https://chromium-review.googlesource.com/c/chromium/src/+/1318734 causes Linux/Android CFI Build failure:
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20CFI/11170

cc_unittests Run on OS: 'Ubuntu-14.04'
Shard duration: 0:01:15.771606
failures:
LayerTreeHostContextTestLayersNotified.RunSingleThread_DelegatingRenderer
LayerTreeHostContextTestLayersNotified.RunMultiThread_DelegatingRenderer

--
"LayerTreeHostContextTest::SetupTree();" uses layer_tree_host()->root_layer(): i.e.

  void LayerTreeTest::SetupTree() {
    if (!layer_tree_host()->root_layer()) {
      scoped_refptr<Layer> root_layer = Layer::Create();
      root_layer->SetBounds(gfx::Size(1, 1));
      layer_tree_host()->SetRootLayer(root_layer);
    }

However, layer_tree_host()->SetRootLayer(root_); was removed, another root layer is created.
So using the root layer to "ReuseOrCreateLayerImpl", cc::LayerImpl's instance is created. Casting the instance as cc::FakePictureLayerImpl is not allowed:

../../cc/trees/layer_tree_host_unittest_context.cc:836:20: runtime error: control flow integrity check for type 'cc::FakePictureLayerImpl' failed during base-to-derived cast (vtable address 0x55da84fe2fa0)
0x55da84fe2fa0: note: vtable is of type 'cc::LayerImpl'
 da 55 00 00  b0 32 2c 84 da 55 00 00  b0 34 2c 84 da 55 00 00  10 39 2c 84 da 55 00 00  70 b9 83 83
              ^
    #0 0x55da83ca67dd in cc::(anonymous namespace)::LayerTreeHostContextTestLayersNotified::DidActivateTreeOnThread(cc::LayerTreeHostImpl*) ./../../cc/trees/layer_tree_host_unittest_context.cc:836:20
    #1 0x55da844000f4 in cc::LayerTreeHostImplForTesting::ActivateSyncTree() ./../../cc/test/layer_tree_test.cc:328:18