Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: mlippautz
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/41b8e10e1ac0dac50384bc9ef1d141fae7e5c67b
Time: Mon Sep 21 14:03:44 2015
The CL last changed line 542 of file spaces.h, which is stack frame 0.

Author: mlippautz
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/ffcff3a0f2145fc4893f18a05b9466e3459353ff
Time: Thu Feb 11 16:38:58 2016
The CL last changed line 1292 of file objects-inl.h, which is stack frame 1.

Author: vitalyr@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/41c7632a41a6da779647b8a4c953e9e7869ae626
Time: Tue Mar 22 19:15:02 2011
The CL last changed line 1301 of file objects-inl.h, which is stack frame 2.

Author: vitalyr@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a07bd45c29378cde1a8bb20a3323fe9f63721665
Time: Tue Jun 07 13:09:01 2011
The CL last changed line 853 of file api.cc, which is stack frame 3.

Author: dcarney@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/cf5ff5a14cd677ff603b55ccf196e2913837008a
Time: Thu May 02 20:18:42 2013
The CL last changed line 7077 of file v8.h, which is stack frame 4.

Author: marja@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9a5984409f05752318c259fc1c69f0dba0107c07
Time: Tue Jun 04 16:39:12 2013
The CL last changed line 167 of file app_bindings.cc, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/463eb426b5621e116c2025e279e204cc483a7e29
Time: Tue Feb 16 15:04:09 2016
The CL last changed line 166 of file tuple.h, which is stack frame 6.

Suspected Project: chromium-v8
Suspected Component: Blink>JavaScript

Possible suspect : https://chromium.googlesource.com/v8/v8.git/+/ffcff3a0f2145fc4893f18a05b9466e3459353ff

Please reassign if this is not related to your change.

Not V8 heap related.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4703304327626752

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::Context::Enter
  extensions::AppBindings::OnAppInstallStateResponse
  bool IPC::MessageT<ExtensionMsg_GetAppInstallStateResponse_Meta, std::__1::tuple
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv965mpo9V5OkN9O4nIGF6CDST4GaNZ00wq8Sl2PtXXR3HoBvcMlihaGQvv5RUwrHZFFoOjqcOiinstD1pc-Odx-_9UwZOA6ogUgVOhXeC-BMVgOdPNWR49g7gh6hhmNydXqj2XXILldeL5XGu3OvSl2QeBApzk67S4_6DRK_yxb4-_eyT78


Additional requirements: Requires Gestures

Filer: pucchakayala

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Suspected CLs	Regression information is not available. The result is the blame information.

Author: bmeurer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/199e30d36fe8a360797b723ea19cbe106504dc43
Time: Wed Jul 15 11:05:00 2015
The CL last changed line 50 of file handles.h, which is stack frame 0.

Author: bmeurer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/199e30d36fe8a360797b723ea19cbe106504dc43
Time: Wed Jul 15 11:05:00 2015
The CL last changed line 114 of file handles.h, which is stack frame 1.

Author: bmeurer
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/199e30d36fe8a360797b723ea19cbe106504dc43
Time: Wed Jul 15 11:05:00 2015
The CL last changed line 110 of file handles.h, which is stack frame 2.

Author: vitalyr@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a07bd45c29378cde1a8bb20a3323fe9f63721665
Time: Tue Jun 07 13:09:01 2011
The CL last changed line 853 of file api.cc, which is stack frame 3.

Author: dcarney@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/cf5ff5a14cd677ff603b55ccf196e2913837008a
Time: Thu May 02 20:18:42 2013
The CL last changed line 7077 of file v8.h, which is stack frame 4.

Author: marja@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9a5984409f05752318c259fc1c69f0dba0107c07
Time: Tue Jun 04 16:39:12 2013
The CL last changed line 167 of file app_bindings.cc, which is stack frame 5.

Author: mdempsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/8a5190449d48e06efa581390426dfa3bb6750f4c
Time: Tue Feb 09 05:41:47 2016
The CL last changed line 26 of file ipc_message_templates.h, which is stack frame 6.

Suspected Project: chromium-v8
Suspected Component: Blink>JavaScript


@mdempsky, can you please take a look at this issue ?

ClusterFuzz has detected this issue as fixed in range 388139:388170.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5616366928789504

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::Context::Enter
  extensions::AppBindings::OnAppInstallStateResponse
  bool IPC::MessageT<ExtensionMsg_GetAppInstallStateResponse_Meta, std::tuple<std:
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=385989:386017
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=388139:388170

Minimized Testcase (5.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95eHo4QoFxd8xTLxpUoY7y-1_-31qQAqtlJG9NBbR597U6YiP-vEsKjhgqoxJcEwT-3XpN6ttIYT716tueudZGPYd-inzPMk6E-znnegSuvKG_BGFTbknp4oFeEmx0CCes-Nb1QEfMWevmQGV83VuN2g8Fb-A

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 388139:388170.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4703304327626752

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::Context::Enter
  extensions::AppBindings::OnAppInstallStateResponse
  bool IPC::MessageT<ExtensionMsg_GetAppInstallStateResponse_Meta, std::__1::tuple
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=388139:388170

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv965mpo9V5OkN9O4nIGF6CDST4GaNZ00wq8Sl2PtXXR3HoBvcMlihaGQvv5RUwrHZFFoOjqcOiinstD1pc-Odx-_9UwZOA6ogUgVOhXeC-BMVgOdPNWR49g7gh6hhmNydXqj2XXILldeL5XGu3OvSl2QeBApzk67S4_6DRK_yxb4-_eyT78


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Fixed according to clusterfuzz.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot