Detailed report: https://clusterfuzz.com/testcase?key=5079555377987584

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x05390007f129
Crash State:
  blink::OpenTypeVerticalData::GetVerticalTranslationsForGlyphs
  blink::HarfBuzzGetGlyphVerticalOrigin
  hb_font_t::subtract_glyph_v_origin
  
Sanitizer: thread (TSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5079555377987584

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.