Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/636394fb5626827fd9c15e0a60df4ce9fe8af6f0 (Introduce InputDeviceInfo interface).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The call stack does not relate to the changes in  https://chromium.googlesource.com/chromium/src/+/636394fb5626827fd9c15e0a60df4ce9fe8af6f0 (Introduce InputDeviceInfo interface). As per the callstack, the crash seems to be due to an uninitialized value sent across the IPC LayoutTestHostMsg_SimulateWebNotificationClick. However, the CL in question does not have any change related to this IPC. It seems like this CL has been wrongly picked.

Removing c.padhi@ as owner, since this issue is unrelated to the suspected CL.

Assigning to peter@, who is more familiar with the test runner and the IPC message involved in the issue, for further triaging.

Content shell is a testing-only target, so there is no reason for this to block any release.

The LayoutTestHostMsg_SimulateWebNotificationClick message hasn't changed for well over a year. Is it possible that it means a message with a similar signature, as we sometimes see for callbacks? The parameters for this one are always populated on the Send() path.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 544993:544996.

Detailed report: https://clusterfuzz.com/testcase?key=6325606879592448

Fuzzer: inferno_twister
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  void base::Pickle::WriteBytesStatic<4ul>
  IPC::TupleParamTraitsHelper<std::__1::tuple<std::__1::basic_string<char, std::__
  IPC::MessageT<LayoutTestHostMsg_SimulateWebNotificationClick_Meta, std::__1::tup
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=541771:541772
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=544993:544996

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6325606879592448

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6325606879592448 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot