Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/9779e9515ba716e5ed490c3ffce69d8f13eba521 (Add TSan suppression for latest debian release.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Hi Aleks, would you mind looking into this? You're pretty familiar with our block layout code by now...

Reproduced. Hit a DCHECK about inserting a float when it is not a float.
Will dig into Legacy float handling tomorrow.

Looks like another senseless regression from https://chromium.googlesource.com/chromium/src/+/7a22edaa3ae7ef77e5d2499062bbccf24f1f5f1c, like https://bugs.chromium.org/p/chromium/issues/detail?id=835371#c7. Let me revert it now.

revert failed (https://chromium-review.googlesource.com/c/chromium/src/+/1036489). can someone manually revert. i think this regression is particularly bad, causing crashes in a bunch of places.

I've created a revert CL:
https://chromium-review.googlesource.com/c/chromium/src/+/1036856

ClusterFuzz has detected this issue as fixed in range 555009:555013.

Detailed report: https://clusterfuzz.com/testcase?key=5500610762506240

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000008cff0a
Crash State:
  blink::LayoutObject::DecoratedName
  blink::LayoutObject::DebugName
  blink::LayoutBlockFlow::XPositionForFloatIncludingMargin
  
Sanitizer: thread (TSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=526533:526534
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=555009:555013

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5500610762506240

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5500610762506240 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot