providing Findit results for internal purpose:

Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: lukasza
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/335bb76db170d76ba46fa003a8838255a5d46187
Time: Fri Apr 22 16:44:03 2016
The CL last changed line 2683 of file event_sender.cc, which is stack frame 6.

Suspected Project: chromium

using code search, seeing some changes to EventHandler.cpp in
https://chromium.googlesource.com/chromium/src/+/c6dbdbb5994554bcb90de049a61a1ae1c73d13cd

dcheng @, Could you please check the above issue & help us in finding an owner it its not yours.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5797667043278848

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000f
Crash State:
  WTF::RefPtr<WTF::StringImpl>::operator=
  blink::DataTransfer::setDestinationOperation
  blink::EventHandler::dragSourceEndedAt
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=411291:411299

Minimized Testcase (0.50 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Kb-0lym-p6GUJzLT6EiVGCTuGXB_kjwMLwZz4D_KLmRn8zFE5Ht6k0ZjQ146brEcvF07KpRdln11zImin0VCB_MEsTiy45Zq861xCEy1ghMGX13wJrv10r_1NX0QKSQN6_SqZQh3IaG-hoMIiPf_IM57GMw?testcase_id=5797667043278848
<script>
eventSender.beginDragWithFiles(['resources']);
window.onload = function() {
  if (!window.testRunner)
    return;
    __f_2();
  
}
function __f_2() {
  var __v_3 = document.getElementById("link").offsetLeft;
  var __v_2 = document.getElementById("link").offsetTop;
  eventSender.mouseMoveTo(__v_3, __v_2);
  eventSender.mouseDown();
  eventSender.mouseMoveTo(__v_3, __v_2 + 1);
  eventSender.mouseUp();
}
</script>
 <a href="reset-drag-on-mouse-down.html?second" id="link">
    test link


Issue manually filed by: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

I haven't looked in detail, but I think this is another one of the "start a drag while you're dragging" bugs.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 443972:443977.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5797667043278848

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000f
Crash State:
  WTF::RefPtr<WTF::StringImpl>::operator=
  blink::DataTransfer::setDestinationOperation
  blink::EventHandler::dragSourceEndedAt
  
Memory Tool: SYZYASAN

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=411291:411299
Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=443972:443977

Minimized Testcase (0.50 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Kb-0lym-p6GUJzLT6EiVGCTuGXB_kjwMLwZz4D_KLmRn8zFE5Ht6k0ZjQ146brEcvF07KpRdln11zImin0VCB_MEsTiy45Zq861xCEy1ghMGX13wJrv10r_1NX0QKSQN6_SqZQh3IaG-hoMIiPf_IM57GMw?testcase_id=5797667043278848
<script>
eventSender.beginDragWithFiles(['resources']);
window.onload = function() {
  if (!window.testRunner)
    return;
    __f_2();
  
}
function __f_2() {
  var __v_3 = document.getElementById("link").offsetLeft;
  var __v_2 = document.getElementById("link").offsetTop;
  eventSender.mouseMoveTo(__v_3, __v_2);
  eventSender.mouseDown();
  eventSender.mouseMoveTo(__v_3, __v_2 + 1);
  eventSender.mouseUp();
}
</script>
 <a href="reset-drag-on-mouse-down.html?second" id="link">
    test link


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5797667043278848 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.