Assigning to the concern owner from find it results --
The result is a list of CLs that change the crashed files. 

Author: Brian Osman
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/61624f0c716b576706659750d87b6956f4c15722
Time: Fri Dec 09 14:51:59 2016 -0500
Files SkBitmapDevice.cpp, SkDevice.cpp are changed in this cl (and is part of stack frame #4, "SkBitmapDevice::drawPosText")
Minimum distance from crash line to modified line: 48. (file: SkBitmapDevice.cpp, crashed on: 373, modified: 421).

@fmalita -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

This is a result of trying to place subpixel positioned glyphs at infinity. At some point we try to discover what the subpixel position of the glyph is and cast that to an integer, but in this case that subpixel position turned out to be NaN. While this is technically undefined behavior, it turns out that the effect is that glyphs at infinity won't be subpixel positioned correctly.

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/49e59b2df4065d856e4e03d433f2facd2a5548ca

commit 49e59b2df4065d856e4e03d433f2facd2a5548ca
Author: Herb Derby <herb@google.com>
Date: Wed Dec 21 22:00:06 2016

Protect glyph sub-pixel placement against NaN and Inf.

BUG= chromium:675106 

Change-Id: I3f8f2575ca3d1b02615be00d66cf7a123407c5a3
Reviewed-on: https://skia-review.googlesource.com/6404
Reviewed-by: Ben Wagner <bungeman@google.com>
Commit-Queue: Herb Derby <herb@google.com>

[modify] https://crrev.com/49e59b2df4065d856e4e03d433f2facd2a5548ca/src/core/SkFindAndPlaceGlyph.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/24028a99d56f975c34697022bb311de6812e8544

commit 24028a99d56f975c34697022bb311de6812e8544
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Thu Dec 22 00:05:03 2016

Roll src/third_party/skia/ 0857527e8..99c9796dd (4 commits).

https://skia.googlesource.com/skia.git/+log/0857527e8676..99c9796dde4c

$ git log 0857527e8..99c9796dd --date=short --no-merges --format='%ad %ae %s'
2016-12-21 rmistry Revert "Revert "Fix issue in SkDebugCanvas where filter canvas prevents GrOp bounds from drawing""
2016-12-21 rmistry Revert "Fix issue in SkDebugCanvas where filter canvas prevents GrOp bounds from drawing"
2016-12-21 herb Protect glyph sub-pixel placement against NaN and Inf.
2016-12-21 bsalomon Fix issue in SkDebugCanvas where filter canvas prevents GrOp bounds from drawing

BUG= 675106 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=rmistry@google.com

Review-Url: https://codereview.chromium.org/2593223002
Cr-Commit-Position: refs/heads/master@{#440271}

[modify] https://crrev.com/24028a99d56f975c34697022bb311de6812e8544/DEPS

ClusterFuzz has detected this issue as fixed in range 440242:440280.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5036377780781056

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  SubpixelAlignment
  SkFindAndPlaceGlyph::GlyphFindAndPlaceSubpixel<DrawOneGlyph&,
  void SkFindAndPlaceGlyph::ProcessPosText<DrawOneGlyph&>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280

Minimized Testcase (0.22 Kb): https://cluster-fuzz.appspot.com/download/AMIfv944k-iw2LUcoaLN2xmaiR7gyFU5Uw7yqq-Q4txz5vNm8pRJt5SUnAzd-h6-3sc9Y0L4zoXUB_DcPiLVBuEpShoCAeBvMdmvGeB7mYxPiF-IV2wIC8wpRz5NwG8_MUhHuIRL8RM9dQHCojLvx24uvtiPbkDSEQ?testcase_id=5036377780781056

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5036377780781056 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.