Predator and CL did not provide any possible suspects.
Using Code Search for the file, "declarative_api.cc" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/a641d5e814782a12dd261b234b761be85b734175

@karandeepb -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

So this happens because the IPC message has a valid |service_worker_version_id| together with a valid render_frame_host. This is an invalid state, and the renderer should be killed on receiving such an IPC.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/627b05602fd345e010ebf553e56ccdacf211bf82

commit 627b05602fd345e010ebf553e56ccdacf211bf82
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Wed Jul 26 04:25:13 2017

ExtensionFunctionDispatcher: Kill renderer on receiving bad |service_worker_version_id|.

When the browser process receives a ExtensionHostMsg_RequestWorker IPC, the
request should correspond to a null render frame host and a valid
|service_worker_version_id|. On the other hand, the ExtensionHostMsg_Request IPC
message should correspond to a valid render frame host and an invalid
|service_worker_version_id|. This CL modifies
ExtensionFunctionDispatcher::Dispatch to check this, and kill the renderer on
receiving a bad IPC. This also fixes  issue 747008  which involves dereferencing a
null render frame host (it wasn't set when a valid service_worker_version_id was
passed as part of the ExtensionHostMsg_Request IPC, which is an invalid state).

BUG= 747008 
TEST=Tested with the IPC fuzzer test case.

Change-Id: I06a409d7bb75780bdb5ad1090b900fa9b1e6148c
Reviewed-on: https://chromium-review.googlesource.com/585856
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#489550}
[modify] https://crrev.com/627b05602fd345e010ebf553e56ccdacf211bf82/extensions/browser/bad_message.cc
[modify] https://crrev.com/627b05602fd345e010ebf553e56ccdacf211bf82/extensions/browser/bad_message.h
[modify] https://crrev.com/627b05602fd345e010ebf553e56ccdacf211bf82/extensions/browser/extension_function_dispatcher.cc

ClusterFuzz has detected this issue as fixed in range 489535:489562.

Detailed report: https://clusterfuzz.com/testcase?key=6210282371416064

Fuzzer: ipc_fuzzer_mut
Job Type: linux_asan_chrome_ipc
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  extensions::RulesFunction::RunAsync
  AsyncExtensionFunction::Run
  ExtensionFunction::RunWithValidation
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=488146:488166
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=489535:489562

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6210282371416064


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6210282371416064 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.