Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: drott
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/9d6c0f9ad3a5d10c6ffc45119308026be3ec9a86
Time: Mon Feb 27 18:08:14 2017
Lines 410 of file HarfBuzzFace.cpp which potentially caused crash are changed in this cl (frame #1, "blink::HarfBuzzFace::getScaledFont").
Minimum distance from crash line to modified line: 0. (file: HarfBuzzFace.cpp, crashed on: 410, modified: 410).

@drott -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Yes, I'll take a look next week, somehow we seem to end up there with a null typeface :-/. 

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/e7e5499c787a492d98f73445dea78b9dfb0f773b

commit e7e5499c787a492d98f73445dea78b9dfb0f773b
Author: Ben Wagner <bungeman@google.com>
Date: Thu Mar 02 17:32:13 2017

Check that the FT_Face actually exists in SkTypeface_FreeType::onGetVariationDesignPosition.

All users of AutoFTAccess check the FT_Face for nullptr in case the
FT_Face cannot actually be created. This check was overlooked in the
recent addition of SkTypeface_FreeType::onGetVariationDesignPosition.

BUG= chromium:697878 

Change-Id: I92dfe845f2aecfa00bd4d088ac139f74c019c03d
Reviewed-on: https://skia-review.googlesource.com/9151
Reviewed-by: Ben Wagner <bungeman@google.com>
Commit-Queue: Ben Wagner <bungeman@google.com>

[modify] https://crrev.com/e7e5499c787a492d98f73445dea78b9dfb0f773b/src/ports/SkFontHost_FreeType.cpp

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/e7e5499c787a492d98f73445dea78b9dfb0f773b

commit e7e5499c787a492d98f73445dea78b9dfb0f773b
Author: Ben Wagner <bungeman@google.com>
Date: Thu Mar 02 17:32:13 2017

Check that the FT_Face actually exists in SkTypeface_FreeType::onGetVariationDesignPosition.

All users of AutoFTAccess check the FT_Face for nullptr in case the
FT_Face cannot actually be created. This check was overlooked in the
recent addition of SkTypeface_FreeType::onGetVariationDesignPosition.

BUG= chromium:697878 

Change-Id: I92dfe845f2aecfa00bd4d088ac139f74c019c03d
Reviewed-on: https://skia-review.googlesource.com/9151
Reviewed-by: Ben Wagner <bungeman@google.com>
Commit-Queue: Ben Wagner <bungeman@google.com>

[modify] https://crrev.com/e7e5499c787a492d98f73445dea78b9dfb0f773b/src/ports/SkFontHost_FreeType.cpp

Skia needs to be able to sanely handle this situation, so the above change. However, we should probably figure out how we got this far with a bad font.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ce3b4f57b7f385757e6e3e50ffc902613e793b1f

commit ce3b4f57b7f385757e6e3e50ffc902613e793b1f
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Fri Mar 03 22:48:01 2017

Roll src/third_party/skia/ 9c10df3b6..651cbe9af (54 commits)

https://skia.googlesource.com/skia.git/+log/9c10df3b60f4..651cbe9af67b

$ git log 9c10df3b6..651cbe9af --date=short --no-merges --format='%ad %ae %s'
2017-03-03 senorblanco GrTessellator: Implement a fast path in poly emission.
2017-03-03 benjaminwagner Add Braswell bots.
2017-03-03 herb Use an exponential growth strategy for extra blocks.
2017-03-03 caryclark Revert "Revert[2] "Remove SkDraw from device-draw methods, and enable device-centric clipping."""
2017-03-03 mtklein SkJumper: store_f32
2017-03-03 jcgregorio Upgrade Go in CIPD to 1.7.5
2017-03-03 reed Revert[2] "Remove SkDraw from device-draw methods, and enable device-centric clipping.""
2017-03-03 jcgregorio Remove extract_comments in housekeeper bot.
2017-03-03 robertphillips Switch SkImageGenerator over to generating GrTextureProxies
2017-03-03 caryclark Revert "Upgrade Go in CIPD to 1.7.5"
2017-03-03 jcgregorio Upgrade Go in CIPD to 1.7.5
2017-03-03 mtklein Put is_skia_standalone back a bit.
2017-03-03 mtklein Strengthen is_official_build, update docs.
2017-03-02 msarett Use non-fatal errors for WIC decoding failures
2017-03-03 halcanary Documentation: detailed iOS
2017-03-02 robertphillips Make GrSurface::MakeDeferred return sk_sp<GrTextureProxy>
2017-03-02 reed update cliptype test to exercise clipstack backend
2017-03-02 senorblanco GrTessellator: add a null-check for a clusterfuzz test case.
2017-03-02 bungeman Release resources if SkMallocPixelRef::NewWithProc fails.
2017-03-02 mtklein Revert "Use inline storage for SkEdgeBuilder."
2017-03-02 reed Don't mark the matrix-type as dirty just be cause we translate it.
2017-03-02 mtklein Remove SkLiteDL::makeThreadsafe().
2017-03-02 halcanary FuzzCanvas: fix drawVertices BUG=skia:6314
2017-03-02 reed add unittests for clip-state queries
2017-03-02 brianosman Use GrSemaphore rather than GrFence for external texture data
2017-03-02 herb Use the auto blitter alloc to build linear pipelines with.
2017-03-02 mtklein SkJumper: use AVX2 mask loads and stores for U32
2017-03-02 ethannicholas fixed duplicate interface variable in SPIR-V output
2017-03-02 reed Revert "Remove SkDraw from device-draw methods, and enable device-centric clipping."
2017-03-01 djsollen Refactor SkLiteDL to no longer extend SkDrawable.
2017-03-02 bungeman Tell PDF on Mac when a font is a variation font.
2017-03-02 benjaminwagner Add MotoG4 bot.
2017-03-02 herb Use inline storage for SkEdgeBuilder.
2017-03-02 reed pass storage directly to allocator for blitters
2017-03-02 herb Use proxy canvas size.
2017-03-02 reed Remove SkDraw from device-draw methods, and enable device-centric clipping.
2017-03-02 mtklein SkJumper: skip null contexts
2017-03-02 halcanary SkPDF: empty shader boxes bad
2017-03-02 brianosman Revert "Revert "Revert "Revert "Move GrTextureProvider to src""""
2017-03-02 jvanverth Use fast path for circular shadows.
2017-03-02 bungeman Check that the FT_Face actually exists in SkTypeface_FreeType::onGetVariationDesignPosition.
2017-03-02 mtklein SkJumper: be more precise by rejecting data sections.
2017-03-02 senorblanco GrTessellator (AA): restore rounding in Line::intersect().
2017-03-01 mtklein SkJumper: handle the <kStride tail in AVX+ mode.
2017-03-02 robertphillips Use GrTextureProvider's uniqueKey setting method rather than directly setting it
2017-03-02 bsalomon Determine whether any fp uses local coords in FragmentProcessorAnalysis rather than GrPipeline creation
2017-03-02 rmistry Fix flutter compile bot
2017-03-02 mtklein SkJumper: allow the compiler to generate FMAs
2017-03-02 hcm Update Skia milestone to 59
2017-03-02 msarett Test sRGB with non-linear blending using new "srgbnl" sink
2017-03-01 ethannicholas fix leak in SPIRV code generator
2017-03-02 kjlubick Symbolize all Ubuntu dm/nanobench runs
2017-03-01 mtklein Add some thread safety notes.
2017-03-01 robertphillips Remove atlas creation from GrResourceProvider

Created with:
  roll-dep src/third_party/skia
BUG=695696, 697916 , 697878 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=caryclark@chromium.org

Change-Id: I599776ba54b054924201133c698bd39853e475bd
Reviewed-on: https://chromium-review.googlesource.com/449974
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#454694}
[modify] https://crrev.com/ce3b4f57b7f385757e6e3e50ffc902613e793b1f/DEPS

ClusterFuzz has detected this issue as fixed in range 454667:454727.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5154926541144064

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000011
Crash State:
  SkTypeface_FreeType::onGetVariationDesignPosition
  blink::HarfBuzzFace::getScaledFont
  blink::HarfBuzzShaper::shapeSegment
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=453249:453344
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=454667:454727

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96_YEiPg4rKFHmZAOYvkyVozKsd-wY-3NURhnaXEibzz6s4c8aq_jy-0usitAEWrX602-GVQ_QSZ5DC4mevqQkWI90YUQROrUypU1mQ4RP1sEkKu4Ps1pg7EfzQ5TL_Lm6LL6YSAZ4iCkFCds17QWCRh9HCawHT1yWBOmgvRme5sglRh6FXaG7QU-eOqRg44R3_NZ-k3GchDtf-NrqmJmt8R94XawGlRoCs8Etkg71KKWQzlpyHaBYVGRb1Kn4EMsOlVatkAf-V8LPLIZlySV2jWX0lXDt2eatePcoa0QeE_MbMxJJVuPB34TN0adqsW2K7VF2dY8QoWkkjS-dEnc6Vdj8DKQSo0y4uha_hLHqiiOafidw?testcase_id=5154926541144064


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5154926541144064 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.