Predator could not find any suspected culprit:

From the regression range provided:
https://chromium.googlesource.com/chromium/src/+log/d68f294b5c23f5b973d9391007c872751cfe49b3..5f917947505fc4acadefa5eae4fd8c0249ad5d84?pretty=fuller

Suspecting below change could be a possible culprit:
https://chromium.googlesource.com/chromium/src/+/5f917947505fc4acadefa5eae4fd8c0249ad5d84

meade@: Assigning to you, kindly take a look into it. Please help us to find an owner if not with respect to your change.

Thanks.!

ClusterFuzz has detected this issue as fixed in range 477541:477555.

Detailed report: https://clusterfuzz.com/testcase?key=6729400212258816

Fuzzer: bj_broddelwerk
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  before_descendant_container->IsAnonymous() in LayoutBlock.cpp
  blink::LayoutBlock::AddChildBeforeDescendant
  blink::LayoutTreeBuilderForText::CreateLayoutObject
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=477230:477239
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=477541:477555

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6729400212258816


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6729400212258816 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.