Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/96e73b5e2b7a31a51a88456d2f507dd663e86975 (Fix bug in earlier patch (*) to account for non-PaintLayer painting roots.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

 Issue 777145  has been merged into this issue.

Testcase 5142403928555520 is a top crash on ClusterFuzz for windows platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/91c05c7d72f068122fdb347a359ee15f88c6273f

commit 91c05c7d72f068122fdb347a359ee15f88c6273f
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Thu Oct 26 23:49:47 2017

Set paint_offset_root for objects under an SVG hidden container.

Bug:  777253 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I7d6b29dcb4dc478048ce14ace2b839453a271c8c
Reviewed-on: https://chromium-review.googlesource.com/738865
Commit-Queue: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Tien-Ren Chen <trchen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512025}
[modify] https://crrev.com/91c05c7d72f068122fdb347a359ee15f88c6273f/third_party/WebKit/LayoutTests/FlagExpectations/enable-slimming-paint-v2
[add] https://crrev.com/91c05c7d72f068122fdb347a359ee15f88c6273f/third_party/WebKit/LayoutTests/svg/foreign-object-under-shadow-root-under-hidden-expected.txt
[add] https://crrev.com/91c05c7d72f068122fdb347a359ee15f88c6273f/third_party/WebKit/LayoutTests/svg/foreign-object-under-shadow-root-under-hidden.html
[modify] https://crrev.com/91c05c7d72f068122fdb347a359ee15f88c6273f/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp
[modify] https://crrev.com/91c05c7d72f068122fdb347a359ee15f88c6273f/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.h

ClusterFuzz testcase 5142403928555520 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 512000:512063.

Detailed report: https://clusterfuzz.com/testcase?key=4856224419151872

Fuzzer: inferno_twister
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x0000006f
Crash State:
  blink::PaintLayer::VisualOffsetFromAncestor
  blink::VisualOffsetFromPaintOffsetRoot
  blink::PaintPropertyTreeBuilder::UpdatePropertiesForChildren
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=509195:509255
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=512000:512063

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4856224419151872

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Re-opening to finish M63 merge.

 Issue 779054  has been merged into this issue.

This bug requires manual review: M63 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), gkihumba@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Before we approve merge to M63, please provide following details:

Is this M63 regression and critical to merge?
Is the change well baked/verified in Canary and safe to merge and having enough automation tests coverage?
Please provide any other details to justify the merge. Thank you.

Please note M63 is already promoted to Beta so merge bar is very high. Thank you.

[Bulk Edit]
URGENT - PTAL.
M63 Stable promotion is coming soon and your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP. Thank you.

Confirmed - this fix is baked and tested.

Approving merge to M63 branch 3239 based on comment #16. Please merge ASAP. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6af4638044523d4a2a905f88e1bb029a331cdf64

commit 6af4638044523d4a2a905f88e1bb029a331cdf64
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Tue Oct 31 19:23:07 2017

Set paint_offset_root for objects under an SVG hidden container.

TBR=chrishtr@chromium.org

(cherry picked from commit 91c05c7d72f068122fdb347a359ee15f88c6273f)

Bug:  777253 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I7d6b29dcb4dc478048ce14ace2b839453a271c8c
Reviewed-on: https://chromium-review.googlesource.com/738865
Commit-Queue: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Tien-Ren Chen <trchen@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#512025}
Reviewed-on: https://chromium-review.googlesource.com/747207
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239@{#322}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[add] https://crrev.com/6af4638044523d4a2a905f88e1bb029a331cdf64/third_party/WebKit/LayoutTests/svg/foreign-object-under-shadow-root-under-hidden-expected.txt
[add] https://crrev.com/6af4638044523d4a2a905f88e1bb029a331cdf64/third_party/WebKit/LayoutTests/svg/foreign-object-under-shadow-root-under-hidden.html
[modify] https://crrev.com/6af4638044523d4a2a905f88e1bb029a331cdf64/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp
[modify] https://crrev.com/6af4638044523d4a2a905f88e1bb029a331cdf64/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1b147f784943dda52c4bde724442a541ad167856

commit 1b147f784943dda52c4bde724442a541ad167856
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Tue Oct 31 22:22:29 2017

Fix build after commit 6af4638.

TBR=pdr

Bug:  777253 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: Ic4351adaf54b0b02a556f6d4bf97e5574753de41
Reviewed-on: https://chromium-review.googlesource.com/747877
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239@{#327}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/1b147f784943dda52c4bde724442a541ad167856/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp