Regression information is not available. The result is the blame information.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/893602648192952b73b33f060d7767c51b5440ed
Time: Fri Apr 08 03:00:34 2016
The CL last changed line 1951 of file LayoutBox.cpp, which is stack frame 0.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/893602648192952b73b33f060d7767c51b5440ed
Time: Fri Apr 08 03:00:34 2016
The CL last changed line 1957 of file LayoutBox.cpp, which is stack frame 1.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/893602648192952b73b33f060d7767c51b5440ed
Time: Fri Apr 08 03:00:34 2016
The CL last changed line 105 of file ColumnBalancer.cpp, which is stack frame 2.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ce77a26bc7b22cf511e91b336f40ae405712f66b
Time: Sat Oct 10 10:00:40 2015
The CL last changed line 69 of file ColumnBalancer.cpp, which is stack frame 3.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ce77a26bc7b22cf511e91b336f40ae405712f66b
Time: Sat Oct 10 10:00:40 2015
The CL last changed line 74 of file ColumnBalancer.cpp, which is stack frame 4.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5b65a57f38f0260e21b8ec190d201ae2504d73e5
Time: Mon Apr 18 23:16:17 2016
The CL last changed line 23 of file ColumnBalancer.cpp, which is stack frame 5.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ce77a26bc7b22cf511e91b336f40ae405712f66b
Time: Sat Oct 10 10:00:40 2015
The CL last changed line 88 of file ColumnBalancer.cpp, which is stack frame 6.

Suspected Project: chromium
==============================
Above is the only CL from findit and the changes made to file "LayoutBox.cpp" from the frame #0 is more related to it. 

mstensho@ :Could you please look into this issue if it is related to your change,else please route this issue to an appropriate dev person.

Thanks,

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f9ae8afc886232819001f274825a6c55d7fc8482

commit f9ae8afc886232819001f274825a6c55d7fc8482
Author: mstensho <mstensho@opera.com>
Date: Fri Apr 22 17:02:27 2016

ColumnBalancer: Don't leak the break-after value from the previous sibling to children.

The break-after value of an object should only be considered and joined with
the break-before value of the next in-flow sibling. Said sibling should not let
its children see this value, or anything like that. Doing that might trick the
balancer into believing that we have more forced breaks than what we actually
have.

So there's no point in storing this state as a member in ColumnBalancer. Keep
it local to each object instead.

BUG= 605902 

Review URL: https://codereview.chromium.org/1913453002

Cr-Commit-Position: refs/heads/master@{#389144}

[add] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/LayoutTests/fast/multicol/balance-breakafter-before-nested-block-expected.html
[add] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/LayoutTests/fast/multicol/balance-breakafter-before-nested-block.html
[add] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/LayoutTests/fast/multicol/balance-breakafter-before-table-section-crash-expected.txt
[add] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/LayoutTests/fast/multicol/balance-breakafter-before-table-section-crash.html
[modify] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/Source/core/layout/ColumnBalancer.cpp
[modify] https://crrev.com/f9ae8afc886232819001f274825a6c55d7fc8482/third_party/WebKit/Source/core/layout/ColumnBalancer.h

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5656362767351808

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: isBreakBetweenControllable(previousBreakAfterValue)
  blink::LayoutBox::classABreakPointValue
  blink::LayoutBox::needsForcedBreakBefore
  

Minimized Testcase (0.62 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96_hzHVtbFqsO9HKZbluC3Hjxt-eY6NRrCZj8rAW8To9nuyGayz-07mdtGzjbQ2Cem_QO3J1E3DWTAral2pwEqwFEcb_AasQ4H-Ck3yufrI59936levqfYTlHFOzTGiJ_M_Q2UiwowcayfsH9k4p4Cddq7B6Q

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 627178  has been merged into this issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot