Issue 825482 link

Starred by 3 users

Issue metadata

Status:	WontFix
Owner:	dtapu...@chromium.org
Closed:	Apr 2018
Cc:	ifratric@google.com e...@chromium.org
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz Test-Predator-Auto-Components Test-Predator-Auto-Owner

CHECK failure: lifecycle_.GetState() >= DocumentLifecycle::kStyleClean in Document.cpp

Project Member Reported by ClusterFuzz, Mar 24 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5286957647921152

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  lifecycle_.GetState() >= DocumentLifecycle::kStyleClean in Document.cpp
  blink::Document::ScrollingElementNoLayout
  blink::Document::scrollingElement
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=523893:523905

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5286957647921152

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Mar 24 2018

Components: Blink>DOM
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Mar 24 2018

Labels: Test-Predator-Auto-Owner
Owner: loonyb...@chromium.org
Status: Assigned (was: Untriaged)

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3f921557c4cb83453bfce0fe8637e489a90064ad (Drop UseCounter usage measurement on view-source pages.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by loonyb...@chromium.org, Mar 28 2018

Owner: dtapu...@chromium.org

Bisected to https://chromium.googlesource.com/chromium/src/+/4cef659a8009c5cb4f5708336ae37654d23653b3

Dave, could you please take a look?

Thanks

Comment 4 by dtapu...@chromium.org, Mar 28 2018

Cc: e...@chromium.org
Components: -Blink>DOM Blink>Layout

eae@ This code is checking the layout state is clean and UpdateStyleAndLayoutTree() is called just before it. But it can early out in certain scenarios like throttled rendering. How is this generally dealt with? See line: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/dom/Document.cpp?type=cs&q=ScrollingElementNoLayout&sq=package:chromium&l=1509

and the DCHECK here: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/dom/Document.cpp?type=cs&q=ScrollingElementNoLayout&sq=package:chromium&l=1516

Project Member

Comment 5 by ClusterFuzz, Apr 7 2018

Status: WontFix (was: Assigned)

ClusterFuzz testcase 5286957647921152 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 825482 link

Issue metadata

CHECK failure: lifecycle_.GetState() >= DocumentLifecycle::kStyleClean in Document.cpp

Issue description

Comment 1 by ClusterFuzz, Mar 24 2018

Comment 1 Deleted

Comment 2 by ClusterFuzz, Mar 24 2018

Comment 2 Deleted

Comment 3 by loonyb...@chromium.org, Mar 28 2018

Comment 3 Deleted

Comment 4 by dtapu...@chromium.org, Mar 28 2018

Comment 4 Deleted

Comment 5 by ClusterFuzz, Apr 7 2018

Comment 5 Deleted

Sign in to add a comment