There are 96 CLs in that batch, quick inspection does not bring anything obvious.
The most related looking CL is https://codereview.chromium.org/2835233002, but this is just a guess for now.

In 20843 there are a lot of browser_tests failing, e.g:

MSE_ClearKey/EncryptedMediaTest.InvalidResponseKeyError/0
PredictorBrowserTest.RendererInitiatedNavigationPreconnect
PlatformAppUrlRedirectorBrowserTest.ClickInTabIntercepted
ExternallyConnectableMessagingTest.InvalidExtensionIDFromHostedApp
NaClBrowserTestPnacl.PnaclExceptionHandlingDisabled
NaClBrowserTestPnacl.ProgressEvents
PrerenderBrowserTest.PrerenderClientRedirectToFragment
WebRtcGetMediaDevicesBrowserTests/WebRtcGetMediaDevicesBrowserTest.EnumerateDevicesWithAccess/1
WebRtcGetMediaDevicesBrowserTests/WebRtcGetMediaDevicesBrowserTest.EnumerateDevicesWithAccess/0
PaymentRequestPaymentResponseAllContactDetailsTest.TestPaymentResponse
SRC_ClearKey/EncryptedMediaTest.Playback_Multiple_VideoAudio_WebM/0

Based on sampling 6 tests, the error is the same:
=== LOG STARTS ===
==5144==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300047d538 at pc 0x00000097e2c4 bp 0x7fbf374e2cd0 sp 0x7fbf374e2458
READ of size 4 at 0x60300047d538 thread T16 (Chrome_IOThread)
    #0 0x97e2c3 in __interceptor_memcmp (/b/s/w/ir/out/Release/browser_tests+0x97e2c3)
    #1 0x7fbf53bc9296 in std::char_traits<char>::compare(char const*, char const*, unsigned long) /build/gcc-4.8-mW1ufQ/gcc-4.8-4.8.4/build/x86_64-linux-gnu/libstdc++-v3/include/bits/char_traits.h:255
    #2 0x7fbf53c2913c in std::string::compare(char const*) const /build/gcc-4.8-mW1ufQ/gcc-4.8-4.8.4/build/x86_64-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:955
    #3 0xd3a1102 in operator==<char, std::char_traits<char>, std::allocator<char> > build/linux/debian_jessie_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/basic_string.h:2521:20
    #4 0xd3a1102 in net::HttpCache::IsTransactionWritingIncomplete(net::HttpCache::ActiveEntry*, net::HttpCache::Transaction*, std::string const&) const net/http/http_cache.cc:1050
    #5 0xd3ad19e in net::HttpCache::Transaction::~Transaction() net/http/http_cache_transaction.cc:200:41
    #6 0xd3adc8d in net::HttpCache::Transaction::~Transaction() net/http/http_cache_transaction.cc:192:40
    #7 0xd39423a in operator() build/linux/debian_jessie_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/unique_ptr.h:67:2
    #8 0xd39423a in ~unique_ptr build/linux/debian_jessie_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/unique_ptr.h:184
    #9 0xd39423a in ~MetadataWriter net/http/http_cache.cc:228
    #10 0xd39423a in SelfDestroy net/http/http_cache.cc:296
    #11 0xd39423a in net::HttpCache::MetadataWriter::VerifyResponse(int) net/http/http_cache.cc:292
    #12 0x46e02bc in base::Callback<void (int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run(int) && base/callback.h:91:12
    #13 0xd3b27a6 in net::HttpCache::Transaction::DoLoop(int) net/http/http_cache_transaction.cc:902:38
    #14 0xd3dc705 in Invoke<const base::WeakPtr<net::HttpCache::Transaction> &, int> base/bind_internal.h:214:12
    #15 0xd3dc705 in MakeItSo<void (net::HttpCache::Transaction::*const &)(int), const base::WeakPtr<net::HttpCache::Transaction> &, int> base/bind_internal.h:305
    #16 0xd3dc705 in RunImpl<void (net::HttpCache::Transaction::*const &)(int), const std::tuple<base::WeakPtr<net::HttpCache::Transaction> > &, 0> base/bind_internal.h:361
    #17 0xd3dc705 in base::internal::Invoker<base::internal::BindState<void (net::HttpCache::Transaction::*)(int), base::WeakPtr<net::HttpCache::Transaction> >, void (int)>::Run(base::internal::BindStateBase*, int&&) base/bind_internal.h:339
    #18 0xd3a0efa in Run base/callback.h:80:12
    #19 0xd3a0efa in net::HttpCache::ProcessDoneHeadersQueue(net::HttpCache::ActiveEntry*) net/http/http_cache.cc:1021
    #20 0xd3a847e in Invoke<const base::WeakPtr<net::HttpCache> &, net::HttpCache::ActiveEntry *const &> base/bind_internal.h:214:12
    #21 0xd3a847e in MakeItSo<void (net::HttpCache::*const &)(net::HttpCache::ActiveEntry *), const base::WeakPtr<net::HttpCache> &, net::HttpCache::ActiveEntry *const &> base/bind_internal.h:305
    #22 0xd3a847e in RunImpl<void (net::HttpCache::*const &)(net::HttpCache::ActiveEntry *), const std::tuple<base::WeakPtr<net::HttpCache>, net::HttpCache::ActiveEntry *> &, 0, 1> base/bind_internal.h:361
    #23 0xd3a847e in base::internal::Invoker<base::internal::BindState<void (net::HttpCache::*)(net::HttpCache::ActiveEntry*), base::WeakPtr<net::HttpCache>, net::HttpCache::ActiveEntry*>, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:339
    #24 0x5610e52 in base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() && base/callback.h:91:12
    #25 0xb58e4a4 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:59:33
    #26 0xb39f3fa in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:423:19
    #27 0xb3a03bb in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) base/message_loop/message_loop.cc:434:5
    #28 0xb3a1cca in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:527:13
    #29 0xb3aeeb0 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_libevent.cc:219:31
    #30 0xb39eac2 in base::MessageLoop::RunHandler() base/message_loop/message_loop.cc:387:10
    #31 0xb43c25a in base::RunLoop::Run() base/run_loop.cc:37:10
    #32 0xb4cee45 in base::Thread::Run(base::RunLoop*) base/threading/thread.cc:250:13
    #33 0x66a901b in content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) content/browser/browser_thread_impl.cc:278:11
    #34 0x66a95ec in content::BrowserThreadImpl::Run(base::RunLoop*) content/browser/browser_thread_impl.cc:313:14
    #35 0xb4cfdc4 in base::Thread::ThreadMain() base/threading/thread.cc:333:3
    #36 0xb4b7192 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:71:13
    #37 0x7fbf53939183 in start_thread /build/eglibc-MjiXCM/eglibc-2.19/nptl/pthread_create.c:312
=== LOG ENDS ===

All http_cache{_transaction}.{h, cc} files were touched by https://codereview.chromium.org/2721933002, which is present in build 20843.

The CL from #3 has already been reverted in https://codereview.chromium.org/2847653002/.

The revert from #4 has landed and the build is green again.

https://build.chromium.org/p/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/20847

These crashes all have the same root cause. The issue was that HttpCache::MetadataWriter declares the |request_info_| member after the |transaction_| member. Since |transaction_|'s destructor accessed |request_info_|, it was accessing a freed memory. 
I am not sure why these don't show up in the commit queue bot: linux_chromium_asan_rel_ng

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8061c420676998bda77caa74581ea8061860f438

commit 8061c420676998bda77caa74581ea8061860f438
Author: shivanisha <shivanisha@chromium.org>
Date: Tue Jun 13 23:35:52 2017

This CL is a precursor to allowing shared writing to fix cache lock.

This CL allows transactions to continue to their validation phase even when another
transaction is the active reader/writer. After the validation phase, if its a match
the transaction might wait till the response is written to the cache by the active
writer. If its not a match the transaction will doom the entry and go to the
network. In a subsequent CL, the not matching case will create a new entry as well.

BUG= 472740 ,  715913 ,  715974 ,  715920 ,  715911 ,  713348 

Review-Url: https://codereview.chromium.org/2721933002
Cr-Original-Commit-Position: refs/heads/master@{#467426}
Committed: https://chromium.googlesource.com/chromium/src/+/1e2e347f957ef889aaee527bb757849f76e8a808
Review-Url: https://codereview.chromium.org/2721933002
Cr-Commit-Position: refs/heads/master@{#479204}

[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_cache.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_cache.h
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_cache_transaction.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_cache_transaction.h
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_cache_unittest.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_transaction.h
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_transaction_test_util.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/http_transaction_test_util.h
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/mock_http_cache.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/http/mock_http_cache.h
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/url_request/url_request_http_job_unittest.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/url_request/url_request_quic_unittest.cc
[modify] https://crrev.com/8061c420676998bda77caa74581ea8061860f438/net/url_request/url_request_unittest.cc