Assigning to the concern owner from find it results,
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: ymalik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/322db3d6f1f9eb4b9cd6a0054999718c24b1f076
Time: Fri Nov 11 23:19:53 2016
Lines 484-490 of file FrameView.cpp which potentially caused crash are changed in this cl (frame #3, "blink::FrameView::ScrollbarManager::updateScrollbarGeometry").
Minimum distance from crash line to modified line: 0. (file: FrameView.cpp, crashed on: 484, modified: 484).

Suspected Project: chromium

@ymalik -- Could you please look into the issue, kindly re-assign if not related to your changes.
Thank You.

ClusterFuzz has detected this issue as fixed in range 431813:431838.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5939005045866496

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000041
Crash State:
  mayNeedPaintInvalidation
  mayNeedPaintInvalidation
  blink::LayoutObject::setMayNeedPaintInvalidation
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=431655:431691
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=431813:431838

Minimized Testcase (0.30 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96O0dWWlDrQ0cb0wKyCMoPweHgKAqZM4VPV2qUUg6oi3f2c8PDnm7ny2lph6luNgiAQVO37vio-gDr6ElGrOvNI_GndjFITCG-c6JOFJOLCjAH4Tu3ja7QSjBEHylChO128MCK2CRCKI7VFdP6CBgn7_KkqGg?testcase_id=5939005045866496
<body onload="__f_1();">
  <script>
function __f_0() {
  document.designMode = "on";
  document.open();
  var __v_0 = document.appendChild(document.createElement('iframe'));
  __v_0.focus();
  document.execCommand("InsertHorizontalRule");
}
 runTest = __f_0; 
function __f_1() {
 runTest(); 
}
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot