Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Unable to find the possible suspect using Find it and CL.
Using Code Search for the file, "BlobBytesConsumer.cpp" assigning it to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/e3820506d765ca446b48fa84618581933d43c084

@yhirano -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f2a0303d3178649ea9b4b822cbf04f6ab95bd500

commit f2a0303d3178649ea9b4b822cbf04f6ab95bd500
Author: yhirano <yhirano@chromium.org>
Date: Fri Dec 09 15:10:31 2016

Fix BlobBytesConsumer state assumption on cancellation

Previously BlobBytesConsumer expected no other one canceled its loader. But it
was not correct when ExecutionContext is shutting down. This CL fixes the
assumption.

BUG= 666756 
R=tyoshino@chromium.org

Review-Url: https://codereview.chromium.org/2564503002
Cr-Commit-Position: refs/heads/master@{#437540}

[modify] https://crrev.com/f2a0303d3178649ea9b4b822cbf04f6ab95bd500/third_party/WebKit/Source/modules/fetch/BlobBytesConsumer.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23dee6874105c1a27939d30b78bd8f91cd889652

commit 23dee6874105c1a27939d30b78bd8f91cd889652
Author: yhirano <yhirano@chromium.org>
Date: Tue Dec 13 10:46:44 2016

Fix BlobBytesConsumer state assumption on cancellation

BUG= 666756 
R=tyoshino@chromium.org

Review-Url: https://codereview.chromium.org/2572683002
Cr-Commit-Position: refs/heads/master@{#438118}

[modify] https://crrev.com/23dee6874105c1a27939d30b78bd8f91cd889652/third_party/WebKit/Source/modules/fetch/BlobBytesConsumer.cpp

ClusterFuzz has detected this issue as fixed in range 438110:438120.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6701875408928768

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  PublicState::Closed == m_state in BlobBytesConsumer.cpp
  blink::BlobBytesConsumer::didFail
  blink::WorkerThreadableLoader::didFail
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=421437:421462
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=438110:438120

Minimized Testcase (0.25 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94wnG6R7Ph7NZCYcQQ8y-CeCqRZkqUmpkD0jzfWGYdckYAg8BSP4Ug8I_KTpJWKEyQF9QcdzfI5g-uVuFaLcxpO5NiHCiC8_bPOql6gUdoEh7paRyVXjHSbHAS6VxCzRGKkcWcIRZAP-vxNKZR3VVnUjBwM1g?testcase_id=6701875408928768
<p><script>
    if (window.testRunner) {
    }

    worker = new Worker("fetch-in-worker.js");
    worker.onmessage = function(e) {

"start";
            worker.terminate();
            setTimeout();
        
    };
    worker.postMessage("start");
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6701875408928768 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.