wangxianzhu, mind taking a look at this?

wangxianzhu@: Uh oh! This issue is still open and hasn't been updated in the last 14 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz

A friendly reminder that M50 Stable is launching soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch by Apr-5. All changes MUST be merged into the release branch by 5pm on Apr-8 to make into the desktop Stable final build cut. Thanks!

wangxianzhu@: Uh oh! This issue is still open and hasn't been updated in the last 28 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz

Based on code, if the crash really occurred, it should not be Windows-only, but I couldn't reproduce it on Linux. Also there is no crash reports of the function. Suspecting a bad build. Can I let clusterfuzz try another build? I tried "Redo" in the report, and it still just run asan-win32-release-377898/content_shell.exe which seems to have broken symbol table.

Based on the report, it looks like a null pointer deference, so I'm lowering the security severity to low and removing releaseblock-stable.

Nothing I can do for the bug. Please reopen if cluster-fuzz encounters it again.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4896408173281280

Fuzzer: inferno_layout_test_fuzzer
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0xffffffff
Crash State:
  blink::PaintLayerReflectionInfo::updateAfterStyleChange
  blink::PaintLayer::styleChanged
  blink::LayoutBoxModelObject::styleDidChange
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_content_shell&range=377688:377898

Minimized Testcase (96.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97H-YLL1cX7JLotgAfDZYUvUSeSJGc6OtjjryUlT3pu9ABAFPOoOVEyhuoW8B3pdgIk_dm0Ni38xnWK52PsxH2fxZyGt-yRC34tCNHqPGb_eCn5v4BMbcWDG6PdMUVZi59EaUvvOLDwoRW8UXID8Pgi2OwRuhx3z98oS6IbIZpd16u1orE

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot