Predator and CL could not provide any possible suspects.

Using Code Search for the file, "scroll_manager.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/c82a29cd12796c080cd631c2114d0c5f207636fc

sunyunjia@ -- Could you please look into this issue.

Thanks!

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6c90e03df15802e1c263159ae20d3f5b7f140092

commit 6c90e03df15802e1c263159ae20d3f5b7f140092
Author: Sandra Sun <sunyunjia@chromium.org>
Date: Thu Aug 02 19:25:43 2018

Check nullptrs for SnapFling in ScrollManager.

The previous code doesn't check nullptrs thoroughly, causing
clusterfuzz pages to crash. This patch adds the checks for those cases
to make sure they don't crash.

Bug:  863338 
Change-Id: Ibed005057fa376cb65200ad51e6dbb16bafa2c6a
Reviewed-on: https://chromium-review.googlesource.com/1142457
Commit-Queue: Sandra Sun <sunyunjia@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: Majid Valipour <majidvp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#580281}
[modify] https://crrev.com/6c90e03df15802e1c263159ae20d3f5b7f140092/third_party/WebKit/LayoutTests/fast/scroll-snap/animate-fling-to-snap-points.html
[modify] https://crrev.com/6c90e03df15802e1c263159ae20d3f5b7f140092/third_party/blink/renderer/core/input/scroll_manager.cc
[modify] https://crrev.com/6c90e03df15802e1c263159ae20d3f5b7f140092/third_party/blink/renderer/core/input/scroll_manager.h

ClusterFuzz has detected this issue as fixed in range 580280:580281.

Detailed report: https://clusterfuzz.com/testcase?key=4959024660086784

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000060
Crash State:
  blink::ScrollManager::ScrollByForSnapFling
  cc::SnapFlingController::Animate
  blink::PageAnimator::ServiceScriptedAnimations
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=572683:572684
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=580280:580281

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4959024660086784

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4959024660086784 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.