Unable to find the Suspect from CL, Code Search and findit.
Providing the CL details,
https://chromium.googlesource.com/chromium/src/+log/52bb9d4d20c7363cb88f51cf0860362f303a228a..c548a8dc422953c7e06a65e6abe2e68ef063e5dd?pretty=fuller

Could some one please look into the issue and update.
Thanks in Advance.

Reproduced on Linux and Windows. Starting bisecting.

First bad: https://codereview.chromium.org/1865603004
Affecting M-51 and later.

alancutter@, could you take a look as the author of the CL?

Simplified test case:
<body onload="window.open()">
  <table background="http://tLayp%e3s&quot;^1"></table>
</body>

Possibly same crash as issue 602952.

Issue 602952 has been merged into this issue.

Looks like CSSImageValue::m_absoluteURL is the null string for some reason and the HashMap in ResourceFetcher::cachedResource() can't deal with null strings due to StringHash calling key.impl()->hash() where impl() is nullptr.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2b4803484f5e55299bf6f5ea1bd95639f88e75b1

commit 2b4803484f5e55299bf6f5ea1bd95639f88e75b1
Author: alancutter <alancutter@chromium.org>
Date: Thu Jul 07 09:22:35 2016

Avoid invoking ResourceFetcher::cachedResource() with a null URL

Invalid CSS image URLs end up with a null m_absoluteURL internally.
ResourceFetcher::cachedResource() cannot deal with null URLs so check
before calling it.

BUG= 622703 

Review-Url: https://codereview.chromium.org/2130673002
Cr-Commit-Position: refs/heads/master@{#404111}

[add] https://crrev.com/2b4803484f5e55299bf6f5ea1bd95639f88e75b1/third_party/WebKit/LayoutTests/tables/invalid-background-url-crash.html
[modify] https://crrev.com/2b4803484f5e55299bf6f5ea1bd95639f88e75b1/third_party/WebKit/Source/core/css/CSSImageValue.cpp

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5197309113794560

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000b
Crash State:
  WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,int>,WTF::KeyValuePairK
  blink::ResourceFetcher::cachedResource
  blink::CSSImageValue::restoreCachedResourceIfNeeded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=400721:400775

Minimized Testcase (0.22 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96GoJNn6C8Db_hSgKai7QEpEiMPS48GROUrGEnnb3zVV6RlekwanA1ndbTQRVNrJSJu-0t_QL4sOT3nqx55-ZwKhZBy4WaherPq_OgIl1pOObghH3UFrq6Uuu4mHrLgVRiaIiilhuRxmyyfCot__ybl0w1KRg?testcase_id=5197309113794560
<script>
function jsfuzzer() {
 /*DOMWindow*/ var var00166 = window;  //line 177
 /*DOMWindow*/ var var00170 = var00166.open();  //line 181
}
</script>
<body onload=jsfuzzer()<table background="http://tLayp%e3s&quot;^1">


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot