Layout invalidation after layout caused by plugin script execution |
|||||||||
Issue descriptionThis is discovered by the release checks for bug 590856. During FrameView::scrollContents(), a loadable plugin placeholder creates the actual plugin which executes the creation scripts, causing unexpected layout invalidation. https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3AFrameView%3A%3AcheckLayoutInvalidationIsAllowed%27%20AND%20product.version%20%3E%3D%20%2754.0.2795.0%27&ignore_case=false&enable_rewrite=false&omit_field_name=CrashedStackTrace.StackFrame.FunctionName&omit_field_value=void%20blink%3A%3AFrameView%3A%3AforAllNonThrottledFrameViews%3Cblink%3A%3AFrameView%3A%3AupdateLifecyclePhasesInternal(blink%3A%3ADocumentLifecycle%3A%3ALifecycleState)%3A%3A%24_2%3E(blink%3A%3AFrameView%3A%3AupdateLifecyclePhasesInternal(blink%3A%3ADocumentLifecycle%3A%3ALifecycleState)%3A%3A%24_2%20const%26)&omit_field_opt=%3D&stbtiq=&reportid=917459f600000000&index=1#0 0x0fbc597e (chrome_child.dll -frameview.cpp:1838 ) blink::FrameView::checkLayoutInvalidationIsAllowed() 0x0fbc580a (chrome_child.dll -frameview.cpp:1848 ) blink::FrameView::scheduleRelayout() 0x0fbc579c (chrome_child.dll -layoutobject.cpp:2946 ) blink::LayoutObject::scheduleRelayout() 0x0fbc5660 (chrome_child.dll -layoutobject.cpp:806 ) blink::LayoutObject::markContainerChainForLayout(bool,blink::SubtreeLayoutScope *) 0x0fbc5308 (chrome_child.dll -layoutobject.h:2028 ) blink::LayoutObject::setNeedsLayout(char const * const,blink::MarkingBehavior,blink::SubtreeLayoutScope *) 0x0fef2db4 (chrome_child.dll -layoutobject.h:828 ) blink::LayoutObject::setNeedsLayoutAndPrefWidthsRecalc(char const * const) 0x0fd4c9a3 (chrome_child.dll -layoutobjectchildlist.cpp:65 ) blink::LayoutObjectChildList::removeChildNode(blink::LayoutObject *,blink::LayoutObject *,bool) 0x0fd4c79f (chrome_child.dll -layoutblockflow.cpp:2428 ) blink::LayoutBlockFlow::removeChild(blink::LayoutObject *) 0x0fd1ec48 (chrome_child.dll -layoutobject.cpp:2611 ) blink::LayoutObject::willBeDestroyed() 0x0ff880b6 (chrome_child.dll -layouttext.cpp:229 ) blink::LayoutText::willBeDestroyed() 0x0fd1e374 (chrome_child.dll -layoutobject.cpp:2844 ) blink::LayoutObject::destroy() 0x0fd1e363 (chrome_child.dll -layoutobject.cpp:2837 ) blink::LayoutObject::destroyAndCleanupAnonymousWrappers() 0x0ff2662a (chrome_child.dll -node.cpp:942 ) blink::Node::detach(blink::Node::AttachContext const &) 0x0fd1dfa3 (chrome_child.dll -containernode.cpp:769 ) blink::ContainerNode::detach(blink::Node::AttachContext const &) 0x0fd1e15b (chrome_child.dll -element.cpp:1610 ) blink::Element::detach(blink::Node::AttachContext const &) 0x0fd1dfa3 (chrome_child.dll -containernode.cpp:769 ) blink::ContainerNode::detach(blink::Node::AttachContext const &) 0x0fd1e15b (chrome_child.dll -element.cpp:1610 ) blink::Element::detach(blink::Node::AttachContext const &) 0x0fd1dfa3 (chrome_child.dll -containernode.cpp:769 ) blink::ContainerNode::detach(blink::Node::AttachContext const &) 0x0fd1e15b (chrome_child.dll -element.cpp:1610 ) blink::Element::detach(blink::Node::AttachContext const &) 0x0fef2b36 (chrome_child.dll -containernode.cpp:508 ) blink::ContainerNode::removeBetween(blink::Node *,blink::Node *,blink::Node &) 0x0fef1ca4 (chrome_child.dll -containernode.cpp:491 ) blink::ContainerNode::removeChild(blink::Node *,blink::ExceptionState &) 0x0fef1b1d (chrome_child.dll -node.cpp:405 ) blink::Node::removeChild(blink::Node *,blink::ExceptionState &) 0x0fef1ae7 (chrome_child.dll -v8node.cpp:799 ) blink::NodeV8Internal::removeChildMethod 0x0fef191e (chrome_child.dll -v8node.cpp:810 ) blink::NodeV8Internal::removeChildMethodCallback 0x0fcd6f7c (chrome_child.dll -api-arguments.cc:19 ) v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const &)) 0x0fcd6cd2 (chrome_child.dll -builtins.cc:5703 ) v8::internal::`anonymous namespace'::HandleApiCallHelper<0> 0x0fcd6aaf (chrome_child.dll -builtins.cc:5732 ) v8::internal::Builtin_Impl_HandleApiCall 0x0fcd69f4 (chrome_child.dll -builtins.cc:5720 ) v8::internal::Builtin_HandleApiCall 0x0450a23d 0x158f0651 0x1cbc906f 0x0450b6b5 0x1cbc80e5 0x0450b6b5 0x158f0261 0x0453be3d 0x04523a22 0x0fc56c67 (chrome_child.dll -execution.cc:111 ) v8::internal::`anonymous namespace'::Invoke 0x0fc56b4f (chrome_child.dll -execution.cc:168 ) v8::internal::Execution::Call(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const) 0x0fd04d43 (chrome_child.dll -api.cc:1908 ) v8::Script::Run(v8::Local<v8::Context>) 0x0fd03e9b (chrome_child.dll -v8scriptrunner.cpp:415 ) blink::V8ScriptRunner::runCompiledScript(v8::Isolate *,v8::Local<v8::Script>,blink::ExecutionContext *) 0x0fd01a5c (chrome_child.dll -scriptcontroller.cpp:150 ) blink::ScriptController::executeScriptAndReturnValue(v8::Local<v8::Context>,blink::ScriptSourceCode const &,blink::AccessControlStatus) 0x0fc38ed1 (chrome_child.dll -scriptcontroller.cpp:396 ) blink::ScriptController::evaluateScriptInMainWorld(blink::ScriptSourceCode const &,blink::AccessControlStatus,blink::ScriptController::ExecuteScriptPolicy) 0x0feafb4e (chrome_child.dll -scriptcontroller.cpp:379 ) blink::ScriptController::executeScriptInMainWorldAndReturnValue(blink::ScriptSourceCode const &,blink::ScriptController::ExecuteScriptPolicy) 0x0feafb03 (chrome_child.dll -weblocalframeimpl.cpp:789 ) blink::WebLocalFrameImpl::executeScriptAndReturnValue(blink::WebScriptSource const &) 0x1129fdef (chrome_child.dll -pepper_plugin_instance_impl.cc:2446 ) content::PepperPluginInstanceImpl::ExecuteScript(int,PP_Var,PP_Var *) 0x11507f13 (chrome_child.dll -ppb_instance_proxy.cc:977 ) ppapi::proxy::PPB_Instance_Proxy::OnHostMsgExecuteScript(int,ppapi::proxy::SerializedVarReceiveInput,ppapi::proxy::SerializedVarOutParam,ppapi::proxy::SerializedVarReturnValue) 0x115064d7 (chrome_child.dll -tuple.h:179 ) base::DispatchToMethodImpl<ppapi::proxy::PPB_Instance_Proxy *,void (__thiscall ppapi::proxy::PPB_Instance_Proxy::*)(int,ppapi::proxy::SerializedVarReceiveInput,ppapi::proxy::SerializedVarOutParam,ppapi::proxy::SerializedVarReturnValue),int,ppapi::proxy::SerializedVar,ppapi::proxy::SerializedVar,ppapi::proxy::SerializedVar,0,1,0,1> 0x115058dd (chrome_child.dll -ipc_message_templates.h:173 ) IPC::MessageT<PpapiHostMsg_PPBInstance_ExecuteScript_Meta,std::tuple<int,ppapi::proxy::SerializedVar>,std::tuple<ppapi::proxy::SerializedVar,ppapi::proxy::SerializedVar> >::Dispatch<ppapi::proxy::PPB_Instance_Proxy,ppapi::proxy::PPB_Instance_Proxy,void,void ( ppapi::proxy::PPB_Instance_Proxy::*)(int,ppapi::proxy::SerializedVarReceiveInput,ppapi::proxy::SerializedVarOutParam,ppapi::proxy::SerializedVarReturnValue)>(IPC::Message const *,ppapi::proxy::PPB_Instance_Proxy *,ppapi::proxy::PPB_Instance_Proxy *,void *,void ( ppapi::proxy::PPB_Instance_Proxy::*)(int,ppapi::proxy::SerializedVarReceiveInput,ppapi::proxy::SerializedVarOutParam,ppapi::proxy::SerializedVarReturnValue)) 0x11508ff8 (chrome_child.dll -ppb_instance_proxy.cc:133 ) ppapi::proxy::PPB_Instance_Proxy::OnMessageReceived(IPC::Message const &) ... 10 more 0x11a0304c (chrome_child.dll -ppp_instance_combined.cc:49 ) ppapi::PPP_Instance_Combined::DidCreate(int,unsigned int,char const * * const,char const * * const) 0x112a16fd (chrome_child.dll -pepper_plugin_instance_impl.cc:874 ) content::PepperPluginInstanceImpl::Initialize(std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > const &,std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > const &,bool,std::unique_ptr<content::PluginInstanceThrottlerImpl,std::default_delete<content::PluginInstanceThrottlerImpl> >) 0x112c87c8 (chrome_child.dll -pepper_webplugin_impl.cc:106 ) content::PepperWebPluginImpl::initialize(blink::WebPluginContainer *) 0x1153a7f5 (chrome_child.dll -loadable_plugin_placeholder.cc:112 ) plugins::LoadablePluginPlaceholder::ReplacePlugin(blink::WebPlugin *) 0x1153a2df (chrome_child.dll -loadable_plugin_placeholder.cc:304 ) plugins::LoadablePluginPlaceholder::LoadPlugin() 0x1153a36e (chrome_child.dll -loadable_plugin_placeholder.cc:92 ) plugins::LoadablePluginPlaceholder::MarkPluginEssential(content::PluginInstanceThrottler::PowerSaverUnthrottleMethod) 0x1153a618 (chrome_child.dll -loadable_plugin_placeholder.cc:221 ) plugins::LoadablePluginPlaceholder::OnUnobscuredRectUpdate(gfx::Rect const &) 0x1153b3db (chrome_child.dll -webview_plugin.cc:215 ) WebViewPlugin::updateGeometry(blink::WebRect const &,blink::WebRect const &,blink::WebRect const &,blink::WebVector<blink::WebRect> const &,bool) 0x11073c0d (chrome_child.dll -webplugincontainerimpl.cpp:453 ) blink::WebPluginContainerImpl::reportGeometry() 0x0fbff334 (chrome_child.dll -frameview.cpp:3186 ) blink::FrameView::frameRectsChanged() 0x103de359 (chrome_child.dll -frameview.cpp:3696 ) blink::FrameView::scrollContents(blink::IntSize const &) 0x0fc27687 (chrome_child.dll -frameview.cpp:245 ) blink::FrameView::forAllNonThrottledFrameViews<<lambda_102d90f3b118b3639f323849900a2344> >(<lambda_102d90f3b118b3639f323849900a2344> const &) 0x0fc276c2 (chrome_child.dll -frameview.cpp:251 ) blink::FrameView::forAllNonThrottledFrameViews<<lambda_102d90f3b118b3639f323849900a2344> >(<lambda_102d90f3b118b3639f323849900a2344> const &) 0x0fc276c2 (chrome_child.dll -frameview.cpp:251 ) blink::FrameView::forAllNonThrottledFrameViews<<lambda_102d90f3b118b3639f323849900a2344> >(<lambda_102d90f3b118b3639f323849900a2344> const &) 0x0fc276c2 (chrome_child.dll -frameview.cpp:251 ) blink::FrameView::forAllNonThrottledFrameViews<<lambda_102d90f3b118b3639f323849900a2344> >(<lambda_102d90f3b118b3639f323849900a2344> const &) 0x0fc276c2 (chrome_child.dll -frameview.cpp:251 ) blink::FrameView::forAllNonThrottledFrameViews<<lambda_102d90f3b118b3639f323849900a2344> >(<lambda_102d90f3b118b3639f323849900a2344> const &) 0x0fbc6149 (chrome_child.dll -frameview.cpp:2551 ) blink::FrameView::updateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) 0x0fd0cfe2 (chrome_child.dll -layoutviewitem.h:75 ) blink::LayoutViewItem::hitTest(blink::HitTestResult &)
,
Jul 22 2016
Seeing similar magic signature [Assert] blink::LayoutObject::setNeedsLayout also. Crash Link: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Android%27%20AND%20product.version%3D%2753.0.2785.21%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20ReportID%3D%270329fd0e00000000%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D&stbtiq=&reportid=&index=0 wangxianzhu@, Could you please confirm if both are similar or shall i a file a new one?
,
Jul 22 2016
#2 crash is different, so Please file a new one. Or just ignore it if it doesn't happen on other versions (for now it's on 53.0.2785.21 only).
,
Aug 10 2016
Users experienced this crash on the following builds: Android Dev 54.0.2823.2 - 2.04 CPM, 5 reports, 5 clients (signature blink::FrameView::checkLayoutInvalidationIsAllowed) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Aug 30 2016
Users experienced this crash on the following builds: Win Canary 55.0.2843.0 - 0.65 CPM, 8 reports, 6 clients (signature blink::FrameView::checkLayoutInvalidationIsAllowed) Android Dev 54.0.2837.2 - 1.64 CPM, 62 reports, 55 clients (signature blink::FrameView::checkLayoutInvalidationIsAllowed) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Sep 30 2016
,
Sep 30 2016
,
Jan 6 2017
I don't think the power saver plugin blocker should be unthrottling plugins in the middle of layout. This should be done in a posted task. https://codereview.chromium.org/2164753003/ and issue 628629 is a previous instance of this that we fixed.
,
Jan 6 2017
Issue 631810 has been merged into this issue.
,
Jan 13 2017
Hey dcheng, I think this was already fixed by in issue 628629. That particular stack trace in #1 can't happen anymore, since we made a PostTask breaking up these two: plugins::LoadablePluginPlaceholder::OnUnobscuredRectUpdate(gfx::Rect const &) 0x1153b3db (chrome_child.dll -webview_plugin.cc:215 ) WebViewPlugin::updateGeometry(blink::WebRect const &,blink::WebRect const &,blink::WebRect const &,blink::WebVector<blink::WebRect> const &,bool) |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by wangxianzhu@chromium.org
, Jul 19 2016