Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Stephen White
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/3b5a3fa8b1c11d4bd4499b040311f4c3553ebf8c
Time: Tue Jun 06 14:51:19 2017 -0400
Lines 876-903, 951-959, 1128-1137, 1289-1298, 1304-1305 of file GrTessellator.cpp which potentially caused crash are changed in this cl (frame #0, ""; frame #1, ""; frame #3, ""; frame #4, "").
Minimum distance from crash line to modified line: 0. (file: GrTessellator.cpp, crashed on: 1128, modified: 1128).

@senorblanco: Assigning to you, kindly take a look into it. Please help us to find an owner if not with respect to your change.

Thanks.!

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/0cb31675f3aa9cc878aa3a9e1a7ad09efdb350fc

commit 0cb31675f3aa9cc878aa3a9e1a7ad09efdb350fc
Author: Stephen White <senorblanco@chromium.org>
Date: Thu Jun 08 20:07:04 2017

GrTessellator: fix intersection above the first vertex.

Handle the case where the an intersection falls not only above both
edge endpoints, but above the first vertex in the mesh. This requires
passing the mesh into check_for_intersection(), in order to modify the
head. We also need to rewind the mesh after insertion, since we need
to rewind to the newly-inserted vertex.

This also cleans up vertex ID computation a little (for logging), so
that vertices before the first vertex or after the last have a
reasonable ID. It also cleans up the intersection-on-endpoint 
special cases by refactoring the calls to split_edge().

BUG= 730687 

Change-Id: Idea736eca7b7c3c5d8a470b1373a16ad8e649e80
Reviewed-on: https://skia-review.googlesource.com/19069
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Stephen White <senorblanco@chromium.org>

[modify] https://crrev.com/0cb31675f3aa9cc878aa3a9e1a7ad09efdb350fc/tests/TessellatingPathRendererTests.cpp
[modify] https://crrev.com/0cb31675f3aa9cc878aa3a9e1a7ad09efdb350fc/src/gpu/GrTessellator.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f19caa4d144c9b2d840998d6bc21bdd04bf9631f

commit f19caa4d144c9b2d840998d6bc21bdd04bf9631f
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Fri Jun 09 17:07:41 2017

Roll src/third_party/skia/ bc2cdd154..6a0feba05 (24 commits; 1 trivial rolls)

https://skia.googlesource.com/skia.git/+log/bc2cdd154bf5..6a0feba05bd5

$ git log bc2cdd154..6a0feba05 --date=short --no-merges --format='%ad %ae %s'
2017-06-09 msarett Add clamp before drawing F16->8888 in DMSrcSink ColorCodecSrc
2017-06-09 msarett Remove debug checks for unsupported ICC profiles
2017-06-09 benjaminwagner Add new Kaby Lake bot Win IntelIris640.
2017-06-09 bsalomon Make gradient effect creation fail if texture LUT creation fails
2017-06-09 reed remove unused colorfilter virtual asACompose
2017-06-09 brianosman Revert "Handle too many (or too large) paths in GrDefaultPathRenderer"
2017-06-09 msarett Make SkPixmap::getColor support kUnpremul pixels
2017-06-09 mtklein fix f16 -> sRGB in encode_bitmap_for_png()
2017-06-07 brianosman Handle too many (or too large) paths in GrDefaultPathRenderer
2017-06-09 reed remove unneeded include
2017-06-08 reed specialize D32 proc for legacy src
2017-06-08 robertphillips Create a new HDC for each ANGLE context
2017-06-08 bsalomon Add flush before drawing lines workaround for Adreno 3xx
2017-06-08 mostynb Use nextafter rather than std::nextafter, it's more widely available
2017-06-08 robertphillips Disable ReadPixels_Texture & ReadPixels_Gpu on ANGLE
2017-06-08 robertphillips Don't reuse failed buffers as scratch
2017-06-08 robertphillips Store context type (rather than backend type) in ContextInfo
2017-06-08 stani Add support for SkImageGenerator creating external textures
2017-06-08 senorblanco GrTessellator: fix intersection above the first vertex.
2017-06-08 msarett Draw time color xform API for Android
2017-06-08 msarett Revert "Do not return Index8 from SkAndroidCodec::computeOutputColorType"
2017-06-08 reed Experimental change to diagnose image diffs in g3
2017-06-08 reed Bump min picture to 7+ months ago

Created with:
  roll-dep src/third_party/skia
BUG= 730687 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
TBR=allanmac@chromium.org

Change-Id: I607d4a096bffd9af232427ff693cfcfeb26dc1e4
Reviewed-on: https://chromium-review.googlesource.com/528940
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#478313}
[modify] https://crrev.com/f19caa4d144c9b2d840998d6bc21bdd04bf9631f/DEPS

ClusterFuzz has detected this issue as fixed in range 478299:478314.

Detailed report: https://clusterfuzz.com/testcase?key=6735316361936896

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000028
Crash State:
  rewind
  merge_edges_above
  merge_collinear_edges
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=477544:477573
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=478299:478314

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6735316361936896


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.