Findit did not find any culprit results,

assigning to /src/base/debug/OWNERS
bcwhite@ could you please check the issue and help.

Over to you, xunjieli.

The crash is a DCHECK against a logged SPDY string when the string is not valid UTF-8.  Logging was apparently added by you here:
https://codereview.chromium.org/1932853002/

Looks like morlovich might have added the fuzzer that catches this so added that id to the CC list.

My CL only moved the existing logging function from one file to another.
morlovich: can spdy headers contain non-UTF-8?

My (not-really-expert, just checked the spec) understanding is that HTTP2 header values can contain close to everything --- there are restrictions on things like CR, LF and \0, and perhaps some other control stuff --- but everything in the 0x80-0xFF range appears to be permitted.

Header names, OTOH, are supposed to be lowercase ASCII (which is enforced after this call, and perhaps not quite correctly --- SpdyStream::SaveResponseHeaders seems to disallow uppercase ASCII, but I am not sure anything ensures ASCII...)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21b64f4da725d81384c3558f96d9d8b045c99633

commit 21b64f4da725d81384c3558f96d9d8b045c99633
Author: xunjieli <xunjieli@chromium.org>
Date: Tue Feb 28 23:49:20 2017

HTTP/2 Check header names in HeaderCoalescer

According to RFC 7540 Section 8.1.2, HTTP/2 header names are ASCII
characters. SpdyStream::SaveResponseHeaders() checks whether header
names contain uppercase ASCII characters, but not whether header names
are valid tokens.

This CL makes HeaderCoalescer to enforce an header name validity check
by HttpUtil::IsValidHeaderName().

BUG= 691243 

Review-Url: https://codereview.chromium.org/2710053002
Cr-Commit-Position: refs/heads/master@{#453749}

[modify] https://crrev.com/21b64f4da725d81384c3558f96d9d8b045c99633/net/spdy/header_coalescer.cc
[modify] https://crrev.com/21b64f4da725d81384c3558f96d9d8b045c99633/net/spdy/header_coalescer_test.cc

ClusterFuzz has detected this issue as fixed in range 469306:469316.

Detailed report: https://clusterfuzz.com/testcase?key=5449363947257856

Fuzzer: libfuzzer_net_spdy_session_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e9000019ab
Crash State:
  base::debug::DebugBreak
  base::Value::Value
  base::Value::Value
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=449627:449661
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=469306:469316

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5449363947257856


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.