New issue
Advanced search Search tips

Issue 855876 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Jul 17
Cc:
chrome-release-bot@chromium.org
ifratric@google.com
kojii@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocking:
issue 845770



Sign in to add a comment

CHECK failure: !owner_->GetDocument().IsSlotAssignmentRecalcForbidden() in slot_assignment.cc

Project Member Reported by ClusterFuzz, Jun 23 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5246486049456128

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !owner_->GetDocument().IsSlotAssignmentRecalcForbidden() in slot_assignment.cc
  blink::SlotAssignment::RecalcAssignment
  blink::HTMLSlotElement::AssignedNodes
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=569874:569875

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5246486049456128

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Jun 23 2018

Components: Blink>DOM Blink>HTML
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jun 23 2018

Cc: chrome-release-bot@chromium.org
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

Updating trunk VERSION from 3470.0 to 3471.0 by chrome-release-bot@chromium.org - https://chromium.googlesource.com/chromium/src/+/d23e33081122f79de9ef059f4cdedc4c4fb96458

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Comment 3 by tkent@chromium.org, Jun 25 2018

Owner: hayato@chromium.org
Status: Assigned (was: Untriaged)

Comment 4 by hayato@chromium.org, Jun 25 2018

Labels: -Pri-1 Pri-2
Let me mark this P2 since this hits DCHECK which I've added recently.

Comment 5 by hayato@chromium.org, Jun 25 2018

Blocking: 845770

Comment 6 by hayato@chromium.org, Jun 25 2018

Cc: kojii@chromium.org
Owner: ----
Status: Available (was: Assigned)
cc: kojii@

It looks HTMLElement::Directionality is violating the rule, using FlatTreTraversal and triggering recalc assignment while in DOM mutations.

See bug 845770.

Comment 7 by kojii@chromium.org, Jun 25 2018 

I don't know what we can do here. Maybe wait for consensus from i18n at the github issue?

Comment 8 by hayato@chromium.org, Jun 25 2018 

I don't think the consensus on the issue is a blocking issue to fix the crash.

I think it might make some time for them to understand that.

Comment 9 by hayato@chromium.org, Jul 4

Components: -Blink>DOM
Project Member

Comment 10 by ClusterFuzz, Jul 17 

ClusterFuzz has detected this issue as fixed in range 575516:575517.

Detailed report: https://clusterfuzz.com/testcase?key=5246486049456128

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !owner_->GetDocument().IsSlotAssignmentRecalcForbidden() in slot_assignment.cc
  blink::SlotAssignment::RecalcAssignment
  blink::HTMLSlotElement::AssignedNodes
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=569874:569875
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=575516:575517

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5246486049456128

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 11 by ClusterFuzz, Jul 17

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 5246486049456128 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment