Issue 773818 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 758474
Owner:	wangxianzhu@chromium.org
Closed:	Oct 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug

Crash when scrolling on jsfiddle.net

Project Member Reported by hbos@chromium.org, Oct 11 2017

Issue description

jsfiddle lets you write and execute JavaScript. I experienced crashes with it when I was debugging some stuff, this crash seem to have to do with scrolling on this website - not the code you've entered in the box.

Steps to repro:
1. Open up a jsfiddle window that requires you to scroll, for example: https://jsfiddle.net/k00xg6rh/ (nonsense text, no meaningful javascript code)
2. Scroll to the bottom of it and wait for a couple of seconds

Expected result: Nothing should happen.
Actual result: It crashes.

Stack trace:

[88461:775:1011/114754.167016:FATAL:FindPaintOffsetAndVisualRectNeedingUpdate.h(107)] Check failed: (old_visual_rect_.IsEmpty() && new_visual_rect.IsEmpty()) || object_.EnclosingLayer()->SubtreeIsInvisible() || old_visual_rect_ == new_visual_rect || (InflatedRect(old_visual_rect_).Contains(new_visual_rect) && InflatedRect(new_visual_rect).Contains(old_visual_rect_)). Visual rect changed without needing update object="LayoutBlockFlow DIV" old="0,0 18x2307" new="0,-1576 18x2307"
0   libbase.dylib                       0x0000000105a4be0e base::debug::StackTrace::StackTrace(unsigned long) + 174
1   libbase.dylib                       0x0000000105a4becd base::debug::StackTrace::StackTrace(unsigned long) + 29
2   libbase.dylib                       0x0000000105a4a17c base::debug::StackTrace::StackTrace() + 28
3   libbase.dylib                       0x0000000105ae345f logging::LogMessage::~LogMessage() + 479
4   libbase.dylib                       0x0000000105ae0dc5 logging::LogMessage::~LogMessage() + 21
5   libblink_core.dylib                 0x0000000138d356dd blink::FindVisualRectNeedingUpdateScopeBase::CheckVisualRect(blink::LayoutRect const&) + 781
6   libblink_core.dylib                 0x0000000139f46bc9 blink::FindObjectVisualRectNeedingUpdateScope::~FindObjectVisualRectNeedingUpdateScope() + 73
7   libblink_core.dylib                 0x0000000139f45c25 blink::FindObjectVisualRectNeedingUpdateScope::~FindObjectVisualRectNeedingUpdateScope() + 21
8   libblink_core.dylib                 0x0000000139f45022 blink::PaintInvalidator::UpdateVisualRectIfNeeded(blink::LayoutObject const&, blink::PaintPropertyTreeBuilderContext const*, blink::PaintInvalidatorContext&) + 690
9   libblink_core.dylib                 0x0000000139f4436f blink::PaintInvalidator::InvalidatePaint(blink::LayoutObject const&, blink::PaintPropertyTreeBuilderContext const*, blink::PaintInvalidatorContext&) + 671
10  libblink_core.dylib                 0x0000000139fd2ca9 blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 569
11  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
12  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
13  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
14  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
15  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
16  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
17  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
18  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
19  libblink_core.dylib                 0x0000000139fd2dad blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&, blink::PrePaintTreeWalkContext const&) + 829
20  libblink_core.dylib                 0x0000000139fd29bc blink::PrePaintTreeWalk::Walk(blink::LocalFrameView&, blink::PrePaintTreeWalkContext const&) + 412
21  libblink_core.dylib                 0x0000000139fd2738 blink::PrePaintTreeWalk::Walk(blink::LocalFrameView&) + 312
22  libblink_core.dylib                 0x00000001390d96c6 blink::LocalFrameView::PrePaint() + 1222
23  libblink_core.dylib                 0x00000001390d7b2b blink::LocalFrameView::UpdateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) + 2235
24  libblink_core.dylib                 0x00000001390d7262 blink::LocalFrameView::UpdateAllLifecyclePhases() + 50
25  libblink_core.dylib                 0x0000000139e73265 blink::PageAnimator::UpdateAllLifecyclePhases(blink::LocalFrame&) + 85
26  libblink_core.dylib                 0x0000000139e7abf5 blink::PageWidgetDelegate::UpdateAllLifecyclePhases(blink::Page&, blink::LocalFrame&) + 37
27  libblink_core.dylib                 0x0000000138ffc931 blink::WebViewImpl::UpdateAllLifecyclePhases() + 401
28  libblink_core.dylib                 0x00000001391c4f51 blink::WebViewFrameWidget::UpdateAllLifecyclePhases() + 33
29  libcontent.dylib                    0x000000012b77a38b content::RenderWidget::UpdateVisualState() + 43
30  libcontent.dylib                    0x000000012b4c136a content::RenderWidgetCompositor::UpdateLayerTreeHost() + 26
31  libcc.dylib                         0x000000010b1d0f6a cc::LayerTreeHost::RequestMainFrameUpdate() + 26
32  libcc.dylib                         0x000000010b31da35 cc::ProxyMain::BeginMainFrame(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >) + 2869
33  libcc.dylib                         0x000000010b318fe5 void base::internal::FunctorTraits<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), void>::Invoke<base::WeakPtr<cc::ProxyMain>, std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > >(void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>&&, std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >&&) + 549
34  libcc.dylib                         0x000000010b318d85 void base::internal::InvokeHelper<true, void>::MakeItSo<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>, std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > >(void (cc::ProxyMain::*&&)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>&&, std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >&&) + 117
35  libcc.dylib                         0x000000010b318c04 void base::internal::Invoker<base::internal::BindState<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >, void ()>::RunImpl<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), std::__1::tuple<base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >, 0ul, 1ul>(void (cc::ProxyMain::*&&)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), std::__1::tuple<base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 180
36  libcc.dylib                         0x000000010b318ae9 base::internal::Invoker<base::internal::BindState<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >, void ()>::RunOnce(base::internal::BindStateBase*) + 57
37  libbase.dylib                       0x00000001059e996f base::OnceCallback<void ()>::Run() && + 95
38  libbase.dylib                       0x0000000105a4e444 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 884
39  libblink_platform.dylib             0x00000001403c2f28 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*) + 2216
40  libblink_platform.dylib             0x00000001403bcebd blink::scheduler::TaskQueueManager::DoWork(bool) + 2173
41  libblink_platform.dylib             0x00000001403cd717 void base::internal::FunctorTraits<void (blink::scheduler::TaskQueueManager::*)(bool), void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&>(void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, bool const&&&) + 151
42  libblink_platform.dylib             0x00000001403cd645 void base::internal::InvokeHelper<true, void>::MakeItSo<void (blink::scheduler::TaskQueueManager::* const&)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&>(void (blink::scheduler::TaskQueueManager::* const&&&)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, bool const&&&) + 117
43  libblink_platform.dylib             0x00000001403cd5bd void base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::RunImpl<void (blink::scheduler::TaskQueueManager::* const&)(bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&, 0ul, 1ul>(void (blink::scheduler::TaskQueueManager::* const&&&)(bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 125
44  libblink_platform.dylib             0x00000001403cd4cc base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::Run(base::internal::BindStateBase*) + 44
45  libbase.dylib                       0x00000001059e996f base::OnceCallback<void ()>::Run() && + 95
46  libbase.dylib                       0x0000000105a4e444 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 884
47  libbase.dylib                       0x0000000105b2dbf6 base::internal::IncomingTaskQueue::RunTask(base::PendingTask*) + 246
48  libbase.dylib                       0x0000000105b36005 base::MessageLoop::RunTask(base::PendingTask*) + 901
49  libbase.dylib                       0x0000000105b36557 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 71
50  libbase.dylib                       0x0000000105b373b4 base::MessageLoop::DoWork() + 564
51  libbase.dylib                       0x0000000105b48052 base::MessagePumpCFRunLoopBase::RunWork() + 98
52  libbase.dylib                       0x0000000105b47fdc ___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke + 28
53  libbase.dylib                       0x0000000105ae849a base::mac::CallWithEHFrame(void () block_pointer) + 10
54  libbase.dylib                       0x0000000105b46ea5 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 101
55  CoreFoundation                      0x00007fff9b71c321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
56  CoreFoundation                      0x00007fff9b6fd21d __CFRunLoopDoSources0 + 557
57  CoreFoundation                      0x00007fff9b6fc716 __CFRunLoopRun + 934
58  CoreFoundation                      0x00007fff9b6fc114 CFRunLoopRunSpecific + 420
59  Foundation                          0x00007fff9d10f252 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 277
60  libbase.dylib                       0x0000000105b48b09 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) + 137
61  libbase.dylib                       0x0000000105b46564 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 116

Comment 1 by hbos@chromium.org, Oct 11 2017

Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)

wangxianzhu@ can you take a look or retriage?
Assigned based on blame for the DCHECK.

Comment 2 by wangxianzhu@chromium.org, Oct 11 2017

Thanks for the report.

I didn't reproduce on Linux low DPI, with or without --enable-prefer-compositing-to-lcd-text. What are your platform and chromium revision?

Comment 3 by hbos@chromium.org, Oct 11 2017

I'm almost tip-of-tree, macbook debug build. Happens with and without experimental web platform features.

Chromium: 63.0.3238.0 (Developer Build) (64-bit)
Revision: 0bff479b9b8a57a63fa0d7d01e81f6114d5ec8d3-
OS: Mac OS X

Comment 4 by wangxianzhu@chromium.org, Oct 11 2017

Is your mac retina?

Comment 5 by hbos@chromium.org, Oct 11 2017

I think so, is resolution and scaling relevant? Screenshot attached

	Screen Shot 2017-10-11 at 14.06.28.png 238 KB View Download

Comment 6 by wangxianzhu@chromium.org, Oct 11 2017

We have different composited scrolling policies for high-DPI and low-DPI devices in some cases. "--enable-prefer-compositing-to-lcd-text" forces (almost) high-DPI composited scrolling policy on low-DPI devices which is supposed to reproduce high-DPI bugs on low-DPI devices, but this bug seems different.

Comment 7 by wangxianzhu@chromium.org, Oct 11 2017

Mergedinto: 758474
Status: Duplicate (was: Assigned)

I reproduced this bug on Linux with --enable-prefer-compositing-to-lcd-text --enable-blink-features=OverlayScrollbars. These features are on by default on Mac Retina. This bug let me find the method to reproduce  bug 758474  which should be of the same cause.

►

Issue 773818 link

Issue metadata

Crash when scrolling on jsfiddle.net

Issue description

Comment 1 by hbos@chromium.org, Oct 11 2017

Comment 1 Deleted

Comment 2 by wangxianzhu@chromium.org, Oct 11 2017

Comment 2 Deleted

Comment 3 by hbos@chromium.org, Oct 11 2017

Comment 3 Deleted

Comment 4 by wangxianzhu@chromium.org, Oct 11 2017

Comment 4 Deleted

Comment 5 by hbos@chromium.org, Oct 11 2017

Comment 5 Deleted

Comment 6 by wangxianzhu@chromium.org, Oct 11 2017

Comment 6 Deleted

Comment 7 by wangxianzhu@chromium.org, Oct 11 2017

Comment 7 Deleted

Sign in to add a comment