Detailed report: https://clusterfuzz.com/testcase?key=5497569125072896 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000060 Crash State: blink::PagePopupSupplement::from blink::pagePopupControllerAttributeGetterCallback v8::internal::PropertyCallbackArguments::Call Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=451977:452017 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97tlE04omXcpCTK5c5d091iEscGEB6MctwsZiflGvDSuLDWlTA2v6CVcpmi_AGiJUFmgmN_Ci1lz-vtA4AzMxIfmS7ogwLpXaeyMOY787Mtp_kn47a_jYdF-Vwdr8R-QHNleisMp9R6aGg10L1nZ-AFg74oMJetzT3daBpjk4-NR92ZcjX-fbI4--0ko9VdZOVbFwld3biT2XeVgMMKMic3MVpT0P8ubqa2wmfDfY5TrYvEpuxd-410dzLpJTanvjvqiHCGrekqeym-HMLAWgfP_-O8o3E_Z0yE1FFauy8lq_DmHyfswn8PMXgXIxFZ-ORqfqPIvVkX92-6N69uOgo9TcnojzMz1LcQybRIkgqrvnfrxPBYkYcElqRe3EjuJZAMp-ZvCs6CLxb2KZHs3-ngH4d5Cw?testcase_id=5497569125072896 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Through code search on file PagePopupSupplement.cpp, suspected CL is https://chromium.googlesource.com/chromium/src/+/a7d691668d850776763dc437d808fadfb4b3154d# haraken@, could you please take a look and help us to find correct owner if it is not related your changes.
This only happens in test code, not something exposed in production builds; adjusting priority down one level.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8d3aa0bf80ed15648b30bae0621e15e6eef37d64 commit 8d3aa0bf80ed15648b30bae0621e15e6eef37d64 Author: sigbjornf <sigbjornf@opera.com> Date: Wed Apr 05 15:30:39 2017 PagePopupController: handle frame-detached window usage. R=haraken BUG= 708225 Review-Url: https://codereview.chromium.org/2798863002 Cr-Commit-Position: refs/heads/master@{#462078} [add] https://crrev.com/8d3aa0bf80ed15648b30bae0621e15e6eef37d64/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/week-picker-close-no-crash.html [modify] https://crrev.com/8d3aa0bf80ed15648b30bae0621e15e6eef37d64/third_party/WebKit/Source/bindings/core/v8/V8PagePopupControllerBinding.cpp
ClusterFuzz has detected this issue as fixed in range 458746:463137. Detailed report: https://clusterfuzz.com/testcase?key=5497569125072896 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000060 Crash State: blink::PagePopupSupplement::from blink::pagePopupControllerAttributeGetterCallback v8::internal::PropertyCallbackArguments::Call Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=451977:452017 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458746:463137 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97tlE04omXcpCTK5c5d091iEscGEB6MctwsZiflGvDSuLDWlTA2v6CVcpmi_AGiJUFmgmN_Ci1lz-vtA4AzMxIfmS7ogwLpXaeyMOY787Mtp_kn47a_jYdF-Vwdr8R-QHNleisMp9R6aGg10L1nZ-AFg74oMJetzT3daBpjk4-NR92ZcjX-fbI4--0ko9VdZOVbFwld3biT2XeVgMMKMic3MVpT0P8ubqa2wmfDfY5TrYvEpuxd-410dzLpJTanvjvqiHCGrekqeym-HMLAWgfP_-O8o3E_Z0yE1FFauy8lq_DmHyfswn8PMXgXIxFZ-ORqfqPIvVkX92-6N69uOgo9TcnojzMz1LcQybRIkgqrvnfrxPBYkYcElqRe3EjuJZAMp-ZvCs6CLxb2KZHs3-ngH4d5Cw?testcase_id=5497569125072896 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by mummare...@chromium.org
, Apr 4 2017Labels: Test-Predator-Wrong M-59
Owner: haraken@chromium.org
Status: Assigned (was: Untriaged)