Predator and CL could not provide any possible suspects.

Using Code Search for the file, "line_breaker.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/3fe4904a00ba85fe97d3b64dee683803e8d8049b

masonfreed@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

That's definitely not my change. But based on the test case containing will-change: position, and atotic@'s change below, in the regression range, I'd say its likely this one. Aleks, let me know if you agree.

https://chromium-review.googlesource.com/c/1359041

This is probably me. Got a patch....

Reverting will-change: position cause of this. Nice job, clusterfuzz

https://chromium-review.googlesource.com/c/chromium/src/+/1365882

ClusterFuzz has detected this issue as fixed in range 614464:614471.

Detailed report: https://clusterfuzz.com/testcase?key=4911652765696000

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Null-dereference WRITE
Crash Address: 0x000000000050
Crash State:
  blink::LineBreaker::SkipLeadingWhitespace
  blink::LayoutBlockFlow::LayoutRunsAndFloatsInRange
  blink::LayoutBlockFlow::LayoutRunsAndFloats
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=613692:613696
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=614464:614471

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4911652765696000

See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4911652765696000 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.