New issue
Advanced search Search tips

Issue 683282 link

Starred by 1 user
Status: Fixed
Owner:
kenrb@chromium.org
Closed: Jan 2017
Cc:
bokan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Renderer crash in Scrollingcoordinator

Project Member Reported by caseq@chromium.org, Jan 20 2017 
Chrome Version: Chromium 58.0.2988.0 (Developer Build) (64-bit)
Revision	cd5c59cdcc860f2b31f4dea6fd17790559ffb615-refs/heads/master@{#445084}
OS: Linux

Renderer occasionally crashes on random sites (devtools, forbes.com):

#0 0x7fb7c762d894 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#1 0x7fb7c5071330 <unknown>
#2 0x7fb7c836dfc5 cc::ScrollOffsetAnimations::AddTakeoverUpdate()
#3 0x7fb7cae7f761 blink::ScrollAnimatorCompositorCoordinator::updateImplOnlyCompositorAnimations()
#4 0x7fb7cae7f48d blink::ScrollAnimatorCompositorCoordinator::takeOverCompositorAnimation()
#5 0x7fb7c9bbefbb blink::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread()
#6 0x7fb7c9bbe413 blink::ScrollingCoordinator::updateAfterCompositingChangeIfNeeded()
#7 0x7fb7c97fe0d5 blink::FrameView::updateLifecyclePhasesInternal()
#8 0x7fb7c9bb24aa blink::PageAnimator::updateAllLifecyclePhases()
#9 0x7fb7c932444d blink::WebViewImpl::updateAllLifecyclePhases()
#10 0x7fb7ca929331 cc::ProxyMain::BeginMainFrame()
#11 0x7fb7ca93d640 _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvSt10unique_ptrINS3_28BeginMainFrameAndCommitStateESt14default_deleteIS6_EEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperIS9_EEEEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_SF_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#12 0x7fb7c76af13e base::debug::TaskAnnotator::RunTask()

Comment 1 by bokan@chromium.org, Jan 20 2017

Cc: -kenrb@chromium.org
Owner: kenrb@chromium.org
Status: Assigned (was: Untriaged)
Almost certainly a result of https://codereview.chromium.org/2631853002/

Comment 2 by kenrb@chromium.org, Jan 20 2017 

Investigating.

Comment 3 by caseq@chromium.org, Jan 20 2017 

A reliable reproduce -- open DevTools, go to Settings, click any combo-box, then click elsewhere on page.

Comment 4 by caseq@chromium.org, Jan 20 2017 

Reverted https://codereview.chromium.org/2631853002/ locally -- and it's gone!

Comment 5 by kenrb@chromium.org, Jan 20 2017 

It looks like the change to WebPagePopupImpl is problematic. In WebPagePopupImpl::setIsAcceleratedCompositingActive, changing the second argument to layerTreeViewInitialized to nullptr fixes the problem, at least as far as the repro case goes.
Project Member

Comment 6 by bugdroid1@chromium.org, Jan 20 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f15f669d84991252dd186c7093b885d7e909fad3

commit f15f669d84991252dd186c7093b885d7e909fad3
Author: kenrb <kenrb@chromium.org>
Date: Fri Jan 20 22:43:49 2017

Fix ScrollingCoordinator-related crash with page popups

Rev 444497 introduced a crash that can happen when popups are opened,
because in some cases they access the wrong compositor animation host
and timeline. This fixes the issue by ensure they always use those
resources on the top frame.

BUG= 683282 

Review-Url: https://codereview.chromium.org/2647963002
Cr-Commit-Position: refs/heads/master@{#445192}

[modify] https://crrev.com/f15f669d84991252dd186c7093b885d7e909fad3/third_party/WebKit/Source/web/WebPagePopupImpl.cpp

Comment 7 by kenrb@chromium.org, Jan 23 2017

Status: Fixed (was: Assigned)

Comment 8 by kenrb@chromium.org, Jan 24 2017

Labels: M-57 Merge-Request-57
The fix for  issue 675695  has merge approval, but the CL on this bug fixes a problem with it. I need approval here as well so that they can be merged together.
Project Member

Comment 9 by sheriffbot@chromium.org, Jan 24 2017

Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by bugdroid1@chromium.org, Jan 24 2017

Labels: -merge-approved-57 merge-merged-2987
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/37f84209a3c632b8cd696c50eca923d533f0e1a8

commit 37f84209a3c632b8cd696c50eca923d533f0e1a8
Author: Ken Buchanan <kenrb@chromium.org>
Date: Tue Jan 24 18:29:24 2017

Fix ScrollingCoordinator-related crash with page popups

Rev 444497 introduced a crash that can happen when popups are opened,
because in some cases they access the wrong compositor animation host
and timeline. This fixes the issue by ensure they always use those
resources on the top frame.

BUG= 683282 

Review-Url: https://codereview.chromium.org/2647963002
Cr-Commit-Position: refs/heads/master@{#445192}
(cherry picked from commit f15f669d84991252dd186c7093b885d7e909fad3)

Review-Url: https://codereview.chromium.org/2655743002 .
Cr-Commit-Position: refs/branch-heads/2987@{#63}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[modify] https://crrev.com/37f84209a3c632b8cd696c50eca923d533f0e1a8/third_party/WebKit/Source/web/WebPagePopupImpl.cpp

Sign in to add a comment