Issue 729441 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	pdr@chromium.org
Closed:	Jun 2017
Cc:	chaopeng@chromium.org emaxx@chromium.org bokan@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	1
Type:	Bug

Overlay scrollbar crash on debug build

Project Member Reported by chaopeng@chromium.org, Jun 5 2017

Issue description

Chrome Version: 9b638538ae77 - debug
OS: Linux

0) enable overlay scrollbar
1) scroll then mouse down at thumb

[1:5:0604/233145.952017:FATAL:scrollbar_layer_impl_base.cc(79)] Check failed: !layer_tree_impl()->ScrollbarGeometriesNeedUpdate(). 
#0 0x7fe72503fb0b base::debug::StackTrace::StackTrace()
#1 0x7fe72503e80c base::debug::StackTrace::StackTrace()
#2 0x7fe7250b23a3 logging::LogMessage::~LogMessage()
#3 0x7fe71ab80c49 cc::ScrollbarLayerImplBase::vertical_adjust()
#4 0x7fe71ab67da1 cc::PaintedOverlayScrollbarLayerImpl::TrackLength()
#5 0x7fe71ab81098 cc::ScrollbarLayerImplBase::ComputeThumbQuadRectWithThumbThicknessScale()
#6 0x7fe71ab813ba cc::ScrollbarLayerImplBase::ComputeExpandedThumbQuadRect()
#7 0x7fe71ab2af85 cc::(anonymous namespace)::DistanceToScrollbarPart()
#8 0x7fe71ab2ae9a cc::SingleScrollbarAnimationControllerThinning::DidMouseMove()
#9 0x7fe71ab27dfc cc::ScrollbarAnimationController::DidMouseMove()
#10 0x7fe71adedef6 cc::LayerTreeHostImpl::MouseMoveAt()
#11 0x7fe71dcdf8e5 ui::InputHandlerProxy::HandleInputEvent()
#12 0x7fe71dcdef8d ui::InputHandlerProxy::DispatchSingleInputEvent()
#13 0x7fe71dcde044 ui::InputHandlerProxy::HandleInputEventWithLatencyInfo()
#14 0x7fe71f45cb62 content::InputHandlerManager::HandleInputEvent()
#15 0x7fe71f453e78 content::InputEventFilter::ForwardToHandler()
#16 0x7fe71f459504 _ZN4base8internal13FunctorTraitsIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEvE6InvokeIRK13scoped_refptrIS3_EJRKiS7_RKS8_EEEvSA_OT_DpOT0_
#17 0x7fe71f4593c0 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJRK13scoped_refptrIS5_ERKiS9_RKSA_EEEvOT_DpOT0_
#18 0x7fe71f459325 _ZN4base8internal7InvokerINS0_9BindStateIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJ13scoped_refptrIS4_EiS6_S9_EEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_iS6_S9_EEJLm0ELm1ELm2ELm3EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#19 0x7fe71f4591bc _ZN4base8internal7InvokerINS0_9BindStateIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJ13scoped_refptrIS4_EiS6_S9_EEEFvvEE3RunEPNS0_13BindStateBaseE
#20 0x7fe724ffb2ee _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#21 0x7fe72504575e base::debug::TaskAnnotator::RunTask()
#22 0x7fe71190b38e blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#23 0x7fe711908316 blink::scheduler::TaskQueueManager::DoWork()
#24 0x7fe711913764 _ZN4base8internal13FunctorTraitsIMN5blink9scheduler16TaskQueueManagerEFvbEvE6InvokeIRKNS_7WeakPtrIS4_EEJRKbEEEvS6_OT_DpOT0_
#25 0x7fe71191366f _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#26 0x7fe7119135e3 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKSt5tupleIJS9_bEEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#27 0x7fe7119134fc _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#28 0x7fe724ffb2ee _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#29 0x7fe72504575e base::debug::TaskAnnotator::RunTask()
#30 0x7fe7250dc27d base::MessageLoop::RunTask()
#31 0x7fe7250dc507 base::MessageLoop::DeferOrRunPendingTask()
#32 0x7fe7250dc81f base::MessageLoop::DoWork()
#33 0x7fe7250ee908 base::MessagePumpDefault::Run()
#34 0x7fe7250dbc48 base::MessageLoop::Run()
#35 0x7fe72518576d base::RunLoop::Run()
#36 0x7fe725235554 base::Thread::Run()
#37 0x7fe725235dba base::Thread::ThreadMain()
#38 0x7fe72521c5aa base::(anonymous namespace)::ThreadFunc()
#39 0x7fe72557b184 start_thread
#40 0x7fe70b4edbed clone

Received signal 6
#0 0x7fe72503fb0b base::debug::StackTrace::StackTrace()
#1 0x7fe72503e80c base::debug::StackTrace::StackTrace()
#2 0x7fe72503f61f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7fe725583330 <unknown>
#4 0x7fe70b426c37 gsignal
#5 0x7fe70b42a028 abort
#6 0x7fe72503c806 base::debug::(anonymous namespace)::DebugBreak()
#7 0x7fe72503c7e8 base::debug::BreakDebugger()
#8 0x7fe7250b2824 logging::LogMessage::~LogMessage()
#9 0x7fe71ab80c49 cc::ScrollbarLayerImplBase::vertical_adjust()
#10 0x7fe71ab67da1 cc::PaintedOverlayScrollbarLayerImpl::TrackLength()
#11 0x7fe71ab81098 cc::ScrollbarLayerImplBase::ComputeThumbQuadRectWithThumbThicknessScale()
#12 0x7fe71ab813ba cc::ScrollbarLayerImplBase::ComputeExpandedThumbQuadRect()
#13 0x7fe71ab2af85 cc::(anonymous namespace)::DistanceToScrollbarPart()
#14 0x7fe71ab2ae9a cc::SingleScrollbarAnimationControllerThinning::DidMouseMove()
#15 0x7fe71ab27dfc cc::ScrollbarAnimationController::DidMouseMove()
#16 0x7fe71adedef6 cc::LayerTreeHostImpl::MouseMoveAt()
#17 0x7fe71dcdf8e5 ui::InputHandlerProxy::HandleInputEvent()
#18 0x7fe71dcdef8d ui::InputHandlerProxy::DispatchSingleInputEvent()
#19 0x7fe71dcde044 ui::InputHandlerProxy::HandleInputEventWithLatencyInfo()
#20 0x7fe71f45cb62 content::InputHandlerManager::HandleInputEvent()
#21 0x7fe71f453e78 content::InputEventFilter::ForwardToHandler()
#22 0x7fe71f459504 _ZN4base8internal13FunctorTraitsIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEvE6InvokeIRK13scoped_refptrIS3_EJRKiS7_RKS8_EEEvSA_OT_DpOT0_
#23 0x7fe71f4593c0 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJRK13scoped_refptrIS5_ERKiS9_RKSA_EEEvOT_DpOT0_
#24 0x7fe71f459325 _ZN4base8internal7InvokerINS0_9BindStateIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJ13scoped_refptrIS4_EiS6_S9_EEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_iS6_S9_EEJLm0ELm1ELm2ELm3EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#25 0x7fe71f4591bc _ZN4base8internal7InvokerINS0_9BindStateIMN7content16InputEventFilterEFviRKN3IPC7MessageENS_9TimeTicksEEJ13scoped_refptrIS4_EiS6_S9_EEEFvvEE3RunEPNS0_13BindStateBaseE
#26 0x7fe724ffb2ee _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#27 0x7fe72504575e base::debug::TaskAnnotator::RunTask()
#28 0x7fe71190b38e blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#29 0x7fe711908316 blink::scheduler::TaskQueueManager::DoWork()
#30 0x7fe711913764 _ZN4base8internal13FunctorTraitsIMN5blink9scheduler16TaskQueueManagerEFvbEvE6InvokeIRKNS_7WeakPtrIS4_EEJRKbEEEvS6_OT_DpOT0_
#31 0x7fe71191366f _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#32 0x7fe7119135e3 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKSt5tupleIJS9_bEEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#33 0x7fe7119134fc _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#34 0x7fe724ffb2ee _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#35 0x7fe72504575e base::debug::TaskAnnotator::RunTask()
#36 0x7fe7250dc27d base::MessageLoop::RunTask()
#37 0x7fe7250dc507 base::MessageLoop::DeferOrRunPendingTask()
#38 0x7fe7250dc81f base::MessageLoop::DoWork()
#39 0x7fe7250ee908 base::MessagePumpDefault::Run()
#40 0x7fe7250dbc48 base::MessageLoop::Run()
#41 0x7fe72518576d base::RunLoop::Run()
#42 0x7fe725235554 base::Thread::Run()
#43 0x7fe725235dba base::Thread::ThreadMain()
#44 0x7fe72521c5aa base::(anonymous namespace)::ThreadFunc()
#45 0x7fe72557b184 start_thread
#46 0x7fe70b4edbed clone
  r8: fffffffffffffed8  r9: fffffffffffffec8 r10: 0000000000000008 r11: 0000000000000202
 r12: 0000000000000000 r13: 0000000000000000 r14: 00007fe6fd0779c0 r15: 00007fe6fd077700
  di: 0000000000000001  si: 0000000000000005  bp: 00007fe6fd070f70  bx: 00007fe6fd073178
  dx: 0000000000000006  ax: 0000000000000000  cx: 00007fe70b426c37  sp: 00007fe6fd070e38
  ip: 00007fe70b426c37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Comment 1 by chaopeng@chromium.org, Jun 5 2017

Cc: chaopeng@chromium.org
Owner: pdr@chromium.org

The DCHECK is from 5e56378a4010596474851b57a8fccf49ea0c88f6. pdr@ PTAL.

Comment 2 by chaopeng@chromium.org, Jun 5 2017

Steps to reproduce the problem:

0) enable overlay scrollbar
1) move scrollbar thumb with mouse

Comment 3 by pdr@chromium.org, Jun 5 2017

Status: Started (was: Untriaged)

Comment 4 by pdr@chromium.org, Jun 5 2017

Can you help me with the repro steps?

On linux I am not hitting this with:
--enable-overlay-scrollbar

Is there something else I need to do to get into the overlay scrollbar configuration?

Comment 5 by bokan@chromium.org, Jun 5 2017

I haven't tried this but I'd guess you may need --enable-prefer-compositing-to-lcd-text

Comment 6 by pdr@chromium.org, Jun 5 2017

Still no luck :/

Here's the exact command I'm using:
./out/Debug/chrome --enable-overlay-scrollbar --no-sandbox --enable-prefer-compositing-to-lcd-text

I do believe this crash is hitting though. It's very easy to fix, just need to find out how to repro it so I can make a test.

Comment 7 by chaopeng@chromium.org, Jun 6 2017

Please use "--enable-features=OverlayScrollbar --enable-prefer-compositing-to-lcd-text".

Comment 8 by emaxx@chromium.org, Jun 7 2017

Cc: emaxx@chromium.org

I can reproduce it  on 'target_os="chromeos" is_debug=true' build. The repro steps include opening a web page with scrollbars, hovering the scrollbar and (if hasn't crashed by that point) grab-and-drag the scrollbar. Sometimes it crashes even without any additional gestures, just opening the tall page is enough.

Comment 9 by pdr@chromium.org, Jun 7 2017

Sorry for the disruption, I have a patch up for review: https://chromium-review.googlesource.com/c/526349/

Project Member

Comment 10 by bugdroid1@chromium.org, Jun 9 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/052164529c5b51f68b6ac5ad25cdde96c80f4779

commit 052164529c5b51f68b6ac5ad25cdde96c80f4779
Author: pdr <pdr@chromium.org>
Date: Fri Jun 09 03:05:35 2017

Update scrollbar geometries for hit testing

This patch fixes a bug in [1] where the scrollbar geometries were only
updated in PrepareToDraw because it was assumed the geometries were only
needed for AppendQuads. This patch updates geometries in UpdateDrawProperties
which occurs before AppendQuads and before hit testing.

[1] https://chromium-review.googlesource.com/c/517762

Bug:  729441 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3c339e9c1eb2ab1cbfacd60bd613b071cf030dc1
Reviewed-on: https://chromium-review.googlesource.com/526349
Commit-Queue: Philip Rogers <pdr@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#478177}
[modify] https://crrev.com/052164529c5b51f68b6ac5ad25cdde96c80f4779/cc/trees/layer_tree_host_impl.cc
[modify] https://crrev.com/052164529c5b51f68b6ac5ad25cdde96c80f4779/cc/trees/layer_tree_host_impl_unittest.cc
[modify] https://crrev.com/052164529c5b51f68b6ac5ad25cdde96c80f4779/cc/trees/layer_tree_impl.cc
[modify] https://crrev.com/052164529c5b51f68b6ac5ad25cdde96c80f4779/cc/trees/layer_tree_impl.h

Comment 11 by pdr@chromium.org, Jun 9 2017

Status: Fixed (was: Started)

Project Member

Comment 12 by bugdroid1@chromium.org, Jun 9 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/74b07a1ed115a3e99fee1799011c09dbc87ca940

commit 74b07a1ed115a3e99fee1799011c09dbc87ca940
Author: pdr <pdr@chromium.org>
Date: Fri Jun 09 18:38:29 2017

Remove LayerTreeImpl::RegisterScrollLayer

This function no longer registers a scroll layer and instead just sets
needs_show_scrollbars. This logic has been inlined into SetScrollable.

Bug:  729441 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I44554fe284cd67d97a650d392e812b6613c51631
Reviewed-on: https://chromium-review.googlesource.com/529605
Reviewed-by: Chris harrelson <chrishtr@chromium.org>
Commit-Queue: Philip Rogers <pdr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#478347}
[modify] https://crrev.com/74b07a1ed115a3e99fee1799011c09dbc87ca940/cc/layers/layer_impl.cc
[modify] https://crrev.com/74b07a1ed115a3e99fee1799011c09dbc87ca940/cc/trees/layer_tree_impl.cc
[modify] https://crrev.com/74b07a1ed115a3e99fee1799011c09dbc87ca940/cc/trees/layer_tree_impl.h

►

Issue 729441 link

Issue metadata

Overlay scrollbar crash on debug build

Issue description

Comment 1 by chaopeng@chromium.org, Jun 5 2017

Comment 1 Deleted

Comment 2 by chaopeng@chromium.org, Jun 5 2017

Comment 2 Deleted

Comment 3 by pdr@chromium.org, Jun 5 2017

Comment 3 Deleted

Comment 4 by pdr@chromium.org, Jun 5 2017

Comment 4 Deleted

Comment 5 by bokan@chromium.org, Jun 5 2017

Comment 5 Deleted

Comment 6 by pdr@chromium.org, Jun 5 2017

Comment 6 Deleted

Comment 7 by chaopeng@chromium.org, Jun 6 2017

Comment 7 Deleted

Comment 8 by emaxx@chromium.org, Jun 7 2017

Comment 8 Deleted

Comment 9 by pdr@chromium.org, Jun 7 2017

Comment 9 Deleted

Comment 10 by bugdroid1@chromium.org, Jun 9 2017

Comment 10 Deleted

Comment 11 by pdr@chromium.org, Jun 9 2017

Comment 11 Deleted

Comment 12 by bugdroid1@chromium.org, Jun 9 2017

Comment 12 Deleted

Sign in to add a comment