Assigning to concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: dominicc
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/01618a2e9695f739ea089db2d7b1a3f4ccd5048c
Time: Tue Apr 11 01:07:37 2017
Lines 8123-8130 of file parser.c which potentially caused crash are changed in this cl (frame #0, "xmlParsePEReference").
Minimum distance from crash line to modified line: 0. (file: parser.c, crashed on: 8123, modified: 8123).

@dominicc -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

This is a null deref, probably of entity->etype. Looking at the code it doesn't make sense, we just established entity == NULL. It looks like the libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch has been rolled in from upstream in 90ccb58242866b0ba3edbef8fe44214a101c2b3e and I've accidentally applied it again

ail, could you CC me on https://bugzilla.gnome.org/show_bug.cgi?id=780691 ? I've been looking at the patch and it appears to have landed in 90ccb58242866b0ba3edbef8fe44214a101c2b3e but the bug is still open.

 Issue 710699  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b0720728483b544dad1aa6a0060ea01cd5519e3

commit 4b0720728483b544dad1aa6a0060ea01cd5519e3
Author: dominicc <dominicc@chromium.org>
Date: Wed Apr 12 05:51:18 2017

Remove patch which has been rolled in from libxml2 upstream.

Upstream commit 90ccb58242866b0ba3edbef8fe44214a101c2b3e includes this
patch; our local patch was redundantly reapplied causing a null-deref.

This turns down the fuzz factor on the roll script to zero from the default
of two. In this particular case a fuzz factor <= 1 would have been sufficient
to barf on this. The next roll may want to turn this up again to one and/or
update the context of patches.

BUG= 710365 

Review-Url: https://codereview.chromium.org/2815643005
Cr-Commit-Position: refs/heads/master@{#463938}

[modify] https://crrev.com/4b0720728483b544dad1aa6a0060ea01cd5519e3/third_party/libxml/README.chromium
[delete] https://crrev.com/91a3a4e17afca80ab1ff1ad6e0f97932debe5281/third_party/libxml/chromium/libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch
[modify] https://crrev.com/4b0720728483b544dad1aa6a0060ea01cd5519e3/third_party/libxml/chromium/roll.py
[modify] https://crrev.com/4b0720728483b544dad1aa6a0060ea01cd5519e3/third_party/libxml/src/parser.c

ClusterFuzz testcase 6191517644619776 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 463934:463938.

Detailed report: https://clusterfuzz.com/testcase?key=5228737106018304

Fuzzer: attekett_surku_fuzzer
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x00000000005c
Crash State:
  xmlParsePEReference
  xmlParseMarkupDecl
  xmlParseInternalSubset
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=463460:463483
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=463934:463938

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94qC8n6lp_qGFjqXwK7kvaAA0_dsawVfE5y9MKq90K-Jl5SjnEf_hTdoIv2xuQaNpy6FTqa7tGFVeipUo6-UHqOiFJfQzWlAyDXlGNur8PypRIh2gr5bYPBSIQqNx3vMA4ptLBsZRyWwH3nY2ckLR0iTRQtBgjKoG0__P9nVubVv3uDY4u7x8IhIjPtIYh7YRf2LWrF_WUK0dqNplxdkWILgX_Y2Lq6uvkurbT7aU9Q5S5qY48iKXtqxeZH1VveivhVETmIAB6598IF55idLbvKqK8l3AmLgSntos7zAffn-NrMEj_7I0SyVm-XRGbYSK5e3sgemK94IOtB4hxyiUZgsA31V5xkLzFg3H75Yu3du8NhpG4?testcase_id=5228737106018304


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

> ail, could you CC me on https://bugzilla.gnome.org/show_bug.cgi?id=780691 
done