ClusterFuzz has detected this issue as fixed in range 384695:385240.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5288533316599808

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  CHECK failed: count <= kGenericMaxDirectMapped / sizeof(T) in PartitionAllocator
  blink::CSSTokenizer::Scope::Scope
  blink::CSSParserImpl::parseStyleSheet
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=384695:385240

Minimized Testcase (0.31 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94GSl9cbhhf-fgOLHtoF1xkJdXJXdXTGQ5mOCYTdwj2iAJ0ueM_wR2_mRo_1GkLt4vjxfJwx1ScjQQQvMz2bQdvMrmTcwYz2N9RbfhlJTmy3ZAqyBuowoWz_6kroicCBDAC1WBIX90WhNafKQH1IK0xi3YLQg
<script>
var styleElement = document.createElement('style');
var str="z";
for (var i = 0; i < 16; i++) {
    str += str;
}
for (var i = -2; i < 6+(129<<5); i++){
    var txt = document.createTextNode(str);
    styleElement.appendChild(txt);
}
document.getElementsByTagName('head')[0].appendChild(styleElement);
  </script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Closing because Clusterfuzz think's it's been fixed (the test is just using up heaps of memory and it doesn't seem like we're handling it badly).

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot