New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 910899 link

Starred by 2 users
Status: Assigned
Owner:
nasko@chromium.org
Out until 24 Jan
Cc:
kkaluri@chromium.org
lukasza@chromium.org
dgozman@chromium.org
toyoshim@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: params->origin.IsSameOriginWith(url::Origin::Create(params->url)). url:http://N

Project Member Reported by ClusterFuzz, Dec 2 
Detailed report: https://clusterfuzz.com/testcase?key=5355238698254336

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  params->origin.IsSameOriginWith(url::Origin::Create(params->url)).  url:http://N
  content::RenderFrameImpl::MakeDidCommitProvisionalLoadParams
  content::RenderFrameImpl::DidFinishSameDocumentNavigation
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5355238698254336

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 2

Labels: OS-Linux

Comment 2 by kkaluri@chromium.org, Dec 6

Cc: kkaluri@chromium.org
Labels: M-71 Test-Predator-Wrong
Owner: dgozman@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "render_frame_impl.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/730b21cc8c2ff27358e3aa7ae6e50ed21a9acc54

dgozman@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 3 by dgozman@chromium.org, Dec 6

Cc: lukasza@chromium.org dgozman@chromium.org
Owner: toyoshim@chromium.org
Over to toyoshim@ who introduced the CHECK. Also adding lukasza@ who was working with origins recently.

Comment 4 by toyoshim@chromium.org, Dec 7

Cc: toyoshim@chromium.org
Owner: nasko@chromium.org
My change was a function rename. I checked history, and found many rename changes :O
Then, this nasko's change seems to have introduced this check first.
https://codereview.chromium.org/2151323003

Comment 5 by artyo...@gmail.com, Dec 26 

We are also hitting this at the moment on Chromium M66.

Comment 6 by artyo...@gmail.com, Dec 26 

Addition: we are hitting it on Android, but we don't have a repro.... (the crashpad reports it).

Comment 7 by nasko@chromium.org, Jan 11 

The fact that clusterfuzz hits this is expected, as it is trying to send various invalid inputs into Chrome. In this case, it did trip this CHECK since it sends URL and origin that don't match. The reason this check exists is to catch issues in real world cases.

If someone can repro this outside of clusterfuzz, I'd be happy to investigate and understand it/fix it. However I haven't seen real repro yet outside of clusterfuzz.

Sign in to add a comment