DCHECK in EphemeralRange.cpp when loading http://www.youtube.com
Reported by
rog...@opera.com,
Jun 29 2016
|
|||||
Issue descriptionVersion: ToT (53.0.2784.0) (locally built content_shell with DCHECKs enabled) OS: Linux x64 What steps will reproduce the problem? (1) ./content_shell --no-sandbox --disable-gpu http://www.youtube.com (2) Wait until the video ad has started playing (3) Repeat step 1 if DCHECK is not triggered. What is the expected output? No dcheck What do you see instead? FATAL:EphemeralRange.cpp(102)] Check failed: isValid(). #0 0x0000028ebe8e base::debug::StackTrace::StackTrace() #1 0x00000290092b logging::LogMessage::~LogMessage() #2 0x00000196e4e9 blink::EphemeralRangeTemplate<>::startPosition() #3 0x0000019e56e6 blink::plainText() #4 0x0000039aa357 blink::WebViewImpl::textInputInfo() #5 0x0000020017e2 content::RenderWidget::UpdateTextInputState() #6 0x000002000eca content::RenderWidget::WillBeginCompositorFrame() #7 0x000002f8cbf8 cc::ProxyMain::BeginMainFrame() #8 0x000002f9a780 _ZN4base8internal7InvokerINS0_9BindStateINS0_15RunnableAdapterIMN2cc9ProxyMainEFvSt10unique_ptrINS4_28BeginMainFrameAndCommitStateESt14default_deleteIS7_EEEEEJRNS_7WeakPtrIS5_EENS0_13PassedWrapperISA_EEEEEFvvEE7RunImplIRKSD_RKSt5tupleIJSF_SI_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #9 0x00000296f4a9 base::debug::TaskAnnotator::RunTask() #10 0x0000037c8277 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue() #11 0x0000037c7015 scheduler::TaskQueueManager::DoWork() #12 0x00000296f4a9 base::debug::TaskAnnotator::RunTask() #13 0x000002907985 base::MessageLoop::RunTask() #14 0x000002907c98 base::MessageLoop::DeferOrRunPendingTask() #15 0x0000029081cc base::MessageLoop::DoDelayedWork() #16 0x00000290975d base::MessagePumpDefault::Run() #17 0x000002907481 base::MessageLoop::RunHandler() #18 0x0000029251f0 base::RunLoop::Run() #19 0x000002906710 base::MessageLoop::Run() #20 0x00000200b3bc content::RendererMain() #21 0x00000235479b content::RunZygote() #22 0x000002355042 content::RunNamedProcessTypeMain() #23 0x000002355a93 content::ContentMainRunnerImpl::Run() #24 0x000002354360 content::ContentMain() #25 0x00000044116b main #26 0x7fb8330ee830 __libc_start_main #27 0x000000441061 <unknown> Please use labels and text to provide additional information. The --disable-gpu is not really necessary, but it made it easier to hit the DCHECK.
,
Jun 29 2016
This is the video that plays as a semi-big ad on the front page when loading youtube in Sweden today: https://www.youtube.com/watch?v=78S_2AZlGDA I can not seem to reproduce the dcheck using that URL though. So it is likely only the front page that triggers the dcheck. The dcheck does not trigger every time I load the page, one in five maybe so possibly timing dependent. A colleague of mine managed to reproduce it as well (in the same office).
,
Jun 29 2016
Thank you for providing more feedback. Adding requester "yosin@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 30 2016
I can reproduce this with URL in #c2 with following steps: 1. Run content_shell --single-process https://www.youtube.com/watch?v=78S_2AZlGDA 2. Click search box 3. Enter something 4. Wait Since crash is occurred in blink::WebViewImpl::textInputInfo(), we should have text in editable, e.g. INPUT. However, in my case, DCHECK is hit at EphmeralRange::endPosition() instead of startPosition() On DCHECK(EphemeralRange::isValid()), range is created with DOM tree version 8462 and DOM tree version at assertion is 8466. Creation of EphemeralRange is in blink::WebViewImpl::textInputInfo() info.value = plainText(EphemeralRange::rangeOfContents(*element), TextIteratorEmitsObjectReplacementCharacter); And DCHECK in plainText() is if (range.isNull()) return emptyString(); // TODO(dglazkov): The use of updateStyleAndLayoutIgnorePendingStylesheets needs to be audited. // see http://crbug.com/590369 for more details. range.startPosition().document()->updateStyleAndLayoutIgnorePendingStylesheets(); TextIteratorAlgorithm<Strategy> it(range.startPosition(), range.endPosition(), behavior); It seems Document::updateStyleAndLayoutIgnorePendingStylesheets() increase DOM tree version.
,
Jul 5 2016
The root cause is media list mutates DOM tree during |updateStyleAndLayout()|. However, it is worth to hoist |updateStyleAndLayoutIgnorePendingStylesheets()| from |plainText()| to call site. Let's move up |updateStyleAndLayoutXXX()| then assign to CSS team to fix media list issue. Note: crrev.com/2112813002 shows failure tests when make DocumentLifecycle::stateAllowsTreeMutations() to return false for InPreLayout and AfterPeformLayout. There are too many test failures to fix. :-<
,
Aug 29 2016
I can't repro with ToT (@r414967). Is it the same as issue 639728 ?
,
Sep 2 2016
I still can't reproduce with ToT, but can reproduce after reverting r414826. Hence marking the issue as fixed. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by yosin@chromium.org
, Jun 29 2016Owner: rog...@opera.com
Status: Unconfirmed (was: Untriaged)
Summary: NEEDS_FEEDBACK: DCHECK in EphemeralRange.cpp when loading http://www.youtube.com (was: DCHECK in EphemeralRange.cpp when loading http://www.youtube.com)