This issue looks similar to  bug 844196 , hence assigning to the same owner for more updates.

yoichio@ Could you please take a look in to this issue?

Thanks!

 Issue 846029  has been merged into this issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

ClusterFuzz has detected this issue as fixed in range 562314:562337.

Detailed report: https://clusterfuzz.com/testcase?key=6121740170952704

Fuzzer: attekett_dom_fuzzer
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  chrome
  blink::Node::UpdateDistributionInternal
  blink::ComparePositions
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=560941:560959
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=562314:562337

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6121740170952704

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6121740170952704 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.