Issue metadata
Sign in to add a comment
|
Check failed: layout_snapped_paint_offset == snapped_paint_offset |
||||||||||||||||||||||
Issue descriptionCrash stack is: [1:1:0226/104725.968221:FATAL:CompositingLayerPropertyUpdater.cpp(34)] Check failed: layout_snapped_paint_offset == snapped_paint_offset. #0 0x7fdee0c6349c base::debug::StackTrace::StackTrace() #1 0x7fdee0c8d5bc logging::LogMessage::~LogMessage() #2 0x7fded9c718b2 blink::CompositingLayerPropertyUpdater::Update() #3 0x7fded9c439b0 blink::PrePaintTreeWalk::WalkInternal() #4 0x7fded9c42c92 blink::PrePaintTreeWalk::Walk() #5 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #6 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #7 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #8 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #9 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #10 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #11 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #12 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #13 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #14 0x7fded9c4257c blink::PrePaintTreeWalk::Walk() #15 0x7fded9c419b6 blink::PrePaintTreeWalk::WalkTree() #16 0x7fded956fe6b blink::LocalFrameView::PrePaint() #17 0x7fded956dfc0 blink::LocalFrameView::UpdateLifecyclePhasesInternal() #18 0x7fded956dab7 blink::LocalFrameView::UpdateAllLifecyclePhases() #19 0x7fded9b7aabe blink::PageAnimator::UpdateAllLifecyclePhases() #20 0x7fded94db728 blink::WebViewImpl::UpdateLifecycle() #21 0x7fded95da398 blink::WebViewFrameWidget::UpdateLifecycle() #22 0x7fdedea441d2 content::RenderWidget::UpdateVisualState() #23 0x7fdedd19ed25 cc::ProxyMain::BeginMainFrame() #24 0x7fdedd19d5df _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS4_28BeginMainFrameAndCommitStateENS6_14default_deleteIS8_EEEEENS_7WeakPtrIS5_EEJSB_EEEvOT_OT0_DpOT1_ #25 0x7fdedd19d4ae _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS3_28BeginMainFrameAndCommitStateENS5_14default_deleteIS7_EEEEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperISA_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE #26 0x7fdee0c63dba base::debug::TaskAnnotator::RunTask() #27 0x7fded801f9c6 blink::scheduler::internal::ThreadControllerImpl::DoWork() #28 0x7fded8021a48 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler8internal20ThreadControllerImplEFvNS5_8Sequence8WorkTypeEEJNS_7WeakPtrIS6_EES8_EEEFvvEE3RunEPNS0_13BindStateBaseE #29 0x7fdee0c63dba base::debug::TaskAnnotator::RunTask() #30 0x7fdee0c98086 base::internal::IncomingTaskQueue::RunTask() #31 0x7fdee0c9c2b7 base::MessageLoop::RunTask() #32 0x7fdee0c9c6da base::MessageLoop::DeferOrRunPendingTask() #33 0x7fdee0c9c96e base::MessageLoop::DoWork() #34 0x7fdee0c9dcc9 base::MessagePumpDefault::Run() #35 0x7fdee0c9bb2c base::MessageLoop::Run() #36 0x7fdee0cd43c6 base::RunLoop::Run() #37 0x7fdedea53506 content::RendererMain() #38 0x7fdedec11c44 content::RunZygote() #39 0x7fdedec12424 content::RunNamedProcessTypeMain() #40 0x7fdedec13523 content::ContentMainRunnerImpl::Run() #41 0x7fdee117260a service_manager::Main() #42 0x7fdedec118b4 content::ContentMain() #43 0x55feb18e91b3 ChromeMain #44 0x7fded45b12b1 __libc_start_main #45 0x55feb18e902a _start Received signal 6 #0 0x7fdee0c6349c base::debug::StackTrace::StackTrace() #1 0x7fdee0c62f71 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7fdee0db90c0 <unknown> #3 0x7fded45c3fcf gsignal #4 0x7fded45c53fa abort #5 0x7fdee0c60725 base::debug::BreakDebugger() #6 0x7fdee0c8d9c8 logging::LogMessage::~LogMessage() #7 0x7fded9c718b2 blink::CompositingLayerPropertyUpdater::Update() #8 0x7fded9c439b0 blink::PrePaintTreeWalk::WalkInternal() #9 0x7fded9c42c92 blink::PrePaintTreeWalk::Walk() #10 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #11 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #12 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #13 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #14 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #15 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #16 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #17 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #18 0x7fded9c42ceb blink::PrePaintTreeWalk::Walk() #19 0x7fded9c4257c blink::PrePaintTreeWalk::Walk() #20 0x7fded9c419b6 blink::PrePaintTreeWalk::WalkTree() #21 0x7fded956fe6b blink::LocalFrameView::PrePaint() #22 0x7fded956dfc0 blink::LocalFrameView::UpdateLifecyclePhasesInternal() #23 0x7fded956dab7 blink::LocalFrameView::UpdateAllLifecyclePhases() #24 0x7fded9b7aabe blink::PageAnimator::UpdateAllLifecyclePhases() #25 0x7fded94db728 blink::WebViewImpl::UpdateLifecycle() #26 0x7fded95da398 blink::WebViewFrameWidget::UpdateLifecycle() #27 0x7fdedea441d2 content::RenderWidget::UpdateVisualState() #28 0x7fdedd19ed25 cc::ProxyMain::BeginMainFrame() #29 0x7fdedd19d5df _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS4_28BeginMainFrameAndCommitStateENS6_14default_deleteIS8_EEEEENS_7WeakPtrIS5_EEJSB_EEEvOT_OT0_DpOT1_ #30 0x7fdedd19d4ae _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS3_28BeginMainFrameAndCommitStateENS5_14default_deleteIS7_EEEEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperISA_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE #31 0x7fdee0c63dba base::debug::TaskAnnotator::RunTask() #32 0x7fded801f9c6 blink::scheduler::internal::ThreadControllerImpl::DoWork() #33 0x7fded8021a48 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler8internal20ThreadControllerImplEFvNS5_8Sequence8WorkTypeEEJNS_7WeakPtrIS6_EES8_EEEFvvEE3RunEPNS0_13BindStateBaseE #34 0x7fdee0c63dba base::debug::TaskAnnotator::RunTask() #35 0x7fdee0c98086 base::internal::IncomingTaskQueue::RunTask() #36 0x7fdee0c9c2b7 base::MessageLoop::RunTask() #37 0x7fdee0c9c6da base::MessageLoop::DeferOrRunPendingTask() #38 0x7fdee0c9c96e base::MessageLoop::DoWork() #39 0x7fdee0c9dcc9 base::MessagePumpDefault::Run() #40 0x7fdee0c9bb2c base::MessageLoop::Run() #41 0x7fdee0cd43c6 base::RunLoop::Run() #42 0x7fdedea53506 content::RendererMain() #43 0x7fdedec11c44 content::RunZygote() #44 0x7fdedec12424 content::RunNamedProcessTypeMain() #45 0x7fdedec13523 content::ContentMainRunnerImpl::Run() #46 0x7fdee117260a service_manager::Main() #47 0x7fdedec118b4 content::ContentMain() #48 0x55feb18e91b3 ChromeMain #49 0x7fded45b12b1 __libc_start_main #50 0x55feb18e902a _start r8: 0000000000000000 r9: 00007fff87c50430 r10: 0000000000000008 r11: 0000000000000246 r12: 00007fff87c50b80 r13: 00007fff87c50b70 r14: 00007fff87c50b78 r15: 00007fff87c506c9 di: 0000000000000002 si: 00007fff87c50430 bp: 00007fff87c50670 bx: 0000000000000006 dx: 0000000000000000 ax: 0000000000000000 cx: 00007fded45c3fcf sp: 00007fff87c504a8 ip: 00007fded45c3fcf efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
,
Feb 27 2018
,
Mar 15 2018
I synced the tree, and the problem happens again.
,
Mar 15 2018
Do you have an URL that repros the DCHECK? The error itself is almost harmless, nevertheless it implies some internal inconsistencies that we need to fix.
,
Mar 16 2018
I got the crashes on the home page (New Tab). I didn't navigation to any URL.
,
Mar 16 2018
,
Mar 16 2018
See https://bugs.chromium.org/p/chromium/issues/detail?id=822615 for a clusterfuzz test case on this.
,
Mar 16 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Mar 16 2018
It is probably one of the recently visited pages in your NTP triggered this DCHECK. If you can find out which one, I will be able to repro this locally.
,
Mar 20 2018
pages in NTP. 1. https://chrome.google.com/webstore?utm_source=chrome-ntp-icon 2. https://maps.google.ca/maps?hl=en 3. http://www.youtube.com/ 4. https://www.google.com/ 5. http://www.google.com/chrome/intl/en/welcome.html 6. https://chrome.google.com/webstore?hl=en 7. Blank 8. Blank And I tried remove all visited pages recently. It still crashes.
,
Mar 20 2018
,
Mar 20 2018
Hmm, this is very weird. I suspect this is also sensitive to viewport size. By the way I just found a URL that will crash on my Macbook: https://help.twitter.com/en/twitter-for-websites-ads-info-and-privacy Trying to find some clues before it goes away...
,
Mar 20 2018
I just got some successful experience to manually minimize an unminimized clusterfuzz test case. I can help on that.
,
Mar 20 2018
The twitter test case is related to sticky position snapping. It is okay when a sticky-pos operates in rel-pos mode, but once it switch to clamped mode the paint offset (as computed by PaintPropertyTreeBuilder) and subpixel accumulation (as computed by CompositedLayerMapping) mismatch. I made a minimal repro for this. I think the paint offset computed by PaintPropertyTreeBuilder isn't quite right, as the fractional part of paint offset should not change as sticky mode changes, to maintain a stable snapped size. Weird that the clusterfuzz test case doesn't contain sticky-pos. We may have more than one bug.
,
Mar 21 2018
I failed to minimize the clusterfuzz test case because coundn't reproduce it. The test occasionally crashed but due to unrelated reason. The clusterfuzz bot also failed to minimize because it also coundn't reproduce reliably (crashed 1/10).
,
Mar 22 2018
Could conceivably be related to this one, though unlikely in my mind: https://bugs.chromium.org/p/chromium/issues/detail?id=821303
,
Mar 27 2018
I'm getting this crash after applying any theme to NTP. After removing the theme, the crash does not happen. Synced to the most recent change on Linux with all most visited tiles removed. https://chrome.google.com/webstore/detail/into-the-mist/mgihmkgobaljfehcadcckdggpeojaadh https://chrome.google.com/webstore/detail/jla-for-the-art-lover-192/bpkidpcpddgfnifjkmjkheiabjmelfdc
,
Mar 29 2018
If I run local dev build with dchecks_always_on, I hit this reliably when running with --site-per-process and open a new tab.
,
Apr 3 2018
I am hitting this now too. Easy to repro, just install this theme and open the NTP. https://chrome.google.com/webstore/detail/material-dark/npadhaijchjemiifipabpmeebeelbmpd
,
Apr 3 2018
I am hitting this every time when open a NTP (from about 2 month ago). Without any flags or themes. Tried clear all browsing data, tried login and remove the account. NTP still crash.
,
Apr 4 2018
ClusterFuzz testcase 6370397684236288 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 4 2018
,
Apr 5 2018
,
Apr 5 2018
I hit the crash every time in past two months. I have to comment it out locally. It is really annoying. Could we do something or maybe just remove that DCHECK?
,
Apr 5 2018
Yes we should comment that out in the meantime. I'm doing it right now. Sorry for the inconvenience!
,
Apr 5 2018
Set myself a reminder so it won't fall off my radar.
,
Apr 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4ac29b47c0ce5ea10eadcd5a5dadd2f6885bae81 commit 4ac29b47c0ce5ea10eadcd5a5dadd2f6885bae81 Author: Tien-Ren Chen <trchen@chromium.org> Date: Thu Apr 05 20:40:40 2018 [Blink/SPv175] Disable snapping DCHECK in CompositingLayerPropertyUpdater This DCHECK has been hit by developers too often, making a checked build useless. Disabling the DCHECK in the meantime while a fix can be done. BUG= 816490 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I3b9d020978b4ebabf00233c35ba3059a8ba2f9fd Reviewed-on: https://chromium-review.googlesource.com/998529 Commit-Queue: Tien-Ren Chen <trchen@chromium.org> Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Philip Rogers <pdr@chromium.org> Cr-Commit-Position: refs/heads/master@{#548545} [modify] https://crrev.com/4ac29b47c0ce5ea10eadcd5a5dadd2f6885bae81/third_party/WebKit/Source/core/paint/compositing/CompositingLayerPropertyUpdater.cpp
,
Apr 10 2018
I made a minimal repro from the case of comment #19. It is due to transformed element ended up non-composited for being in a invisible subtree. It should be harmless because the whole subtree has nothing to draw anyway. A invisible subtree still run all compositing update steps and can potentially have composited layers for animation (why?). It also runs all pre-paint tree walk. It feels like an optimization opportunity to me.
,
Apr 11 2018
The NextAction date has arrived: 2018-04-11
,
Apr 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9b39d74bb1c2ff3b3e32858dafef39fd0b47a552 commit 9b39d74bb1c2ff3b3e32858dafef39fd0b47a552 Author: Tien-Ren Chen <trchen@chromium.org> Date: Tue Apr 17 23:31:06 2018 [Blink/SPv175] Re-enable snapping DCHECK in CompositingLayerPropertyUpdater This CL detects the case that a invisible composited layer may have bogus subpixel accumulation on it, and ignore the DCHECK in such case. BUG= 816490 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Iba98cb3a57dfe24f8a69f1f7469bf78482530d7e Reviewed-on: https://chromium-review.googlesource.com/1012441 Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Commit-Queue: Tien-Ren Chen <trchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#551521} [modify] https://crrev.com/9b39d74bb1c2ff3b3e32858dafef39fd0b47a552/third_party/blink/renderer/core/paint/compositing/compositing_layer_property_updater.cc
,
May 2 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by penghuang@chromium.org
, Feb 26 2018