Let's start with a features of UBSAN so we don't annoy people with too many reports/false positives.

We can start with these flags we have already been using:
alignment, and shift.

And add some ones important for security from Chromium/OSS-Fuzz:
function,vla-bounds,array-bounds.

Once we see these work well we can add a few at a time (I think signed and unsigned overflow and/or divide by zero can be next).

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chromeos/manifest-internal/+/2246da1ff72c235af155ba4021179ebbbea097a3

commit 2246da1ff72c235af155ba4021179ebbbea097a3
Author: Manoj Gupta <manojgupta@google.com>
Date: Tue Aug 21 19:58:02 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/chromite/+/0977968c04adad3effb628f1be1bafdf3d39fa00

commit 0977968c04adad3effb628f1be1bafdf3d39fa00
Author: Manoj Gupta <manojgupta@google.com>
Date: Tue Aug 21 20:12:03 2018

chromeos_config: Add amd64-generic-ubsan-fuzzer builder.

We want to start testing ubsan fuzzing in Chrome OS in addition
to asan based fuzzing testing we have right now.

BUG= chromium:876366 
TEST=chromite unit tests pass

Change-Id: I7b74a936ece2327217a72419755317869bd63c14
Reviewed-on: https://chromium-review.googlesource.com/1183974
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>

[modify] https://crrev.com/0977968c04adad3effb628f1be1bafdf3d39fa00/config/chromeos_config.py
[modify] https://crrev.com/0977968c04adad3effb628f1be1bafdf3d39fa00/config/waterfall_layout_dump.txt
[modify] https://crrev.com/0977968c04adad3effb628f1be1bafdf3d39fa00/config/config_dump.json
[modify] https://crrev.com/0977968c04adad3effb628f1be1bafdf3d39fa00/config/luci-scheduler.cfg

GS path for ubsan fuzzing builder artifacts: "gs://chromeos-fuzzing-artifacts/libfuzzer-ubsan"

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/382e0e5971bbc9c02595bbeb5be7024ee0546dad

commit 382e0e5971bbc9c02595bbeb5be7024ee0546dad
Author: Manoj Gupta <manojgupta@google.com>
Date: Wed Aug 22 06:32:49 2018

cros-sanitizers: Update ubsan flags.

Update ubsan flags to match ubsan-fuzzer profile flags.

BUG= chromium:876366 
TEST=./build_packages for amd64-generic works with profile=ubsan

Change-Id: I604a48305bd66446ed443e41aac402100b0d603b
Reviewed-on: https://chromium-review.googlesource.com/1184104
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Trybot-Ready: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/382e0e5971bbc9c02595bbeb5be7024ee0546dad/eclass/cros-sanitizers.eclass

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/9a7ede7be9644a903122f93fec11f59c60251547

commit 9a7ede7be9644a903122f93fec11f59c60251547
Author: Manoj Gupta <manojgupta@google.com>
Date: Wed Aug 22 07:16:24 2018

amd64-generic: Add ubsan-fuzzer profile.

This is to start testing ubsan based fuzzer builds on Clusterfuzz.

BUG= chromium:876366 
TEST=./setup_board --board=amd64-generic --profile=ubsan-fuzzer works.

Change-Id: I0a9a38eb57f3a01220d5a339563d17bad4df6e69
Reviewed-on: https://chromium-review.googlesource.com/1183970
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Trybot-Ready: Manoj Gupta <manojgupta@chromium.org>

[add] https://crrev.com/9a7ede7be9644a903122f93fec11f59c60251547/overlay-amd64-generic/profiles/ubsan-fuzzer/package.use
[add] https://crrev.com/9a7ede7be9644a903122f93fec11f59c60251547/overlay-amd64-generic/profiles/ubsan-fuzzer/parent
[add] https://crrev.com/9a7ede7be9644a903122f93fec11f59c60251547/overlay-amd64-generic/profiles/ubsan-fuzzer/make.defaults

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/clusterfuzz/+/bf7d28e5d69a77b8cef7465371da746f0e243999

commit bf7d28e5d69a77b8cef7465371da746f0e243999
Author: Jonathan Metzman <metzman@chromium.org>
Date: Thu Aug 23 14:55:27 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/44054caec42dd071040b08026e3521b67e4eb510

commit 44054caec42dd071040b08026e3521b67e4eb510
Author: Manoj Gupta <manojgupta@google.com>
Date: Sat Aug 25 14:51:50 2018

Uprev bsdiff and puffin to use latest platform2 repo.

We need to use the latest platform2 repo for enabling
ubsan on puffin and bsdiff. Otherwise, puffin and bsdiff
end up mixing both asan and ubsan when fuzzing.

Also remove the TODO in platform eclass and pass
"--platform_subdir" argument unconditionally.

BUG=chromium:876465
BUG= chromium:876366 

TEST=bsdiff and puffin build.
TEST=pre-cq passes.

Change-Id: I34f8f15da275c97f3fbaeb4f721536b7428c9388
Reviewed-on: https://chromium-review.googlesource.com/1187323
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Keigo Oka <oka@chromium.org>

[rename] https://crrev.com/44054caec42dd071040b08026e3521b67e4eb510/dev-util/puffin/puffin-1.0.0-r423.ebuild
[rename] https://crrev.com/44054caec42dd071040b08026e3521b67e4eb510/dev-util/bsdiff/bsdiff-4.3.1-r16.ebuild
[modify] https://crrev.com/44054caec42dd071040b08026e3521b67e4eb510/eclass/platform.eclass

ubsan fuzzing builder is up and running.
https://cros-goldeneye.corp.google.com/chromeos/legoland/builderHistory?buildConfig=amd64-generic-ubsan-fuzzer&buildBranch=master