Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: tkent
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/bee5120a945d2d5136c0ddf90f1bad618a96e5b3
Time: Wed Sep 30 07:59:25 2015
The CL last changed line 61 of file OwnPtr.h, which is stack frame 0.

Author: danakj
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3af6f774f26d0153741f84baeb5ddefef0f7cb5d
Time: Fri Mar 11 05:29:32 2016
The CL last changed line 266 of file Handle.h, which is stack frame 1.

Author: haraken@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c8f3f5b0ef47c7b120e31f0e1b93f6da3a93bd00
Time: Tue Jun 09 03:03:02 2015
The CL last changed line 130 of file Handle.h, which is stack frame 2.

Author: sigbjornf@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/04330e72610f33322e73ecfb166e8a1828a578f6
Time: Wed Feb 19 01:45:16 2014
The CL last changed line 168 of file WebPrivatePtr.h, which is stack frame 3.

Suspected Project: chromium

Possible suspect : https://chromium.googlesource.com/chromium/src//+/bee5120a945d2d5136c0ddf90f1bad618a96e5b3

Please reassign if this is not related to your change.

 Issue 602224  has been merged into this issue.

Better repro of the problem now, perhaps. Trying https://codereview.chromium.org/1872383002/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4224af9fbca8e40376cd4bd591fde530fb394183

commit 4224af9fbca8e40376cd4bd591fde530fb394183
Author: sigbjornf <sigbjornf@opera.com>
Date: Mon Apr 11 16:23:46 2016

Abandon Prerender upon finalizing PrerenderHandle.

Forcefully sever the connection to the embedder upon the PrerenderHandle
becoming unreachable and unused. Otherwise we risk Prerender leaks
and renderer shutdown crashes when the embedder tries to access Blink
after it has already been shut down.

R=haraken
BUG= 602227 

Review URL: https://codereview.chromium.org/1872383002

Cr-Commit-Position: refs/heads/master@{#386401}

[modify] https://crrev.com/4224af9fbca8e40376cd4bd591fde530fb394183/third_party/WebKit/Source/core/loader/PrerenderHandle.cpp

Issue 601943 has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 387601:387928.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5986419109003264

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  blink::PtrStorageImpl<blink::Prerender,
  std::__1::__tree<std::__1::__value_type<int, blink::WebPrerender>, std::__1::__m
  prerender::PrerenderDispatcher::~PrerenderDispatcher
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=385989:386017
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=387601:387928

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94p4iCp_vBX4vyYk0j1WVHtbdA3GUVR6mhJX68_ltaUSSLd7RpTD1H37_ji-GMGxLNDTMR9fnUL5tG63xzun0VY1iwR1MM9wTxlyPWIwgPWdzCgdEfZ31NuJVkqUl14vqVpT6PV84wUKeWZfMCVkQLw8xkAPw


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bdc8f3596686baf9df2687f3e12a2d7997ef22a3

commit bdc8f3596686baf9df2687f3e12a2d7997ef22a3
Author: Egor Pasko <pasko@chromium.org>
Date: Tue Apr 26 11:44:35 2016

Abandon Prerender upon finalizing PrerenderHandle.

Forcefully sever the connection to the embedder upon the PrerenderHandle
becoming unreachable and unused. Otherwise we risk Prerender leaks
and renderer shutdown crashes when the embedder tries to access Blink
after it has already been shut down.

R=haraken
BUG= 602227 

Review URL: https://codereview.chromium.org/1872383002

Cr-Commit-Position: refs/heads/master@{#386401}
(cherry picked from commit 4224af9fbca8e40376cd4bd591fde530fb394183)

Review URL: https://codereview.chromium.org/1915323003 .

Cr-Commit-Position: refs/branch-heads/2704@{#242}
Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251}

[modify] https://crrev.com/bdc8f3596686baf9df2687f3e12a2d7997ef22a3/third_party/WebKit/Source/core/loader/PrerenderHandle.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b204d3fcfd7f0d514ad784d18d53769495ab2262

commit b204d3fcfd7f0d514ad784d18d53769495ab2262
Author: Egor Pasko <pasko@chromium.org>
Date: Tue Apr 26 17:10:44 2016

Abandon Prerender upon finalizing PrerenderHandle.

Forcefully sever the connection to the embedder upon the PrerenderHandle
becoming unreachable and unused. Otherwise we risk Prerender leaks
and renderer shutdown crashes when the embedder tries to access Blink
after it has already been shut down.

R=haraken
BUG= 602227 

Review URL: https://codereview.chromium.org/1872383002

Cr-Commit-Position: refs/heads/master@{#386401}
(cherry picked from commit 4224af9fbca8e40376cd4bd591fde530fb394183)

Review URL: https://codereview.chromium.org/1923563002 .

Cr-Commit-Position: refs/branch-heads/2661@{#629}
Cr-Branched-From: ef6f6ae5e4c96622286b563658d5cd62a6cf1197-refs/heads/master@{#378081}

[modify] https://crrev.com/b204d3fcfd7f0d514ad784d18d53769495ab2262/third_party/WebKit/Source/core/loader/PrerenderHandle.cpp

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot