Suspected CL could 
https://chromium.googlesource.com/chromium/src/+/fd5d6b3400f54cee4a84fa24a43298d345e96463%5E%21/third_party/WebKit/Source/core/paint/BoxClipper.cpp

Last updated by pdr @ weeks ago , please have a look and reassign if needed.

Thank you.

ClusterFuzz has detected this issue as fixed in range 399164:399234.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6355834913423360

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  blink::BoxClipper::BoxClipper
  blink::BlockPainter::paint
  blink::BlockPainterDelegate::paint
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=399164:399234

Minimized Testcase (2.28 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96aj1uwVYICfrdgh_JpCvpB8oLw--JB_x5aui-YKKFj9jyK85KOx61zOWJs9WdRuVPeATKj1HBBOsZ6yJHluvs9lqKzQXAf-ZsDBChixgs2PO6eSknJHwPg0bOXE0D148gW0VL6Ou2DcIdsPm6q4wjeGir_Ig?testcase_id=6355834913423360

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot