From findit tool;

	No CL in the regression range changes the crashed files. The result is the blame information.

Author: erg@google.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/eae9c0623d1800201739b4be146649103a45cd93
Time: Tue Jan 11 00:50:59 2011
The CL last changed line 782 of file logging.cc, which is stack frame 2.

Author: erg@google.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/eae9c0623d1800201739b4be146649103a45cd93
Time: Tue Jan 11 00:50:59 2011
The CL last changed line 504 of file logging.cc, which is stack frame 3.

Author: sugoi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6e8e4f83184b28130f22cc8ec184832b0d7aba2a
Time: Mon Nov 18 23:35:21 2013
The CL last changed line 49 of file filter_fuzz_stub.cc, which is stack frame 4.

Author: sugoi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6e8e4f83184b28130f22cc8ec184832b0d7aba2a
Time: Mon Nov 18 23:35:21 2013
The CL last changed line 66 of file filter_fuzz_stub.cc, which is stack frame 5.

Author: sugoi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6e8e4f83184b28130f22cc8ec184832b0d7aba2a
Time: Mon Nov 18 23:35:21 2013
The CL last changed line 85 of file filter_fuzz_stub.cc, which is stack frame 6.

Suspected Project: chromium

Looks like memory allocation in std::ostringstream is failing while constructing the log message. I'm wondering whether something is managing to use up a ton of memory and this just happens to be the thing that finally fails.

Given that, I'd look at the Skia revision range:
https://chromium.googlesource.com/skia/+log/d1c6b7c5007b5c609b44a9cdfe95ef64a5a8f29f..499ababa52f3ac4fccf957979713abe58be1584a?pretty=fuller

There is stuff in there that seems to touch the flattening/unflattening of SkImageFilters, which is what filter_fuzz_stub tests.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6712858899644416

Fuzzer: sugoi_filter_fuzzer
Job Type: linux_asan_filter_fuzz_stub_32bit
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x00000000
Crash State:
  std::__1::basic_stringbuf<char, std::__1::char_traits<char>, std::__1::allocator
  _dl_find_dso_for_object
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=344473:344607

Minimized Testcase (0.20 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94rsINxbHUoR0e4A5bN37xZLbFA-toq1ElLDNFltn4bl7WxrjkFHzLCOMNUq1zGFu4IGrdGFRjsrszYbaoLl5pQ22JyDDY2pgbnilC9rLZ0BXTyRso_2Nbq56YZiFhfNDOIYNiP_ZDUVdb3aAbc6SVF2PYk1w?testcase_id=6712858899644416

Issue manually filed by: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5816110685618176

Fuzzer: sugoi_filter_fuzzer
Job Type: linux_asan_filter_fuzz_stub_32bit
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x00000000
Crash State:
  _dl_find_dso_for_object
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=386879:387080

Minimized Testcase (0.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9440t9itfQoTXYbjKoi-IALK_apIDorKTfH7dbzI8Mn1JTsN7tDL8F6qbJMqb_9y-vlgzFQ1WkTvQXJNCRElQ8B1VK0RKWPrqeWtSvoOu-uSq-Cx7rhLxgCLwPkuQrkM8GZNHyZfboBJXC_5ClefNkxtWblKg?testcase_id=5816110685618176

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5816110685618176

Fuzzer: sugoi_filter_fuzzer
Job Type: linux_asan_filter_fuzz_stub_32bit
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x00000000
Crash State:
  _dl_find_dso_for_object
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=386879:387080

Minimized Testcase (0.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9440t9itfQoTXYbjKoi-IALK_apIDorKTfH7dbzI8Mn1JTsN7tDL8F6qbJMqb_9y-vlgzFQ1WkTvQXJNCRElQ8B1VK0RKWPrqeWtSvoOu-uSq-Cx7rhLxgCLwPkuQrkM8GZNHyZfboBJXC_5ClefNkxtWblKg?testcase_id=5816110685618176

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This issue is not fixed, could someone please take a look?.

[2017-03-29 07:25:36 UTC] clusterfuzz-linux-0465: Progression task started: r460282.
[2017-03-29 07:28:31 UTC] clusterfuzz-linux-0465: Progression task finished.

Thank you.

AFAICT this is a duplicate of  crbug.com/628222 

In two cases I checked we have:

REVISION 404340

soft rss limit exhausted (512Mb vs 629Mb)
allocator_may_return_null=1

REVISION 460664

soft rss limit exhausted (512Mb vs 560Mb)
allocator_may_return_null=1
failing allocation: new SkMallocPixelRef 

ClusterFuzz has detected this issue as fixed in range 479756:479771.

Detailed report: https://clusterfuzz.com/testcase?key=4749635575087104

Fuzzer: sugoi_filter_fuzzer
Job Type: linux_asan_filter_fuzz_stub_32bit
Platform Id: linux

Crash Type: Null-dereference WRITE
Crash Address: 0x00000004
Crash State:
  SkPixelRef::SkPixelRef
  SkMallocPixelRef::MakeZeroed
  SkBitmap::tryAllocPixels
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=344473:344607
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=479756:479771

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4749635575087104


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.