Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label for further triage.

Thanks!

I am unable to reproduce this on current build on my Linux workstation. It does not hit null deref, with or without SlimmingPaint175.

It does crash M64 chrome-stable renderer.

I did hit several DCHECKs:

paint/FindPropertiesNeedingUpdate.h:189
DCHECK_OBJECT_PROPERTY_EQ(object_, OverflowClip(*original_properties_),
                                OverflowClip(*object_properties));

ElementAnimations.cpp:131
void ElementAnimations::UpdateBaseComputedStyle
DCHECK(*base_computed_style_ == *computed_style);

editing/SelectionTemplate.cpp:40
SelectionTemplate<Strategy>::operator==
DCHECK_EQ(base_.GetDocument()->DomTreeVersion(), dom_tree_version_) << *this;

Would you like me to investigate further. Next step would be to build M64.

Thanks Alex, that's great! If it doesn't reproduce on tip of tree then it doesn't seem worth it to investigate further.

Thanks again.

ClusterFuzz testcase 5192753789796352 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.