Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/02a0bc1278a5f419764a82b8df7b1f5b181d1cbf (Simplify plumbing pointer-events:none for a remote frame's surface layer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The bad news is:
this already crashes (even without my patch)

The worse news is:
fixing this might be complicated

The short version is this:
- we create the RenderFrameProxy and add it to the routing map *before* blink::RemoteFrame inside blink::WebRemoteFrame is initialized.
- but content::RenderFrameProxy *also* assumes that once it is routable, the blink::RemoteFrame is initialized
- blink::RemoteFrame isn't initialized until the frame it's replacing swaps out
- in certain situations, we'll pump messages while unloading a local frame when swapping it out.
- so we get random IPC messages for RenderFrameProxy but we're not ready

One way would be to simply ignore these IPCs and no-op, but it's not clear that that's actually OK: it's updating compositing state, and simply ignoring some of those is probably a bad idea.

Another alternative would be to buffer the ipcs until they can be correctly dispatched later... unclear if this is OK, since maybe there might be ordering requirements.

More complicated alternatives:
- make it possible to initialize the core frame before the proxy is in the frame tree. unclear if this is ok, since it may have undesirable side effects
- don't create the replacement content::RenderFrameProxy/blink::WebRemoteFrame/blink::RemoteFrame until all JS execution is done.

Neither sounds great. But 

 Issue 887836  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 595859:595864.

Detailed report: https://clusterfuzz.com/testcase?key=5776602712244224

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000488
Crash State:
  blink::RemoteFrame::SetCcLayer
  content::RenderFrameProxy::SetLayer
  content::ChildFrameCompositingHelper::SetPrimarySurfaceId
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=592282:592286
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=595859:595864

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5776602712244224

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5776602712244224 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Issue 891724 has been merged into this issue.

Issue 891862 has been merged into this issue.

 Issue 899648  has been merged into this issue.

Issue 906805 has been merged into this issue.

Issue 903789 has been merged into this issue.