Suspected CLs:
=============
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 284 of file PaintLayerScrollableArea.cpp, which is stack frame 0.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 1324 of file PaintLayerScrollableArea.cpp, which is stack frame 1.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 363 of file PaintLayerScrollableArea.h, which is stack frame 2.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 906 of file ScrollingCoordinator.cpp, which is stack frame 3.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 172 of file ScrollingCoordinator.cpp, which is stack frame 4.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 2693 of file FrameView.cpp, which is stack frame 5.

Author: Blink Reformat
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1c8e1a7719e9d223cc84e838c9a31a0210f5878b
Time: Sat Oct 01 00:25:32 2016
The CL last changed line 85 of file PageAnimator.cpp, which is stack frame 6.

==================
Suspected Project: chromium
Suspected Component: Blink>Scroll
==================

From code search on the crashed file "PaintLayerScrollableArea.cpp" suspecting the below.
review url: https://codereview.chromium.org/1830333002
wkorman@ : Could you please take a look into this if its related to your change, else help us assigning to an appropriate dev person.

From discussion with ISE and Blink eng, over/underflow in Paint rects such as the resizer should not be harmful.

It is likely this part in cornerRect():

bounds.maxY() - verticalThickness - box.styleRef().borderBottomWidth(),

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 446721:447186.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5026591823626240

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::cornerRect
  blink::PaintLayerScrollableArea::resizerCornerRect
  touchResizerCornerRect
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=446721:447186

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95ME4GXsOLIKLgAU2B9Ka7qDZ-OvYuOmBWPxzVY0E8E-Bu_2NOcLtWcKl5OSWK75mO232dSSHeenqqGecWIVNLpgIJ2F47hpt7piLrqXZY4PgouKV41FNeouIXzbj79tMX5KxuCc1fiIZuXc8fLnPbbGPqmfA?testcase_id=5026591823626240


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.