Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/8c76d1277b168775e75f53c06c7b9bde185fe276 (Correct OverflowClipRect() for root scroller).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a test only crash; the underinvalidation code is not used in production.

Lowering the priority and assigning to someone who can look into it.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bfa2cfa0ade7ca077922829fa918a62be0ddfefe

commit bfa2cfa0ade7ca077922829fa918a62be0ddfefe
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Wed Oct 10 20:36:02 2018

[PE] Fix invalidation of fixed-attachment background painted on scrolling contents layer

Previously, we assumed fixed-attachment background is painted on the
content layer, but sometimes it's not the case, see
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/paint/paint_layer.cc?rcl=735a049d6da509e20af4999f43fe822432d6fcb5&l=2770

Now on change of the positioning area (i.e. the viewport and overflow
clip rect) of fixed-attachment background, call
SetBackgroundChnagedSinceLastPaintInvalidtion() in addition to
SetShouldDoFullPaintInvalidation(). The former can trigger correct
invalidation of background regardless of on which layer the background
will be painted. For now we still need the latter to mark the object
needing paint invalidation checking. Will clean up this in follow-up.

Bug:  870638 
Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_slimming_paint_v2;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3a5d013c78fda70df4a628a41098af92be1513a4
Reviewed-on: https://chromium-review.googlesource.com/c/1271098
Reviewed-by: Philip Rogers <pdr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#598485}
[rename] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/flag-specific/enable-slimming-paint-v2/paint/invalidation/window-resize/window-resize-background-image-fixed-generated-expected.txt
[add] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/flag-specific/enable-slimming-paint-v2/paint/invalidation/window-resize/window-resize-background-image-fixed-scrolling-contents-expected.txt
[rename] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-generated-expected.html
[rename] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-generated-expected.txt
[rename] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-generated.html
[add] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-scrolling-contents-expected.html
[add] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-scrolling-contents-expected.txt
[add] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/WebKit/LayoutTests/paint/invalidation/window-resize/window-resize-background-image-fixed-scrolling-contents.html
[modify] https://crrev.com/bfa2cfa0ade7ca077922829fa918a62be0ddfefe/third_party/blink/renderer/core/layout/layout_view.cc

ClusterFuzz has detected this issue as fixed in range 598478:598485.

Detailed report: https://clusterfuzz.com/testcase?key=4828314469138432

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false in paint_controller.cc
  blink::PaintController::CheckUnderInvalidation
  blink::PaintController::ProcessNewItem
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=553672:553683
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=598478:598485

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4828314469138432

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4828314469138432 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.