Suspecting:

Author: rockot
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7c6bf9577022c2d646bb6a347d6e3c93a5bb5ac6
Time: Thu Jul 14 00:34:11 2016
The CL last changed line 121 of file ipc_message_pipe_reader.cc, which is stack frame 0.

@rockot: Could you please look into this issue.

Thank you.

Issue 632426 has been merged into this issue.

Users experienced this crash on the following builds:

Win Canary 54.0.2810.2 -  2.84 CPM, 19 reports, 17 clients (signature IPC::internal::MessagePipeReader::GetRemoteInterface)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5a90895a195ff140b0b355754807944f6824bd90

commit 5a90895a195ff140b0b355754807944f6824bd90
Author: rockot <rockot@chromium.org>
Date: Thu Jul 28 20:08:17 2016

Fix nullptr deref in remote interface acquisition

Changes MessagePipeReader to drop remote associated interface
requests if the pipe has been closed. This avoids dereferencing
a null |sender_| instance.

Also adds a sanity check to
ChannelProxy::GetGenericRemoteAssociatedInterface() to ensure it's
never called before Init(). We aren't hitting this today but it
clarifies that the method has the same expectations as
ChannelProxy::Send().

BUG= 632263 
R=yzshen@chromium.org

Review-Url: https://codereview.chromium.org/2188173003
Cr-Commit-Position: refs/heads/master@{#408458}

[modify] https://crrev.com/5a90895a195ff140b0b355754807944f6824bd90/ipc/ipc_channel_proxy.cc
[modify] https://crrev.com/5a90895a195ff140b0b355754807944f6824bd90/ipc/ipc_message_pipe_reader.cc

ClusterFuzz has detected this issue as fixed in range 408444:408557.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4956793533104128

Fuzzer: meacer_chromebot_extensions
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  IPC::internal::MessagePipeReader::GetRemoteInterface
  IPC::ChannelMojo::GetGenericRemoteAssociatedInterface
  IPC::ChannelProxy::Context::GetRemoteAssociatedInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=408165:408183
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=408444:408557

Minimized Testcase (351.69 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94DHDexRyHO9TTg1yyCBUOY6MEZ0uWpxfzr6emntkQP49ztKd1pspT2DBtZkg0m3-wU4mEoSrjDodhCNolhBrIsk4XkpN5V0UIiedyM8wwqUI5UZ6SaX6MfIwrUPGVZpdKDShaiHqO0sOD-1x1jj8hU5vM5kITvjIG9cCs2uwD3G62ZvFY?testcase_id=4956793533104128

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot