Testcase 5299390427430912 is a top crash on ClusterFuzz for linux platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/673ce95d481ea9368c4d4d43ac756ba1d6d9e608 (Correct mojo::WrapSharedMemoryHandle usage).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

 Issue 803785  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5e56614acd875018ee48a28633f6d44f2712fb69

commit 5e56614acd875018ee48a28633f6d44f2712fb69
Author: Ken Rockot <rockot@chromium.org>
Date: Fri Jan 19 23:57:40 2018

Make gamepad shm sharable read-only

GamepadSharedBuffer was internally creating an anonymous shared memory
object, prohibiting the object from being sharable as anything other
than read-write on some platforms.

This CL corrects the situation.

Bug:  803768 
Change-Id: I122d71753be2dd02d12e5bb9f23c1bfc71623f34
Reviewed-on: https://chromium-review.googlesource.com/877042
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#530670}
[modify] https://crrev.com/5e56614acd875018ee48a28633f6d44f2712fb69/device/gamepad/gamepad_provider.cc
[modify] https://crrev.com/5e56614acd875018ee48a28633f6d44f2712fb69/device/gamepad/gamepad_shared_buffer.cc

ClusterFuzz has detected this issue as fixed in range 530659:530671.

Detailed report: https://clusterfuzz.com/testcase?key=5299390427430912

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  readonly_shm_.IsValid() in shared_memory_posix.cc
  base::SharedMemory::GetReadOnlyHandle
  device::GamepadProvider::GetSharedBufferHandle
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=530267:530269
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=530659:530671

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5299390427430912

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5299390427430912 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

[Auto-generated comment by a script] We noticed that this issue is targeted for M-65; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-65 label, otherwise remove Merge-TBD label. Thanks.

Your change meets the bar and is auto-approved for M65. Please go ahead and merge the CL to branch 3325 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/03f2f3d5a2700a7a40f560a6cae92165520ef2a1

commit 03f2f3d5a2700a7a40f560a6cae92165520ef2a1
Author: Ken Rockot <rockot@chromium.org>
Date: Mon Jan 22 01:01:54 2018

Make gamepad shm sharable read-only

GamepadSharedBuffer was internally creating an anonymous shared memory
object, prohibiting the object from being sharable as anything other
than read-write on some platforms.

This CL corrects the situation.

TBR=rockot@chromium.org

(cherry picked from commit 5e56614acd875018ee48a28633f6d44f2712fb69)

Bug:  803768 
Change-Id: I122d71753be2dd02d12e5bb9f23c1bfc71623f34
Reviewed-on: https://chromium-review.googlesource.com/877042
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Ken Rockot <rockot@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#530670}
Reviewed-on: https://chromium-review.googlesource.com/878020
Reviewed-by: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#11}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/03f2f3d5a2700a7a40f560a6cae92165520ef2a1/device/gamepad/gamepad_provider.cc
[modify] https://crrev.com/03f2f3d5a2700a7a40f560a6cae92165520ef2a1/device/gamepad/gamepad_shared_buffer.cc