Different crash stack and test report, but same position as  crbug.com/686424 . Asking for a redo on the regression range, as neither of the commits seem plausible.

Assigning to the concern owner who worked on the files, "svganimatedproperty.h" and "svgelement.cpp".

@fs -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Looking at the code involved it looks as if we have elementAnimations() but no SVGElementRareData.

ClusterFuzz has detected this issue as fixed in range 450686:450691.

Detailed report: https://clusterfuzz.com/testcase?key=6735272357396480

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000003c
Crash State:
  blink::SVGElement::applyActiveWebAnimations
  blink::SVGAnimatedProperty<blink::SVGNumber,blink::SVGNumberTearOff,float>::anim
  v8::internal::Invoke
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=446719:446721
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=450686:450691

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97YZjPCy5-LIc30eNJr5988PgXyXYRQZUyeWaGs3cREeMCtd45MFNvvqEqqMARXR70H17hzrn189_bNqt4EJM-h-NGUTROTSUis_SBFgdHQqN_JmFX4TZp5lfjDAXu0BApuud3gqKkL_dwrTeUZMwOwgBhwtUKso842tw6D_HjyYzxaNFB4UE4sg8bJAUTCeR6EYnTRg8s18vDsqt-AqT_ksM3GVdBv_SCNOfITCo4dvDrU00hOJKAmpNu60UKFrByU0DT6tLLfzj37eE7nPzDeovxpKheLmGp_LNN5XVYzKf3vFQyGBEJiqm9xGcetb6l7SyCeWRLMpRxNFO6NJBTFLkKyIzIsfU7M7xSZvxKaW1YYQnU?testcase_id=6735272357396480


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.