rdcronin@, could you PTAL or assign to someone on your team? Thanks.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5032069055119360

Fuzzer: cdiehl_dharma
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x611000200890
Crash State:
  extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered
  extensions::ExtensionCommandsGlobalRegistry::IsRegistered
  chromeos::IsExtensionCommandRegistered
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=373260:373393

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94EBLhaUZiV6jWnXc5Edid2WT29Dz_Ms7TfBtjJvH5-LDInzE1wI1H2tuCwGIcf-OxBZycqJTzFrAMzYvdE0y59QpTr3VfZHQ0uUa5acpIlbJaXv6wQlZhMFWRqUWSh6y5CHl9LEPgLjUstZLlB5Hp0kyWMEw


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fbcfdaeb71885d8081579746bedfbc6c5b813f11

commit fbcfdaeb71885d8081579746bedfbc6c5b813f11
Author: rdevlin.cronin <rdevlin.cronin@chromium.org>
Date: Tue Jun 07 00:16:14 2016

[UI Views] Unset the extension keybinding registry on frame destruction

Some destruction flows don't seem to call OnWidgetActivationChanged
before destroying the window, which causes the extension keybinding
registry reference in the global registry to become stale. Update the
active registry on deletion.

BUG= 616970 

Review-Url: https://codereview.chromium.org/2046653002
Cr-Commit-Position: refs/heads/master@{#398167}

[modify] https://crrev.com/fbcfdaeb71885d8081579746bedfbc6c5b813f11/chrome/browser/ui/views/frame/browser_view.cc

Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

[Automated comment] No milestone found on Merge-Request (i.e. merge-request-# label).

Your change meets the bar and is auto-approved for M52 (branch: 2743)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d83d3d08c885706910d00402cfec79cef265b665

commit d83d3d08c885706910d00402cfec79cef265b665
Author: Devlin Cronin <rdevlin.cronin@chromium.org>
Date: Tue Jun 14 23:45:19 2016

[UI Views] Unset the extension keybinding registry on frame destruction

Some destruction flows don't seem to call OnWidgetActivationChanged
before destroying the window, which causes the extension keybinding
registry reference in the global registry to become stale. Update the
active registry on deletion.

BUG= 616970 

Review-Url: https://codereview.chromium.org/2046653002
Cr-Commit-Position: refs/heads/master@{#398167}
(cherry picked from commit fbcfdaeb71885d8081579746bedfbc6c5b813f11)

Review URL: https://codereview.chromium.org/2061383002 .

Cr-Commit-Position: refs/branch-heads/2743@{#360}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/d83d3d08c885706910d00402cfec79cef265b665/chrome/browser/ui/views/frame/browser_view.cc

Sorry to say the panel decided not to reward for this bug, as it was found by clusterfuzz gestures not the fuzzer itself.

[Automated comment] There appears to be on-going work (i.e. bugroid changes), needs manual review.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot