New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 781214 link

Starred by 1 user
Status: Duplicate
Owner: ----
Closed: Jan 2018
Cc:
tkent@chromium.org
pnangunoori@chromium.org
kkaluri@chromium.org
yosin@chromium.org
msrchandra@chromium.org
hayato@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

CHECK failure: !node || IsElementOfType<const T>(*node) in Element.h

Project Member Reported by ClusterFuzz, Nov 3 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5582621324345344

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !node || IsElementOfType<const T>(*node) in Element.h
  blink::HTMLDetailsElement::FindMainSummary
  blink::HTMLSummaryElement::IsMainSummary
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=434865:434929

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5582621324345344

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Nov 3 2017

Labels: OS-Mac
Project Member

Comment 2 by ClusterFuzz, Nov 4 2017

Labels: OS-Windows

Comment 3 by pnangunoori@chromium.org, Nov 6 2017

Cc: msrchandra@chromium.org hayato@chromium.org yosin@chromium.org pnangunoori@chromium.org
Components: Blink
Labels: M-63 Test-Predator-Wrong
Owner: tkent@chromium.org
Status: Assigned (was: Untriaged)
Using the provided regression range assigning to the possible suspect as per the change made for the file, “Element.h & HTMLDetailsElement.cpp”

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/2ce7841faa0fcfb4bff02b808745a9399a1c0603

@tkent -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

CC'ing reviewers as tkent@ is OOO.

Comment 4 by e...@chromium.org, Nov 7 2017

Components: -Blink Blink>DOM

Comment 5 by e...@chromium.org, Nov 7 2017

Owner: ----
Status: Untriaged (was: Assigned)

Comment 6 by kkaluri@chromium.org, Nov 8 2017

Cc: kkaluri@chromium.org tkent@chromium.org
Labels: CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You.

Comment 7 by kochi@chromium.org, Nov 13 2017

Components: -Blink>DOM Blink>HTML>Details
Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
Running the given clusterfuzz minimized case with "content_shell -run-layout-test"
hit a CHECK() as follows:

[1:1:1113/185735.989848:FATAL:Element.h(1090)] Check failed: !node || IsElementOfType<const T>(*node). 
#0 0x7f80f5a50ebd base::debug::StackTrace::StackTrace()
#1 0x7f80f5a4f2ec base::debug::StackTrace::StackTrace()
#2 0x7f80f5ad6bea logging::LogMessage::~LogMessage()
#3 0x7f80ede34c30 blink::ToElementOrDie<>()
#4 0x7f80ede3449c blink::HTMLDetailsElement::FindMainSummary()
#5 0x7f80ede805e1 blink::HTMLSummaryElement::IsMainSummary()
#6 0x7f80ee07bf58 blink::DetailsMarkerControl::LayoutObjectIsNeeded()
#7 0x7f80ed879384 blink::AdjustEffectiveTouchAction()
#8 0x7f80ed878285 blink::StyleAdjuster::AdjustComputedStyle()
#9 0x7f80ed894e75 blink::StyleResolver::StyleForElement()
#10 0x7f80ed972794 blink::Element::OriginalStyleForLayoutObject()
#11 0x7f80ed972375 blink::Element::StyleForLayoutObject()
#12 0x7f80ed9b30a3 blink::LayoutTreeBuilderForElement::Style()
#13 0x7f80ed9b3031 blink::LayoutTreeBuilderForElement::ShouldCreateLayoutObject()
#14 0x7f80ed982239 blink::LayoutTreeBuilderForElement::CreateLayoutObjectIfNeeded()
...

As <summary><details> usage is low, I don't think this is very urgent.
Lowering the priority.

Comment 8 by tkent@chromium.org, Jan 9 2018

Mergedinto: 580734
Status: Duplicate (was: Available)
Breaking UA shadow tree by window.internals.youngestShadowRoot().

Sign in to add a comment