Navid, please investigate.

Caused by my change in  issue 611981 , Navid has a fix in the queue here: https://codereview.chromium.org/2485383004/

Thanks Navid!

Issue 663634 has been merged into this issue.

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/553e31530cf9dee59135026b5644dcdef0b0d181

commit 553e31530cf9dee59135026b5644dcdef0b0d181
Author: nzolghadr <nzolghadr@chromium.org>
Date: Thu Nov 10 02:06:29 2016

Add a null check for token creation to avoid crash

If touchpoint hit test doesn't return a node the
its targetFrame will be null and it could cause a
crash.

BUG= 663608 

Review-Url: https://codereview.chromium.org/2485383004
Cr-Commit-Position: refs/heads/master@{#431139}

[modify] https://crrev.com/553e31530cf9dee59135026b5644dcdef0b0d181/third_party/WebKit/Source/core/input/PointerEventManager.cpp

Issue 663626 has been merged into this issue.

I will be cherry-picking this to branch 2913 (a random dev branch) so that we can ship a non-crashy build this week.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/84ee12c194e30068a0b4c652f83592849b1ad930

commit 84ee12c194e30068a0b4c652f83592849b1ad930
Author: Alex Mineer <amineer@chromium.org>
Date: Fri Nov 11 00:20:22 2016

Add a null check for token creation to avoid crash

If touchpoint hit test doesn't return a node the
its targetFrame will be null and it could cause a
crash.

BUG= 663608 

(cherry picked from commit 553e31530cf9dee59135026b5644dcdef0b0d181)

Review-Url: https://codereview.chromium.org/2485383004
Cr-Original-Commit-Position: refs/heads/master@{#431139}
Cr-Commit-Position: refs/branch-heads/2913@{#8}
Cr-Branched-From: 75d01e1f338c8a452f7d9aa80c2bfa463c0ce4f0-refs/heads/master@{#430459}

[modify] https://crrev.com/84ee12c194e30068a0b4c652f83592849b1ad930/third_party/WebKit/Source/core/input/PointerEventManager.cpp

ClusterFuzz has detected this issue as fixed in range 430994:431183.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4970920138768384

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000160
Crash State:
  blink::LocalFrame::document
  blink::PointerEventManager::handleTouchEvents
  blink::EventHandler::handleTouchEvent
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=430994:431183

Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96IyDdlhzXy6sZoWQj64UCqTkja5YIzFk78Keicd0IfKzJeP5uTkIFUyc5qtmfYhozDgom37GNEJTpjtD0r1_bGhOUUmQAfK3vgjmgVADmamj9L14bO91k4E9fbk-G770UFdGjzzsEGyHfvp1sl_YpuTybrgw?testcase_id=4970920138768384

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot