Found the culprit using the Code Search for the file - SVGSMILElement.cpp

Suspecting Commit - 6d735f78334721b46d37f97ad8efb12d6e329e75

Review URL: https://codereview.chromium.org/1968683003

@sigbjornf: Could you please look into the issue, and if it has nothing to do with your changes and if possible please do assign it to the concerned owner.

Thank you.

Dispatching SVG animation progress events while shutting down the main thread & Blink.. LSan specific.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a2917a54ac168cd4ccb8bf453a44cadd38ec0c6b

commit a2917a54ac168cd4ccb8bf453a44cadd38ec0c6b
Author: sigbjornf <sigbjornf@opera.com>
Date: Mon May 16 07:57:24 2016

With LSan, run initial heap cleaning GCs during shutdown.

Clean out as much as garbage as possible before releasing a
thread's static persistents, in preparation for LSan leak
detection. By doing so, finalizers for itinerant garbage
may access these static local persistents without restrictions,
_but_ any object kept alive by a static persistent may
not when the second phase of cleaning GCs are performed.

As collectAllGarbage() stops on reaching a fixed point,
extra overhead of having to perform GCs before and after
the static persistents isn't a concern.

R=
BUG= 611333 

Review-Url: https://codereview.chromium.org/1977343002
Cr-Commit-Position: refs/heads/master@{#393809}

[modify] https://crrev.com/a2917a54ac168cd4ccb8bf453a44cadd38ec0c6b/third_party/WebKit/Source/platform/heap/ThreadState.cpp

Waiting to see if r393809 is sufficient.

ClusterFuzz has detected this issue as fixed in range 393799:393810.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6535056511729664

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000064
Crash State:
  blink::EventSender<blink::SVGSMILElement>::dispatchEventSoon
  blink::SVGSMILElement::progress
  blink::SMILTimeContainer::updateAnimations
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=393799:393810

Minimized Testcase (0.97 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96C9iA1_eq-hVtASizuk7N2ZuGMVz2o1qIxDBsY7IDjLokdywpWyVl3UQMOP_zhOjibd0MN537Kcv_shV5au7TBBB7pOX7JrKn5-4_h4QcoettvcQlSXnNVr2PM4d6Nxu2Wqp-67pl3kHoyNwSnEtlCciKPrg

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot