CHECK failure: false. Can't find cached display item in PaintController.cpp |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6043648071565312 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Can't find cached display item in PaintController.cpp blink::PaintController::FindOutOfOrderCachedItemForward blink::PaintController::FindCachedItem Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=501443:501505 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6043648071565312 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 29 2017
I reduced it further. Seems to have something to do with mask painting. Step to repro: out/Release/content_shell --enable-blink-features=PaintUnderInvalidationChecking fuzz-19-repaint-child-of-squashed.html
,
Sep 29 2017
This is a bug of under-invalidation checking itself. Just tried https://chromium-review.googlesource.com/c/chromium/src/+/692495 locally and it didn't crash.
,
Sep 29 2017
,
Sep 29 2017
Just tried to bisect locally. The regression range reported by the bot is incorrect. The CHECK probably failed since very beginning. Also it is a diagnosis check that doesn't run under production flags, thus removing related labels.
,
Sep 30 2017
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 2 2017
,
Oct 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/25eefe8eafbb81a6bcdd55ca1b1557009adef922 commit 25eefe8eafbb81a6bcdd55ca1b1557009adef922 Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Tue Oct 03 18:25:13 2017 Reland "Fix false-positives of under-invalidation checking in layout tests" This reverts commit d5830561dbba8913c652a7589d3b691708d4c0c0. This reland fixes bugs in the original CL: - When ending under-invalidation checking for a subsequence containing cache skipping display items, set next_item_to_match_ and next_item_to_index_ to let remaining display items match normally. - Fix DCHECK failure when ending an empty subsequence in a cached subsequence. - Fix bug that under-invalidation checking of a parent subsequence was end by a child subsequence. Original change's description: > Revert "Fix false-positives of under-invalidation checking in layout tests" > > This reverts commit 206bdc858ad26bc02172a308e6836921a1e41b38. > > Reason for revert: > > Several paint-related tests have begun crashing on "Linux Trusty (dbg)" after landing this patch, flakily hitting a CHECK in > `PaintController.cpp` (see the log in > https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Linux_Trusty__dbg_/5565/layout-test-results/paint/invalidation/video-mute-repaint-stderr.txt). > It looks like this kind of crash happened while landing the patch as > well, at least on https://storage.googleapis.com/chromium-layout-test-archives/linux_layout_tests_slimming_paint_v2/6682/layout-test-results/results.html). > I'll revert it. > > > Original change's description: > > Fix false-positives of under-invalidation checking in layout tests > > > > In the following few cases we intentionally allow under-invalidations in > > cached subsequences: > > - offscreen image animation > > - media buffered range > > > > We intentionally don't update each time the contents change to improve > > performance or avoid complex implementation of real time change > > notification. > > > > Now allow cache skipping in cached subsequences. > > > > Enable under-invalidation checking for tests that would have reported > > under-invalidation with the checking enabled. > > > > This also helps clusterfuzz not to trigger under-invaldiation checking > > failures when it creates a test for the above cases. > > > > Bug: 769729 > > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 > > Change-Id: I2149e9d2304dbad5d7486c822d5452c5dba237fe > > Reviewed-on: https://chromium-review.googlesource.com/690851 > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > Reviewed-by: Chris Harrelson <chrishtr@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#505281} > > TBR=wangxianzhu@chromium.org,chrishtr@chromium.org > > Change-Id: Id0ddbc90d9cf4436fe10dc81485d9f13edef6f1a > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: 769729 , 769879 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 > Reviewed-on: https://chromium-review.googlesource.com/691814 > Reviewed-by: Mike West <mkwst@chromium.org> > Commit-Queue: Mike West <mkwst@chromium.org> > Cr-Commit-Position: refs/heads/master@{#505327} Change-Id: Idd2cd531d8fb6ac7b1a7e0330e69c2e8c93f6c33 Bug: 769729 , 769772 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Reviewed-on: https://chromium-review.googlesource.com/692495 Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Chris Harrelson <chrishtr@chromium.org> Cr-Commit-Position: refs/heads/master@{#506110} [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/FlagExpectations/enable-slimming-paint-v2 [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/media/media-document-audio-repaint.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/animated-gif-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/animated-gif-transformed-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/animated-png-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/animated-webp-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/svg/animated-svg-as-image-background-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/svg/animated-svg-as-image-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/svg/animated-svg-as-image-transformed-offscreen.html [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/video-mute-repaint.html [rename] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/video-paint-invalidation-expected.txt [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/LayoutTests/paint/invalidation/video-unmute-repaint.html [delete] https://crrev.com/67c1b8b0c8dc413606d8d03685d3549b1ac6c6b2/third_party/WebKit/LayoutTests/platform/linux/paint/invalidation/video-paint-invalidation-expected.txt [delete] https://crrev.com/67c1b8b0c8dc413606d8d03685d3549b1ac6c6b2/third_party/WebKit/LayoutTests/platform/mac/paint/invalidation/video-paint-invalidation-expected.txt [delete] https://crrev.com/67c1b8b0c8dc413606d8d03685d3549b1ac6c6b2/third_party/WebKit/LayoutTests/platform/win7/paint/invalidation/video-paint-invalidation-expected.txt [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/Source/platform/graphics/paint/PaintController.cpp [modify] https://crrev.com/25eefe8eafbb81a6bcdd55ca1b1557009adef922/third_party/WebKit/Source/platform/graphics/paint/PaintControllerTest.cpp
,
Oct 4 2017
ClusterFuzz has detected this issue as fixed in range 506047:506154. Detailed report: https://clusterfuzz.com/testcase?key=6043648071565312 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Can't find cached display item in PaintController.cpp blink::PaintController::FindOutOfOrderCachedItemForward blink::PaintController::FindCachedItem Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=501156:501180 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=506047:506154 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6043648071565312 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 4 2017
ClusterFuzz testcase 6043648071565312 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by pnangunoori@chromium.org
, Sep 29 2017Labels: M-63 Test-Predator-Correct
Owner: trchen@chromium.org
Status: Assigned (was: Untriaged)