Suspected CLs:
================
No CL in the regression range changes the crashed files. The result is the blame information.

Author: sigbjornf
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3e5bcb132b1af136ba6faa1c152dcba2c298549f
Time: Mon May 23 14:28:16 2016
The CL last changed line 116 of file Member.h, which is stack frame 0.

Author: peria
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/270473a30a1cabe4bc684391557494f2188b616c
Time: Sat Nov 21 01:44:21 2015
The CL last changed line 611 of file Document.h, which is stack frame 1.

Author: yosin
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9c38a83b780e6cbd388579067b137ef12a39ff0c
Time: Wed Jun 08 11:12:19 2016
The CL last changed line 928 of file FrameSelection.cpp, which is stack frame 2.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1068f1bea70e391d918f3b517a535ab297beaee4
Time: Fri Jun 03 07:25:20 2016
The CL last changed line 126 of file tuple.h, which is stack frame 3.

Author: mdempsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6e7f615f49056439312aad3fcdd2284e2bd69647
Time: Wed Dec 10 03:10:59 2014
The CL last changed line 133 of file tuple.h, which is stack frame 4.

Author: mdempsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/8a5190449d48e06efa581390426dfa3bb6750f4c
Time: Tue Feb 09 05:41:47 2016
The CL last changed line 26 of file ipc_message_templates.h, which is stack frame 5.

Author: mdempsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/8a5190449d48e06efa581390426dfa3bb6750f4c
Time: Tue Feb 09 05:41:47 2016
The CL last changed line 121 of file ipc_message_templates.h, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>MemoryAllocator
==========================================
From the above CL list Suspecting the changes made to FrameSelection.cpp, which is stack frame 2 might be the culprit.
Suspect : https://codereview.chromium.org/2001083002
yosin@ : Could you please take a look into this if its related to your change.

ClusterFuzz has detected this issue as fixed in range 407005:407057.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5726131223527424

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000468
Crash State:
  blink::FrameSelection::focusedOrActiveStateChanged
  bool IPC::MessageT<ViewMsg_SetActive_Meta, std::__1::tuple<bool>, void>::Dispatc
  content::RenderViewImpl::OnMessageReceived
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=407005:407057

Minimized Testcase (0.50 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sA6jUBGvncarwcHAirWvxgFQ_5zaJjHt58FbQ1h2GQ_zUEc9am4YNep4_E2xfl-yn4qiTgnAZZdQdBJINSu89rDN16CrsIHbxomCWnScCIVzmnBrRCEsX8Aos6GatPwQoawKCqk60DiGIk6aLos-ZujIHaw?testcase_id=5726131223527424

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot