Through code search on file "LayoutUnit.h" from frame #0 suspecting the below change
Review URL: https://codereview.chromium.org/2160983007

wangxianzhu@ - Observed some recent changes on this file, Could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!

The CL fixed this bug actually.

ClusterFuzz has detected this issue as fixed in range 406657:406809.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6186328140283904

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::LayoutRect::expand
  blink::ComputedStyle::getRoundedInnerBorderFor
  blink::ComputedStyle::getRoundedInnerBorderFor
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=406657:406809

Minimized Testcase (0.16 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96PG39LFCp6AWHiAGKppSGpxqmvnGAdXUbL_5-5La-WljvKkO46bgq0vyS30WnRSb0PQe9WBE3yqSuFjoie5nqqmdaBnwhlXHHPHm0hW3RsHINBkYjooXeLokiTQ4gJOlwfd3FlhcYHsEDtsaA_0pMBKWFLlA?testcase_id=6186328140283904

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot