CHECK failure: !node.NeedsDistributionRecalc() in flat_tree_traversal_ng.h |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6129866563649536 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !node.NeedsDistributionRecalc() in flat_tree_traversal_ng.h blink::FlatTreeTraversalNg::AssertPrecondition blink::FlatTreeTraversalNg::Parent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=529050:529051 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6129866563649536 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 17 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ffb5de3934abd4e16399b2f79e7100823c6076fd (Don't propagate cmdline flags that are not read by renderer processes.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 19 2018
hayato@, could you PTAL and help triage - I believe you've added the failing DCHECK in https://codereview.chromium.org/1076143002 I am adding Test-Predator-Wrong-CLs label and removing myself as an owner, because I think the explanation from https://crbug.com/823148#c3 applies here as well.
,
Mar 20 2018
I can repro. It looks ListItemOrginal::EnclosingList uses FlatTreeTraversal without updating distribution. https://chromium.googlesource.com/chromium/src/+/666eacfd9727dbe5481ac418282bb0502a3e10be/third_party/WebKit/Source/core/html/ListItemOrdinal.cpp#70 kojii@ I looks https://chromium-review.googlesource.com/c/chromium/src/+/678415 is related. Could you take a look?
,
Mar 20 2018
Is UpdateDistribution still needed? Or is it needed only until we enable incremental shadow dom?
,
Mar 20 2018
It's still needed. We can remove UpdateDistribution if 1) incremental shadow dom is enabled AND 2) shadow dom v0 is removed. 1) will happen in the near feature, hopefully, but 2) would not happen soon.
,
Mar 31 2018
ClusterFuzz testcase 6129866563649536 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Mar 17 2018Labels: Test-Predator-Auto-Components