Predator and CL could not provide any possible suspects.

Using Code Search for the file, "SkArenaAlloc.cpp" suspecting the below Cl might have caused this issue

Suspect CL: https://skia.googlesource.com/skia.git/+/2e361a3c34dd021f64c51c22fad26a187c436043

mtklein@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Looks like another GrTesselator check_for_intersection/split_edge fuzzer issue, maybe with a slightly new stack after some SkArenaAlloc refactoring.  Does this look familiar to you Stephen?

Thought I had nailed all of these. :( Thanks for the heads up.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/13f3d8d4bc6863c7d890781021555fb6f65936e0

commit 13f3d8d4bc6863c7d890781021555fb6f65936e0
Author: Stephen White <senorblanco@chromium.org>
Date: Fri Jun 22 15:27:57 2018

GrTessellator: avoid split with zero primary and out-of-range secondary.

Sometimes the intersector will return an intersection which is on the
same primary sort criterion (eg., Y coordinate), but out-of-range on the
secondary. We shouldn't do splits in this case. The only case we really
care about is if it's less than one epsilon and greater than zero,
and thus numerically unsplittable.

Bug:  851914 
Change-Id: Ia772763b6a66a14ca159cf409a832835244e83bc
Reviewed-on: https://skia-review.googlesource.com/136803
Reviewed-by: Robert Phillips <robertphillips@google.com>
Commit-Queue: Stephen White <senorblanco@chromium.org>

[modify] https://crrev.com/13f3d8d4bc6863c7d890781021555fb6f65936e0/tests/TessellatingPathRendererTests.cpp
[modify] https://crrev.com/13f3d8d4bc6863c7d890781021555fb6f65936e0/src/gpu/GrTessellator.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7d2091850fd861ab209dde317f21adf7e6a36cab

commit 7d2091850fd861ab209dde317f21adf7e6a36cab
Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Fri Jun 22 19:17:55 2018

Roll src/third_party/skia 5e0909776e81..96b1ecc25d00 (8 commits)

https://skia.googlesource.com/skia.git/+log/5e0909776e81..96b1ecc25d00


git log 5e0909776e81..96b1ecc25d00 --date=short --no-merges --format='%ad %ae %s'
2018-06-22 brucewang@google.com Implement onMakeClone(const SkFontArguments& args) in class SkTypeface_fontconfig.
2018-06-22 benjaminwagner@google.com Upgrade MacOS on Skolo bots.
2018-06-22 herb@google.com Use the correct paint from the looper
2018-06-22 bungeman@google.com Remove include/ports/SkFontMgr.h
2018-06-22 swiftshader-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/swiftshader bf8fd5b5fb68..a9969b2ab8c3 (1 commits)
2018-06-22 senorblanco@chromium.org GrTessellator: avoid split with zero primary and out-of-range secondary.
2018-06-22 herb@google.com Add SkGlyphRunList - v2
2018-06-22 recipe-roller@chromium.org Roll recipe dependencies (trivial).


Created with:
  gclient setdep -r src/third_party/skia@96b1ecc25d00

The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel

BUG= chromium:851914 
TBR=kjlubick@chromium.org

Change-Id: I579cb3684298fb742231c47cdb7f995b0797f49c
Reviewed-on: https://chromium-review.googlesource.com/1112219
Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#569728}
[modify] https://crrev.com/7d2091850fd861ab209dde317f21adf7e6a36cab/DEPS

ClusterFuzz has detected this issue as fixed in range 569727:569738.

Detailed report: https://clusterfuzz.com/testcase?key=4681598747017216

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Abrt
Crash Address: 0x7fff9bd51f06
Crash State:
  SkArenaAlloc::ensureSpace
  split_edge
  check_for_intersection
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=565886:565888
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=569727:569738

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4681598747017216

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4681598747017216 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.