scrolling caused a DCHECK failure and crashed the renderer |
|||||||||
Issue descriptionWe can reproduce on multiple linux bots with ToT build with DCHECK on. Steps to reproduce: 1) Sync Chromium to ToT 2) Build Chrome with DCHECK on 3) launch Chrome, go to https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html?version=2.0.1 4) wait until the lower frame is filled with tests, scroll it 5) crash [1:1:1130/114541.299758:FATAL:TraceTraits.h(93)] Check failed: visitor->Heap().GetStackFrameDepth().IsAcceptableStackUse(). #0 0x55566c92e73c base::debug::StackTrace::StackTrace() #1 0x55566c94e2bc logging::LogMessage::~LogMessage() #2 0x55566f769e7e blink::AdjustAndMarkTrait<>::Mark<>() #3 0x5556701afeb6 blink::BaseButtonInputType::Trace() #4 0x555670189c7c blink::AdjustAndMarkTrait<>::Mark<>() #5 0x555670181001 blink::HTMLInputElement::Trace() #6 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #7 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #8 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #9 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #10 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #11 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #12 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #13 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #14 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #15 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #16 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #17 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #18 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #19 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #20 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #21 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #22 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #23 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #24 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #25 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #26 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #27 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #28 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #29 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #30 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #31 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #32 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #33 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #34 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #35 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #36 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #37 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #38 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #39 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #40 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #41 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #42 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #43 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #44 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #45 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #46 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #47 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #48 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #49 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #50 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #51 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #52 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #53 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #54 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #55 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #56 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #57 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #58 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #59 0x555670177d11 blink::HTMLFormControlElementWithState::Trace() #60 0x55566f769eac blink::AdjustAndMarkTrait<>::Mark<>() #61 0x555670177d11 blink::HTMLFormControlElementWithState::Trace()
,
Nov 30 2017
,
Nov 30 2017
,
Nov 30 2017
,
Dec 1 2017
Manual bisect points to https://chromium-review.googlesource.com/c/chromium/src/+/758877 (100% sure) kbr offered to help reverting
,
Dec 1 2017
We'll need to tweak the eager tracing for HeapDoublyLinkedList. keishi@: Would you help Adithyas on this?
,
Dec 1 2017
I'm reverting the above change in https://chromium-review.googlesource.com/802774 . When attempting to reland, please add tests that would have caught this assertion failure. Thanks.
,
Dec 1 2017
dpranke@: this might be motivation for running more tests either on debug bots or with dcheck_always_on=true. I'm not sure whether this could have been caught with layout tests.
,
Dec 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5fdc0fab22ce7efd32532ee989b223fa12f8171e commit 5fdc0fab22ce7efd32532ee989b223fa12f8171e Author: Kenneth Russell <kbr@chromium.org> Date: Fri Dec 01 03:37:01 2017 Revert "Use DoublyLinkedList instead of ListHashSet in DocumentState" This reverts commit 252e8a49c9383eceebe0938a1e876f0b4ab5aa8e. Reason for revert: Caused http://crbug.com/790739 Original change's description: > Use DoublyLinkedList instead of ListHashSet in DocumentState > > The only operations carried out on form_controls_ are insertions, removals > and iterating through the entire list. Insertion and removal can be done > faster with a DoublyLinkedList. > > Since the nodes for the DoublyLinkedList are Oilpan objects, this CL > introduces HeapDoublyLinkedList that uses Member for the head and tail > pointers, and traces the pointers. > > This improves the performance of HTMLInputElement::InsertedInto and > HTMLInputElement::RemovedFrom by ~15%. > > Bug: > Change-Id: I5b4cd20737e0276bece2430edfb7ec9609690f04 > Reviewed-on: https://chromium-review.googlesource.com/758877 > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Reviewed-by: Keishi Hattori <keishi@chromium.org> > Reviewed-by: Jeremy Roman <jbroman@chromium.org> > Commit-Queue: Adithya Srinivasan <adithyas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#517876} Bug: 790739 TBR=jbroman@chromium.org,haraken@chromium.org,keishi@chromium.org,adithyas@chromium.org,lfg@chromium.org Change-Id: I48ddedd7b356efa6b1f6f69c58e2022e9a0872f1 Reviewed-on: https://chromium-review.googlesource.com/802774 Commit-Queue: Kenneth Russell <kbr@chromium.org> Reviewed-by: Kenneth Russell <kbr@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#520840} [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/core/html/forms/FormController.cpp [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/core/html/forms/FormController.h [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/core/html/forms/HTMLFormControlElementWithState.cpp [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/core/html/forms/HTMLFormControlElementWithState.h [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/platform/heap/HeapAllocator.h [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/platform/heap/HeapTerminatedArray.h [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/platform/heap/HeapTest.cpp [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/platform/heap/TraceTraits.h [modify] https://crrev.com/5fdc0fab22ce7efd32532ee989b223fa12f8171e/third_party/WebKit/Source/platform/wtf/DoublyLinkedList.h
,
Jan 9 2018
,
Jan 9 2018
The CL was relanded with a fix and a crash test: https://chromium.googlesource.com/chromium/src/+/c42a67055c5ba07f4318c5e9f72915b711e838ec |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by zmo@chromium.org
, Nov 30 2017