Issue metadata
Sign in to add a comment
|
GSAP animation using Ease creates ~100k DrawQuads per frame (causing crash)
Reported by
r...@mabbly.com,
Dec 19 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Steps to reproduce the problem: 1. Go to https://mvpspl619.github.io/cr63-rendering-bug/index-with-bug.html 2. Tab Crashes in Chrome 63. What is the expected behavior? The tab should not crash, but the animation should continue. What went wrong? The usage of Power2.easeIn from GSAP library is causing Chrome 63 to crash tab, this works fine in Safari, and also works fine in Chrome 62. Crashed report ID: b7a341a6f774ba05 How much crashed? Just one tab Is it a problem with a plugin? No Did this work before? Yes Chrome 62 Chrome version: 63.0.3239.84 Channel: n/a OS Version: OS X 10.13.2 Flash Version: The entire code is available in github repository: https://github.com/mvpspl619/cr63-rendering-bug
,
Dec 19 2017
Thanks for the crash id.
,
Dec 20 2017
Able to reproduce the issue using #63.0.3239.84 on Mac 10.12.6 as per the steps mentioned below. Steps Followed: 1. Launched Browser 2. Navigated to https://mvpspl619.github.io/cr63-rendering-bug/index-with-bug.html 3. Observed the tab Crash on reloading multiple times. Crash I'd: 96833451b5d4f586 Stack trace ========== Thread 0 (id: 18609276) MAGIC SIGNATURE THREAD Stack Quality79%Show frame trust levels 0x00007fffa7e28812 (libsystem_malloc.dylib + 0x00002812 ) szone_malloc_should_clear 0x0000000106310cc4 (Google Chrome Framework -allocator_shim.cc:194 ) base::allocator::MallocZoneFunctionsToReplaceDefault()::$_1::__invoke(_malloc_zone_t*, unsigned long) 0x0000000106310cc4 (Google Chrome Framework -allocator_shim.cc:194 ) base::allocator::MallocZoneFunctionsToReplaceDefault()::$_1::__invoke(_malloc_zone_t*, unsigned long) 0x00007fffa7e28281 (libsystem_malloc.dylib + 0x00002281 ) malloc_zone_malloc 0x00007fff924a2296 (CoreFoundation + 0x00003296 ) _CFRuntimeCreateInstance 0x00007fff924c25bc (CoreFoundation + 0x000235bc ) __CFDataInit 0x00007fff91148f02 (ColorSync + 0x00004f02 ) create 0x00007fff91148b89 (ColorSync + 0x00004b89 ) ColorSyncProfileCreate 0x00007fff929f6660 (CoreGraphics + 0x000bd660 ) color_space_state_create_icc_with_data 0x00007fff929f68e8 (CoreGraphics + 0x000bd8e8 ) CGColorSpaceCreateWithICCData 0x00007fff981b3236 (QuartzCore + 0x0016f236 ) CA::Render::Surface::Surface(__IOSurface*, unsigned int, unsigned int, unsigned int, CA::Render::YCbCrMatrix, CA::Render::ChromaLocation) 0x00007fff980d309c (QuartzCore + 0x0008f09c ) CA::Render::copy_render_value(void const*, CGColorSpace* (*)()) 0x00007fff981790b0 (QuartzCore + 0x001350b0 ) -[CALayer(CALayerPrivate) _copyRenderLayer:layerFlags:commitFlags:] 0x00007fff9815eff8 (QuartzCore + 0x0011aff8 ) CA::Context::commit_layer(CA::Layer*, unsigned int, unsigned int, void*) 0x00007fff9816a97b (QuartzCore + 0x0012697b ) CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) 0x00007fff9816a8fb (QuartzCore + 0x001268fb ) CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) 0x00007fff9816a8fb (QuartzCore + 0x001268fb ) CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) 0x00007fff9816a8fb (QuartzCore + 0x001268fb ) CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) 0x00007fff9816a8fb (QuartzCore + 0x001268fb ) CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) 0x00007fff9815fe72 (QuartzCore + 0x0011be72 ) CA::Context::commit_transaction(CA::Transaction*) 0x00007fff980547e0 (QuartzCore + 0x000107e0 ) CA::Transaction::commit() 0x000000010736a6bd (Google Chrome Framework -animation_utils.h:44 ) ui::CALayerTreeCoordinator::CommitPendingTreesToCA(gfx::Rect const&, bool*) 0x0000000107367edf (Google Chrome Framework -image_transport_surface_overlay_mac.mm:213 ) gpu::ImageTransportSurfaceOverlayMac::SwapBuffersInternal(gfx::Rect const&) 0x0000000107368701 (Google Chrome Framework -image_transport_surface_overlay_mac.mm:285 ) gpu::ImageTransportSurfaceOverlayMac::PostSubBuffer(int, int, int, int) 0x00000001071c5fab (Google Chrome Framework -gles2_cmd_decoder.cc:12088 ) gpu::gles2::GLES2DecoderImpl::HandlePostSubBufferCHROMIUM(unsigned int, void const volatile*) 0x00000001071d7912 (Google Chrome Framework -gles2_cmd_decoder.cc:5373 ) gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>(unsigned int, void const volatile*, int, int*) 0x000000010718f9d7 (Google Chrome Framework -command_buffer_service.cc:90 ) gpu::CommandBufferService::Flush(int, gpu::AsyncAPIInterface*) 0x000000010735f4ea (Google Chrome Framework -gpu_command_buffer_stub.cc:1010 ) gpu::GpuCommandBufferStub::OnAsyncFlush(int, unsigned int, std::__1::vector<ui::LatencyInfo, std::__1::allocator<ui::LatencyInfo> > const&) 0x000000010735f2ca (Google Chrome Framework -tuple.h:52 ) bool IPC::MessageT<GpuCommandBufferMsg_AsyncFlush_Meta, std::__1::tuple<int, unsigned int, std::__1::vector<ui::LatencyInfo, std::__1::allocator<ui::LatencyInfo> > >, void>::Dispatch<gpu::GpuCommandBufferStub, gpu::GpuCommandBufferStub, void, void (gpu::GpuCommandBufferStub::*)(int, unsigned int, std::__1::vector<ui::LatencyInfo, std::__1::allocator<ui::LatencyInfo> > const&)>(IPC::Message const*, gpu::GpuCommandBufferStub*, gpu::GpuCommandBufferStub*, void*, void (gpu::GpuCommandBufferStub::*)(int, unsigned int, std::__1::vector<ui::LatencyInfo, std::__1::allocator<ui::LatencyInfo> > const&)) 0x000000010735deef (Google Chrome Framework -gpu_command_buffer_stub.cc:308 ) gpu::GpuCommandBufferStub::OnMessageReceived(IPC::Message const&) 0x00000001073587cf (Google Chrome Framework -gpu_channel.cc:1037 ) gpu::GpuChannel::HandleMessageHelper(IPC::Message const&) 0x0000000107351ec0 (Google Chrome Framework -gpu_channel.cc:985 ) gpu::GpuChannel::HandleMessage(IPC::Message const&) 0x000000010724d88a (Google Chrome Framework -callback.h:64 ) gpu::Scheduler::RunNextTask() 0x00000001062662eb (Google Chrome Framework -callback.h:64 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010628afb3 (Google Chrome Framework -message_loop.cc:394 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010628b4a8 (Google Chrome Framework -message_loop.cc:406 ) base::MessageLoop::DoWork() 0x000000010628d319 (Google Chrome Framework -message_pump_mac.mm:452 ) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010627e4a9 (Google Chrome Framework + 0x01c534a9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010628cc3e (Google Chrome Framework -message_pump_mac.mm:428 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff92546320 (CoreFoundation + 0x000a7320 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff9252721c (CoreFoundation + 0x0008821c ) __CFRunLoopDoSources0 0x00007fff92526715 (CoreFoundation + 0x00087715 ) __CFRunLoopRun 0x00007fff92526113 (CoreFoundation + 0x00087113 ) CFRunLoopRunSpecific 0x000000010628d6ce (Google Chrome Framework -message_pump_mac.mm:670 ) base::MessagePumpCFRunLoop::DoRun(base::MessagePump::Delegate*) 0x000000010628c75d (Google Chrome Framework -message_pump_mac.mm:179 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x00000001062af523 (Google Chrome Framework -run_loop.cc:114 ) <name omitted> 0x0000000109fb7932 (Google Chrome Framework -gpu_main.cc:318 ) content::GpuMain(content::MainFunctionParams const&) 0x0000000105e8afd9 (Google Chrome Framework -content_main_runner.cc:710 ) content::ContentMainRunnerImpl::Run() 0x0000000107686b69 (Google Chrome Framework -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x0000000105e8a583 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x000000010462e76e (Google Chrome Framework -chrome_main.cc:123 ) ChromeMain 0x0000000100b5747b (Google Chrome Helper -chrome_exe_main_mac.cc:165 ) main 0x00007fffa7ca6234 (libdyld.dylib + 0x00005234 ) start 0x00007fffa7ca6234 (libdyld.dylib + 0x00005234 ) start Note: 1. This is top #12 GPU Crash in Mac 2. Magic Signature: [GPU hang] ui::CALayerTreeCoordinator::CommitPendingTreesToCA Suspecting: https://chromium.googlesource.com/chromium/src/+/4bc282bbe092ab36b1206a09926ba09775669ea4 for 'image_transport_surface_overlay_mac.mm' related change. ccameron@: Could you please take a look at these crashes and help in further investigation. Thank you!
,
Dec 21 2017
This is a GPU hang, which vaguely reminds me of issue 783979.
,
Dec 21 2017
When the animation gets to extreme angles, the number of draw quads explodes. There are only 8 layers, but I've seen 91,643 a few times (and that was when we didn't even manage to crash). This may be something that the page can/should fix. Or maybe it has to do with our quadding schemes.
,
Dec 21 2017
,
Dec 21 2017
Also reproduces on Linux
,
Dec 24
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 11
Could not repro on M71. Please re-open if this still reproduces. Guessing this may have been the same issue (on mac) as 783979, which we worked around. Not sure about the linux repro. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by r...@mabbly.com
, Dec 19 2017