Predator and CL could not provide any possible suspects.

Using the code search for the file, “layoutgrid.cpp” assigning to concern owner.
Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/6dc4cef851061c3421ba4b05e51a37beb1364f38


jfernandez@-- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.


Thank You...

 Issue 786746  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ce061aac3438a175e66d9923fdad7bc446a89b5b

commit ce061aac3438a175e66d9923fdad7bc446a89b5b
Author: Javier Fernandez <jfernandez@igalia.com>
Date: Mon Nov 20 23:04:06 2017

[css-grid] Aboslute positioned items don't participate in baseline align

The Grid Layout spec states that absolute positioned items doesn't
participate in the grid layout and should not affect any other item's
placement.

Even though this behavior is described in the Grid spec, the statement
is too ambiguous, so I've filed an issue in the W3C github asking for
a specific description of the 'baseline' value for absolute positioned
elements in the CSS Box Alignment spec.

https://github.com/w3c/csswg-drafts/issues/1999

Bug:  786781 
Change-Id: I87e5c4a099ad60e7172e8f448356fd482adb26ec
Reviewed-on: https://chromium-review.googlesource.com/779419
Commit-Queue: Javier Fernandez <jfernandez@igalia.com>
Reviewed-by: Manuel Rego Casasnovas <rego@igalia.com>
Cr-Commit-Position: refs/heads/master@{#517974}
[add] https://crrev.com/ce061aac3438a175e66d9923fdad7bc446a89b5b/third_party/WebKit/LayoutTests/external/wpt/css/css-grid/alignment/grid-column-axis-alignment-positioned-items-017.html
[add] https://crrev.com/ce061aac3438a175e66d9923fdad7bc446a89b5b/third_party/WebKit/LayoutTests/external/wpt/css/css-grid/alignment/grid-row-axis-alignment-positioned-items-017.html
[modify] https://crrev.com/ce061aac3438a175e66d9923fdad7bc446a89b5b/third_party/WebKit/Source/core/layout/LayoutGrid.cpp

ClusterFuzz testcase 6168165020336128 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 517965:518061.

Detailed report: https://clusterfuzz.com/testcase?key=5052324732207104

Fuzzer: inferno_twister_c
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x00000003
Crash State:
  blink::BaselineContext::FindCompatibleSharedGroup
  blink::LayoutGrid::GetBaselineGroupForChild
  blink::LayoutGrid::RowAxisBaselineOffsetForChild
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=514498:517698
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=517965:518061

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5052324732207104

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 787440  has been merged into this issue.