Predator could not provide any possible suspects.

From the below CL observing some changes related to paint op buffer, hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/3231a20b259dccb81598910a8bfa7b5dee787a9a..2eb1fe55d1eae8c706dd0611561e4f1ccea609fd?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/2a9bfe4538e4b99f6adbf5b22ff65c15da6399ce

weili@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/dc0b12ec7a2de9ae4836f90c66b4f8ff3558f0ba

commit dc0b12ec7a2de9ae4836f90c66b4f8ff3558f0ba
Author: Wei Li <weili@chromium.org>
Date: Fri Mar 09 00:27:51 2018

Harden size check during textblob deserialization

Check the text size read from a buffer should not exceed the size of
the input buffer. This is to avoid memory allocation errors such as
out of memory.

BUG= chromium:809200 

Change-Id: I47824f6e8122bd550ee97ac83e2251b7725865e7
Reviewed-on: https://skia-review.googlesource.com/113289
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Florin Malita <fmalita@chromium.org>

[modify] https://crrev.com/dc0b12ec7a2de9ae4836f90c66b4f8ff3558f0ba/src/core/SkTextBlob.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/32423c4c8bd5ae91c942a170abee4047b601b30b

commit 32423c4c8bd5ae91c942a170abee4047b601b30b
Author: skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Fri Mar 09 02:56:48 2018

Roll src/third_party/skia/ 4997e14c8..dc0b12ec7 (13 commits)

https://skia.googlesource.com/skia.git/+log/4997e14c80f1..dc0b12ec7a2d

$ git log 4997e14c8..dc0b12ec7 --date=short --no-merges --format='%ad %ae %s'
2018-03-08 weili Harden size check during textblob deserialization
2018-03-08 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 5164b797c..80964f97e (6 commits)
2018-03-08 reed Change behavior of custom image serial/deserial
2018-03-08 egdaniel Add ability to uninstantiate lazy proxies after every flush.
2018-03-08 brianosman Fill in some missing virtuals from canvas subclasses
2018-03-08 robertphillips Split GrDDL- & GrDirect- Contexts into their own files
2018-03-08 reed tighten check when we might overflow legacy shader math
2018-03-08 liyuqian Use clippedIR instead of clipBounds to filter coverage deltas
2018-03-06 benjaminwagner Upgrade IntelIris540 Win10 GPU driver, take 2.
2018-03-05 pirama Re-enable PGO for Skia
2018-03-08 robertphillips Fix preAbandonContext bot
2018-03-08 csmartdalton Revert "ccpr: Draw curves in a single pass"
2018-03-08 csmartdalton Revert "ccpr: Simplify triangle corners"

Created with:
  roll-dep src/third_party/skia
BUG= 809200 


The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
TBR=fmalita@chromium.org

Change-Id: I9eaaf639d3a8850ef6dec1c62a067569b8b49f74
Reviewed-on: https://chromium-review.googlesource.com/956612
Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#542007}
[modify] https://crrev.com/32423c4c8bd5ae91c942a170abee4047b601b30b/DEPS

ClusterFuzz has detected this issue as fixed in range 542006:542007.

Detailed report: https://clusterfuzz.com/testcase?key=6438641510121472

Fuzzer: libFuzzer_paint_op_buffer_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  paint_op_buffer_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=529162:529167
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=542006:542007

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6438641510121472

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6438641510121472 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.