Providing Findit details for internal purpose:
Suspected CLs	
---------------
The result is a list of CLs that change the crashed files.

Author: yhirano
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/0cc0e2b584b5da0884a7b9ef244a1d94ec5e6600
Time: Tue Sep 13 11:03:29 2016
The CL last changed line 20 of file BytesConsumerForDataConsumerHandle.cpp, which is stack frame 7.

Suspected Project: chromium
Suspected Component: Internals>Core

yhirano@, Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d9a07ccafb34327cc194631d354395245f65a52b

commit d9a07ccafb34327cc194631d354395245f65a52b
Author: yhirano <yhirano@chromium.org>
Date: Tue Oct 04 00:10:13 2016

Remove lock from SharedMemoryDataConsumerHandle::Context destructor

SharedMemoryDataConsumerHandle::Context posts tasks while its lock_
locked. That means a lock held by the TaskRunner will be locked
after |lock_| is locked. On the other hand, the Context may be
destructed in the middle of TaskRunner destruction, which means we
cannot lock |lock_| in the Context destruction. Otherwise, a
lock-order-inversion problem will be introduced.

This CL stops locking |lock_| in the destructor. It is safe because
no one accesses to Content's member variables without a valid
scoped_refptr to the Context.

BUG= 651747 

Review-Url: https://codereview.chromium.org/2391513002
Cr-Commit-Position: refs/heads/master@{#422614}

[modify] https://crrev.com/d9a07ccafb34327cc194631d354395245f65a52b/content/child/shared_memory_data_consumer_handle.cc
[modify] https://crrev.com/d9a07ccafb34327cc194631d354395245f65a52b/content/child/shared_memory_data_consumer_handle_unittest.cc

ClusterFuzz has detected this issue as fixed in range 422535:422674.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5269796272996352

Fuzzer: ochang_domfuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Lock-order-inversion
Crash Address: 
Crash State:
  pthread_mutex_lock
  base::internal::LockImpl::Lock
  blink::scheduler::internal::TaskQueueImpl::PostDelayedTask
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=421437:421462
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=422535:422674

Minimized Testcase (0.20 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96lW5Pno22GqKw9lflbz_O0krWdNWBSyaJfrt0icZU68sv2S31IMxce_p0VkIplrJISxe_w0lw2HZcM0tdxLM_0ySjfDWW5ZSNX729SCKUnbBIhfj2JN-rvng1TnjPI523HUfbw-lRnM1V00AMNtldk9VjnCg?testcase_id=5269796272996352
; <script>
    worker = new Worker("fetch-in-worker.js");
    worker.onmessage = function() {
            worker.terminate();
() => {
            }        
    };
    worker.postMessage("start");
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot