Users experienced this crash on the following builds:

Mac Canary 61.0.3159.0 -  2.68 CPM, 4 reports, 4 clients (signature blink::PaintLayerScrollableArea::EnsureRareData)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Predator did not provide any possible suspects.
Assigning to concern owner from CL --
https://chromium.googlesource.com/chromium/src/+log/d2b93c04c6f18c3c405668757a2e463ae15758e3..4450f22518208fe2e794d7ffabc19f3d2c5d5500?pretty=fuller

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/8c7b93bea11ac5361421231aa3be16f19d40ef5b

@chrishtr -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

ClusterFuzz has detected this issue as fixed in range 487248:487317.

Detailed report: https://clusterfuzz.com/testcase?key=4988380147613696

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000bc
Crash State:
  blink::PaintLayerScrollableArea::EnsureRareData
  blink::StickyConstraintsForLayoutObject
  blink::LayoutBoxModelObject::StickyPositionOffset
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=486909:486961
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=487248:487317

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4988380147613696


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.