> Predator was unable to identify any culprit changelists for this test case. 

> Unable to find actual suspect through code search and also observing no CL under regression range, hence cc'ing to the file owner as per below link
https://cs.chromium.org/chromium/src/content/renderer/media/stream/OWNERS?type=cs&sq=package:chromium

Thanks!

I am not owner of those files, adding a real owner :)

I cannot reproduce with linux asan build. It points to the line below, which looks safe to me and there isn't and deference there tbh. I will redo task to see if it is actually reproducible.
https://chromium.googlesource.com/chromium/src/+/78120bc8502390cfbf483f5c2f92dc5befb5e893/content/renderer/media_capture_from_element/canvas_capture_handler.cc#220

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0494316fce00930bab6324fbc0da8a981ac3a2fa

commit 0494316fce00930bab6324fbc0da8a981ac3a2fa
Author: Emircan Uysaler <emircan@chromium.org>
Date: Thu May 10 18:49:35 2018

Check WeakPtr to CanvasCaptureHandler before use

CanvasCaptureHandler is owned by blink whereas VideoCapturerSource is owned by
VideoTrack. Since they can be destructed at different times, we should check
WeakPtr<CanvasCaptureHandler> before use.

Bug:  840926 
Change-Id: Ia3570bcce8954a406ce95b0aee4f00a377825d30
Reviewed-on: https://chromium-review.googlesource.com/1053125
Commit-Queue: Emircan Uysaler <emircan@chromium.org>
Reviewed-by: Christian Fremerey <chfremer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#557604}
[modify] https://crrev.com/0494316fce00930bab6324fbc0da8a981ac3a2fa/content/renderer/media_capture_from_element/canvas_capture_handler.cc

ClusterFuzz has detected this issue as fixed in range 557602:557604.

Detailed report: https://clusterfuzz.com/testcase?key=4729845544910848

Fuzzer: inferno_twister
Job Type: windows_asan_chrome_with_gpu
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000038
Crash State:
  content::CanvasCaptureHandler::RequestRefreshFrame
  content::MediaStreamVideoTrack::AddSink
  content::MediaStreamVideoRendererSink::Start
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_with_gpu&range=557602:557604

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4729845544910848

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4729845544910848 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.