wangxianzhu @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance .

ClusterFuzz has detected this issue as fixed in range 419387:419391.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5618532698292224

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator-=
  blink::PaintLayer::updateLayerPosition
  blink::PaintLayer::updateLayerPositionsAfterScrollRecursive
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=397878:397901
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=419387:419391

Minimized Testcase (0.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tPlwYARfYXmiuMm721COEhp3vJe0SgPTU4RdHeM2jvbTUBiTLcYUkTLrhhRL3GE9bDKP2A8HzWcq7uaQx9i0ZXlDjUjKErOOWmJOasmNM6HzN1Kf-Lkyj8GpRmzQxVzpMAI6xnsRNMx7wrJ7ctP-JEhSVLw?testcase_id=5618532698292224

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot