New issue
Advanced search Search tips
Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Dec 15
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment
link

Issue 913843: CHECK failure: result == scrollable_area_->layer_->GraphicsLayerBacking()->VisualRect() in pain

Reported by ClusterFuzz, Dec 11 Project Member

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6529317519228928

Fuzzer: marty_html_twiddler
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result == scrollable_area_->layer_->GraphicsLayerBacking()->VisualRect() in pain
  blink::PaintLayerScrollableArea::ScrollingBackgroundDisplayItemClient::VisualRec
  blink::DisplayItem::DisplayItem
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=603217:603228

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6529317519228928

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 

Comment 1 by ClusterFuzz, Dec 11

Project Member
Components: Blink>Paint
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by ClusterFuzz, Dec 11

Project Member
Cc: sunyunjia@chromium.org wangxianzhu@chromium.org
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

[PE] Fix raster cpu regression of crrev.com/c/1297131 by wangxianzhu@chromium.org - https://chromium.googlesource.com/chromium/src/+/2779a9b0df225a3e2ca284ab1d076f4dcd090c31

Snap after pressing arrow key. by sunyunjia@chromium.org - https://chromium.googlesource.com/chromium/src/+/e806ef73a7d39067e1bfcf451b4c16f0c56d4837

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Comment 3 by sunyunjia@chromium.org, Dec 11

This doesn't seem to be caused by my change. As I checked that my patch doesn't touch the stack trace.

Comment 4 by wangxianzhu@chromium.org, Dec 11

Cc: -wangxianzhu@chromium.org -sunyunjia@chromium.org
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)

Comment 5 by bugdroid1@chromium.org, Dec 15

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7edf71d1a997df5fe2ecd71e8cdbcdcd7d4b520a

commit 7edf71d1a997df5fe2ecd71e8cdbcdcd7d4b520a
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Sat Dec 15 01:48:45 2018

[PE] Fix DCHECK failure in scrolling background visual rect

Now use the same pixel snapping method for scrolling contents layer
used in CompositeLayerMapping to avoid the DCHECK failure. The scrolling
contents should originate from the pixel snapped clip rect.

Bug:  913843 
Change-Id: Ibce87b324567f971516148f865608f00e80d4bee
Reviewed-on: https://chromium-review.googlesource.com/c/1378850
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#616909}
[modify] https://crrev.com/7edf71d1a997df5fe2ecd71e8cdbcdcd7d4b520a/third_party/blink/renderer/core/paint/paint_layer_scrollable_area.cc
[modify] https://crrev.com/7edf71d1a997df5fe2ecd71e8cdbcdcd7d4b520a/third_party/blink/renderer/core/paint/paint_layer_scrollable_area_test.cc

Comment 6 by ClusterFuzz, Dec 15

Project Member
ClusterFuzz has detected this issue as fixed in range 616906:616910.

Detailed report: https://clusterfuzz.com/testcase?key=6529317519228928

Fuzzer: marty_html_twiddler
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result == scrollable_area_->layer_->GraphicsLayerBacking()->VisualRect() in pain
  blink::PaintLayerScrollableArea::ScrollingBackgroundDisplayItemClient::VisualRec
  blink::DisplayItem::DisplayItem
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=603217:603228
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=616906:616910

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6529317519228928

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 7 by ClusterFuzz, Dec 15

Project Member
Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6529317519228928 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment