Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://skia.googlesource.com/skia/+/e8750e1078fe72ed8486c2cc4b13c967dc750baf ([skotty] Fix path close handling).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

The blamed CL is in Skia experimental code, not used in Chromium.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

deadbeef@ do you know what may have caused this? 
At first glance this crash seems somewhat similar to 795493.

Definitely seems similar, going to mark as duplicate and investigate more.

ClusterFuzz has detected this issue as fixed in range 526987:526988.

Detailed report: https://clusterfuzz.com/testcase?key=5677486364164096

Fuzzer: phoglund_webrtc_peerconnection
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x6050003d7600
Crash State:
  cricket::BasicPortAllocator::OnIceRegathering
  cricket::BasicPortAllocatorSession::OnNetworksChanged
  content::FilteringNetworkManager::SendNetworksChangedSignal
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=526411:526412
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=526987:526988

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5677486364164096

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/215fda713e8eab61b005e5d7453e75a9712fd789

commit 215fda713e8eab61b005e5d7453e75a9712fd789
Author: Taylor Brandstetter <deadbeef@webrtc.org>
Date: Thu Jan 18 20:07:58 2018

Make PeerConnection take reference to UMA observer.

It's reference counted, yet we aren't taking a reference to it for some
reason. This could be causing it to be dereferenced after deletion in
some cases in chromium.

Bug:  chromium:798251 
Change-Id: I0b91451e38ed611d2ea8a477f1e7db482a790f79
Reviewed-on: https://webrtc-review.googlesource.com/37283
Reviewed-by: Peter Thatcher <pthatcher@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21684}
[modify] https://crrev.com/215fda713e8eab61b005e5d7453e75a9712fd789/api/peerconnectioninterface.h
[modify] https://crrev.com/215fda713e8eab61b005e5d7453e75a9712fd789/pc/peerconnection.h

deadbeef@ - did #11 sneak in before the 65 branch, or do we need a merge?

It didn't make it; the webrtc branch was created on the 17th. It sounds like you think it's worth merging? Adding merge-request label.

This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

awhalley@, could you pls do M65 merge review?

deadbeef@ - thanks!

govind@ - good for 65

Approving merge to M65 branch 3325 based on comment #18. Please merge ASAP. Thank you.

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/1512bd5f912c37ac88a07fb27dbc42190a4cce58

commit 1512bd5f912c37ac88a07fb27dbc42190a4cce58
Author: Taylor Brandstetter <deadbeef@webrtc.org>
Date: Wed Feb 14 00:22:01 2018

Merge to M65: Make PeerConnection take reference to UMA observer.

It's reference counted, yet we aren't taking a reference to it for some
reason. This could be causing it to be dereferenced after deletion in
some cases in chromium.

TBR=pthatcher@webrtc.org

Bug:  chromium:798251 
Change-Id: I0b91451e38ed611d2ea8a477f1e7db482a790f79
Reviewed-on: https://webrtc-review.googlesource.com/37283
Reviewed-by: Peter Thatcher <pthatcher@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#21684}
Reviewed-on: https://webrtc-review.googlesource.com/52760
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/branch-heads/65@{#19}
Cr-Branched-From: 3ac67a736bb200ecf7c116a88b2f8d5c542973c8-refs/heads/master@{#21637}
[modify] https://crrev.com/1512bd5f912c37ac88a07fb27dbc42190a4cce58/api/peerconnectioninterface.h
[modify] https://crrev.com/1512bd5f912c37ac88a07fb27dbc42190a4cce58/pc/peerconnection.h

Per comment #20, this is already merged to M65. So removing "Merge-Approved-65" label. Thank you.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot