Issue metadata
Sign in to add a comment
|
Abrt in LifecyclePostponed |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4603445357838336 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Abrt Crash Address: 0x053900002d6e Crash State: LifecyclePostponed blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=526747:526751 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4603445357838336 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 21 2018
Unable to find actual suspect through code search and also observing no suspected CL's under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue. Thanks!
,
Jun 25 2018
I don't think this is a DOM issue. Adding a line like GetFrame()->Selection().GetDocument.HasViewportUnits() to https://chromium.googlesource.com/chromium/src/+/66c8550045d1ca168b36b33d821154143b6b4c54/third_party/blink/renderer/core/frame/web_local_frame_impl.cc#1199 causes a crash, indicating that the document is invalid at that point (this is just a simple bool accessor) and should not be accessed at this point.
,
Jun 25 2018
Caused by printing during frame detach: ... #7 0x5567f13f28ea in printing::PrintRenderFrameHelper::ScriptedPrint(bool) components/printing/renderer/print_render_frame_helper.cc:1036:5 #8 0x5567ee9b1a37 in content::RenderFrameImpl::ScriptedPrint(bool) content/renderer/render_frame_impl.cc:1673:14 #9 0x5567ed5bd9f5 in blink::ChromeClient::Print(blink::LocalFrame*) third_party/blink/renderer/core/page/chrome_client.cc:249:3 #10 0x5567ebfa133d in blink::LocalDOMWindow::print(blink::ScriptState*) third_party/blink/renderer/core/frame/local_dom_window.cc:705:27 #11 0x5567ed4d2b08 in blink::FrameLoader::DidFinishNavigation() third_party/blink/renderer/core/loader/frame_loader.cc:451:26 #12 0x5567ed484f63 in blink::DocumentLoader::StopLoading() third_party/blink/renderer/core/loader/document_loader.cc:807:5 #13 0x5567ed4d140b in blink::FrameLoader::StopAllLoaders() third_party/blink/renderer/core/loader/frame_loader.cc:963:23 #14 0x5567ebfcf34a in blink::LocalFrame::Detach(blink::FrameDetachType) third_party/blink/renderer/core/frame/local_frame.cc:351:11 #15 0x5567ebd12b43 in blink::WebFrame::Swap(blink::WebFrame*) third_party/blink/renderer/core/exported/web_frame.cc:94:14 #16 0x5567ee9b5bbf in content::RenderFrameImpl::OnSwapOut(int, bool, content::FrameReplicationState const&) content/renderer/render_frame_impl.cc:1914:26 ...
,
Aug 30
ClusterFuzz has detected this issue as fixed in range 587067:587069. Detailed report: https://clusterfuzz.com/testcase?key=4603445357838336 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Abrt Crash Address: 0x053900002d6e Crash State: LifecyclePostponed blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=526747:526751 Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=587067:587069 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4603445357838336 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 20 2018Labels: Test-Predator-Auto-Components