New issue
Advanced search Search tips

Issue 626675 link

Starred by 4 users
Status: Fixed
Owner:
wangxianzhu@chromium.org
Closed: Jul 2016
Cc:
wangxianzhu@chromium.org
liber...@chromium.org
dalecur...@chromium.org
mlamouri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug

Blocking:
issue 651853



Sign in to add a comment

CHECK fails in FrameView.cpp

Project Member Reported by avayvod@chromium.org, Jul 8 2016 
Version: master
OS: Android 5.0, Nexus 5

What steps will reproduce the problem?
(1) Set command line flag --disable-media-suspend for Chrome
(2) Navigate to videojs.com
(3) Observe

What is the expected output?
Chrome shouldn't crash.

What do you see instead?
Chrome crashes with a CHECK:

F/chromium(21685): [FATAL:FrameView.cpp(2699)] Check failed: m_frame->document()->isActive().

CC: Xianzhu who added the check and Dale who added the flag to WMPI.

Comment 1 by wangxianzhu@chromium.org, Jul 8 2016

Blocking: 590856

Comment 2 by dalecur...@chromium.org, Jul 8 2016 

What's the stack trace? It's not clear to me how we're getting to that point.

Comment 3 by wangxianzhu@chromium.org, Jul 8 2016

Labels: Needs-Feedback

Comment 4 by avayvod@chromium.org, Jul 12 2016 

[FATAL:FrameView.cpp(2704)] Check failed: m_frame->document()->isActive().

Stack Trace:
RELADDR FUNCTION FILE:LINE
~LogMessage /usr/local/google/code/chromium/src/base/logging.cc:532
blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2704
blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2735
blink::FrameView::updateStyleAndLayoutIfNeededRecursive() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2681
blink::FrameView::updateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2528
blink::LayoutView::hitTest(blink::HitTestResult&) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/layout/LayoutView.cpp:120
blink::hitTestInDocument(blink::Document const*, int, int, blink::HitTestRequest const&) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/dom/TreeScope.cpp:232
blink::TreeScope::hitTestPoint(int, int, blink::HitTestRequest const&) const /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/dom/TreeScope.cpp:243
blink::TreeScope::elementFromPoint(int, int) const /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/dom/TreeScope.cpp:238
blink::(anonymous namespace)::elementFromCenter(blink::Element&) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/shadow/MediaControlElements.cpp:110
blink::MediaControlCastButtonElement::tryShowOverlay() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/shadow/MediaControlElements.cpp:809
blink::MediaControls::computeWhichControlsFit() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/shadow/MediaControls.cpp:753
~BatchedControlUpdate /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/shadow/MediaControls.cpp:93
blink::MediaControls::refreshClosedCaptionsButtonVisibility() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/shadow/MediaControls.cpp:475
blink::HTMLMediaElement::forgetResourceSpecificTracks() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:2567
blink::HTMLMediaElement::clearMediaPlayer() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:3181
blink::HTMLMediaElement::stop() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:3217
blink::ContextLifecycleNotifier::notifyStoppingActiveDOMObjects() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/dom/ContextLifecycleNotifier.cpp:79
blink::Document::detach(blink::Node::AttachContext const&) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/dom/Document.cpp:2159
blink::FrameLoader::prepareForCommit() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/loader/FrameLoader.cpp:1132
blink::FrameLoader::commitProvisionalLoad() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/loader/FrameLoader.cpp:1149
blink::DocumentLoader::commitIfReady() /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/loader/DocumentLoader.cpp:250
blink::DocumentLoader::processData(char const*, unsigned int) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/loader/DocumentLoader.cpp:533
blink::DocumentLoader::dataReceived(blink::Resource*, char const*, unsigned int) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/loader/DocumentLoader.cpp:511
blink::RawResource::appendData(char const*, unsigned int) /usr/local/google/code/chromium/src/third_party/WebKit/Source/core/fetch/RawResource.cpp:101
content::WebURLLoaderImpl::Context::OnReceivedData(std::__1::unique_ptr<content::RequestPeer::ReceivedData, std::__1::default_delete<content::RequestPeer::ReceivedData> >) /usr/local/google/code/chromium/src/content/child/web_url_loader_impl.cc:747

Comment 5 by avayvod@chromium.org, Jul 12 2016 

Here's the stack trace. Seems like we're triggering layout calculations during layout? Since the video is not suspended when invisible, we're trying to determine if the cast button needs to be shown too early?

Comment 6 by wangxianzhu@chromium.org, Jul 12 2016

Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)

Comment 7 by liber...@chromium.org, Jul 12 2016

Cc: liber...@chromium.org
it's unclear that we should be doing any of the MediaControls work during HTMLMediaElement::stop().  computeWhichControlsFit (and, perhaps most of MediaControls) might want to shut off if !document()->isActive().

it's also unclear to me that we should be calling tryShowOverlay() at the several random points that we do in MediaControls when it can trigger layout for the hit test.  moving it to a zero second one-shot timer might help.  my knowledge of blink layout is quite limited, though.

i'm not sure that would fix the current issue in any case, since the assert is specifically about trying to perform layout on an inactive document.  the timer would still fire, and MediaControls would still be around to handle it.

Comment 8 by nabilanm...@gmail.com, Jul 12 2016 

Start for all campaign

Comment 9 by wangxianzhu@chromium.org, Jul 12 2016 

Anyway I will change the CHECK to conditions to early out related functions: https://codereview.chromium.org/2140983003/.
Project Member

Comment 10 by bugdroid1@chromium.org, Jul 13 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae1eca83691c3167b4ea176e3ac8ba8392b03677

commit ae1eca83691c3167b4ea176e3ac8ba8392b03677
Author: wangxianzhu <wangxianzhu@chromium.org>
Date: Wed Jul 13 22:57:50 2016

Early out for inactive documents in FrameView lifecycle updating functions

We may trigger lifecycle update while some documents in the frame tree
are inactive. This looks valid and the functions should early out.

BUG= 626675 

Review-Url: https://codereview.chromium.org/2140983003
Cr-Commit-Position: refs/heads/master@{#405334}

[modify] https://crrev.com/ae1eca83691c3167b4ea176e3ac8ba8392b03677/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/ae1eca83691c3167b4ea176e3ac8ba8392b03677/third_party/WebKit/Source/core/paint/FramePainter.cpp

Comment 11 by wangxianzhu@chromium.org, Jul 19 2016

Status: Fixed (was: Assigned)

Comment 12 by wangxianzhu@chromium.org, Sep 30 2016

Blocking: -590856

Comment 13 by wangxianzhu@chromium.org, Sep 30 2016

Blocking: 651853

Sign in to add a comment