Suspected CLs	The result is a list of CLs that change the crashed files.

Author: japhet
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f4190297a5601101f156d0daa1e795fba38c6665
Time: Fri Mar 11 22:55:26 2016
Lines 1007-1010 of file FrameLoader.cpp which potentially caused crash are changed in this cl (frame #3, "blink::FrameLoader::stopAllLoaders").
Minimum distance from crash line to modified line: 0. (file: FrameLoader.cpp, crashed on: 1007, modified: 1007).

Suspected Component: chromium

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4775374491222016

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x00000000
Crash State:
  content::RenderFrameImpl::didFailProvisionalLoad
  content::RenderFrameImpl::didFailProvisionalLoad
  blink::WebLocalFrameImpl::didFail
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=380105:380830

Minimized Testcase (0.29 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94oDjeHZJYKjNVY1fmzpkmbOGd7aFYq9mliJpN95uc9qEtiS7j_PtLmEDUxUhXbu_6PzMld5mIzWsS8DBFMJtYyO2mLMpNXlTcPomD0sa-St3S4PrD3bt_l-Jz1qp0Qi0ZfUVNCsQnnCm7BO-F0JNLI2GE6WA
<DIV ID='IDAlignPage'><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><script> 
function convertArrayToStrings(array){array.forEach(function(){;}); return array};
var test2=document.getElementById("IDAlignPage")
test2.innerText=convertArrayToStrings([])
</script>


Filer: pucchakayala

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 380871:380964.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6267901591420928

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x000000000000
Crash State:
  content::RenderFrameImpl::didFailProvisionalLoad
  blink::WebLocalFrameImpl::didFail
  blink::FrameLoader::loadFailed
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=380105:380830
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=380871:380964

Minimized Testcase (0.23 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96_t4iiMtpiEKBQTQSZwkpUksUznudV4iTW3A1SWjDjUhrrJ0hnO6H4xiiHgevdr5fD3WdNdykF2l6HhR0SbndcmaBF8hl_phVeXMXMvIpYNoVN1DK8B90ToT3Vx-Wg-r_XSX6ZVX8cQTirKySMAozAd8lqrA
<div id="springfield2">
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<script> 
var test8=document.getElementById("springfield2")
test8.remove(); test8=undefined;;
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 380871:380964.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4775374491222016

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x00000000
Crash State:
  content::RenderFrameImpl::didFailProvisionalLoad
  content::RenderFrameImpl::didFailProvisionalLoad
  blink::WebLocalFrameImpl::didFail
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=380105:380830
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=380871:380964

Minimized Testcase (0.29 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94oDjeHZJYKjNVY1fmzpkmbOGd7aFYq9mliJpN95uc9qEtiS7j_PtLmEDUxUhXbu_6PzMld5mIzWsS8DBFMJtYyO2mLMpNXlTcPomD0sa-St3S4PrD3bt_l-Jz1qp0Qi0ZfUVNCsQnnCm7BO-F0JNLI2GE6WA
<DIV ID='IDAlignPage'><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><script> 
function convertArrayToStrings(array){array.forEach(function(){;}); return array};
var test2=document.getElementById("IDAlignPage")
test2.innerText=convertArrayToStrings([])
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Regressed: https://chromium.googlesource.com/chromium/src/+/f4190297a5601101f156d0daa1e795fba38c6665

Reverted: https://chromium.googlesource.com/chromium/src/+/35dc6b49313d8ce3619b274d10b25f70105f5b1f

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot