Predator results and CL did not provide any possible suspects.
Using Code Search for the file, "hpack_varint_decoder.h" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/42b7f65ea5be8b531efdadea4a5b07ac40e7ebea

@bnc -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Note:  issue #691244  might be the same

Able to reproduce locally:

../../net/http2/hpack/decoder/hpack_varint_decoder.h:98:31: runtime error: left shift of 80 by 28 places cannot be represented in type 'int'
#0 0xcf6ce1 in net::HpackVarintDecoder::Resume(net::DecodeBuffer*) net/http2/hpack/decoder/hpack_varint_decoder.h:98:31
#1 0xcec26d in net::HpackEntryDecoder::Start(net::DecodeBuffer*, net::HpackEntryDecoderListener*) net/http2/hpack/decoder/hpack_entry_decoder.h:63:47
#2 0xcec080 in net::HpackBlockDecoder::Decode(net::DecodeBuffer*) net/http2/hpack/decoder/hpack_block_decoder.cc:36:42
#3 0xcfc2a3 in net::Http2HpackDecoder::DecodeFragment(net::DecodeBuffer*) net/http2/hpack/decoder/http2_hpack_decoder.cc:71:40
#4 0xc69829 in net::HpackDecoder3::HandleControlFrameHeadersData(char const*, unsigned long) net/spdy/hpack/hpack_decoder3.cc:65:30
#5 0xa2bf63 in net::SpdyFramer::ProcessControlFrameHeaderBlock(char const*, unsigned long) net/spdy/spdy_framer.cc:1192:27
#6 0xa216eb in net::SpdyFramer::ProcessInput(char const*, unsigned long) net/spdy/spdy_framer.cc:481:26
#7 0xa9031f in net::SpdySession::DoReadComplete(int) net/spdy/spdy_session.cc:1897:32
#8 0xa8e712 in net::SpdySession::DoReadLoop(net::SpdySession::ReadState, int) net/spdy/spdy_session.cc:1828:18
#9 0xa78f03 in net::SpdySession::PumpReadLoop(net::SpdySession::ReadState, int) net/spdy/spdy_session.cc:1803:17
#10 0x64faf6 in base::internal::RunMixin<base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0> >::Run() && base/callback.h:68:12
#11 0x64f835 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:59:33
#12 0x5d7342 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:423:19
#13 0x5d820d in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) base/message_loop/message_loop.cc:434:5
#14 0x5d9124 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:527:13
#15 0x5e86cb in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_libevent.cc:218:31
#16 0x5d69e8 in base::MessageLoop::RunHandler() base/message_loop/message_loop.cc:387:10
#17 0x5f167d in base::RunLoop::Run() base/run_loop.cc:37:10
#18 0x503238 in LLVMFuzzerTestOneInput net/spdy/spdy_session_fuzzer.cc:85:12
#19 0x532824 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:550:13
#20 0x532a61 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:501:3
#21 0x51f9c8 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:268:6
#22 0x520ddc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:517:9
#23 0x535abe in main third_party/libFuzzer/src/FuzzerMain.cpp:20:10
#24 0x7f3708d3af44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
#25 0x4e6b04 in _start (/usr/local/ssd/chromium/src/out/clusterfuzz_builds/net_spdy_session_fuzzer+0x4e6b04)

ClusterFuzz has detected this issue as fixed in range 465234:465256.

Detailed report: https://clusterfuzz.com/testcase?key=6446130763399168

Fuzzer: libfuzzer_net_spdy_session_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  net::HpackVarintDecoder::Resume
  net::HpackEntryDecoder::Start
  net::HpackBlockDecoder::Decode
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=449628:449664
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=465234:465256

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97R7bXDRngPDhf3dApS3f8_yFMNGVKG8s9HqrnNi6L0h4yYLA5bdVHp8QkSUEE7iHXEyTfzz_mnRsWQrHOkIaPaM5qVdOdrQseGzNNHfS8MgoWyrd0VIaKPuNfkxJnTHdlIL53Zbxxw6wpR2USyxxMgLDCehfRRYN21vmvGMY7Koel6KFI2JvDXhkwj8Cu40MHJx4ktDbCzgoLhYTrnRr10KP5Zi4qOUtwfNVdBqVxLIx2brOe_6I-npdYGHBNWsVebBku_T7_WrRE5qLPg8--6KLdztzL7G5HjYa9IfRndvYOwalUMfoAhJ7wtBtoEPficJbqugMMdNRN0Lr9ODaW3YcB5AEeGrira_5TD2SWqTiuawKX4SzlqOFDUPSElRZ-a8OTcJqmv1OFyO6W3lmcgRZ-MRw?testcase_id=6446130763399168


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6446130763399168 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.