Through code search on file Element.cpp, suspected CL is 
https://chromium.googlesource.com/chromium/src/+/8b6c7b7ce5a36d8eda49dd6e60c5e7c8f5c7277f
nainar@, could you please take a look?.
Thank you

Naina, I recently fixed an issue with the similar crash pattern ( issue 677690 ).
But at a glance of the crash (which is happening in <input type="radio">)
backtrace, probably a separate issue.

If you think the CL above is innocent, feel free to assign to me.

https://codereview.chromium.org/1667623002 This CL seems like a better suspect than my CL which is not in the regression range. Assigning to tkent@

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2f2e671f3872dafcc110ac0fb5e6615e6898f88f

commit 2f2e671f3872dafcc110ac0fb5e6615e6898f88f
Author: tkent <tkent@chromium.org>
Date: Wed Mar 15 06:11:54 2017

INPUT element: Fix a DCHECK failure in RadioInputType::findNextFocusableRadioButtonInGroup.

The function calls isFocusable(), and we need to make sure that the layout is up
to date.

BUG= 697286 

Review-Url: https://codereview.chromium.org/2745103008
Cr-Commit-Position: refs/heads/master@{#457007}

[modify] https://crrev.com/2f2e671f3872dafcc110ac0fb5e6615e6898f88f/third_party/WebKit/Source/core/html/HTMLInputElement.h
[modify] https://crrev.com/2f2e671f3872dafcc110ac0fb5e6615e6898f88f/third_party/WebKit/Source/core/html/HTMLInputElementTest.cpp
[modify] https://crrev.com/2f2e671f3872dafcc110ac0fb5e6615e6898f88f/third_party/WebKit/Source/core/html/forms/RadioInputType.cpp

ClusterFuzz has detected this issue as fixed in range 456626:457730.

Detailed report: https://clusterfuzz.com/testcase?key=4702562772320256

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !document().isActive() || !document().needsLayoutTreeUpdateForNode(*this) in Ele
  blink::Element::isFocusable
  blink::RadioInputType::findNextFocusableRadioButtonInGroup
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=373758:373795
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=456626:457730

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94q1uJYFmnMw7tzWjLZl4qtsbacy1uun40022Z74OPWI2lOqRzXffmfGUuWujqI0bmrW76SAfRbbOxTxyQXsdoCNVyFDyCQfma2Oo81T_6Hoq0kACH_d2fvpLURuhOw9I8GrOXOt_x-_evIi3KwaKc4Z9BsFl5DPJijBGhg_6qANL8z63qamAASdMtJXT3YLqiaYohDBXuH60zug4hMoQnxbe-3HuRe22fNTEVxQJ3XgocKjN5yTgbo-nbUAjp6-cf2II-U85YF15E55ZsrH26PKBmQmtQege12sDRLtB3bO739fHjn31demkZ0tROyhp6rkcdDhUDeGdGHSHCuH1Nc19VNE0sAEy3EvRqCQjCDRgmI3UFBMrsQZ6YRzSEec6gxUl2XuVQz90azePrnAtLq-MplJA?testcase_id=4702562772320256


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.