Null read in our old friend. Not sure if this is expected to be fixed by now.

Another case of null mask property:

[1:1:0305/101735.591153:FATAL:PaintLayerPainter.cpp(1085)] Check failed: properties && properties->Mask(). 
#0 0x0000033a3c3c base::debug::StackTrace::StackTrace()
#1 0x0000033c2bbc logging::LogMessage::~LogMessage()
#2 0x000005a26f55 blink::PaintLayerPainter::PaintFragmentWithPhase()
#3 0x000005a25f6c blink::PaintLayerPainter::PaintMaskForFragments()
#4 0x000005a22c98 blink::PaintLayerPainter::PaintLayerContents()
#5 0x000005a21c61 blink::PaintLayerPainter::PaintLayerContentsCompositingAllPhases()
#6 0x000005a2152c blink::PaintLayerPainter::Paint()
#7 0x000005a24a86 blink::PaintLayerPainter::PaintChildren()
#8 0x000005a22b92 blink::PaintLayerPainter::PaintLayerContents()
#9 0x000005a21c61 blink::PaintLayerPainter::PaintLayerContentsCompositingAllPhases()
#10 0x000005a2152c blink::PaintLayerPainter::Paint()
#11 0x000005a24a86 blink::PaintLayerPainter::PaintChildren()

 Issue 817660  has been merged into this issue.

 Issue 817735  has been merged into this issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1757b1191e9bd46f3f739cb08ab16ffdedd41db1

commit 1757b1191e9bd46f3f739cb08ab16ffdedd41db1
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Tue Mar 06 23:15:27 2018

[SPv175] Allocate mask for SVG root if SVG mask is not present.

Bug:  817800 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: Ied1f28e727320ed100851fc2aef06dfbdd07798a
Reviewed-on: https://chromium-review.googlesource.com/951714
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Commit-Queue: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541232}
[add] https://crrev.com/1757b1191e9bd46f3f739cb08ab16ffdedd41db1/third_party/WebKit/LayoutTests/svg/masking/css-mask-of-root-expected.html
[add] https://crrev.com/1757b1191e9bd46f3f739cb08ab16ffdedd41db1/third_party/WebKit/LayoutTests/svg/masking/css-mask-of-root.html
[modify] https://crrev.com/1757b1191e9bd46f3f739cb08ab16ffdedd41db1/third_party/WebKit/Source/core/paint/CSSMaskPainter.cpp
[modify] https://crrev.com/1757b1191e9bd46f3f739cb08ab16ffdedd41db1/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilderTest.cpp

ClusterFuzz has detected this issue as fixed in range 541219:541246.

Detailed report: https://clusterfuzz.com/testcase?key=6197530384400384

Fuzzer: ochang_domfuzzer
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  blink::LowestCommonAncestor
  blink::PaintChunksToCcLayer::ConvertInto
  blink::PaintChunksToCcLayer::Convert
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=539828:539848
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=541219:541246

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6197530384400384

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6197530384400384 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.