Test Predator has given the following results:

style: Rename the values in a few enums to be CamelCase and prefixed by danakj@chromium.org
Top touched frame is #5 blink::LayoutBlockFlow::LayoutRunsAndFloatsInRange(in LayoutBlockFlowLine.cpp)
Changed files BreakingContextInlineHeaders.h, LineBreaker.cpp, with the same CrashedDirectory(third_party/WebKit/Source/core/layout/line) as LineWidth.cpp (in frame#1, frame#2) Changed files LayoutBlock.cpp, LayoutBlockFlow.cpp, LayoutBlockFlowLine.cpp, LayoutListMarker.cpp, LayoutTable.cpp, with the same CrashedDirectory(third_party/WebKit/Source/core/layout) as LayoutBlockFlowLine.cpp (in frame#5, frame#6, frame#7), LayoutBlockFlow.cpp (in frame#8, frame#9)
Touched files in stacktrace - LayoutBlockFlow.cpp, LayoutBlockFlowLine.cpp
Changed files LayoutBlock.cpp, LayoutBlockFlow.cpp, LayoutBlockFlowLine.cpp, LayoutListMarker.cpp, LayoutTable.cpp, BreakingContextInlineHeaders.h, LineBreaker.cpp, with the same CrashedComponent(Blink>Layout) as LayoutBlockFlowLine.cpp (in frame#5, frame#6, frame#7), LineWidth.cpp (in frame#1, frame#2), LayoutBlockFlow.cpp (in frame#8, frame#9)

@danakj -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thank You.

That CL renamed enums, it did not change behaviour. Please look further in history.

Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.
Thank You.

eae@, can you please look into this issue if possible?

Thank you in-advance!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/43a5cd79fe73e334515f0ef0a55dbf670f133923

commit 43a5cd79fe73e334515f0ef0a55dbf670f133923
Author: Emil A Eklund <eae@chromium.org>
Date: Tue Feb 27 19:19:00 2018

Prevent overflow in LayoutUnit operator++

Bug:  772263 
Test: Source/platform/LayoutUnitTest.cpp
Change-Id: I470b0dd4ce654c777d178dba077e523d3748b926
Reviewed-on: https://chromium-review.googlesource.com/938850
Reviewed-by: Justin Schuh <jschuh@chromium.org>
Commit-Queue: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#539518}
[modify] https://crrev.com/43a5cd79fe73e334515f0ef0a55dbf670f133923/third_party/WebKit/Source/platform/LayoutUnit.h
[modify] https://crrev.com/43a5cd79fe73e334515f0ef0a55dbf670f133923/third_party/WebKit/Source/platform/LayoutUnitTest.cpp

ClusterFuzz has detected this issue as fixed in range 539517:539518.

Detailed report: https://clusterfuzz.com/testcase?key=6303469396033536

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::LineWidth::WrapNextToShapeOutside
  blink::LineWidth::FitBelowFloats
  blink::LayoutBlockFlow::LayoutRunsAndFloatsInRange
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=379622:379730
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=539517:539518

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6303469396033536

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6303469396033536 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.