New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 600364 link

Starred by 1 user
Status: Fixed
Owner:
majidvp@chromium.org
Closed: May 2016
Cc:
rbyers@chromium.org
aelias@chromium.org
bokan@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Pinch-zoom crashes( dcheck trigger )

Reported by matthew...@yandex-team.ru, Apr 4 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4

Steps to reproduce the problem:
1. Open a web page like kernel.org
2. pinch-zoom 2-3 times
3. Renderer process crashes

What is the expected behavior?
Pinch-zoom shouldn't trigger dchecks

What went wrong?
Renderer process crashed:

[43147:18179:0404/161337:FATAL:top_controls_manager.cc(98)] Check failed: !pinch_gesture_active_. 
0   libbase.dylib                       0x000000011e80d3bf _ZN4base5debug10StackTraceC2Ev + 47
1   libbase.dylib                       0x000000011e80d563 _ZN4base5debug10StackTraceC1Ev + 35
2   libbase.dylib                       0x000000011e89a180 _ZN7logging10LogMessageD2Ev + 80
3   libbase.dylib                       0x000000011e897ab3 _ZN7logging10LogMessageD1Ev + 35
4   libcc.dylib                         0x0000000121b72a39 _ZN2cc18TopControlsManager11ScrollBeginEv + 233
5   libcc.dylib                         0x0000000121efecac _ZN2cc17LayerTreeHostImpl15ScrollBeginImplEPNS_11ScrollStateEPNS_9LayerImplENS_12InputHandler15ScrollInputTypeE + 636
6   libcc.dylib                         0x0000000121eff8a9 _ZN2cc17LayerTreeHostImpl11ScrollBeginEPNS_11ScrollStateENS_12InputHandler15ScrollInputTypeE + 889
7   libcontent.dylib                    0x00000001254a50ef _ZN2ui17InputHandlerProxy24HandleGestureScrollBeginERKN5blink15WebGestureEventE + 687
8   libcontent.dylib                    0x00000001254a3913 _ZN2ui17InputHandlerProxy16HandleInputEventERKN5blink13WebInputEventE + 403
9   libcontent.dylib                    0x00000001254a2c8e _ZN2ui17InputHandlerProxy31HandleInputEventWithLatencyInfoERKN5blink13WebInputEventEPNS_11LatencyInfoE + 798
10  libcontent.dylib                    0x00000001247f988d _ZN7content19InputHandlerManager16HandleInputEventEiPKN5blink13WebInputEventEPN2ui11LatencyInfoE + 1501
11  libcontent.dylib                    0x00000001247fb74f _ZN4base8internal15RunnableAdapterIMN7content19InputHandlerManagerEFNS2_18InputEventAckStateEiPKN5blink13WebInputEventEPN2ui11LatencyInfoEEE3RunIJiS8_SB_EEES4_PS3_DpOT_ + 175
12  libcontent.dylib                    0x00000001247fb61d _ZN4base8internal12InvokeHelperILb0EN7content18InputEventAckStateENS0_15RunnableAdapterIMNS2_19InputHandlerManagerEFS3_iPKN5blink13WebInputEventEPN2ui11LatencyInfoEEEEE8MakeItSoIJPS5_iS9_SC_EEES3_SF_DpOT_ + 109
13  libcontent.dylib                    0x00000001247fb586 _ZN4base8internal7InvokerINS_13IndexSequenceIJLm0EEEENS0_9BindStateINS0_15RunnableAdapterIMN7content19InputHandlerManagerEFNS6_18InputEventAckStateEiPKN5blink13WebInputEventEPN2ui11LatencyInfoEEEEFS8_PS7_iSC_SF_EJNS0_17UnretainedWrapperIS7_EEEEENS0_12InvokeHelperILb0ES8_SI_EEFS8_iSC_SF_EE3RunEPNS0_13BindStateBaseEOiOSC_OSF_ + 166
14  libcontent.dylib                    0x00000001247efbee _ZNK4base8CallbackIFN7content18InputEventAckStateEiPKN5blink13WebInputEventEPN2ui11LatencyInfoEELNS_8internal8CopyModeE1EE3RunEiS6_S9_ + 110
15  libcontent.dylib                    0x00000001247eea78 _ZN7content16InputEventFilter16ForwardToHandlerERKN3IPC7MessageE + 2264
16  libcontent.dylib                    0x00000001247f3b15 _ZN4base8internal15RunnableAdapterIMN7content16InputEventFilterEFvRKN3IPC7MessageEEE3RunIS3_JS7_EEEvRK13scoped_refptrIT_EDpOT0_ + 149
17  libcontent.dylib                    0x00000001247f3a1a _ZN4base8internal12InvokeHelperILb0EvNS0_15RunnableAdapterIMN7content16InputEventFilterEFvRKN3IPC7MessageEEEEE8MakeItSoIJRK13scoped_refptrIS4_ES8_EEEvSB_DpOT_ + 74

Crashed report ID: 

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? Yes 

Chrome version: 51.0.2697.0  Channel: dev
OS Version: OS X 10.11.3
Flash Version:

Comment 1 by spqc...@chromium.org, Apr 5 2016

Status: Untriaged (was: Unconfirmed)

Comment 2 by ajha@chromium.org, Apr 5 2016

Labels: Needs-Feedback
Status: Unconfirmed (was: Untriaged)
I was unable to reproduce this on the latest canary(51.0.2700.0) on Mac OS 10.11.3, while pinch zooming the kernel.org page.

matthewtff@: Could you please check this on the latest canary and confirm if you still such crashes. Please let us know if this is consistent or intermittent crash? Also, attach any crash id from chrome://crashes for further triaging.

Thank you!

Comment 3 by matthew...@yandex-team.ru, Apr 5 2016 

It's a DCHECK failure, so not a crash on canary build(unless you build canary with DCHECKs enabled). Also it's the reason why there is no crash id on chrome://crashes.

DCHECK failure means that logic is corrupted and browser *might* do wrong things later.
Project Member

Comment 4 by sheriffbot@chromium.org, Apr 5 2016

Labels: -Needs-Feedback Needs-Review
Owner: ajha@chromium.org
Thank you for providing more feedback. Adding requester "ajha@chromium.org" for another review and adding "Needs-Review" label for tracking.

For more details visit https://sites.google.com/a/chromium.org/dev/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by ajha@chromium.org, Apr 21 2016

Labels: -Needs-Review Te-NeedsFurtherTriage
Owner: ----

Comment 6 by shrike@chromium.org, Apr 27 2016

Components: Blink>PageZoom
Owner: majidvp@chromium.org
Status: Untriaged (was: Unconfirmed)
Hello majidvp@, would you please triage this issue? Thank you.

Comment 7 by majidvp@chromium.org, May 5 2016

Cc: bokan@chromium.org aelias@chromium.org rbyers@chromium.org
Labels: Hotlist-Input-Dev
Status: Assigned (was: Untriaged)
This is very similar to  https://crbug.com/341928 .

It is happening because we are getting a ScrollBegin while handling a pinch zoom. This should not really happen for a single input device (say touch) but can certainly occur when mixing multiple different inputs (e.g., touchscreen pinch zoom and a touchpad scroll). Perhaps this is not something that android should be worried about much but the DCHEK is triggered on Mac OS!


So here is my suggested fix:
Remove the DCHECK and replace it with a guard to exit early in ScrollBegin and ScrollEnd if a pinch gesture is in progress.

Note that this occurs in Mac OS even though we do not really animate top controls. This is because we always create the TopControlsManager but it does nothing on ScrollBy whenever top controls height is 0. One option is to add early exits for pinch handler methods if top controls height is 0 but I don't think that is necessary if we make the earlier change.
Project Member

Comment 8 by bugdroid1@chromium.org, May 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b85b6a8846c06a6095ff5f04946541e39b41dddc

commit b85b6a8846c06a6095ff5f04946541e39b41dddc
Author: majidvp <majidvp@chromium.org>
Date: Tue May 10 02:56:20 2016

Remove invalid pinch-zoom assert in top_controls_manager

It is possible to receive Scroll{Begin,End} while handling a pinch zoom. For
example this  can occur when receiving input from multiple different sources
(e.g., a touchscreen pinch zoom and a touchpad scroll).

The logic is changed to ignore any scrolls during an active pinch gesture
instead of asserting.

BUG= 600364 
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/1961173002
Cr-Commit-Position: refs/heads/master@{#392531}

[modify] https://crrev.com/b85b6a8846c06a6095ff5f04946541e39b41dddc/cc/input/top_controls_manager.cc

Comment 9 by majidvp@chromium.org, May 20 2016

Status: Fixed (was: Assigned)

Sign in to add a comment