Not sure whether the issue is in bind_internal or on a higher level.

tzik@, would you mind taking a look and helping to triage this?

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Rerouting to ortuno@.

Hmm, this seems similar to  Issue 604671  and  Issue 621850 . Is there a way to see what resources are being used? Last time the resources were out of date and causing this problem.

ClusterFuzz has detected this issue as fixed in range 444601:444637.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4699768359223296

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x2c910f2f
Crash State:
  base::ObserverListBase<content::MediaSessionObserver>::begin
  device::MockBluetoothGattNotifySession::DoNotify
  base::internal::Invoker<base::internal::BindState<void
  
Memory Tool: SYZYASAN

Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=441084:441086
Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=444601:444637

Minimized Testcase (0.64 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Ev1UcLaVbdGuCdYTsfj-sVVxxaxNoA9DyPqeNMMWBr_5l9-ogGbmClq-IhFcvBl_01fzr3WCf4Mg2ApPtcHsqvDIZaMReLtRD4ksIgkJyKLKqtvMB6tynI5Ymz8lzudyy1ySXyN7t7rfzn1KrtcZi7YTG6TOdT0A2keR-qVUr_JvkzjHtXn0BMADYeL7uGdrQ018doAokCquNVeNsFHYh3aY03lJzwbYF3K74yHmiHyM46aHcrGCU8uSSXA6OFdtYAAL_CGh6PvXeE9S9AJGe40s7xfcZeAzITX5Ei-dxHsca5DihURorMjgEtG-kU8tygLB1t_74U-Vqj9bkq8otyThVZNA7KOasNWUTiwq5WyVUzEM?testcase_id=4699768359223296
<script src=../../resources/testharness.js></script>
<script src=../../resources/testharnessreport.js></script>
<script src=../../resources/bluetooth/bluetooth-helpers.js></script>
<script>
promise_test(() => {
  return setBluetoothFakeAdapter('HeartRateAdapter')
    .then(() => requestDeviceWithKeyDown({
      filters: [{services: ['heart_rate']}]}))
    .then(device => device.gatt.connect())
    .then(gattServer => gattServer.getPrimaryService('heart_rate'))
    .then(service => service.getCharacteristic('heart_rate_measurement'))
    .then(characteristic => {
      return characteristic.startNotifications()
    });
});
</script>


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4699768359223296 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot