Issue metadata
Sign in to add a comment
|
Chrome crashes after restarting after a flag is changed in chrome://flags |
||||||||||||||||||||||
Issue descriptionVersion: current clankium master. What steps will reproduce the problem? (1) Open chrome://flags. (2) Pick any flag with a select element. Change the value in the select element. (3) Click the button to restart Chrome. What is the expected output? The chrome://flags correctly opens and renders. What do you see instead? The renderer thread crashes. No crash on further reloading of the chrome://flags page. Stack trace: I 10.540s Main [FATAL:HTMLSelectElement.cpp(1922)] Check failed: selectedOption() == m_lastOnChangeOption (null vs. OPTION) I 10.540s Main I 10.541s Main Stack Trace: I 10.541s Main RELADDR FUNCTION FILE:LINE I 10.541s Main 00084311 logging::LogMessage::~LogMessage() /usr/local/google/code/clankium/src/base/logging.cc:532 I 10.541s Main 005ff1cf blink::HTMLSelectElement::optionToBeShown() const /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/html/HTMLSelectElement.cpp:1922 I 10.541s Main 009eab1d blink::LayoutMenuList::updateFromElement() /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/layout/LayoutMenuList.cpp:179 I 10.541s Main 005c8fdb blink::HTMLFormControlElement::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/html/HTMLFormControlElement.cpp:248 I 10.541s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.541s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.577s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.577s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.577s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.577s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.577s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.577s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 004c4d8b blink::ContainerNode::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/ContainerNode.cpp:755 I 10.578s Main 004ff9f3 blink::Element::attach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1565 I 10.578s Main 00526321 blink::Node::reattach(blink::Node::AttachContext const&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Node.cpp:924 I 10.578s Main 004fb22d blink::Element::buildOwnLayout(blink::ComputedStyle&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1826 I 10.579s Main 00504fb3 blink::Element::recalcOwnStyle(blink::StyleRecalcChange) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1782 I 10.579s Main 00505207 blink::Element::recalcStyle(blink::StyleRecalcChange, blink::Text*) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Element.cpp:1722 I 10.579s Main 004eb259 blink::Document::updateStyle() /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Document.cpp:1785 I 10.579s Main 004edfff blink::Document::updateStyleAndLayoutTree() /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/dom/Document.cpp:1718 I 10.579s Main 0084b655 blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal() /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2703 I 10.579s Main 0084ba1d blink::FrameView::updateStyleAndLayoutIfNeededRecursive() /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2683 I 10.579s Main 0084c6f7 blink::FrameView::updateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/frame/FrameView.cpp:2529 I 10.579s Main 00a1d71b blink::LayoutView::hitTest(blink::HitTestResult&) /usr/local/google/code/clankium/src/third_party/WebKit/Source/core/layout/LayoutView.cpp:120
,
Jul 13 2016
,
Jul 13 2016
How do you unmerge an issue...?
,
Jul 13 2016
Why are we unmerging?
,
Jul 13 2016
I see (https://bugs.chromium.org/p/chromium/issues/detail?id=626328#c10).
,
Jul 14 2016
I reproduced this, and found the root cause.
,
Jul 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5af661c7f9993c6fa9827dfddf738825a43264fe commit 5af661c7f9993c6fa9827dfddf738825a43264fe Author: tkent <tkent@chromium.org> Date: Thu Jul 14 07:44:04 2016 SELECT element: Fix a DCHECK failure in optionToBeShown(). If a SELECT element had a selected OPTION, but restoreFormControlState() could't find OPTIONs matched to FormControlState, m_lastOnChangeOption had a stale value. Use selectOption() in restoreFormControlState() to update m_lastOnChangeOption. BUG= 627833 Review-Url: https://codereview.chromium.org/2151763002 Cr-Commit-Position: refs/heads/master@{#405447} [modify] https://crrev.com/5af661c7f9993c6fa9827dfddf738825a43264fe/third_party/WebKit/Source/core/html/HTMLSelectElement.cpp [modify] https://crrev.com/5af661c7f9993c6fa9827dfddf738825a43264fe/third_party/WebKit/Source/core/html/HTMLSelectElementTest.cpp
,
Jul 14 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by dglazkov@chromium.org
, Jul 13 2016Status: Duplicate (was: Untriaged)