This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

rockot, would you mind taking a look at this? Looks like you last touched third_party/WebKit/Source/modules/permissions/Permissions.cpp with https://chromium.googlesource.com/chromium/src/+/5d0e3432a52018d8134b5c7173a8b649a54ab90d

Already looking at it. It appears to be related to a recent change to worker thread shutdown behavior, but I'm still sorting it out.

ClusterFuzz has detected this issue as fixed in range 446721:447186.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5808942002470912

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x7e9414781aa0
Crash State:
  blink::Permissions::serviceConnectionError
  mojo::InterfaceEndpointClient::NotifyError
  base::MessageLoop::~MessageLoop
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=431862:431874
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=446721:447186

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv957GxKtol3k6CASnY4axJq1nDz8Rr2lrcTzq8YktE3XgRrSEkQ5w-oRuRbmcxZzwOD0YBBQ4VQMhDkz6_xPr2A-tT8Bo1jaMryHgBhl3XQl6yTUvvmH72KqXOsaPFD6ahLqefzB58q7289HsqYibnBy9rM4f-OlDglidXdo4MzgqbRSgow?testcase_id=5808942002470912


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot