Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/88151691ad1b7388b29400a8ecf84ecc82fefcd1 (Only allocate a PaintLayerStackingNode if actually needed.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

CL to fix: https://chromium-review.googlesource.com/c/chromium/src/+/1106962

 Issue 856879  has been merged into this issue.

 Issue 856910  has been merged into this issue.

 Issue 857270  has been merged into this issue.

 Issue 857264  has been merged into this issue.

[2018-06-28 07:49:44 UTC] clusterfuzz-linux-ct8v: Progression task started: r571041.
[2018-06-28 07:54:48 UTC] clusterfuzz-linux-ct8v: Progression task finished.

Fix didn't seem to work, please revert original fix or do another fix soon. this is regressing in numerous crashes.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/80c62d44940d34d9fe30462960f00cf15c436e36

commit 80c62d44940d34d9fe30462960f00cf15c436e36
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Thu Jun 28 22:32:46 2018

Dirty z-index data and mark for descendant-dependent update on PaintLayer removal.

Previously it only did so if the PaintLayer was stacked, but it is unclear why
that is important. It also misses some cases, such as the test in this CL, which
involves a PaintLayer move due to adjustment of continuations under a stacking
context inline.

Bug:857139

Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_slimming_paint_v2;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I03bda56e26f6adbabd2ca9492aced66c4c3483cb
Reviewed-on: https://chromium-review.googlesource.com/1117926
Reviewed-by: Tien-Ren Chen <trchen@chromium.org>
Commit-Queue: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#571304}
[add] https://crrev.com/80c62d44940d34d9fe30462960f00cf15c436e36/third_party/WebKit/LayoutTests/paint/stacking/layer-stacking-change-under-inline-expected.txt
[add] https://crrev.com/80c62d44940d34d9fe30462960f00cf15c436e36/third_party/WebKit/LayoutTests/paint/stacking/layer-stacking-change-under-inline.html
[modify] https://crrev.com/80c62d44940d34d9fe30462960f00cf15c436e36/third_party/blink/renderer/core/paint/paint_layer.cc

ClusterFuzz testcase 6129689735987200 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 571302:571304.

Detailed report: https://clusterfuzz.com/testcase?key=5135968219430912

Fuzzer: marty_html_twiddler
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x60f000016c68
Crash State:
  EnsureAncestorDependentCompositingInputs
  GetAncestorDependentCompositingInputs
  AncestorScrollingLayer
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=570443:570455
Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=571302:571304

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5135968219430912

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot