Below is the list of CLs identified by 'Findit'.

Author: szager
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/86dda5bf4e56074eab86f12cbff115fed315f15e
Time: Wed Sep 30 02:15:13 2015
The CL last changed line 133 of file PaintLayerScrollableArea.h, which is stack frame 0.

Author: jchaffraix@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4e1d43ae00b3e762b479b45041f4fdb359b3c663
Time: Fri Oct 11 00:18:41 2013
The CL last changed line 170 of file PaintLayerScrollableArea.h, which is stack frame 1.

Author: szager
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/86dda5bf4e56074eab86f12cbff115fed315f15e
Time: Wed Sep 30 02:15:13 2015
The CL last changed line 1026 of file PaintLayerScrollableArea.cpp, which is stack frame 2.

Author: wangxianzhu
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/e3e7bae15616191d743019b9a5b77ac201aec20e
Time: Mon Feb 29 19:37:40 2016
The CL last changed line 740 of file LayoutBox.cpp, which is stack frame 3.

Author: eae@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dd10695f3fd6a48e7abfadb90c52e15ba50136d9
Time: Fri Dec 05 19:01:00 2014
The CL last changed line 411 of file LayoutBox.cpp, which is stack frame 4.

Author: commit-queue@webkit.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3c2d120b2fbc0fdf981c1952ddf1a0f7342baebd
Time: Fri Apr 06 03:04:45 2012
The CL last changed line 388 of file LayoutBox.h, which is stack frame 5.

Author: commit-queue@webkit.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3c2d120b2fbc0fdf981c1952ddf1a0f7342baebd
Time: Fri Apr 06 03:04:45 2012
The CL last changed line 391 of file LayoutBox.h, which is stack frame 6.

wangxianzhu@, Could you please look into this? Please feel free to re-assign in-case if this is not your's.

Thank you!

ClusterFuzz has detected this issue as fixed in range 378770:378857.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6616177536663552

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x0000000000b0
Crash State:
  blink::PaintLayerScrollableArea::verticalScrollbarWidth
  blink::LayoutBox::clientWidth
  blink::LayoutBox::contentLogicalWidth
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=378770:378857

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95fGoVyY37d_nZQtbiIicDQyfqSbD21C1qYjPa-2nis6MPglFefmsqT0DymYmVVbFnT1G1j8NTFoAIz1iKk1OVsfjtx2roqioDRIdDPHTAlQH3DmPs3KR0fCzwB47eJv1JJQgg7W6jyN5PocMjt1cC6uyF8PxxR_tskuQpHWHn1nL2XLrw


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot