Unable to find actual suspect through code search and also observing no suspected CL's under regression range,
With reference to the  Issue 849110 , assigning it to the futhark@

futhark@ Could you please look into it


Thanks!

I triggered a new bisect which pointed to:

https://chromium.googlesource.com/chromium/src/+/7004d7e19279e2d31f92fb295e06a8b987700f18

which sounds likely given that the minimal test-case contains a marker-mid resource and the mentioned commit changes marker-*.

I cannot reproduce this locally in a standard content_shell build.

fs@, could you take a look? Could this have been fixes in a later commit?

I'm not aware anything that would have changed things for the better in this case. I'll look into it.

I've not been able to reproduce (did you manage futhark?), but I see some issues that would definitely be related. Will fix those up.

No, not able to reproduce, which is why I was wondering if a later commit fixed it. I have not made an ASAN debug build, though.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b23891f21c36828e751aa30f0544915bd6749deb

commit b23891f21c36828e751aa30f0544915bd6749deb
Author: Fredrik Söderquist <fs@opera.com>
Date: Thu Jun 28 13:20:53 2018

Use DataEquivalent(...) when comparing StyleSVGResources

While the underlying SVGResource should be unique (or nullptr - for
invalid cases), the StyleSVGResource wrapper usually isn't. Hence we
need to use DataEquivalent(...) to properly determine equality.

Bug: 769774,  855914 
Change-Id: I333bc7a737d0635aabe35e39bb066edbc4282790
Reviewed-on: https://chromium-review.googlesource.com/1118219
Reviewed-by: Rune Lillesveen <futhark@chromium.org>
Commit-Queue: Fredrik Söderquist <fs@opera.com>
Cr-Commit-Position: refs/heads/master@{#571099}
[modify] https://crrev.com/b23891f21c36828e751aa30f0544915bd6749deb/third_party/blink/renderer/core/style/svg_computed_style_defs.cc

ClusterFuzz has detected this issue as fixed in range 571098:571099.

Detailed report: https://clusterfuzz.com/testcase?key=5511926168420352

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  *base_computed_style_ == *computed_style in element_animations.cc
  blink::ElementAnimations::UpdateBaseComputedStyle
  blink::UpdateBaseComputedStyle
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=559472:559481
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=571098:571099

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5511926168420352

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5511926168420352 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz is happy, then we're happy \o/