Below is the list of suspected CLs from 'Findit'.

Author: tkent
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/bee5120a945d2d5136c0ddf90f1bad618a96e5b3
Time: Wed Sep 30 07:59:25 2015
The CL last changed line 71 of file RefPtr.h, which is stack frame 0.

Author: dstockwell@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/94b7a3e8ea5aa0c83f58ada072e5cfada766c6af
Time: Tue Mar 31 03:40:12 2015
The CL last changed line 1062 of file LayoutObject.h, which is stack frame 1.

Author: dstockwell@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/94b7a3e8ea5aa0c83f58ada072e5cfada766c6af
Time: Tue Mar 31 03:40:12 2015
The CL last changed line 1061 of file LayoutObject.h, which is stack frame 2.

Author: pdr@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/46c3546f8634a8416d08fe8c6ecba445c944828b
Time: Tue May 26 22:13:07 2015
The CL last changed line 65 of file SVGRectElement.cpp, which is stack frame 3.

Author: pdr@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/46c3546f8634a8416d08fe8c6ecba445c944828b
Time: Tue May 26 22:13:07 2015
The CL last changed line 77 of file SVGGeometryElement.cpp, which is stack frame 4.

Author: hyunjune.kim@samsung.com
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/23ff83d08cdb3999de917d35b58d47d173c1b5dc
Time: Tue Jun 23 06:56:31 2015
The CL last changed line 500 of file SVGUseElement.cpp, which is stack frame 5.

Author: hyunjune.kim@samsung.com
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/23ff83d08cdb3999de917d35b58d47d173c1b5dc
Time: Tue Jun 23 06:56:31 2015
The CL last changed line 126 of file LayoutSVGResourceClipper.cpp, which is stack frame 6.

tkent@, could you please look into this? Please feel free to re-assign in case if this is not belongs to your change.

Thank you!

My change is noop.  Route to SVG triage.

sure sorry for that.

pdr@, could you please help us to find a right owner for this CF failure?

Thank you!

Pretty sure this is a dupe of  https://crbug.com/598806  and has been fixed. This does crash in Chrome dev but not at tip of tree.

@manoranjanr, can you confirm that clusterfuzz is incorrectly firing on a fixed issue and close this if that's the case?

pdr@, yes, this is a dupe of  https://crbug.com/598806  for sure. For some reason CF search UI also didn't show-up this existing bug while filing. I will keep this in mind and observe it for other CF failures.

Thank you so much for the info.

ClusterFuzz has detected this issue as fixed in range 383194:384397.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5682016829308928

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000010
Crash State:
  blink::SVGRectElement::asPath
  blink::SVGGeometryElement::toClipPath
  blink::SVGUseElement::toClipPath
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=209699:209703
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=383194:384397

Minimized Testcase (0.32 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96pRhP1NrMrlx8LezqdB4bvoPYfL3SeFpQ34m19gZvN99szKvd6MH90f0NyPxpMv17FMk49MJwo2_GKf3lnoMaqS3A_sB2Q-P116NkpsoMXvav_DsxYJU1NZ_iKLFJT_CK1Kp0Inm_oqP3UYhYEgWh4wkelTg
<svg>
   <defs>
    <rect height="100" id="clip1Shape" width="50">
    </rect>
    <rect id="clip3Shape" style="display:none">
    </rect>
    <clippath id="clipUnion">
     <use xlink:href="#clip1Shape">
     </use>
     <use xlink:href="#clip3Shape">
   </defs>
   <rect clip-path="url(#clipUnion)" height="100" width="300">


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot