Possible suspect as per FindIt:

The result is a list of CLs that change the crashed files.

Author: jaydasika
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9234e405c7089c47ca9d30b34846f54b1fd9b8fd
Time: Mon Mar 21 20:44:22 2016
Lines 190-191, 198 of file tree_synchronizer.cc which potentially caused crash are changed in this cl (frame #5, "PushLayerPropertiesInternal"; frame #6, "cc::TreeSynchronizer::PushLayerProperties").

File layer.cc is changed in this cl (and is part of stack frame #3, "cc::Layer::PushPropertiesTo")
Minimum distance from crash line to modified line: 0. (file: tree_synchronizer.cc, crashed on: 195, modified: 195).

Suspected Component: chromium
Suspected Cr- Label: Cr-Internals-Compositing-Software

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/11cb9635daf8326b02a752f51f92785dc6c220f2

commit 11cb9635daf8326b02a752f51f92785dc6c220f2
Author: jaydasika <jaydasika@chromium.org>
Date: Thu Mar 31 00:37:08 2016

cc :  Fix bug in tree synchronization when mask layer changes

This CL also moves an out-of-place DCHECK.

BUG= 598875 
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1850453002

Cr-Commit-Position: refs/heads/master@{#384160}

[modify] https://crrev.com/11cb9635daf8326b02a752f51f92785dc6c220f2/cc/layers/layer.cc
[modify] https://crrev.com/11cb9635daf8326b02a752f51f92785dc6c220f2/cc/layers/layer_impl.cc
[modify] https://crrev.com/11cb9635daf8326b02a752f51f92785dc6c220f2/cc/layers/layer_impl.h
[modify] https://crrev.com/11cb9635daf8326b02a752f51f92785dc6c220f2/cc/trees/layer_tree_host_unittest.cc
[modify] https://crrev.com/11cb9635daf8326b02a752f51f92785dc6c220f2/cc/trees/tree_synchronizer.cc

ClusterFuzz has detected this issue as fixed in range 383194:384380.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5198430221107200

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000044
Crash State:
  cc::LayerImpl::SetTransformOrigin
  cc::Layer::PushPropertiesTo
  cc::PictureLayer::PushPropertiesTo
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=382185:382786
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=383194:384380

Minimized Testcase (0.25 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94g48bqJKU3xwxos1Onh02URaAvdzh5lQ6Oa8pZhH4aqHK6bSKzbBWJxxDEIL7lxL_yEf3stc22IPY2B7u8O-Wecvz7lW4l9rj0lA3oudL4Di3KMrWqPt_D7P_7yYb-gDBi_llVnYTjHRCnVbZ5dF7qs70fEA
<embed id="lappy" height="78" TYPE="application/x-shockwave-flash"
</script>
<script> 
var test0=document.getElementById("lappy")
test0.style['border-bottom-right-radius']='6px';
setInterval(function(){
document.body.style.zoom=3.5428020181134343
})
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot