Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.
Thank You.

I thought I saw email indicating these theme painter crashes were fixed. Is that right?

Re-assign if I am mistaken.

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f275ae530f95bc9b60e1e649c6bdd3491066071a

commit f275ae530f95bc9b60e1e649c6bdd3491066071a
Author: pdr@chromium.org <pdr@chromium.org>
Date: Fri Oct 27 19:00:28 2017

Remove crash from ThemePainter PaintSearchFieldCancelButton

PaintSearchFieldCancelButton paints the small (x) icon positioned
relative to the input box. Both ThemePainterMac and
ThemePainterDefault would crash when they looked up the cancel
button's <input> layout object when "display: contents" was used
because there is no layout object for the <input>.

ThemePainterMac::PaintSearchFieldCancelButton had code to check
if the <input> layout object is a LayoutBox but this code is not
needed. This logic was likely copied from the default impl in
ThemePainterDefault::PaintSearchFieldCancelButton which uses the
<input> dimensions for positioning. This check was removed.

ThemePainterDefault::PaintSearchFieldCancelButton has been
modified to check if the input layout object exists before using
it for positioning. An existing alternative positioning codepath
is used if it is not available.

Bug:  769686 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I00500bd701993fdb84c0a8f45831eaac24ef83de
Reviewed-on: https://chromium-review.googlesource.com/738932
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Steve Kobes <skobes@chromium.org>
Commit-Queue: Philip Rogers <pdr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512258}
[add] https://crrev.com/f275ae530f95bc9b60e1e649c6bdd3491066071a/third_party/WebKit/LayoutTests/fast/dom/shadow/input-date-display-contents-crash-expected.txt
[add] https://crrev.com/f275ae530f95bc9b60e1e649c6bdd3491066071a/third_party/WebKit/LayoutTests/fast/dom/shadow/input-date-display-contents-crash.html
[modify] https://crrev.com/f275ae530f95bc9b60e1e649c6bdd3491066071a/third_party/WebKit/Source/core/paint/ThemePainterDefault.cpp
[modify] https://crrev.com/f275ae530f95bc9b60e1e649c6bdd3491066071a/third_party/WebKit/Source/core/paint/ThemePainterMac.mm

ClusterFuzz has detected this issue as fixed in range 512234:512266.

Detailed report: https://clusterfuzz.com/testcase?key=6285178040483840

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000042
Crash State:
  blink::ThemePainterMac::PaintSearchFieldCancelButton
  blink::ThemePainter::Paint
  blink::BoxPainter::PaintBoxDecorationBackgroundWithRect
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=455091:455389
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=512234:512266

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6285178040483840

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6285178040483840 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.