CHECK failure: parent_context.tree_builder_context. NeedsPaintOffsetAndVisualRectUpdate in PreP |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5805198468186112 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: parent_context.tree_builder_context. NeedsPaintOffsetAndVisualRectUpdate in PreP blink::PrePaintTreeWalk::NeedsTreeBuilderContextUpdate blink::PrePaintTreeWalk::Walk Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=539621:539628 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5805198468186112 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 28 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/4d1ac15a6a39c60aa156f471876660a86f846cec ([DBG] Add a speculative CHECK to debug a crash.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 28 2018
,
Mar 31 2018
,
Apr 2 2018
I'll take a look. It seems that some object has NeedsPaintOffsetAndVisualRectUpdate but the parent doesn't have.
,
Apr 4 2018
,
Apr 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/18761bce6b07f724b19bd2afcdc770ef6d2e60fc commit 18761bce6b07f724b19bd2afcdc770ef6d2e60fc Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Wed Apr 04 19:32:02 2018 [SPv175+] Fix crash when continuation paint offset changes under focus ring Focus ring on an inline element encloses continuations, thus the inline element needs to update visual rect and check for invalidation when any continuation's geometry changes. Previously this was done in LayoutObject::SetNeedsPaintOffsetAndVisualRectUpdate() called for a continuation block to set invalidation flag on the head of the inline continuation. This is problematic during PrePaint because the head of inline continuation has already finished its paint invalidation and cleared its paint flags. Now force subtree visual rect update and invalidation checking for a block contianing inline with outline and continuation to ensure correct visual rect update and invalidation. Bug: 826582 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I0bac20a8fafb64ea7121b3e25b7c75ebf7fb984f Reviewed-on: https://chromium-review.googlesource.com/993707 Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Philip Rogers <pdr@chromium.org> Cr-Commit-Position: refs/heads/master@{#548157} [add] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/paint/invalidation/outline/focus-ring-continuation-move-crash-expected.html [add] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/paint/invalidation/outline/focus-ring-continuation-move-crash.html [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/virtual/disable-spv175/paint/invalidation/outline/focus-enable-continuations-expected.txt [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/virtual/disable-spv175/paint/invalidation/outline/focus-ring-on-continuation-move-expected.txt [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/virtual/disable-spv175/paint/invalidation/outline/focus-ring-on-inline-continuation-move-expected.txt [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/LayoutTests/virtual/disable-spv175/paint/invalidation/outline/outline-change-continuations-expected.txt [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/Source/core/layout/LayoutObject.cpp [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/Source/core/layout/LayoutObject.h [modify] https://crrev.com/18761bce6b07f724b19bd2afcdc770ef6d2e60fc/third_party/WebKit/Source/core/paint/PaintInvalidator.cpp
,
Apr 4 2018
,
Apr 5 2018
ClusterFuzz has detected this issue as fixed in range 548153:548157. Detailed report: https://clusterfuzz.com/testcase?key=5805198468186112 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: parent_context.tree_builder_context. NeedsPaintOffsetAndVisualRectUpdate in PreP blink::PrePaintTreeWalk::NeedsTreeBuilderContextUpdate blink::PrePaintTreeWalk::Walk Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=539621:539628 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=548153:548157 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5805198468186112 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 5 2018
ClusterFuzz testcase 5805198468186112 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Mar 28 2018Labels: Test-Predator-Auto-Components