Predator and CL could not provide any possible suspects.

Using Code Search for the file, "window_performance.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/05a8dcc9f9b94cbade61024e5d1c130737f666a7

npm@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3641b5fb4b522a40423e8eaaebdd0150d316f44b

commit 3641b5fb4b522a40423e8eaaebdd0150d316f44b
Author: Nicolas Pena <npm@chromium.org>
Date: Tue Jul 10 16:41:53 2018

Remove incorrect DCHECK from WindowPerformance::RegisterEventTiming

Clusterfuzz tells us that GetFrame() could be null when
WindowPerformance::RegisterEventTiming is called, so this CL removes
the DCHECK and bails out early instead.

Bug:  861627 
Change-Id: Ic109e8153a80832324d9c3cf27e1bed957d2b1c2
Reviewed-on: https://chromium-review.googlesource.com/1131226
Reviewed-by: Steve Kobes <skobes@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#573769}
[modify] https://crrev.com/3641b5fb4b522a40423e8eaaebdd0150d316f44b/third_party/blink/renderer/core/timing/window_performance.cc

Requesting merge to M68 once the fix has been verified by ClusterFuzz. The change is just removing an incorrect DCHECK and replacing it with an early bail-out so it is very safe to merge. Also, the code changed is only executed when the EventTiming flag is on (and it's an origin trial).

This bug requires manual review: We are only 13 days from stable.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 573763:573769.

Detailed report: https://clusterfuzz.com/testcase?key=6461441868300288

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  blink::Frame::GetChromeClient
  blink::WindowPerformance::RegisterEventTiming
  blink::EventTiming::DidDispatchEvent
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=573763:573769

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6461441868300288

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6461441868300288 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Approved - branch:3440

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cba63f8d9e4bc6def4dc8a4ca7b96bf3d87d1e55

commit cba63f8d9e4bc6def4dc8a4ca7b96bf3d87d1e55
Author: Nicolas Pena <npm@chromium.org>
Date: Fri Jul 13 18:27:15 2018

Remove incorrect DCHECK from WindowPerformance::RegisterEventTiming

Clusterfuzz tells us that GetFrame() could be null when
WindowPerformance::RegisterEventTiming is called, so this CL removes
the DCHECK and bails out early instead.

Bug:  861627 
Change-Id: Ic109e8153a80832324d9c3cf27e1bed957d2b1c2
Reviewed-on: https://chromium-review.googlesource.com/1131226
Reviewed-by: Steve Kobes <skobes@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#573769}(cherry picked from commit 3641b5fb4b522a40423e8eaaebdd0150d316f44b)
Reviewed-on: https://chromium-review.googlesource.com/1136752
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
Cr-Commit-Position: refs/branch-heads/3440@{#667}
Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733}
[modify] https://crrev.com/cba63f8d9e4bc6def4dc8a4ca7b96bf3d87d1e55/third_party/blink/renderer/core/timing/window_performance.cc