This report suggests it is a regression but is only giving a single patch, which seems completely unrelated, in the regression range. So I'll leave it as Type=Bug.

ClusterFuzz has detected this issue as fixed in range 434178:434216.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6422423965794304

Fuzzer: attekett_dom_fuzzer
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Stack-overflow
Crash Address: 0x7fff590a1ff8
Crash State:
  blink::StyleResolver::styleSharingList
  blink::StyleResolver::addToStyleSharingList
  blink::SharedStyleFinder::findElementForStyleSharing
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=428618:428619
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=434178:434216

Minimized Testcase (0.21 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96KCFtkNWVUZllrz7WyROdbeUY_W3RhX-18N_NrPmR1C9sq4FNtaMZ_KtxbQ3Qwf8xlDnxzIzipLaoz-o-pzXLxGYxrFcaI-AzAd1i0rYZXIXPqcpgvF22IWWpRc-OUnKph_Ai7OTM2LrSdOL3wx_8TSy67NA?testcase_id=6422423965794304
<body>
<script>
{
}
  depth = 100000;
var lastParent = document.body
for (var x = 0; x < depth; x++) {
  var div = document.createElement("div");
  lastParent.appendChild(div);
  lastParent = div;
}
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 671903  has been merged into this issue.