ASSERTION FAILED: Cannot advance document lifecycle from PaintInvalidationClean |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5161398434267136 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: ASSERTION FAILED: Cannot advance document lifecycle from PaintInvalidationClean blink::DocumentLifecycle::advanceTo blink::FrameView::invalidateTreeIfNeeded Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96cCQxqF0KSWSpSQzXR9Rlr-87bH66KTb0uJgXkRFkg3ruVGUtoCvFBSnKml8wOkQVO1AUeNHjAOEer2sNHYdNTteN52k_Vna4_LdF3n51sc__7Cb1aUkJbSclBLUnvjGvnNU2v7eLF5gWf7-g0G1SNyr0ZGg Filer: ajha See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 27 2016
,
May 2 2016
Requesting regression range from clusterfuzz, will update bug once complete.
,
May 2 2016
No regression information available. Sigh.
,
May 9 2016
Finally got bisect info, https://chromium.googlesource.com/chromium/src/+log/cb9d633e2f1f1f13881899fa92f356bf8cd79e02..82df1afea37d14685cc18ea1ab651b6859afd2e4?pretty=fuller https://chromium.googlesource.com/chromium/src/+/fd7ede807eb0e64820c805e8d5d0caf7ba9c5516 looks like the most likely culprit.
,
May 11 2016
I think the regression range is wrong. I synced back to my patch (which is the first in the range) and the ASSERT fires; however, I synced back before my patch and it still fires too. In any case, my patch only deals with scrolling so it's unlikely to be causing a crash in invalidation.
,
May 11 2016
,
Jun 14 2016
ClusterFuzz has detected this issue as fixed in range 392347:392418. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5161398434267136 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: Cannot advance document lifecycle from PaintInvalidationClean to InPaintInvalida blink::DocumentLifecycle::advanceTo blink::FrameView::invalidateTreeIfNeeded Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=392347:392418 Minimized Testcase (0.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95fCDifPvaSibjpMnSLrFMg6tr7NQ1Uth8XDcgMRdcqhO2EdQfpr0Gbyx50VaKTAiKNJn2VdCZdgqRiMR-5uyjO2xmcs2BV0pND1eAGg2eeeuKUud0BK-vAiBX33Fi2o1ftpzKX0guKjuO_IHg3J87u5uDbrg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 14 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ajha@chromium.org
, Mar 17 2016Labels: -Pri-1 findit-for-crash Te-Logged Pri-2
Owner: jchaffraix@chromium.org
Status: Assigned (was: Available)