Assigning to concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/ff526f144979c335e9be9009537016aec5f4319d
Time: Fri Jun 30 09:26:54 2017
Lines 251-256 of file UtilsHLSL.cpp which potentially caused crash are changed in this cl (frame #4, "sh::DecorateFunctionIfNeeded"). 

Lines 1595 of file OutputHLSL.cpp which potentially caused crash are changed in this cl (frame #5, "sh::OutputHLSL::visitFunctionDefinition").
Minimum distance from crash line to modified line: 0. (file: OutputHLSL.cpp, crashed on: 1595, modified: 1595).

@Olli Etuaho -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

This is caused by missing shader validation - ANGLE doesn't treat it as a compile error if a function starting with gl_ is declared, only if the function is called. The issue doesn't have much real-world impact and should be simple to fix.

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/d7cd4ae5c2f71ff3acc51997a2b816839f4f5947

commit d7cd4ae5c2f71ff3acc51997a2b816839f4f5947
Author: Olli Etuaho <oetuaho@nvidia.com>
Date: Thu Jul 06 16:19:24 2017

Check that function declarations don't use a reserved name

Reserved function names are now caught if the function is just
declared without being called in the shader source. Actually, function
calls don't need to be checked for reserved names, since that just
generates a redundant error message if function declarations are being
checked.

Includes some cleanup of ParseContext::checkIsNotReserved. It doesn't
need special handling of built-in symbols, as they are never passed to
the function.

BUG= chromium:739448 
TEST=angle_unittests

Change-Id: I7115e1a7509626b5109b5c054c0704b0c3c19c58
Reviewed-on: https://chromium-review.googlesource.com/561457
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Olli Etuaho <oetuaho@nvidia.com>

[modify] https://crrev.com/d7cd4ae5c2f71ff3acc51997a2b816839f4f5947/src/compiler/translator/ParseContext.cpp
[modify] https://crrev.com/d7cd4ae5c2f71ff3acc51997a2b816839f4f5947/src/tests/compiler_tests/ShaderValidation_test.cpp

Should be fixed by the next ANGLE roll.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b891953a093ee5ab2f78df398322e6cf59c7c2e6

commit b891953a093ee5ab2f78df398322e6cf59c7c2e6
Author: Geoff Lang <geofflang@chromium.org>
Date: Mon Jul 10 16:25:36 2017

Roll ANGLE 27a6063..70c95fa

https://chromium.googlesource.com/angle/angle.git/+log/27a6063..70c95fa

BUG= chromium:739448 , chromium:731324 ,:angleproject:1644,chromium:682815

TBR=jmadill@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Change-Id: I9ed559801bfbb7cada2fef863096047f33437703
Reviewed-on: https://chromium-review.googlesource.com/565051
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485290}
[modify] https://crrev.com/b891953a093ee5ab2f78df398322e6cf59c7c2e6/DEPS

ClusterFuzz has detected this issue as fixed in range 485271:485338.

Detailed report: https://clusterfuzz.com/testcase?key=6305863009828864

Fuzzer: libFuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  name.getString().compare(0, 3, "gl_") != 0
  sh::DecorateFunctionIfNeeded
  sh::OutputHLSL::visitFunctionDefinition
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=484134:484170
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=485271:485338

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6305863009828864


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6305863009828864 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.