Predator could not provide any possible suspects.
Using the file, "websocket_sb_handshake_throttle.cc" assigning to the concern owner from the below CL --
https://chromium.googlesource.com/chromium/src/+log/398fb5649fba9973b505d1e006239228cdc6895c..7121fdaa21dd8bd1775f5619a7167457f6f370a6?pretty=fuller

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/41b895907e65a2131803d93c690f8f43b67d7d7d

@ricea -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Issue 750498 has been merged into this issue.

Definitely my change. It really does appear to be running a vanilla layout test, so I have no idea how it made it past the CQ.

1.This is an extension crash seen on Canary-62.0.3172.0 & seeing 2 instances from 2 clients so far.
2. This crash regressed on M62 builds
3. Seen only on Mac & Windows

Magic Signature: 'safe_browsing::WebSocketSBHandshakeThrottle::ThrottleHandshake'

Stack trace:
------------
Thread 0 (id: 14813) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] MAGIC SIGNATURE THREAD
Stack Quality81%Show frame trust levels
0x000000010d9a1d51	(Google Chrome Framework -websocket_sb_handshake_throttle.cc:56 )	safe_browsing::WebSocketSBHandshakeThrottle::ThrottleHandshake(blink::WebURL const&, blink::WebLocalFrame*, blink::WebCallbacks<void, blink::WebString const&>*)
0x0000000111c32ed6	(Google Chrome Framework -DocumentWebSocketChannel.cpp:264 )	blink::DocumentWebSocketChannel::Connect(blink::KURL const&, WTF::String const&, mojo::InterfacePtr<blink::mojom::blink::WebSocket>)
0x0000000111c3ca61	(Google Chrome Framework -WorkerWebSocketChannel.cpp:192 )	blink::WorkerWebSocketChannel::Bridge::ConnectOnMainThread(std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >, blink::ThreadableLoadingContext*, WTF::RefPtr<blink::WebTaskRunner>, blink::WorkerThreadLifecycleContext*, blink::KURL const&, WTF::String const&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>, blink::WebSocketChannelSyncHelper*)
0x0000000111c406e0	(Google Chrome Framework -bind_internal.h:196 )	void base::internal::FunctorTraits<void (blink::WorkerWebSocketChannel::Bridge::*)(std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >, blink::ThreadableLoadingContext*, WTF::RefPtr<blink::WebTaskRunner>, blink::WorkerThreadLifecycleContext*, blink::KURL const&, WTF::String const&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>, blink::WebSocketChannelSyncHelper*), void>::Invoke<blink::CrossThreadPersistent<blink::WorkerWebSocketChannel::Bridge> const&, std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >, blink::CrossThreadPersistent<blink::ThreadableLoadingContext> const&, blink::WebTaskRunner*, blink::CrossThreadPersistent<blink::WorkerThreadLifecycleContext> const&, blink::KURL const&, WTF::String const&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>, blink::WebSocketChannelSyncHelper*>(void (blink::WorkerWebSocketChannel::Bridge::*)(std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >, blink::ThreadableLoadingContext*, WTF::RefPtr<blink::WebTaskRunner>, blink::WorkerThreadLifecycleContext*, blink::KURL const&, WTF::String const&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>, blink::WebSocketChannelSyncHelper*), blink::CrossThreadPersistent<blink::WorkerWebSocketChannel::Bridge> const&&&, std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >&&, blink::CrossThreadPersistent<blink::ThreadableLoadingContext> const&&&, blink::WebTaskRunner*&&, blink::CrossThreadPersistent<blink::WorkerThreadLifecycleContext> const&&&, blink::KURL const&&&, WTF::String const&&&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>&&, blink::WebSocketChannelSyncHelper*&&)
0x0000000111c40609	(Google Chrome Framework -bind_internal.h:262 )	base::internal::Invoker<base::internal::BindState<void (blink::WorkerWebSocketChannel::Bridge::*)(std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> >, blink::ThreadableLoadingContext*, WTF::RefPtr<blink::WebTaskRunner>, blink::WorkerThreadLifecycleContext*, blink::KURL const&, WTF::String const&, mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket>, blink::WebSocketChannelSyncHelper*), blink::CrossThreadPersistent<blink::WorkerWebSocketChannel::Bridge>, WTF::PassedWrapper<std::__1::unique_ptr<blink::SourceLocation, std::__1::default_delete<blink::SourceLocation> > >, blink::CrossThreadPersistent<blink::ThreadableLoadingContext>, WTF::RefPtr<blink::WebTaskRunner>, blink::CrossThreadPersistent<blink::WorkerThreadLifecycleContext>, blink::KURL, WTF::String, WTF::PassedWrapper<mojo::InterfacePtrInfo<blink::mojom::blink::WebSocket> >, WTF::UnretainedWrapper<blink::WebSocketChannelSyncHelper, (WTF::FunctionThreadAffinity)0> >, void ()>::Run(base::internal::BindStateBase*)
0x0000000110b98bb0	(Google Chrome Framework -bind_internal.h:151 )	void base::internal::FunctorTraits<void (*)(std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >), void>::Invoke<std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > > >(void (*)(std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >), std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >&&)
0x0000000110b98ab1	(Google Chrome Framework -bind_internal.h:262 )	void base::internal::Invoker<base::internal::BindState<void (*)(std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >), base::internal::PassedWrapper<std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > > > >, void ()>::RunImpl<void (* const&)(std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >), std::__1::tuple<base::internal::PassedWrapper<std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > > > > const&, 0ul>(void (* const&&&)(std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > >), std::__1::tuple<base::internal::PassedWrapper<std::__1::unique_ptr<WTF::Function<void (), (WTF::FunctionThreadAffinity)0>, std::__1::default_delete<WTF::Function<void (), (WTF::FunctionThreadAffinity)0> > > > > const&&&, base::IndexSequence<0ul>)
0x000000010de99981	(Google Chrome Framework -callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000000010d9479a1	(Google Chrome Framework -task_queue_manager.cc:532 )	blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*)
0x000000010d945261	(Google Chrome Framework -task_queue_manager.cc:330 )	blink::scheduler::TaskQueueManager::DoWork(bool)
0x000000010de99981	(Google Chrome Framework -callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000000010dec08ef	(Google Chrome Framework -message_loop.cc:404 )	base::MessageLoop::RunTask(base::PendingTask*)
0x000000010dec0f34	(Google Chrome Framework -message_loop.cc:415 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x000000010dec1208	(Google Chrome Framework -message_loop.cc:522 )	base::MessageLoop::DoWork()
0x000000010dec40d9	(Google Chrome Framework -message_pump_mac.mm:421 )	base::MessagePumpCFRunLoopBase::RunWork()
0x000000010deb3cb9	(Google Chrome Framework + 0x01b1fcb9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x000000010dec39fe	(Google Chrome Framework -message_pump_mac.mm:397 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fffc4e70320	(CoreFoundation + 0x000a7320 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fffc4e5121c	(CoreFoundation + 0x0008821c )	__CFRunLoopDoSources0
0x00007fffc4e50715	(CoreFoundation + 0x00087715 )	__CFRunLoopRun
0x00007fffc4e50113	(CoreFoundation + 0x00087113 )	CFRunLoopRunSpecific
0x00007fffc6863251	(Foundation + 0x00022251 )	-[NSRunLoop(NSRunLoop) runMode:beforeDate:]
0x000000010dec475d	(Google Chrome Framework -message_pump_mac.mm:693 )	base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*)
0x000000010dec330b	(Google Chrome Framework -message_pump_mac.mm:141 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x000000010dee6042	(Google Chrome Framework -run_loop.cc:112 )	base::RunLoop::Run()
0x0000000111e6f5d0	(Google Chrome Framework -renderer_main.cc:219 )	content::RendererMain(content::MainFunctionParams const&)
0x000000010da56e9f	(Google Chrome Framework -content_main_runner.cc:687 )	content::ContentMainRunnerImpl::Run()
0x000000010f36be53	(Google Chrome Framework -main.cc:469 )	service_manager::Main(service_manager::MainParams const&)
0x000000010da56483	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x000000010c3982b7	(Google Chrome Framework -chrome_main.cc:139 )	ChromeMain
0x00000001051bd272	(Google Chrome Helper -chrome_exe_main_mac.cc:170 )	main
0x00007fffda5d0234	(libdyld.dylib + 0x00005234 )	start

Link to the list of builds:
--------------------------
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Mac%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27safe_browsing%3A%3AWebSocketSBHandshakeThrottle%3A%3AThrottleHandshake%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Change log:
----------
https://chromium.googlesource.com/chromium/src/+log/62.0.3169.0..62.0.3170.0?pretty=fuller&n=10000

As it is regressed recently , adding 'Release block stable' label.

Thanks..!

This is one of the top crashes in latest canary-62.0.3172.2. Please have a fix/revert ASAP. 

I have a workaround under review at https://chromium-review.googlesource.com/c/594750/ which stops the crashes by disabling the feature.

The cause of the bug is that when a WebSocket is created in a SharedWorker it doesn't have an associated content::RenderFrame.

Thanks for the update, we will verify in today's canary and update the thread.

I worked out why the layout tests passes: it runs under content_shell, which doesn't hook up the problematic code. Clusterfuzz runs the same test with the full browser. Thank you Clusterfuzz!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/74b2febbaa58ff81e43ece6cf6af8a250216eeae

commit 74b2febbaa58ff81e43ece6cf6af8a250216eeae
Author: Adam Rice <ricea@chromium.org>
Date: Wed Aug 02 07:58:52 2017

Disable WebSocket SafeBrowsing checks

As a temporary workaround for  http://crbug.com/750278 , disable WebSocket
SafeBrowsing checks. They will be reenabled once the bug is fixed.

Relevant browser tests are also disabled.

BUG= 750278 , 644744

Change-Id: I8b1e731be567ac49e60b4a02c927c6bc57d9a736
Reviewed-on: https://chromium-review.googlesource.com/594750
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Commit-Queue: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491306}
[modify] https://crrev.com/74b2febbaa58ff81e43ece6cf6af8a250216eeae/chrome/browser/safe_browsing/safe_browsing_service_browsertest.cc
[modify] https://crrev.com/74b2febbaa58ff81e43ece6cf6af8a250216eeae/chrome/renderer/chrome_content_renderer_client.cc

 Issue 751320  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 491297:491307.

Detailed report: https://clusterfuzz.com/testcase?key=4529422022737920

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x00000000
Crash State:
  safe_browsing::WebSocketSBHandshakeThrottle::ThrottleHandshake
  blink::DocumentWebSocketChannel::Connect
  blink::WorkerWebSocketChannel::Bridge::ConnectOnMainThread
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=490315:490358
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=491297:491307

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4529422022737920


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5859281655300096 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b4cb7141928a436313a73042ac17e5c497e34768

commit b4cb7141928a436313a73042ac17e5c497e34768
Author: Adam Rice <ricea@chromium.org>
Date: Tue Aug 15 00:59:39 2017

Fix WebSocket SafeBrowsing for S*Workers

The SafeBrowsing check for WebSockets in ServiceWorkers and SharedWorkers was
crashing due to them not having a real frame associated. Use MSG_ROUTING_ID for
the render_frame_id in this case.

Re-enable the check which was disabled temporarily in
https://chromium-review.googlesource.com/c/594750.

Add tests for the ServiceWorker and SharedWorker, which should be blocked
without displaying an interstitial. In order to distinguish between connected
and blocked WebSockets, implement a simple EmbeddedTestServer handler sufficient
for Chrome to consider a WebSocket connected. Also refactor the tests to reduce
duplication and increase coverage.

Bug:  750278 
Change-Id: I08368088fc384bd35549f6a388b0b23a9f18c561
Reviewed-on: https://chromium-review.googlesource.com/602088
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Commit-Queue: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#494279}
[modify] https://crrev.com/b4cb7141928a436313a73042ac17e5c497e34768/chrome/browser/safe_browsing/safe_browsing_service_browsertest.cc
[modify] https://crrev.com/b4cb7141928a436313a73042ac17e5c497e34768/chrome/renderer/chrome_content_renderer_client.cc
[modify] https://crrev.com/b4cb7141928a436313a73042ac17e5c497e34768/chrome/test/data/safe_browsing/malware_websocket.html
[add] https://crrev.com/b4cb7141928a436313a73042ac17e5c497e34768/chrome/test/data/safe_browsing/malware_websocket_worker.js
[modify] https://crrev.com/b4cb7141928a436313a73042ac17e5c497e34768/components/safe_browsing/renderer/websocket_sb_handshake_throttle.cc