Predator and CL could not provide any possible suspects.

Using Code Search for the file, "paint_property_tree_builder.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/df9f7af7c406fb5e498a5a0123f2d087a5b9d9c2

wangxianzhu@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ca1fe8d1f7387fe95330805fa9d57a349dd28489

commit ca1fe8d1f7387fe95330805fa9d57a349dd28489
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Fri Oct 05 22:08:22 2018

[PE] Don't create effect for non-layered non-svg objects with stacking context style

Such objects are not actual stacking contexts. For now we know LayoutTableCol
is one of such objects for now, though it should support effects
(crbug.com/892734).

Bug:  890615 
Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_slimming_paint_v2;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I7fe4b09e5b95731b0ce3805583b6391677419216
Reviewed-on: https://chromium-review.googlesource.com/c/1262927
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Reviewed-by: Philip Rogers <pdr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597333}
[modify] https://crrev.com/ca1fe8d1f7387fe95330805fa9d57a349dd28489/third_party/blink/renderer/core/paint/paint_property_tree_builder.cc
[modify] https://crrev.com/ca1fe8d1f7387fe95330805fa9d57a349dd28489/third_party/blink/renderer/core/paint/paint_property_tree_builder_test.cc

ClusterFuzz has detected this issue as fixed in range 597331:597341.

Detailed report: https://clusterfuzz.com/testcase?key=5639392079904768

Fuzzer: marty_html_twiddler
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  object_.IsSVG() in paint_property_tree_builder.cc
  blink::FragmentPaintPropertyTreeBuilder::EffectCanUseCurrentClipAsOutputClip
  blink::FragmentPaintPropertyTreeBuilder::UpdateEffect
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=597331:597341

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5639392079904768

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5639392079904768 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.