No CL in the regression range changes the crashed files. The result is the blame information.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 90 of file bind_internal.h, which is stack frame 1.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 204 of file bind_internal.h, which is stack frame 2.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 267 of file bind_internal.h, which is stack frame 3.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 245 of file bind_internal.h, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/77d41139d261342a429d2775c59d8e8a386d4c81
Time: Wed Mar 09 09:47:03 2016
The CL last changed line 389 of file callback.h, which is stack frame 5.

Suspected Project: chromium
=================================

Above is the only CL from findit and the changes made to file "bind_internal.h" from the frame #1 is more related to it. 

tzik@ :Could you please look into this issue if it is related to your change,else please route this issue to an appropriate dev person.

Thanks,

yhirano: Can you handle this?

I can reproduce the crash locally on Linux.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bb4da95f6202839ccf81445d1d0ff2cb9c07118b

commit bb4da95f6202839ccf81445d1d0ff2cb9c07118b
Author: yhirano <yhirano@chromium.org>
Date: Tue Jul 05 06:08:57 2016

Fix worker WebSocket crash caused by dereferencing weak pointer

WorkerWebSocketChannel::Peer::m_bridge is bound to workerGlobalScopeDidError
as |bridge|. Because it is a CrossThreadWeakPersistent, it's possible that
|m_bridge| is not null when bound but |bridge| is null when called. This CL
adds null pointer checks to avoid a crash.

BUG= 625649 

Review-Url: https://codereview.chromium.org/2123703002
Cr-Commit-Position: refs/heads/master@{#403744}

[modify] https://crrev.com/bb4da95f6202839ccf81445d1d0ff2cb9c07118b/third_party/WebKit/Source/modules/websockets/WorkerWebSocketChannel.cpp

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6243121214259200

Fuzzer: therealholden_worker
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::workerGlobalScopeDidError
  base::internal::Invoker<base::internal::BindState<void
  blink::internal::CallClosureTask<void __cdecl
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=403423:403429

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94lgR8Fs3mSvFsuY37kZXcRZ_dpaGlVvqt0dv2INeKllXz9FFhpzNXPL3ZTAb4EKKKRZ4La4KJyOwz9pU3FJ8xFtoyAJMjiI4WmWU0PuhJ9TfUYo3j1ph4qf8jyPdveckFPxbVJB4KmTIYle7c1P7C7vNbHYw?testcase_id=6243121214259200


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

I'd like to merge  https://chromium.googlesource.com/chromium/src.git/+/bb4da95f6202839ccf81445d1d0ff2cb9c07118b to M53.

Your change meets the bar and is auto-approved for M53 (branch: 2785)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/edd6a8a2e036ac614a5e62d64ce737fbd968e852

commit edd6a8a2e036ac614a5e62d64ce737fbd968e852
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Wed Jul 06 10:21:21 2016

Fix worker WebSocket crash caused by dereferencing weak pointer

WorkerWebSocketChannel::Peer::m_bridge is bound to workerGlobalScopeDidError
as |bridge|. Because it is a CrossThreadWeakPersistent, it's possible that
|m_bridge| is not null when bound but |bridge| is null when called. This CL
adds null pointer checks to avoid a crash.

BUG= 625649 

Review-Url: https://codereview.chromium.org/2123703002
Cr-Commit-Position: refs/heads/master@{#403744}
(cherry picked from commit bb4da95f6202839ccf81445d1d0ff2cb9c07118b)

Review URL: https://codereview.chromium.org/2127673003 .

Cr-Commit-Position: refs/branch-heads/2785@{#22}
Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382}

[modify] https://crrev.com/edd6a8a2e036ac614a5e62d64ce737fbd968e852/third_party/WebKit/Source/modules/websockets/WorkerWebSocketChannel.cpp

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot