Predator could not provide any possible suspects.

From the below CL observing some changes related to 'declarative_api.cc' , hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/6b37810307ab09bd2a13ef4f8a815b9b42e18544..716e18423192709f88bce7766532ef4963c66508?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/716e18423192709f88bce7766532ef4963c66508

Istiaque@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Thanks for the report, will look into it.

From quick look it looks like ExtensionFunction::extension_id() is getting null deref from EventsEventRemoveRulesFunction::RunAsyncOnCorrectThread, |extension_| is null?

This doesn't seem like a regression. I've verified that by manually reverting the CL locally, then running play_testcase.py fuzzer script. The crash happens before the CL mentioned in comment #1.

However, this is bad regardless.

@brajkumar, can you verify whether this was happening before the CL (does clusterfuzz allow that)? Not super important, but would be helpful. Thanks.

ClusterFuzz has detected this issue as fixed in range 601409:601411.

Detailed report: https://clusterfuzz.com/testcase?key=6394238770872320

Fuzzer: ipc_fuzzer_mut
Job Type: linux_asan_chrome_ipc
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000198
Crash State:
  extensions::EventsEventRemoveRulesFunction::RunAsyncOnCorrectThread
  base::internal::Invoker<base::internal::BindState<std::__1::unique_ptr<Extension
  void base::internal::ReturnAsParamAdapter<std::__1::unique_ptr<ExtensionFunction
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=548504:548506
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=601409:601411

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6394238770872320

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6394238770872320 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.