New issue
Advanced search Search tips

Issue 823095 link

Starred by 2 users
Status: WontFix
Owner:
kojii@chromium.org
Closed: Mar 2018
Cc:
ifratric@google.com
hayato@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: !node.NeedsDistributionRecalc() in flat_tree_traversal_ng.h

Project Member Reported by ClusterFuzz, Mar 17 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6129866563649536

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !node.NeedsDistributionRecalc() in flat_tree_traversal_ng.h
  blink::FlatTreeTraversalNg::AssertPrecondition
  blink::FlatTreeTraversalNg::Parent
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=529050:529051

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6129866563649536

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Mar 17 2018

Components: Blink>DOM
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Mar 17 2018

Labels: Test-Predator-Auto-Owner
Owner: lukasza@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ffb5de3934abd4e16399b2f79e7100823c6076fd (Don't propagate cmdline flags that are not read by renderer processes.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by lukasza@chromium.org, Mar 19 2018

Labels: Test-Predator-Wrong-CLs
Owner: hayato@chromium.org
hayato@, could you PTAL and help triage - I believe you've added the failing DCHECK in https://codereview.chromium.org/1076143002

I am adding Test-Predator-Wrong-CLs label and removing myself as an owner, because I think the explanation from  https://crbug.com/823148#c3  applies here as well.

Comment 4 by hayato@chromium.org, Mar 20 2018

Cc: hayato@chromium.org
Components: -Blink>DOM Blink>HTML
Owner: kojii@chromium.org
I can repro. It looks ListItemOrginal::EnclosingList uses FlatTreeTraversal without updating distribution.

https://chromium.googlesource.com/chromium/src/+/666eacfd9727dbe5481ac418282bb0502a3e10be/third_party/WebKit/Source/core/html/ListItemOrdinal.cpp#70

kojii@

I looks https://chromium-review.googlesource.com/c/chromium/src/+/678415 is related. Could you take a look?

Comment 5 by kojii@chromium.org, Mar 20 2018 

Is UpdateDistribution still needed? Or is it needed only until we enable incremental shadow dom?

Comment 6 by hayato@chromium.org, Mar 20 2018 

It's still needed.

We can remove UpdateDistribution if 1) incremental shadow dom is enabled AND 2) shadow dom v0 is removed. 1) will happen in the near feature, hopefully, but 2) would not happen soon.
Project Member

Comment 7 by ClusterFuzz, Mar 31 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6129866563649536 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment