This looks like some deserialized path is getting into mesh code and hitting the assert on https://skia.googlesource.com/skia/+/50f7a1e4abea043b57a39ea1da53a0697bfa1f01/src/gpu/ops/GrAAConvexPathRenderer.cpp#113

FWIW libFuzzer_paint_op_buffer_fuzzer is running deserialization code that's not running in Chrome proper (yet), so it's not clear if this is something that would occur normally or is some bogus path.

ClusterFuzz has detected this issue as fixed in range 493187:493236.

Detailed report: https://clusterfuzz.com/testcase?key=5415596635455488

Fuzzer: libFuzzer_paint_op_buffer_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900005c4d
Crash State:
  sk_abort_no_print
  center_of_mass
  compute_vectors
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=491099:491177
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=493187:493236

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5415596635455488

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5415596635455488 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.