Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

DevTools: ignore hash in url when searching for associated uiSourceCode by luoe@chromium.org - https://chromium.googlesource.com/chromium/src/+/3b46beb71bae6552e11b09ccba1b0b61ed9709e6

DevTools: deflake interception auth tests by caseq@chromium.org - https://chromium.googlesource.com/chromium/src/+/b387ae77db90142d2bddf9c1aa45cd258e4a6689

Add Lohit Gumurkhi, Garuda to the list of GCS synced linux fonts by drott@chromium.org - https://chromium.googlesource.com/chromium/src/+/79e55b710feeee1d464b50d5ddabb70901cbdff8

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

I do not see the connection between this crash and the DevTools changes.  The Testcase in the description is testing the CSS Paint Worklet, and logs show `Uncaught ReferenceError: registerPaint is not defined`.

Speculatively adding Blink>Paint

Yes, this looks like paint to me. The stack trace I see at head is a little different to the one in the clusterfuzz (included below). Also there is a odd stuff happening with "registerPaint is not defined" but if I try log it from console.log it is defined. Removing DOM from the component list, feel free to add back if this is a really a DOM issue.

#9 0x0000f728583e logging::LogMessage::~LogMessage()
#10 0x0000e60b1402 blink::LocalFrameView::UpdateLifecyclePhasesInternal()
#11 0x0000e60b126a blink::LocalFrameView::UpdateAllLifecyclePhases()
#12 0x0000e6ce1c45 blink::PageAnimator::UpdateAllLifecyclePhases()
#13 0x0000e6ce9b83 blink::PageWidgetDelegate::UpdateLifecycle()
#14 0x0000e5f2c720 blink::WebViewImpl::UpdateLifecycle()
#15 0x0000e618e2cc blink::WebViewFrameWidget::UpdateLifecycle()
#16 0x0000e5ef2433 blink::WebWidget::UpdateAllLifecyclePhases()
#17 0x00000935ee67 content::BlinkTestRunner::TestFinished()
#18 0x00000935fdef content::BlinkTestRunner::TestFinished()
#19 0x0000e068c647 test_runner::TestRunner::NotifyDone()
#20 0x0000e0687f24 test_runner::TestRunnerBindings::NotifyDone()
#21 0x0000e05f477a _ZN4base8internal13FunctorTraitsIMN11test_runner31AccessibilityControllerBindingsEFvvEvE6InvokeIS5_PS3_JEEEvT_OT0_DpOT1_
#22 0x0000e05f46e4 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN11test_runner31AccessibilityControllerBindingsEFvvEJPS5_EEEvOT_DpOT0_
#23 0x0000e06a3111 _ZN4base8internal7InvokerINS0_9BindStateIMN11test_runner18TestRunnerBindingsEFvvEJEEEFvPS4_EE7RunImplIRKS6_RKNSt3__15tupleIJEEEJEEEvOT_OT0_NSE_16integer_sequenceIjJXspT1_EEEEOS8_
#24 0x0000e06a3058 _ZN4base8internal7InvokerINS0_9BindStateIMN11test_runner18TestRunnerBindingsEFvvEJEEEFvPS4_EE3RunEPNS0_13BindStateBaseES8_
#25 0x0000e05f43c7 _ZNKR4base17RepeatingCallbackIFvPN11test_runner31AccessibilityControllerBindingsEEE3RunES3_
#26 0x0000e05f3dc4 _ZN3gin8internal7InvokerINSt3__116integer_sequenceIjJLj0EEEEJPN11test_runner31AccessibilityControllerBindingsEEE18DispatchToCallbackEN4base17RepeatingCallbackIFvS7_EEE
#27 0x0000e06a2e75 gin::internal::Dispatcher<>::DispatchToCallback()
#28 0x0000e8ccbc53 v8::internal::FunctionCallbackArguments::Call()
#29 0x0000e8cca2a6 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#30 0x0000e8cc8292 v8::internal::Builtin_Impl_HandleApiCall()
#31 0x0000e8cc7c62 v8::internal::Builtin_HandleApiCall()
#32 0x00003c8f482a <unknown>
#33 0x00005d799580 <unknown>
#34 0x00005d78b65d <unknown>
#35 0x00003c8bbd07 <unknown>
#36 0x00005d7c6b6d <unknown>
#37 0x00005d786091 <unknown>
#38 0x0000e90f81cb v8::internal::(anonymous namespace)::Invoke()
#39 0x0000e90f7ca5 v8::internal::(anonymous namespace)::CallInternal()
#40 0x0000e90f8b79 v8::internal::Execution::TryCall()
#41 0x0000e90f8e59 v8::internal::Execution::RunMicrotasks()
#42 0x0000e928e035 v8::internal::Isolate::RunMicrotasks()
#43 0x0000e8c16643 v8::MicrotasksScope::PerformCheckpoint()
#44 0x0000e8c16582 v8::MicrotasksScope::~MicrotasksScope()
#45 0x0000e52ce49b blink::V8ScriptRunner::CallFunction()
#46 0x0000e1bfb664 blink::CSSPaintDefinition::Paint()
#47 0x0000e1c08698 blink::PaintWorklet::Paint()
#48 0x0000e1c036b1 blink::CSSPaintImageGeneratorImpl::Paint()
#49 0x0000e563c592 blink::CSSPaintValue::GetImage()
#50 0x0000e56226b2 blink::CSSImageGeneratorValue::GetImage()
#51 0x0000e6fb66d0 blink::StyleGeneratedImage::GetImage()
#52 0x0000e6d6a43e blink::BoxPainterBase::PaintFillLayer()
#53 0x0000e6d69f53 blink::BoxPainterBase::PaintFillLayers()
#54 0x0000e6d68e9f blink::BoxPainter::PaintBackground()
#55 0x0000e6d6893d blink::BoxPainter::PaintBoxDecorationBackgroundWithRect()
#56 0x0000e6d68224 blink::BoxPainter::PaintBoxDecorationBackground()
#57 0x0000e6803c24 blink::LayoutBox::PaintBoxDecorationBackground()
#58 0x0000e6d4c4b1 blink::BlockPainter::PaintObject()
#59 0x0000e6790104 blink::LayoutBlock::PaintObject()
#60 0x0000e6d4b3e3 blink::BlockPainter::Paint()
#61 0x0000e6790024 blink::LayoutBlock::Paint()

xidachen@, does this fall on you? Otherwise re-assign.

Looks very similar to  crbug.com/834856 , which cannot be consistently reproduced. I will investigate...

ClusterFuzz has detected this issue as fixed in range 579369:579370.

Detailed report: https://clusterfuzz.com/testcase?key=5353635199057920

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Lifecycle().StateAllowsTreeMutations() in document.cc
  blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets
  blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=527199:527221
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=579369:579370

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5353635199057920

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5353635199057920 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.