Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6688709945851904 Fuzzer: inferno_layout_test_unmodified Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !paused() in Animation.cpp blink::Animation::pauseForTesting blink::AnimationTimeline::pauseAnimationsForTesting Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443258:443393 Minimized Testcase (3.88 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95V4nJrj7jY4by4HPiUslNt_Dv7ESeep730QbAqCx7U6iVUzlHhNimKGuNgclXyXQWxJotOq-ywMXimjj2SOmgrbtHOBRCoC4B7I3iVJxS3osSwPfmdZN3yK1rHAww8R4L-3fIKMgLygb6Bbd5UjdQA04cO_VDp4vREVU5tU2393OauPbf6wRrwCmI1WrAS60osIUZzWqy5T0YkesCKvspdY8B8L2EUll54H1EPJjr4vScT56eUuArShSRkH-BU486BIVz_ZBN0rTnnANZU4XOBGCg_2scr51JivBjkdxyjH17OghvA2eid_Y2uw29tDx3mAuiFWhxhd5t0VK5SDnqtsSkwigQv2xyzP30aYlrWbeTmH4M?testcase_id=6688709945851904 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
can repro this on ubsan content_shell on Linux 64
Sorry, should have assigned this to myself earlier.
This is an assert failure in a test only method, lowering priority.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/922804de065e29779f3b562e4d7e81fb7648836b commit 922804de065e29779f3b562e4d7e81fb7648836b Author: alancutter <alancutter@chromium.org> Date: Tue Jan 17 03:40:08 2017 Allow pausing paused animations for testing The Animation::pauseForTesting() method asserts that it is not already paused. There's no real reason not to allow this scenario so this patch removes the assertion. BUG= 681321 Review-Url: https://codereview.chromium.org/2638593003 Cr-Commit-Position: refs/heads/master@{#443981} [add] https://crrev.com/922804de065e29779f3b562e4d7e81fb7648836b/third_party/WebKit/LayoutTests/animations/pause-paused-animation-for-testing.html [modify] https://crrev.com/922804de065e29779f3b562e4d7e81fb7648836b/third_party/WebKit/Source/core/animation/Animation.cpp
ClusterFuzz has detected this issue as fixed in range 443979:443991. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6688709945851904 Fuzzer: inferno_layout_test_unmodified Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !paused() in Animation.cpp blink::Animation::pauseForTesting blink::AnimationTimeline::pauseAnimationsForTesting Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443258:443393 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443979:443991 Minimized Testcase (3.88 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95V4nJrj7jY4by4HPiUslNt_Dv7ESeep730QbAqCx7U6iVUzlHhNimKGuNgclXyXQWxJotOq-ywMXimjj2SOmgrbtHOBRCoC4B7I3iVJxS3osSwPfmdZN3yK1rHAww8R4L-3fIKMgLygb6Bbd5UjdQA04cO_VDp4vREVU5tU2393OauPbf6wRrwCmI1WrAS60osIUZzWqy5T0YkesCKvspdY8B8L2EUll54H1EPJjr4vScT56eUuArShSRkH-BU486BIVz_ZBN0rTnnANZU4XOBGCg_2scr51JivBjkdxyjH17OghvA2eid_Y2uw29tDx3mAuiFWhxhd5t0VK5SDnqtsSkwigQv2xyzP30aYlrWbeTmH4M?testcase_id=6688709945851904 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by tkent@chromium.org
, Jan 16 2017