No CL in the regression range changes the crashed files. The result is the blame information.

Author: cevans@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/b1b670e62e1523f2037c3ea031e530e997ed23aa
Time: Mon Aug 26 19:56:49 2013
The CL last changed line 736 of file PartitionAlloc.h, which is stack frame 1.

Author: ruuda
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/006dc1e53075a580f789a2b18f7a47316e217dc7
Time: Tue Dec 01 18:43:11 2015
The CL last changed line 763 of file PartitionAlloc.h, which is stack frame 2.

Author: ruuda
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/006dc1e53075a580f789a2b18f7a47316e217dc7
Time: Tue Dec 01 18:43:11 2015
The CL last changed line 98 of file Partitions.h, which is stack frame 3.

Author: ruuda
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ba2eebd19776527566625c066495dd31565b0002
Time: Wed Dec 02 12:22:16 2015
The CL last changed line 299 of file StringImpl.cpp, which is stack frame 4.

Author: darin@apple.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3662ceae1a29c7a6588d05a3597c2843dfd618bb
Time: Fri Nov 12 01:01:14 2010
The CL last changed line 407 of file StringImpl.cpp, which is stack frame 5.

Author: abarth@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c0a99c9896b2a735b2d1fcd7b49936981c153ac1
Time: Sat Aug 03 03:57:01 2013
The CL last changed line 715 of file StringImpl.h, which is stack frame 6.

Author: ggaren@apple.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/10499802a104a526c438e9892c9e720a76b876c8
Time: Tue Oct 25 03:54:15 2011
The CL last changed line 648 of file WTFString.cpp, which is stack frame 7.

Suspected Project: chromium
====================================

Above is the only CL from findit and the changes made to file "StringImpl.h" from the frame #6 is more related to it. 

abarth@ :Could you please look into this issue if it is related to your change,else please route this issue to an appropriate dev person.

Thanks,

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6007068779872256

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  std::__1::unique_ptr<WTF::Function<base::internal::MakeUnboundRunTypeImpl<void
  void blink::HTMLDocumentParser::postTaskToLookaheadParser<void
  blink::HTMLDocumentParser::startBackgroundParser
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=209699:209703

Minimized Testcase (1.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95yQ3qX-slJ0SyXIuRO0ULgCNprLdr_4-Bn9_rhIQAYTIy69zET7xyh8FfwkEK0_ue9Kgpp4M3o35DuX-Fbdpgg51t66ZUg7DqZcH5lILgLz5PCUR4oRmEiw6Q5BK3LNTkQgDzOWB_HGraJw4JTthu_mo3mYg?testcase_id=6007068779872256

Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 411875:411885.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6007068779872256

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  std::__1::unique_ptr<WTF::Function<base::internal::MakeUnboundRunTypeImpl<void
  void blink::HTMLDocumentParser::postTaskToLookaheadParser<void
  blink::HTMLDocumentParser::startBackgroundParser
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=209699:209703
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=411875:411885

Minimized Testcase (1.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95yQ3qX-slJ0SyXIuRO0ULgCNprLdr_4-Bn9_rhIQAYTIy69zET7xyh8FfwkEK0_ue9Kgpp4M3o35DuX-Fbdpgg51t66ZUg7DqZcH5lILgLz5PCUR4oRmEiw6Q5BK3LNTkQgDzOWB_HGraJw4JTthu_mo3mYg?testcase_id=6007068779872256

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 411875:411885.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5843013452693504

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  std::__1::unique_ptr<WTF::Function<base::internal::MakeUnboundRunTypeImpl<void
  void blink::HTMLDocumentParser::postTaskToLookaheadParser<void
  blink::HTMLDocumentParser::startBackgroundParser
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=401251:401526
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=411875:411885

Minimized Testcase (1.17 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Bl1W2wuM4LjVvQocARqXAohbRLge8gV0UTMcNPP2ZdsY4sjS4G91JSGjvh4U1vdyvrftlNbobwGKRsCgHB-9agAYYjEzeE-HyG60gdO1duJmyQNl_msvXDjvCkZdXfgOnFQycqkgvkqr459U-xO5ikU53YA?testcase_id=5843013452693504

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

So, I think this is wrong. The fixed range shows has:
https://codereview.chromium.org/2221193002 

Which adds testing configs to put the BackgroundHTMLParser on the main thread on bots. I don't think this should be marked as fixed until that experiment lands on HEAD.

The test case should still repro locally.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I think BackgroundHTMLParser-on-the-main-thread is default now.