Predator and CL did not find any possible suspects.
Using Code Search for the file, "PaintController.cpp" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/256619b40e56be177620efb04b57086b2f6bcbed

@chrishtr -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

I can reproduce, but think this will be obsolete as soon as next week, because
the relevant code is being refactored.

Fixed in https://codereview.chromium.org/2820233002.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/70d4ae4eed78aafe5659d3c8a35bab41dfc757c0

commit 70d4ae4eed78aafe5659d3c8a35bab41dfc757c0
Author: Rebaseline Bot <blink-rebaseline-bot@chromium.org>
Date: Wed Apr 19 19:13:11 2017

Auto-rebaseline for r465660

Build: https://build.chromium.org/p/chromium.infra.cron/builders/rebaseline-o-matic/builds/667321

https://chromium.googlesource.com/chromium/src/+/3596d8b9d1ada

BUG= 709846 
TBR=chrishtr@chromium.org

Review-Url: https://codereview.chromium.org/2831723002 .
Cr-Commit-Position: refs/heads/master@{#465696}

[modify] https://crrev.com/70d4ae4eed78aafe5659d3c8a35bab41dfc757c0/third_party/WebKit/LayoutTests/TestExpectations
[add] https://crrev.com/70d4ae4eed78aafe5659d3c8a35bab41dfc757c0/third_party/WebKit/LayoutTests/platform/mac/paint/pagination/pagination-change-clip-crash-expected.txt
[add] https://crrev.com/70d4ae4eed78aafe5659d3c8a35bab41dfc757c0/third_party/WebKit/LayoutTests/platform/mac/virtual/disable-spinvalidation/paint/pagination/pagination-change-clip-crash-expected.txt

ClusterFuzz has detected this issue as fixed in range 465628:465673.

Detailed report: https://clusterfuzz.com/testcase?key=5485999674359808

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false in PaintController.cpp
  blink::PaintController::CheckUnderInvalidation
  blink::PaintController::ProcessNewItem
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=451342:451385
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=465628:465673

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95_1aE4eDnHu2qjseCIj_LjOWwMVloU0wfdukoZacf5dYYEN1d_gG4H3edkwAqqARvEyMyCU-6CkVFZgI7yFAGwk3u2MiTHJllzOiJD2bOPdO-y6Ji4O437NR9MoOCu3aYI_-HoEjL_iSA9NZUQOJG8I-CYk_U-ZmDT_Wi-HkM1jui647LqhuYTLOPGJHAZsl8yjH-UwEdnxzxuwZ869lL7MCby4p_XI2K-olBcDSvE3yKQjtgAzMjYGwi5bY7dsXPLXkNv1GdOGvbppCVMecttOFFGmNZBlF_0IjJ2HXUriNF3psllyhUzEypxT6e9C0Yy56_YsWiBiyLqD-zaWoEi_kRO_dIi7R0CqmvfB75yL5ILMGw?testcase_id=5485999674359808


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.