Below is the list of suspected CLs from 'Findit'.

Author: bokan@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ba05b7911b6c76eac70ba55263d8929a4962b236
Time: Thu Oct 23 20:05:30 2014
The CL last changed line 283 of file MathExtras.h, which is stack frame 0.

Author: pkasting@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/cc186ed9f09844abb68dcae97604fbdb52344025
Time: Mon Oct 13 20:04:47 2014
The CL last changed line 85 of file LayoutUnit.h, which is stack frame 1.

Author: eae@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 219 of file LayoutPoint.h, which is stack frame 2.

Author: eae@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 180 of file LayoutRect.cpp, which is stack frame 3.

Author: eae@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ae36d4bf69ae9b7b4b1ebd96fd337742acbd1d29
Time: Tue Jun 11 18:21:08 2013
The CL last changed line 1089 of file ContainerNode.cpp, which is stack frame 4.

Author: dsinclair@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/132c5d0b92d80a549926b2876b597990493b21d0
Time: Sat Mar 07 00:31:43 2015
The CL last changed line 2412 of file Element.cpp, which is stack frame 5.

Author: tkent
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/d76505b8d68f4fffd18620d9ab1b4d19c467ec4c
Time: Thu Nov 19 10:34:51 2015
The CL last changed line 3663 of file Document.cpp, which is stack frame 6.

dsinclair@, could you please help us to find a right owner?

Thank you!

eae@ to triage for layout-dev.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fa1ff2fb43ff5538f6950be40cd7f3751af22678

commit fa1ff2fb43ff5538f6950be40cd7f3751af22678
Author: eae <eae@chromium.org>
Date: Wed Apr 20 00:25:34 2016

Handle very large transforms in ContainerNode::boundingBox

Change ContainerNode::boundingBox to explicitly check for and handle NaN
sizes. Very large matrix and scale transforms may result in a NaN value.

BUG= 597846 
TEST=fast/transforms/focus-on-transformed-node.htm
R=szager@chromium.org

Review URL: https://codereview.chromium.org/1903493003

Cr-Commit-Position: refs/heads/master@{#388374}

[add] https://crrev.com/fa1ff2fb43ff5538f6950be40cd7f3751af22678/third_party/WebKit/LayoutTests/fast/transforms/focus-on-transformed-node-expected.txt
[add] https://crrev.com/fa1ff2fb43ff5538f6950be40cd7f3751af22678/third_party/WebKit/LayoutTests/fast/transforms/focus-on-transformed-node.html
[modify] https://crrev.com/fa1ff2fb43ff5538f6950be40cd7f3751af22678/third_party/WebKit/Source/core/dom/ContainerNode.cpp

ClusterFuzz has detected this issue as fixed in range 388350:388383.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5263340766494720

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: !std::isnan(static_cast<double>(value))
  int clampTo<int, float>
  blink::LayoutUnit::fromFloatCeil
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=388350:388383

Minimized Testcase (0.50 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96zFdpGwsfkj11S5R1Vskd3NMdroGN1o9_Cbb5CrVOWZE6ZrXiWMmJTIGrOK6350zghe80SSc74KDfv9UJu_IUKPulMjOwX--pRw45wD6EYUjHlYP9nfYL5H5urXR-41tcaa1pB4RSz3X8LtDrnVELletJttw

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot