Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

I think this should have been fixed by https://bugs.chromium.org/p/chromium/issues/detail?id=909950 as well?

The fix in the issue listed has been tested by clusterfuzz and the issue still exists. In fact, the regression range includes the fix to  issue 909950 , so it seems possible that the fix there may have introduced another issue.

Setting to Assigned as this still needs investigation.

ClusterFuzz testcase 6074180443045888 appears to be flaky, updating reproducibility label.

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

This is still reproducing, so this testcase is different variant.
[2018-12-03 08:09:26 UTC] clusterfuzz-linux-high-end-4wkj: Progression task started: r613015.
[2018-12-03 08:12:02 UTC] clusterfuzz-linux-high-end-4wkj: Progression task finished.

ClusterFuzz has detected this issue as fixed in range 615637:615652.

Detailed report: https://clusterfuzz.com/testcase?key=6074180443045888

Fuzzer: libFuzzer_hit_test_query_fuzzer
Fuzz target binary: hit_test_query_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  viz::HitTestQuery::GetTransformToTargetRecursively
  viz::HitTestQuery::TransformLocationForTarget
  hit_test_query_fuzzer.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=612295:612313
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=615637:615652

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6074180443045888

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6074180443045888 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9c9cda0c4b8411daa970e4b635a0dcec766054a8

commit 9c9cda0c4b8411daa970e4b635a0dcec766054a8
Author: Ria Jiang <riajiang@chromium.org>
Date: Wed Dec 12 16:03:23 2018

Fix integer overflow in hit_test_query_fuzzer.

HitTestQuery sometimes uses the negation of the position in rect,
making fuzzer min to be (min + 1) to avoid integer overflow after
negation.

Bug:  910592 
Test: hit_test_query_fuzzer
Change-Id: I78d1d15467d13d8cb65278dff85408fd22e73c3c
Reviewed-on: https://chromium-review.googlesource.com/c/1372920
Reviewed-by: Abhishek Arya <inferno@chromium.org>
Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Commit-Queue: Ria Jiang <riajiang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#615907}
[modify] https://crrev.com/9c9cda0c4b8411daa970e4b635a0dcec766054a8/components/viz/host/hit_test/hit_test_query_fuzzer.cc

ClusterFuzz has detected this issue as fixed in range 615637:615652.

Detailed report: https://clusterfuzz.com/testcase?key=6074180443045888

Fuzzer: libFuzzer_hit_test_query_fuzzer
Fuzz target binary: hit_test_query_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  viz::HitTestQuery::GetTransformToTargetRecursively
  viz::HitTestQuery::TransformLocationForTarget
  hit_test_query_fuzzer.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=612295:612313
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=615637:615652

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6074180443045888

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.