Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2a94373409feaf9794c2489ba9563fe67a8eabbd (Make <foreignObject> a stacking context.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

I can't reproduce this bug in debug mode.

Stephen can you please try ASAN?

ClusterFuzz has detected this issue as fixed in range 545306:545319.

Detailed report: https://clusterfuzz.com/testcase?key=5713781003649024

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  blink::LowestCommonAncestor<blink::EffectPaintPropertyNode>
  blink::PaintPropertyNode<blink::ClipPaintPropertyNode>::Changed
  blink::CompositedLayerRasterInvalidator::ChunkPropertiesChanged
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=544749:544762
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=545306:545319

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5713781003649024

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5713781003649024 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

I think it was fixed by https://chromium.googlesource.com/chromium/src/+/6306706a33abf1a7a299a288ace7fb8f6a479081.