No CL in the regression range changes the crashed files. The result is the blame information.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/75da88a74e60c92b4456b06f254aa6919b4dee01
Time: Wed Apr 27 12:58:58 2016
The CL last changed line 254 of file ThreadState.cpp, which is stack frame 0.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/75da88a74e60c92b4456b06f254aa6919b4dee01
Time: Wed Apr 27 12:58:58 2016
The CL last changed line 276 of file Heap.cpp, which is stack frame 1.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/75da88a74e60c92b4456b06f254aa6919b4dee01
Time: Wed Apr 27 12:58:58 2016
The CL last changed line 315 of file ThreadState.cpp, which is stack frame 2.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/75da88a74e60c92b4456b06f254aa6919b4dee01
Time: Wed Apr 27 12:58:58 2016
The CL last changed line 70 of file WebThreadSupportingGC.cpp, which is stack frame 3.

Author: skyostil@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/2d82362a939ba426544618a2f3f315360b0302f5
Time: Thu May 14 11:36:03 2015
The CL last changed line 80 of file HTMLParserThread.cpp, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4435e804b6344b27942c68fd3c5b195daebacddb
Time: Wed May 11 23:05:05 2016
The CL last changed line 171 of file bind_internal.h, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 296 of file bind_internal.h, which is stack frame 6.

Possible suspect : https://codereview.chromium.org/1892713003

Please reassign if this is not related to your change

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4911402146070528

Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=137492:137522

Minimized Testcase (0.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv976AwrOUOhyQE1lv0P90cxgrEmpGXylV9LyZyGJHm8LM4PBZJq--vTRfP-JXsqzbl7lBMfV0FvMF555ylWIi_V61MzeSTyYSdo-XiVjEfCRTm6o0g-15ZEs6IFDRgrP9zKoLGSVo4LQlN9k_ySPRS9BD_KBPg?testcase_id=4911402146070528

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4867257515900928

Fuzzer: inferno_twister
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=137628:137633

Minimized Testcase (0.09 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv966BaTfS7MIP0u9TIk9D_dVE9BUyQF0_2lQr9wwARWMIuqwgNJi7CuHxTcPF_P9irvUW_D5rrjwYqmfV1ILcBgFxYgva5dlD_4Y6fUyvbuOHuubN26uC8_LfZGCfFqV4SB47O6lygCYhFxwZqzcdyQR9acC5A?testcase_id=4867257515900928
<html xmlns="http://www.w3.org/1999/xhtml" xlink="http://www.w3.org/1999/xlink"><head id="tCF0">


Additional requirements: Requires HTTP

Filer: kavvaru

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5659790516944896

Fuzzer: inferno_twister
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  

Minimized Testcase (0.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94F5JQdkN01KtYeOlV2lDqWBu9a0_8KR7T44MhzoqPOt9v63OLM4y5SN8_L24bgShEk78el50IhD8N4Ngc1UPh32xf0BIfgn8zZlRCZjk_OnStDqa_1w1XIqW3AhEYi89FU9i8HFot7EqONrcIAw8t9Fl4vdw?testcase_id=5659790516944896

Additional requirements: Requires HTTP

Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

keishi@: Could you please take a look at this.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6137942674505728

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  

Minimized Testcase (0.50 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94hcdl9vKqqb58wh2QRQq92jqE7CJ1ivT9m2HC5Y7SD_xDQkRCIDKsg6il70aoAzgex6hnliWnoD5YXRPgmxDWSRrkx6pjkvI-qQtfegyQedX3WAzMmW54Q1q3vpYCRiyH3Ue1F2JW-wK3O0WJABtukBVg2ow?testcase_id=6137942674505728

Additional requirements: Requires HTTP

Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Untidy thread termination GC shutdown; taking a look.

Unable to reproduce, but the assert from  issue 627607  all happens before the parser thread is attempted shutdown and it untidily fails.

I don't think there is too much to worry about here outside debug builds; marking as blocked on 627607.

ClusterFuzz has detected this issue as fixed in range 408765:408781.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4911402146070528

Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=137492:137522
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=408765:408781

Minimized Testcase (0.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv976AwrOUOhyQE1lv0P90cxgrEmpGXylV9LyZyGJHm8LM4PBZJq--vTRfP-JXsqzbl7lBMfV0FvMF555ylWIi_V61MzeSTyYSdo-XiVjEfCRTm6o0g-15ZEs6IFDRgrP9zKoLGSVo4LQlN9k_ySPRS9BD_KBPg?testcase_id=4911402146070528

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 408765:408781.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6137942674505728

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !currentCount
  blink::ThreadState::runTerminationGC
  blink::ThreadHeap::detach
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=408765:408781

Minimized Testcase (0.50 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94hcdl9vKqqb58wh2QRQq92jqE7CJ1ivT9m2HC5Y7SD_xDQkRCIDKsg6il70aoAzgex6hnliWnoD5YXRPgmxDWSRrkx6pjkvI-qQtfegyQedX3WAzMmW54Q1q3vpYCRiyH3Ue1F2JW-wK3O0WJABtukBVg2ow?testcase_id=6137942674505728

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

r408766 it was.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot