Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6213093622546432 Fuzzer: lcamtuf_cross_fuzz Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: FrameLoadTypeReloadMainResource == loadType in LocalFrame.cpp blink::LocalFrame::reload blink::DOMPluginArray::refresh Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=445391:445491 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96CpmpQlTXRJHgd_cDUjAtLRmQ-dIJ59cSXoxeBZzJu2PJ0pnki4AHlXoRnDPSTR-vPvxvMVhyjyr4M7L6We-jzBPypdvwdVj4Eg78Gocbg7YbkIhDonFNNVytC4XZ9ntZvXWJ031305pjp22_Cwf9prscmvMj1Cn_2gTUDHIH4x3WxxGH_0hOTTWRO_0M38Z0PCKJzrzz8TrN5Plz0l-SNUtWaaIhHKZa5kMX3HXYk853P5e71CzLIV3TLQ7sbiSJlJvf-hfK58Bix_MXw_-QBJPL7ejTOqL1mp49lldDMlsLnr8VB4YYSIZNuTvtDegKv3J_2PpqRDcuqkncyMdGnf53JOZmwdmBYj8J6nOkDztghRg9JAejkGQdXOlT5wPq4G6Ilp5iZSEJ033qNTaD92tmRqw?testcase_id=6213093622546432 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Through code search on file LocalFrame.cpp, suspected CL is https://chromium.googlesource.com/chromium/src/+/8cd793e6488686201c9099951b7211abfcf5593f%5E%21/third_party/WebKit/Source/core/frame/LocalFrame.cpp toyoshim@, could you please take a look?
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c5b26425b504565a5f8c9b3771ff547ac18c29fd commit c5b26425b504565a5f8c9b3771ff547ac18c29fd Author: toyoshim <toyoshim@chromium.org> Date: Thu Feb 09 01:27:09 2017 ClientRedirect reload should use FrameLoadTypeReloadMainResource If fasterLocationReload feature is enabled, all reload with ClientRedirect should switch to use FrameLoadTypeReloadMainResource instead of FrameLoadTypeReload. BUG= 689683 Review-Url: https://codereview.chromium.org/2688483002 Cr-Commit-Position: refs/heads/master@{#449179} [modify] https://crrev.com/c5b26425b504565a5f8c9b3771ff547ac18c29fd/third_party/WebKit/Source/modules/plugins/DOMPluginArray.cpp
ClusterFuzz has detected this issue as fixed in range 449158:449189. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6213093622546432 Fuzzer: lcamtuf_cross_fuzz Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: FrameLoadTypeReloadMainResource == loadType in LocalFrame.cpp blink::LocalFrame::reload blink::DOMPluginArray::refresh Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=445391:445491 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=449158:449189 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96CpmpQlTXRJHgd_cDUjAtLRmQ-dIJ59cSXoxeBZzJu2PJ0pnki4AHlXoRnDPSTR-vPvxvMVhyjyr4M7L6We-jzBPypdvwdVj4Eg78Gocbg7YbkIhDonFNNVytC4XZ9ntZvXWJ031305pjp22_Cwf9prscmvMj1Cn_2gTUDHIH4x3WxxGH_0hOTTWRO_0M38Z0PCKJzrzz8TrN5Plz0l-SNUtWaaIhHKZa5kMX3HXYk853P5e71CzLIV3TLQ7sbiSJlJvf-hfK58Bix_MXw_-QBJPL7ejTOqL1mp49lldDMlsLnr8VB4YYSIZNuTvtDegKv3J_2PpqRDcuqkncyMdGnf53JOZmwdmBYj8J6nOkDztghRg9JAejkGQdXOlT5wPq4G6Ilp5iZSEJ033qNTaD92tmRqw?testcase_id=6213093622546432 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by mummare...@chromium.org
, Feb 7 2017Labels: Test-Predator-Wrong M-58
Owner: toyoshim@chromium.org
Status: Assigned (was: Untriaged)