cc, bool & handled=true)  Line 998 + 0x2d bytes	C++
 	chrome.dll!WebCore::RenderBlock::handleSpecialChild(WebCore::RenderBox * 
child=0x08a094cc, const WebCore::RenderBlock::MarginInfo & marginInfo={...}, bool & 
handled=true)  Line 948	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=true, int & maxFloatBottom=0)  Line 1331 + 0x17 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=true, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=true, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=true, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=true, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=false, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlockChildren(bool 
relayoutChildren=false, int & maxFloatBottom=0)  Line 1381 + 0x12 bytes	C++
 	chrome.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  
Line 783	C++
 	chrome.dll!WebCore::RenderBlock::layout()  Line 697 + 0x14 bytes	C++
 	chrome.dll!WebCore::RenderView::layout()  Line 125	C++
 	chrome.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 580 + 
0x12 bytes	C++
 	chrome.dll!WebFrameImpl::Layout()  Line 1521	C++
 	chrome.dll!WebViewImpl::Layout()  Line 969	C++
 	chrome.dll!RenderWidget::DoDeferredPaint()  Line 331 + 0x15 bytes	C++
 	chrome.dll!RenderWidget::OnPaintRectAck()  Line 243	C++
 	chrome.dll!IPC::Message::Dispatch<RenderWidget>(const IPC::Message * 
msg=0x0894f760, RenderWidget * obj=0x089d35e8, void (void)* func=0x65aa2da0)  Line 
134 + 0x1b bytes	C++
 	chrome.dll!RenderWidget::OnMessageReceived(const IPC::Message & msg={...})  
Line 116 + 0x38 bytes	C++
 	chrome.dll!RenderView::OnMessageReceived(const IPC::Message & message={...})  
Line 431 + 0xc bytes	C++
 	chrome.dll!MessageRouter::RouteMessage(const IPC::Message & msg={...})  Line 
41 + 0x13 bytes	C++
 	chrome.dll!MessageRouter::OnMessageReceived(const IPC::Message & msg={...})  
Line 32 + 0x13 bytes	C++
 	chrome.dll!ChildThread::OnMessageReceived(const IPC::Message & msg={...})  
Line 85 + 0x17 bytes	C++
 	chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const IPC::Message & 
message={...})  Line 179 + 0x1b bytes	C++
 	chrome.dll!DispatchToMethod<IPC::ChannelProxy::Context,void (__thiscall 
IPC::ChannelProxy::Context::*)(IPC::Message const 
&),IPC::Message>(IPC::ChannelProxy::Context * obj=0x05c6f0a8, void (const 
IPC::Message &)* method=0x65b1ea00, const Tuple1<IPC::Message> & arg={...})  Line 393 
+ 0xf bytes	C++
 	chrome.dll!RunnableMethod<IPC::ChannelProxy::Context,void (__thiscall 
IPC::ChannelProxy::Context::*)(IPC::Message const &),Tuple1<IPC::Message> >::Run()  
Line 307 + 0x1e bytes	C++
 	chrome.dll!MessageLoop::RunTask(Task * task=0x0894f738)  Line 308 + 0xf bytes	
C++
 	chrome.dll!MessageLoop::DeferOrRunPendingTask(const MessageLoop::PendingTask 
& pending_task={...})  Line 319	C++
 	chrome.dll!MessageLoop::DoWork()  Line 416 + 0xc bytes	C++
 	chrome.dll!base::MessagePumpForUI::DoRunLoop()  Line 208 + 0x1d bytes	C++
 	
chrome.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate * 
delegate=0x0641f920, base::MessagePumpWin::Dispatcher * dispatcher=0x00000000)  Line 
52 + 0xf bytes	C++
 	chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * 
delegate=0x0641f920)  Line 78 + 0x1c bytes	C++
 	chrome.dll!MessageLoop::RunInternal()  Line 197 + 0x2a bytes	C++
 	chrome.dll!MessageLoop::RunHandler()  Line 181	C++
 	chrome.dll!MessageLoop::Run()  Line 155	C++
 	chrome.dll!base::Thread::ThreadMain()  Line 159	C++
 	chrome.dll!`anonymous namespace'::ThreadFunc(void * closure=0x05c6ea1c)  Line 
26 + 0xf bytes	C++
 	kernel32.dll!7579e4a5() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for 
kernel32.dll]	
 	ntdll.dll!774bcfed() 	
 	chrome.dll!disk_cache::EntryImpl::WriteData(int index=0, int 
offset=104987272, net::IOBuffer * buf=0x774bd1ff, int buf_len=1721984112, 
CallbackRunner<Tuple1<int> > * completion_callback=0x05c6ea1c, bool truncate=false)  
Line 284 + 0x11 bytes	C++

Sorry, I forgot to attach the crash dump earlier.
Chrome-last.dmp
19.3 KB Download
checkpoint
19 bytes View Download
Status: WontFix
Doesn't seem to reproduce any more. If you are still seeing crash, please post here.
Project Member Comment 5 by bugdroid1@chromium.org, Oct 12 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Sign in to add a comment