Below one copied from another similar crash 

The result is a list of CLs that change the crashed files.

Author: chrishtr
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/3d30a67e378ec3fcaac5809305584bbabca88e18
Time: Sat Aug 13 01:17:59 2016
Lines 327 of file PaintInvalidationState.cpp which potentially caused crash are changed in this cl (frame #3, "content_shell!blink::PaintInvalidationState::updateForNormalChildren+0x16d").
Minimum distance from crash line to modified line: 0. (file: PaintInvalidationState.cpp, crashed on: 324, modified: 324).

Suspected Project: chromium
Suspected Component: Blink>Layout

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5319621882413056

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000033
Crash State:
  blink::PaintInvalidationState::addClipRectRelativeToPaintOffset
  blink::PaintInvalidationState::updateForNormalChildren
  blink::PaintInvalidationState::updateForChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=411529:411868

Minimized Testcase (2.91 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Ph46w6FUSBnxa632Jv0BOw-w-cK0G417OI9Y9ea4u1iMi_pnptUlhD3FUmQ5X7b-jjfmXxUN9Q5wT4qdwn-0mHIUl4llo8f9WWuXxlJLO02QL7zjNAhhHrmxldW4mNhTyeGWRjZbPOivcLzDrAaTF0HaEfg?testcase_id=5319621882413056

Issue manually filed by: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4661750400286720

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  object.isBox()
  blink::toLayoutBox
  blink::PaintInvalidationState::updateForNormalChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=411529:411868

Minimized Testcase (3.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95cutLRiW24WmNFPHNn3OPS2mcM0pxvGEe9KCIrwPmCQ-rdCPYXQW436w4mAfVJea2rHPFGniRS8veyQORSQwPhSvfWqnDv2xs5Wvds7AOBpaBPG5refzBcNqIFmt0pIBofMQlGf5wCjVtdKGgJ0qYfklEEvw?testcase_id=4661750400286720

Issue manually filed by: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 412308:412331.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4661750400286720

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  object.isBox()
  blink::toLayoutBox
  blink::PaintInvalidationState::updateForNormalChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=411529:411868
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=412308:412331

Minimized Testcase (3.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95cutLRiW24WmNFPHNn3OPS2mcM0pxvGEe9KCIrwPmCQ-rdCPYXQW436w4mAfVJea2rHPFGniRS8veyQORSQwPhSvfWqnDv2xs5Wvds7AOBpaBPG5refzBcNqIFmt0pIBofMQlGf5wCjVtdKGgJ0qYfklEEvw?testcase_id=4661750400286720

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

As per comment#4, marking the bug as fixed. thank you.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot