Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Hmm, looks like there's a problem with maybe a hanging pointer to a LayoutObject in Node? There is a comment that "This untraced pointer to the owning Node is considered safe."

https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/layout/LayoutObject.h?l=2177

This comment was added by sigbjornf in https://codereview.chromium.org/869323003

Pinging it back to you nainar, could you PTAL and see if you think my theory could be correct?

Assigning to futhark@ since their CL was in the suspect range

This is most likely the anonymous table correction I landed (and reverted) yesterday.

ClusterFuzz has detected this issue as fixed in range 527016:527020.

Detailed report: https://clusterfuzz.com/testcase?key=5114990200881152

Fuzzer: marcin_towalski_cm
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x00000000000f
Crash State:
  blink::StyleEngine::NodeWillBeRemoved
  blink::ContainerNode::WillRemoveChild
  blink::ContainerNode::RemoveChild
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=526968:526970
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=527016:527020

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5114990200881152

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5114990200881152 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.