Using Find it, assigning to the concern owner, below are the results --
The result is a list of CLs that change the crashed files. 

Author: svillar
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/70a22ecc29b1197a37f860b88fd0dd56b2e9cd2d
Time: Tue Nov 22 15:47:06 2016
Lines 2027 of file LayoutGrid.cpp which potentially caused crash are changed in this cl (frame #5, "blink::LayoutGrid::placeItemsOnGrid").
Minimum distance from crash line to modified line: 0. (file: LayoutGrid.cpp, crashed on: 2027, modified: 2027).

@svillar -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

ClusterFuzz has detected this issue as fixed in range 438853:439175.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6523167683379200

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  definiteGridSpanWithNamedSpanAgainstOpposite
  resolveNamedGridLinePositionAgainstOppositePosition
  blink::resolveGridPositionAgainstOppositePosition
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=433807:433985
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=438853:439175

Minimized Testcase (1.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94cBZc2Ty8K75VP2spR6DFxwYmPTWBqZJT7PUcJ1lBT5WPQowi00FjPrHCnOnAFHlMcrarbAI5SSDy08_gZ8g9XPPLSMJPheieFsXO6HHW0vs51rwrFN5l-clCZJRyyxW4xGHFJj3hO9n4-IqN2P8r1WhYQqg?testcase_id=6523167683379200

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6523167683379200 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.