Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

[SPv175] Clear paint property tree node change flags after painting by wangxianzhu@chromium.org - https://chromium.googlesource.com/chromium/src/+/297ee9e2ac0fea6624373b0a17b7b78a4b08c033

[SPv175] Enable SlimmingPaintV175 for experimental by wangxianzhu@chromium.org - https://chromium.googlesource.com/chromium/src/+/bf54c05ccf13ff3b26a180f81186426bc56e4ccb

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

NUll read not P1. SPv1.75 related?

An under-invalidation of paint properties:

[1:1:0305/102528.028267:FATAL:FindPropertiesNeedingUpdate.h(214)] Check failed: *original_local_border_box_properties_->Clip() == *object_border_box.Clip(). Property was updated without the layout object ("LayoutSVGRoot svg") needing a paint property update.
Original:
FragmentClip (LayoutMultiColumnFlowThread (anonymous)) 0x1b5cdee59910 {"parent":"0x1b5cdee59010","localTransformSpace":"0x1b5cdeed88d0","rect":"144,8 1.00001e+06x999991"}
Updated:
FragmentClip (LayoutMultiColumnFlowThread (anonymous)) 0x1b5cdee58f10 {"parent":"0x1b5cdee59010","localTransformSpace":"0x1b5cdeed88d0","rect":"-999992,-999992 1.00001e+06x1e+06"}
#0 0x0000033a3c3c base::debug::StackTrace::StackTrace()
#1 0x0000033c2bbc logging::LogMessage::~LogMessage()
#2 0x000005a5fce7 blink::FindObjectPropertiesNeedingUpdateScope::~FindObjectPropertiesNeedingUpdateScope()
#3 0x000005a51ca4 blink::ObjectPaintPropertyTreeBuilder::UpdateForSelf()
#4 0x000005a4292b blink::PrePaintTreeWalk::WalkInternal()
#5 0x000005a41d42 blink::PrePaintTreeWalk::Walk()

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0fc08b4f2579220b719bcc435acc509e8d925d23

commit 0fc08b4f2579220b719bcc435acc509e8d925d23
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Sat Mar 10 06:25:43 2018

[PE] Update subtree paint properties on fragments change

When an object's fragments change, e.g.
- the object moved from one fragment to another fragment of the
  flow thread;
- the object resized and created more or less fragments
etc., we need to update paint properties of the subtree.

The new logic also covers the previous SetNeedsPaintPropertyUpdate
logic for multicols.

Bug:  817803 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: Ib641c1e5ef5af7d93b8fb8de70cdc9aae2382fc9
Reviewed-on: https://chromium-review.googlesource.com/953566
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542356}
[add] https://crrev.com/0fc08b4f2579220b719bcc435acc509e8d925d23/third_party/WebKit/LayoutTests/fast/multicol/svg-change-column-crash-expected.html
[add] https://crrev.com/0fc08b4f2579220b719bcc435acc509e8d925d23/third_party/WebKit/LayoutTests/fast/multicol/svg-change-column-crash.html
[modify] https://crrev.com/0fc08b4f2579220b719bcc435acc509e8d925d23/third_party/WebKit/Source/core/layout/LayoutObject.h
[modify] https://crrev.com/0fc08b4f2579220b719bcc435acc509e8d925d23/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp

ClusterFuzz has detected this issue as fixed in range 542344:542363.

Detailed report: https://clusterfuzz.com/testcase?key=5082332999188480

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  blink::AdjustPaintOffsetScope::AdjustPaintOffset
  blink::AdjustPaintOffsetScope::AdjustPaintOffsetScope
  blink::ReplacedPainter::Paint
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=537371:537402
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=542344:542363

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5082332999188480

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5082332999188480 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.