New issue
Advanced search Search tips

Issue 846787 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
pdr@chromium.org
chaopeng@chromium.org
bokan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 836918



Sign in to add a comment

[blink-gen-property-trees] Crash when open <select>

Project Member Reported by chaopeng@chromium.org, May 25 2018 
Run with: --enable-blink-gen-property-trees
Open: http://ht.chaopeng.me/select.html
Click on <select>

Received signal 11 SEGV_MAPERR 000000000064
#0 0x7f3adcc621ed base::debug::StackTrace::StackTrace()
#1 0x7f3adc98b4bc base::debug::StackTrace::StackTrace()
#2 0x7f3adcc61c44 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f3abf8080c0 <unknown>
#4 0x7f3ad3b485ae cc::draw_property_utils::FindLayersThatNeedUpdates()
#5 0x7f3ad3b6c254 cc::LayerTreeHost::DoUpdateLayers()
#6 0x7f3ad3b6b33d cc::LayerTreeHost::UpdateLayers()
#7 0x7f3ad3c5e786 cc::ProxyMain::BeginMainFrame()
#8 0x7f3ad3c5afa3 _ZN4base8internal13FunctorTraitsIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS2_28BeginMainFrameAndCommitStateENS4_14default_deleteIS6_EEEEEvE6InvokeISB_NS_7WeakPtrIS3_EEJS9_EEEvT_OT0_DpOT1_
#9 0x7f3ad3c5adb5 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS4_28BeginMainFrameAndCommitStateENS6_14default_deleteIS8_EEEEENS_7WeakPtrIS5_EEJSB_EEEvOT_OT0_DpOT1_
#10 0x7f3ad3c5ac6c _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS3_28BeginMainFrameAndCommitStateENS5_14default_deleteIS7_EEEEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperISA_EEEEEFvvEE7RunImplISC_NS5_5tupleIJSE_SG_EEEJLm0ELm1EEEEvOT_OT0_NS5_16integer_sequenceImJXspT1_EEEE
#11 0x7f3ad3c5ab59 _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvNSt3__110unique_ptrINS3_28BeginMainFrameAndCommitStateENS5_14default_deleteIS7_EEEEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperISA_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE
#12 0x7f3adc93a1ee _ZNO4base12OnceCallbackIFvvEE3RunEv
#13 0x7f3adc98c982 base::debug::TaskAnnotator::RunTask()
#14 0x7f3ac3bff80d base::sequence_manager::internal::ThreadControllerImpl::DoWork()
#15 0x7f3ac3c024c1 _ZN4base8internal13FunctorTraitsIMNS_16sequence_manager8internal20ThreadControllerImplEFvNS4_8WorkTypeEEvE6InvokeIS7_RKNS_7WeakPtrIS4_EEJRKS5_EEEvT_OT0_DpOT1_
#16 0x7f3ac3c02425 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMNS_16sequence_manager8internal20ThreadControllerImplEFvNS6_8WorkTypeEERKNS_7WeakPtrIS6_EEJRKS7_EEEvOT_OT0_DpOT1_
#17 0x7f3ac3c0239d _ZN4base8internal7InvokerINS0_9BindStateIMNS_16sequence_manager8internal20ThreadControllerImplEFvNS5_8WorkTypeEEJNS_7WeakPtrIS5_EES6_EEEFvvEE7RunImplIRKS8_RKNSt3__15tupleIJSA_S6_EEEJLm0ELm1EEEEvOT_OT0_NSH_16integer_sequenceImJXspT1_EEEE
#18 0x7f3ac3c022ac _ZN4base8internal7InvokerINS0_9BindStateIMNS_16sequence_manager8internal20ThreadControllerImplEFvNS5_8WorkTypeEEJNS_7WeakPtrIS5_EES6_EEEFvvEE3RunEPNS0_13BindStateBaseE
#19 0x7f3adc93a1ee _ZNO4base12OnceCallbackIFvvEE3RunEv
#20 0x7f3adc98c982 base::debug::TaskAnnotator::RunTask()
#21 0x7f3adca19af9 base::internal::IncomingTaskQueue::RunTask()
#22 0x7f3adca22bd7 base::MessageLoop::RunTask()
#23 0x7f3adca22e48 base::MessageLoop::DeferOrRunPendingTask()
#24 0x7f3adca23179 base::MessageLoop::DoWork()
#25 0x7f3adca26487 base::MessagePumpDefault::Run()
#26 0x7f3adca223cb base::MessageLoop::Run()
#27 0x7f3adcacc1fd base::RunLoop::Run()
#28 0x7f3ad7fd6b40 content::RendererMain()
#29 0x7f3ad8215152 content::RunZygote()
#30 0x7f3ad8218235 content::RunOtherNamedProcessTypeMain()
#31 0x7f3ad821a032 content::ContentMainRunnerImpl::Run()
#32 0x7f3ad820e815 content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
#33 0x7f3add0bade4 service_manager::Main()
#34 0x7f3ad8214a75 content::ContentMain()
#35 0x5563d2392246 ChromeMain
#36 0x5563d2392152 main
#37 0x7f3abb5922b1 __libc_start_main
#38 0x5563d239202a _start
  r8: 00003e4ad15ec0a8  r9: 0000000000000008 r10: 0000000000000000 r11: 0000000000000000
 r12: 00005563d2392000 r13: 00007fff12485b90 r14: 0000000000000000 r15: 0000000000000000
  di: 00003e4ad0989320  si: 00000000ffffffff  bp: 00007fff12480f40  bx: 0000000000000000
  dx: 869544d54f357500  ax: 0000000000000000  cx: 869544d54f357500  sp: 00007fff12480c90
  ip: 00007f3ad3b485ae efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000064
[end of stack trace]
Calling _exit(1). Core file will not be generated.
[44736:44736:0525/112635.343988:WARNING:x11_util.cc(1378)] X error received: serial 313, error_code 3 (BadWindow), request_code 4, minor_code 0 (Unknown)
[44736:44935:0525/112635.571779:WARNING:x11_util.cc(1378)] X error received: serial 607, error_code 3 (BadWindow), request_code 4, minor_code 0 (Unknown)

Comment 1 by pdr@chromium.org, May 25 2018 

It's hard to tell from the stacktrace but I think this may be caused by the popup layer not having paint properties set. WebViewImpl creates several special layers (popups, link highlights, and devtools) and these do not have property tree states yet.

Comment 2 by chaopeng@chromium.org, May 31 2018

Status: Available (was: Untriaged)

Sign in to add a comment