Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5773863a93f2b00e2a40fa134ad32f1da48ae588 (Make WebRTC task queues run on chromium's SequencedTaskRunner.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Hej Nisse - This looks like it might be related to the other issue reported today.

Yes, look similar to https://bugs.chromium.org/p/chromium/issues/detail?id=820830. Should I mark this a duplicate, or what's common practice with issues filed by the fuzzer machinery?

I think that if you fix the issue, the bugs might get detected as fixed and closed automatically.

Patrik - is that right?

Yes, that's how it worked a couple years back at least. Duping this one is fine, but you should look for the fixed update.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be53eac959ea4146e4fa7d9db046f5ec4c861307

commit be53eac959ea4146e4fa7d9db046f5ec4c861307
Author: Tommi <tommi@chromium.org>
Date: Mon Mar 12 15:30:03 2018

Add call to TaskQueue::Impl::Stop() in TQ's dtor.

This call got removed in my last CL by mistake:
https://chromium-review.googlesource.com/c/chromium/src/+/890738

Bug:  808801 , 820936,  820769 ,  820830 ,  820827 
Change-Id: I6c6efb3d40d43bc564e18b013ddf5d5d3b09e1eb
Reviewed-on: https://chromium-review.googlesource.com/958218
Commit-Queue: Tommi <tommi@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542486}
[modify] https://crrev.com/be53eac959ea4146e4fa7d9db046f5ec4c861307/third_party/webrtc_overrides/rtc_base/task_queue.cc

ClusterFuzz has detected this issue as fixed in range 542485:542486.

Detailed report: https://clusterfuzz.com/testcase?key=5859833044271104

Fuzzer: phoglund_webrtc_peerconnection
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: Heap-use-after-free READ 4
Crash Address: 0xf1b47c08
Crash State:
  rtc::TaskQueue::Impl::RunTask
  base::internal::Invoker<base::internal::BindState<void
  base::debug::TaskAnnotator::RunTask
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=542245:542262
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=542485:542486

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5859833044271104

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5859833044271104 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug requires manual review: M67 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@ for M67 merge review. 

Already in M67, no merge needed.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot