Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b164afef8071ce4b2bac006c24803fcb781a3c51 (Fix IWYU for MessageLoop and RunLoop once again.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

rmcilroy: gab is OOO; could you please take a look or assign to a better person? Thank you!

Assigning to Alexandre who knows more about this than me.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Looks like someone managed to pass invalid scoped_refptr and it fails when scheduler is trying to run a task bound to the said refptr. Will look into this in more detail.

I have a surprisingly hard time reproducing the crash.

Judging from the new stacktraces, the crash is happening inside Skia. Assigning to the current skia sheriff for more inputs.

altimin: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

(absolutely cannot be r518388 -- a no-op include-what-you-use fix)

ClusterFuzz has detected this issue as fixed in range 527519:527520.

Detailed report: https://clusterfuzz.com/testcase?key=4658197695823872

Fuzzer: inferno_canvas_wrecker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Deadlysignal
Crash Address: 
Crash State:
  base::internal::CallbackBase::CallbackBase
  blink::scheduler::internal::WorkQueue::Push
  blink::scheduler::internal::TaskQueueImpl::WakeUpForDelayedWork
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=518240:518474
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=527519:527520

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4658197695823872

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4658197695823872 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot