Using the provided regression range assigning to the possible suspect as per the change made for the file, “canvas2dlayerbridge.cpp”
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/4113351ca0024d9bcb037257db25a77d2a452563

@xidachen  -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thanks.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b68d26fdea9ea99109ab6017864aff7f8284d162

commit b68d26fdea9ea99109ab6017864aff7f8284d162
Author: Xida Chen <xidachen@chromium.org>
Date: Tue Sep 19 05:54:25 2017

Fix a null deref in Canvas2DLayerBridge

In Canvas2DLayerBridge::GetOrCreateSurface, we call CreateSkSurface
without checking whether the created surface is null or not. And later
on we use that surface to get canvas, which causes the null deref.

This CL does the null check on the SkSurface because getting its canvas.

Bug:  765925 
Change-Id: I00a25b0b40128cbcb61f93077045f4714df8c784
Reviewed-on: https://chromium-review.googlesource.com/670923
Reviewed-by: Justin Novosad <junov@chromium.org>
Commit-Queue: Justin Novosad <junov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#502786}
[modify] https://crrev.com/b68d26fdea9ea99109ab6017864aff7f8284d162/third_party/WebKit/LayoutTests/fast/canvas/canvas-layerBridgeCrashTest.html
[modify] https://crrev.com/b68d26fdea9ea99109ab6017864aff7f8284d162/third_party/WebKit/Source/platform/graphics/Canvas2DLayerBridge.cpp

Issue 766456 has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 502785:502793.

Detailed report: https://clusterfuzz.com/testcase?key=5195033199509504

Fuzzer: inferno_twister
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x0000001f
Crash State:
  SkSurface::getCanvas
  blink::Canvas2DLayerBridge::GetOrCreateSurface
  blink::Canvas2DLayerBridge::FlushRecordingOnly
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=493600:493628
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=502785:502793

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5195033199509504

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5195033199509504 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.