From findit tool:

Author: wangxianzhu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7cbfbcef3ed11feafc3f77c0225b73008abb6d85
Time: Fri Jan 15 02:14:03 2016
The CL last changed line 568 of file ObjectPainter.cpp, which is stack frame 3.

There is a tracking  issue 634806  for interger-overflow in blink::operator+. looks like stack trace is different. please duplicate if you feel if it is same.

Thank you.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 435261:438085.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5394245555060736

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator+
  blink::ListMarkerPainter::paint
  blink::LayoutListMarker::paint
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085

Minimized Testcase (0.06 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95aAJmX4ZBB2UQRPsQx1U4MeQi6mPZSKMMeWizyjX3SuiaMUGAhYxKvwHfLZ5kMgh2MUA2xiqfx9WF_tOVj8Es3hN5czB6HeZPRi2B7J246EGA8bZpQdeeV3CyDtRkRR2AuLdjgbmzUCLmJopRHC6LQAQh8pg?testcase_id=5394245555060736
<style>* {
    letter-spacing: 2828137494px;
</style>
<ol>
<li>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.