Unable to find actual suspect through code search and also observing no possible suspect CL under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

+   99.55%     0.00%  net_http_securi  net_http_security_headers_hpkp_report_only_fuzzer  [.] main                                                         ▒
+   99.55%     0.00%  net_http_securi  libc-2.24.so                                       [.] __libc_start_main                                            ▒
+   99.55%     0.00%  net_http_securi  [kernel]                                           [k] 0xd9de258d4c544155                                           ▒
+   99.46%     0.00%  net_http_securi  net_http_security_headers_hpkp_report_only_fuzzer  [.] fuzzer::RunOneTest                                           ▒
+   99.34%     0.00%  net_http_securi  net_http_security_headers_hpkp_report_only_fuzzer  [.] LLVMFuzzerTestOneInput                                       ▒
+   99.34%     0.00%  net_http_securi  net_http_security_headers_hpkp_report_only_fuzzer  [.] fuzzer::Fuzzer::ExecuteCallback                              ▒
+   99.20%     0.00%  net_http_securi  libnet.so                                          [.] net::(anonymous namespace)::ParseHPKPHeaderImpl              ▒
+   99.20%     0.00%  net_http_securi  libnet.so                                          [.] net::ParseHPKPReportOnlyHeader                               ▒
+   98.19%     0.01%  net_http_securi  liburl.so                                          [.] GURL::GURL                                                   ▒
+   98.19%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoCanonicalize<char>             ▒
+   98.19%     0.00%  net_http_securi  liburl.so                                          [.] url::Canonicalize                                            ▒
+   98.19%     0.00%  net_http_securi  liburl.so                                          [.] GURL::InitCanonical<std::__1::basic_string<char, std::__1::ch▒
+   97.49%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoHostSubstring<char, unsigned ch▒
+   97.49%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoHost<char, unsigned char>      ▒
+   97.49%     0.00%  net_http_securi  liburl.so                                          [.] url::CanonicalizeHost                                        ▒
+   97.49%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoCanonicalizeFileURL<char, unsig▒
+   97.49%     0.00%  net_http_securi  liburl.so                                          [.] url::CanonicalizeFileURL                                     ▒
+   97.37%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoComplexHost                    ▒
+   96.51%     0.00%  net_http_securi  liburl.so                                          [.] url::(anonymous namespace)::DoIDNHost                        ▒
+   95.36%     0.00%  net_http_securi  liburl.so                                          [.] url::IDNToASCII                                              ▒
+   95.36%     0.00%  net_http_securi  libicuuc.so                                        [.] uidna_nameToASCII_60                                         ▒
+   95.35%     0.00%  net_http_securi  libicuuc.so                                        [.] icu_60::UTS46::nameToASCII                                   ▒
+   95.34%     0.00%  net_http_securi  libicuuc.so                                        [.] icu_60::UTS46::process                                       ▒
+   95.30%     0.08%  net_http_securi  libicuuc.so                                        [.] icu_60::UTS46::processUnicode                                ▒
+   93.38%     0.17%  net_http_securi  libicuuc.so                                        [.] icu_60::UTS46::mapDevChars                                   ▒
+   54.94%     0.00%  net_http_securi  libicuuc.so                                        [.] icu_60::UnicodeString::getBuffer                             ▒
+   54.90%     0.01%  net_http_securi  libicuuc.so                                        [.] icu_60::UnicodeString::cloneArrayIfNeeded    

http://bugs.icu-project.org/trac/ticket/13727

De-duping this from  bug 811960  for now (I also thought that this is a dupe and was making this a dupe but forgot to submit the change).  

This one is ASCII->Unicode (ACE encoded IDN to Unicode) while  bug 811960  is Unicode to ACE-encoded form. 

The fix could be the same, though. Namely, limiting the length of a label to 63 and the length of an FQDN to 253.  

Sorry I mixed up this bug with  bug 834838 . 

Hmm... this one has a file url with a remote host... Anyway, it has an IDN in Unicode. 

ClusterFuzz has detected this issue as fixed in range 559994:560052.

Detailed report: https://clusterfuzz.com/testcase?key=4896678231146496

Fuzzer: libFuzzer_net_http_security_headers_hpkp_report_only_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  net_http_security_headers_hpkp_report_only_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=523256:523289
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=559994:560052

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4896678231146496

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.