Issue 594991 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	chrishtr@chromium.org
Closed:	Mar 2016
Cc:	wangxianzhu@chromium.org vmp...@chromium.org
Components:	Blink>Paint
EstimatedDays:	----
NextAction:	----
OS:	Android
Pri:	2
Type:	Bug

ASSERTION FAILED: isAllowedToQueryCompositingState()

Project Member Reported by avayvod@chromium.org, Mar 15 2016

Issue description

Happens consistently for me on a Nexus 5, LMY48I.

Just load crhtmltest.appspot.com/static/video.html to see the following:

W/WebKit  (15051): ASSERTION FAILED: isAllowedToQueryCompositingState()
W/WebKit  (15051): ../../third_party/WebKit/Source/core/paint/PaintLayer.cpp(2261) : blink::CompositingState blink::PaintLayer::compositingState() const
F/libc    (15051): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xfbadbeef in tid 15070 (CrRendererMain)
D/cr_MediaResource(10511): [MediaResourceGetter.java:166] resource has video
D/cr_MediaResource(10511): [MediaResourceGetter.java:195] extracted valid metadata: MediaMetadata[durationInMilliseconds=78248, width=640, height=360, success=true]
I/DEBUG   (  189): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  189): Build fingerprint: 'google/hammerhead/hammerhead:5.1.1/LMY48I/2074855:userdebug/dev-keys'
I/DEBUG   (  189): Revision: '11'
I/DEBUG   (  189): ABI: 'arm'
I/DEBUG   (  189): pid: 15051, tid: 15070, name: CrRendererMain  >>> org.chromium.chrome:sandboxed_process1 <<<
I/DEBUG   (  189): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfbadbeef
I/DEBUG   (  189):     r0 b350d840  r1 fffffffe  r2 3f919a58  r3 fbadbeef
I/DEBUG   (  189):     r4 00000000  r5 53c11e40  r6 53c11e40  r7 99621a14
I/DEBUG   (  189):     r8 b350d900  r9 0000005b  sl 53c848f8  fp b350d99c
I/DEBUG   (  189):     ip a026ba64  sp b350d8e0  lr a1937393  pc 9f08bc00  cpsr 880b0030
I/DEBUG   (  189): 
I/DEBUG   (  189): backtrace:
I/DEBUG   (  189):     #00 pc 007c6c00  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::PaintLayer::compositingState() const+39)
I/DEBUG   (  189):     #01 pc 007a70b7  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so
I/DEBUG   (  189):     #02 pc 007a71d9  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::computeTouchEventTargetRects(WTF::HashMap<blink::PaintLayer const*, WTF::Vector<blink::LayoutRect, 0u, WTF::PartitionAllocator>, WTF::PtrHash<blink::PaintLayer const*>, WTF::HashTraits<blink::PaintLayer const*>, WTF::HashTraits<WTF::Vector<blink::LayoutRect, 0u, WTF::PartitionAllocator> >, WTF::PartitionAllocator>&)+164)
I/DEBUG   (  189):     #03 pc 007ab1d5  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::updateTouchEventTargetRectsIfNeeded()+140)
I/DEBUG   (  189):     #04 pc 007abaa3  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::updateAfterCompositingChangeIfNeeded()+182)
I/DEBUG   (  189):     #05 pc 006cfcdf  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::FrameView::updateLifecyclePhasesInternal(blink::FrameView::LifeCycleUpdateOption)+386)
I/DEBUG   (  189):     #06 pc 0079a953  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::PageAnimator::updateAllLifecyclePhases(blink::LocalFrame&)+14)
I/DEBUG   (  189):     #07 pc 000dc797  /data/app/org.chromium.chrome-236/lib/arm/libblink_web.cr.so (blink::WebViewImpl::updateAllLifecyclePhases()+154)
I/DEBUG   (  189):     #08 pc 007b5151  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so (content::RenderWidgetCompositor::UpdateLayerTreeHost()+10)
I/DEBUG   (  189):     #09 pc 00141eab  /data/app/org.chromium.chrome-236/lib/arm/libcc.cr.so (cc::ProxyMain::BeginMainFrame(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >)+634)
I/DEBUG   (  189):     #10 pc 0014b361  /data/app/org.chromium.chrome-236/lib/arm/libcc.cr.so
I/DEBUG   (  189):     #11 pc 00071c29  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)+292)
I/DEBUG   (  189):     #12 pc 0001b00f  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so (scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*)+602)
I/DEBUG   (  189):     #13 pc 0001b2e5  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so (scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)+452)
I/DEBUG   (  189):     #14 pc 00019bc7  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so
I/DEBUG   (  189):     #15 pc 00071c29  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)+292)
I/DEBUG   (  189):     #16 pc 00088e83  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::RunTask(base::PendingTask const&)+326)
I/DEBUG   (  189):     #17 pc 00089497  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)+26)
I/DEBUG   (  189):     #18 pc 00089573  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::DoWork()+114)
I/DEBUG   (  189):     #19 pc 0008ac65  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+88)
I/DEBUG   (  189):     #20 pc 0008a5ff  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::RunHandler()+78)
I/DEBUG   (  189):     #21 pc 0009de31  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::RunLoop::Run()+28)
I/DEBUG   (  189):     #22 pc 00088bf9  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::Run()+64)
I/DEBUG   (  189):     #23 pc 00818151  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #24 pc 0045d9f7  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #25 pc 0045db2f  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #26 pc 0045d01d  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so (Java_org_chromium_content_app_ContentMain_nativeStart+228)
I/DEBUG   (  189):     #27 pc 0015f14d  /data/dalvik-cache/arm/data@app@org.chromium.chrome-236@base.apk@classes.dex
I/DEBUG   (  189): 
I/DEBUG   (  189): Tombstone written to: /data/tombstones/tombstone_00

Or the following:

W/WebKit  (  669): ASSERTION FAILED: isAllowedToQueryCompositingState()
W/WebKit  (  669): ../../third_party/WebKit/Source/core/paint/PaintLayer.cpp(989) : blink::PaintLayer* blink::PaintLayer::enclosingLayerForPaintInvalidation() const
F/libc    (  669): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xfbadbeef in tid 698 (CrRendererMain)
I/DEBUG   (  189): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  189): Build fingerprint: 'google/hammerhead/hammerhead:5.1.1/LMY48I/2074855:userdebug/dev-keys'
I/DEBUG   (  189): Revision: '11'
I/DEBUG   (  189): ABI: 'arm'
I/DEBUG   (  189): pid: 669, tid: 698, name: CrRendererMain  >>> org.chromium.chrome:sandboxed_process2 <<<
I/DEBUG   (  189): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfbadbeef
I/DEBUG   (  189):     r0 b350d438  r1 fffffffe  r2 3f919a58  r3 fbadbeef
I/DEBUG   (  189):     r4 98a10160  r5 00000000  r6 b350d99c  r7 98a10010
I/DEBUG   (  189):     r8 994c1908  r9 b350d578  sl 994c193c  fp b350d524
I/DEBUG   (  189):     ip a026ba64  sp b350d4d8  lr a1937393  pc 9f08bda4  cpsr 80070030
I/DEBUG   (  189): 
I/DEBUG   (  189): backtrace:
I/DEBUG   (  189):     #00 pc 007c6da4  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::PaintLayer::enclosingLayerForPaintInvalidation() const+39)
I/DEBUG   (  189):     #01 pc 007c6ddd  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::PaintLayer::enclosingLayerForPaintInvalidationCrossingFrameBoundaries() const+4)
I/DEBUG   (  189):     #02 pc 007aaaad  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::setTouchEventTargetRects(WTF::HashMap<blink::PaintLayer const*, WTF::Vector<blink::LayoutRect, 0u, WTF::PartitionAllocator>, WTF::PtrHash<blink::PaintLayer const*>, WTF::HashTraits<blink::PaintLayer const*>, WTF::HashTraits<WTF::Vector<blink::LayoutRect, 0u, WTF::PartitionAllocator> >, WTF::PartitionAllocator>&)+532)
I/DEBUG   (  189):     #03 pc 007ab1dd  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::updateTouchEventTargetRectsIfNeeded()+148)
I/DEBUG   (  189):     #04 pc 007abaa3  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::ScrollingCoordinator::updateAfterCompositingChangeIfNeeded()+182)
I/DEBUG   (  189):     #05 pc 006cfcdf  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::FrameView::updateLifecyclePhasesInternal(blink::FrameView::LifeCycleUpdateOption)+386)
I/DEBUG   (  189):     #06 pc 0079a953  /data/app/org.chromium.chrome-236/lib/arm/libwebcore_shared.cr.so (blink::PageAnimator::updateAllLifecyclePhases(blink::LocalFrame&)+14)
I/DEBUG   (  189):     #07 pc 000dc797  /data/app/org.chromium.chrome-236/lib/arm/libblink_web.cr.so (blink::WebViewImpl::updateAllLifecyclePhases()+154)
I/DEBUG   (  189):     #08 pc 007b5151  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so (content::RenderWidgetCompositor::UpdateLayerTreeHost()+10)
I/DEBUG   (  189):     #09 pc 00141eab  /data/app/org.chromium.chrome-236/lib/arm/libcc.cr.so (cc::ProxyMain::BeginMainFrame(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >)+634)
I/DEBUG   (  189):     #10 pc 0014b361  /data/app/org.chromium.chrome-236/lib/arm/libcc.cr.so
I/DEBUG   (  189):     #11 pc 00071c29  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)+292)
I/DEBUG   (  189):     #12 pc 0001b00f  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so (scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*)+602)
I/DEBUG   (  189):     #13 pc 0001b2e5  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so (scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)+452)
I/DEBUG   (  189):     #14 pc 00019bc7  /data/app/org.chromium.chrome-236/lib/arm/libscheduler.cr.so
I/DEBUG   (  189):     #15 pc 00071c29  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)+292)
I/DEBUG   (  189):     #16 pc 00088e83  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::RunTask(base::PendingTask const&)+326)
I/DEBUG   (  189):     #17 pc 00089497  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)+26)
I/DEBUG   (  189):     #18 pc 00089573  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::DoWork()+114)
I/DEBUG   (  189):     #19 pc 0008ac65  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+88)
I/DEBUG   (  189):     #20 pc 0008a5ff  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::RunHandler()+78)
I/DEBUG   (  189):     #21 pc 0009de31  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::RunLoop::Run()+28)
I/DEBUG   (  189):     #22 pc 00088bf9  /data/app/org.chromium.chrome-236/lib/arm/libbase.cr.so (base::MessageLoop::Run()+64)
I/DEBUG   (  189):     #23 pc 00818151  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #24 pc 0045d9f7  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #25 pc 0045db2f  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so
I/DEBUG   (  189):     #26 pc 0045d01d  /data/app/org.chromium.chrome-236/lib/arm/libcontent.cr.so (Java_org_chromium_content_app_ContentMain_nativeStart+228)
I/DEBUG   (  189):     #27 pc 0015f14d  /data/dalvik-cache/arm/data@app@org.chromium.chrome-236@base.apk@classes.dex
I/DEBUG   (  189): 
I/DEBUG   (  189): Tombstone written to: /data/tombstones/tombstone_01

Comment 1 by chrishtr@chromium.org, Mar 23 2016

Status: WontFix (was: Untriaged)

I just tried at ToT and cannot reproduce.

►

Issue 594991 link

Issue metadata

ASSERTION FAILED: isAllowedToQueryCompositingState()

Issue description

Comment 1 by chrishtr@chromium.org, Mar 23 2016

Comment 1 Deleted

Sign in to add a comment