CHECK failure: container->GetLayoutObject(). foreignObject class="CLASS13 CLASS9" (editable) in |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5274750654611456 Fuzzer: bj_broddelwerk Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: container->GetLayoutObject(). foreignObject class="CLASS13 CLASS9" (editable) in blink::CompositeEditCommand::AppendBlockPlaceholder blink::InsertParagraphSeparatorCommand::DoApply Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=529050:529051 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5274750654611456 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 18 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ffb5de3934abd4e16399b2f79e7100823c6076fd (Don't propagate cmdline flags that are not read by renderer processes.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 19 2018
The CL pointed out in #c2 (ffb5de3934abd4e16399b2f79e7100823c6076fd - r529051) stopped propagating some cmdline switches from the browser process to the renderer process: - switches::kForceWebRtcIPHandlingPolicy - switches::kDisableGestureRequirementForPresentation - switches::kDisableLocalStorage - switches::kDisablePinch - switches::kDisableSmoothScrolling - switches::kEnablePinch - switches::kEnableSmoothScrolling - switches::kEnableStatsTable - switches::kMainFrameResizesAreOrientationChanges - switches::kSitePerProcess I've just double-checked that these cmdline flags are only dereferenced in the browser process (e.g. in code under //content/browser) and never in the renderer process. Therefore, the CL above should be a no-op (i.e. shouldn't cause a ClusterFuzz bug). FWIW, I cannot reproduce the ClusterFuzz failure at ffb5de3934abd4e16399b2f79e7100823c6076fd: $ git checkout ffb5de3934abd4e16399b2f79e7100823c6076fd $ gclient sync $ /google/data/ro/teams/clusterfuzz-tools/releases/clusterfuzz reproduce 5274750654611456 -c -j 500 -l 25 --skip-deps ... UnreproducibleError: The crash cannot be reproduced after trying 3 times. This further reinforces the Test-Predator-Wrong-CLs label. BTW: I also cannot reproduce the ClusterFuzz failure at ToT (163641576c99ccaff013d589044f2c31bfdae6cd / r163641576c99ccaff013d589044f2c31bfdae6cd) so maybe the failure is intermittent?
,
Mar 19 2018
yosin@, could you PTAL and help triage as one of third_party/WebKit/Source/core/editing/OWNERS? (I am removing myself as an owner, as explained in #c3)
,
Mar 20 2018
,
Apr 1 2018
ClusterFuzz testcase 5274750654611456 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Mar 18 2018Labels: Test-Predator-Auto-Components