Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

mmoroz@, can you see if this change (https://chromium.googlesource.com/chromium/src/+/6d7b69ac40b01d87e8499cb8232631c69bd3269a) is related?

Thank you!

My change enabled new instrumentation which is somewhat slower than the old one, but more efficient for fuzzing / finding more bugs.

Fair enough. I have adjusted a couple of the limits. Please pick up commit 4c916c9.

Ping, mmoroz! :)

Ping, mmoroz? :(

Oh, mmoroz isn't on the Cc: list. *facepalm*

Please pick up commit 4c916c9. Thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/954d5873fec13531fcd8cec3fb124ca26f9ebf42

commit 954d5873fec13531fcd8cec3fb124ca26f9ebf42
Author: Max Moroz <mmoroz@chromium.org>
Date: Tue Sep 11 17:08:46 2018

Roll src/third_party/re2/src/ 5185d8526..4c916c947 (53 commits)

https://chromium.googlesource.com/external/github.com/google/re2.git/+log/5185d85264d2..4c916c947ab7

$ git log 5185d8526..4c916c947 --date=short --no-merges --format='%ad %ae %s'
2018-09-03 junyer Adjust a couple of the limits for fuzzing.
2018-08-30 junyer Keep the assert(3) call at the top of the function.
2018-08-30 junyer Check before matching in order to avoid wasting time.
2018-08-30 junyer That didn't fix the error. Trying something else.
2018-08-30 junyer Address MSVC error and warnings. Sigh.
2018-08-30 junyer Add PODArray<> and make BitState use it.
2018-08-28 dsturtevant Move some function documentation closer to the documented functions.
2018-08-25 junyer Tweak a couple of comments.
2018-08-16 lietar Remove NULL case from search_test.
2018-07-11 junyer Fix the "DFA out of memory" error for the reverse Prog.
2018-06-23 keller.e.ben Include operator<<() for StringPiece in libre2.so
2018-06-17 junyer Update Unicode data to 11.0.0.
2018-05-16 junyer Address `-Wclass-memaccess' warnings from GCC 8.x.
2018-05-14 junyer MSVC still needs the pragma in util/logging.h. Sigh.
2018-05-14 junyer Add GCC 8.x to the Travis CI matrix.
2018-05-14 junyer Tweak the FALLTHROUGH_INTENDED macro. Add the ATTRIBUTE_NORETURN macro.
2018-05-05 junyer Use the standard first-byte analysis for the DFA too.
2018-04-23 junyer Add more support for empty prefilter_vec_ to PrefilterTree.
2018-03-15 junyer Note more languages' package sites.
2018-03-06 junyer Try to suppress warnings with FALLTHROUGH_INTENDED.
2018-03-06 junyer We need ubuntu-toolchain-r-test again?
2018-03-06 junyer travis-ci/apt-source-whitelist is no longer updated.
2018-03-06 junyer Add Clang 6.0 to the Travis CI matrix.
2018-03-04 junyer Kludge around System Integrity Protection on Darwin.
2018-02-22 junyer Oops, not in DeBruijnString() though.
2018-02-22 junyer Use ASSERT* macros instead of CHECK* macros in tests.
2018-02-18 junyer Configure CI using Bazel on macOS and on Windows.
2018-02-18 sayrer Omit -pthread option on Darwin
2018-02-18 junyer Try to make windows-cmake.bat more readable.
2018-02-18 junyer regexp_benchmark doesn't need linkopts.
2018-02-15 ckennelly Use sized deallocation for RE2's DFA.
2018-02-13 junyer Don't #include <sys/resource.h> anymore.
2018-02-08 junyer Stop using StringPiece::ToString().
2018-02-06 junyer Fix some formatting inconsistencies.
2018-01-28 hansenr Add a std::nullptr_t ctor overload to RE2::Arg.
2018-01-11 junyer Tweak the BUILD file formatting.
2018-01-10 loorongjie [Bazel] Do not set -pthread etc. on Windows
2017-12-19 junyer Just /source-charset:utf-8 didn't work. Try /utf-8.
2017-12-19 junyer Specify the source character set for MSVC.
2017-12-13 junyer Try to appease MSVC another way. Sigh.
2017-12-13 junyer Address a couple of MSVC warnings.
2017-12-13 junyer Fix a silly off-by-one error.
2017-12-13 junyer Require Visual Studio 2015 or later.
2017-12-13 junyer Try specifying Visual Studio 14 2015 instead.
2017-12-13 junyer Make CTest extra verbose temporarily.
2017-12-13 junyer Make Regexp::FactorAlternation() not recursive.
2017-12-11 junyer Tweak factoring code and comments for consistency.
2017-12-11 junyer Split Regexp::FactorAlternationRecursive() into rounds.
2017-12-11 junyer Fix the Regexp::FactorAlternation*() argument names.
2017-12-08 junyer Retire Regexp::FactorAlternationRecursive() round 4.
2017-12-07 junyer Write size_t{4} for brevity.
2017-12-07 junyer Adjust the comment to be about GCC 6.x (for x >= 1).
2017-12-06 junyer Test past kFactorAlternationMaxDepth (8).

Created with:
  roll-dep src/third_party/re2/src

Bug:  874727 
Change-Id: I33fdf09b753e80e0d375c62344a1150595e523f9
Reviewed-on: https://chromium-review.googlesource.com/1219232
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#590361}
[modify] https://crrev.com/954d5873fec13531fcd8cec3fb124ca26f9ebf42/DEPS

ClusterFuzz has detected this issue as fixed in range 590353:590361.

Detailed report: https://clusterfuzz.com/testcase?key=5049870424211456

Fuzzer: libFuzzer_third_party_re2_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  third_party_re2_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=583285:583294
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=590353:590361

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5049870424211456

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5049870424211456 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.