Predator and CL did not provide any possible suspects.
Using Code Search for the file, "MathExtras.h" assigning to the concern owner from GIT Blame.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/ee7e5087fdb40d8f9f7481ea628bfa98db6865d0

@yutak -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

 Issue 750516  has been merged into this issue.

This should be layout or compositor related.

[1:1:0730/114453.334047:1034229756219:FATAL:MathExtras.h(368)] Check failed: !std::isnan(static_cast<double>(value)).
#0 0x0000004f08e1 in __interceptor_backtrace
#1 0x7f4ba777462d in base::debug::StackTrace::StackTrace(unsigned long) base/debug/stack_trace_posix.cc:757:41
#2 0x7f4ba776d823 in base::debug::StackTrace::StackTrace() base/debug/stack_trace.cc:199:28
#3 0x7f4ba7928d46 in logging::LogMessage::~LogMessage() base/logging.cc:553:29
#4 0x7f4b865f52ff in int clampTo<int, float>(float, int, int) third_party/WebKit/Source/platform/wtf/MathExtras.h:368:3
#5 0x7f4b8747c153 in blink::FlooredIntPoint(blink::FloatPoint const&) third_party/WebKit/Source/platform/geometry/FloatPoint.h:222:19
#6 0x7f4b8747bb89 in blink::EnclosingIntRect(blink::FloatRect const&) third_party/WebKit/Source/platform/geometry/FloatRect.h:256:23
#7 0x7f4b89dcec1d in blink::LayoutGeometryMap::MapToAncestor(blink::FloatRect const&, blink::LayoutBoxModelObject const*) const third_party/WebKit/Source/core/layout/LayoutGeometryMap.cpp:189:5
#8 0x7f4b89e6aaa4 in blink::LayoutGeometryMap::AbsoluteRect(blink::FloatRect const&) const third_party/WebKit/Source/core/layout/LayoutGeometryMap.h:61:12
#9 0x7f4b8a1f94d6 in blink::CompositingInputsUpdater::UpdateRecursive(blink::PaintLayer*, blink::CompositingInputsUpdater::UpdateType, blink::CompositingInputsUpdater::AncestorInfo) third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp:163:44
#10 0x7f4b8a1faf56 in blink::CompositingInputsUpdater::UpdateRecursive(blink::PaintLayer*, blink::CompositingInputsUpdater::UpdateType, blink::CompositingInputsUpdater::AncestorInfo) third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp:264:5
#11 0x7f4b8a1faf56 in blink::CompositingInputsUpdater::UpdateRecursive(blink::PaintLayer*, blink::CompositingInputsUpdater::UpdateType, blink::CompositingInputsUpdater::AncestorInfo) third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp:264:5
#12 0x7f4b8a1f7fb5 in blink::CompositingInputsUpdater::Update() third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp:26:3

Crashing with a bogus huge number is not a problem. Not a release problem either.

ClusterFuzz testcase 6464587770888192 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.