Assigning to the concern owner from Find it results --
The result is a list of CLs that change the crashed files. 

Author: jamescook
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/7f99e933e595824281102ff6737075dccbbc4d5c
Time: Tue Dec 20 18:10:35 2016
File wm_shell.cc is changed in this cl (and is part of stack frame #3, "ash::WmShell::ToggleAppList")
Minimum distance from crash line to modified line: 19. (file: wm_shell.cc, crashed on: 397, modified: 416).

@jamescook -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You. 

+msw since your CL touches AppListPresenterDelegate

I suspect this is due to the shelf being created asynchronously during login after my CL. The repro case involves pressing the "super" key, which is the Windows key, which is the search key on chromeos, which spawns the app list.

I'm guessing that clusterfuzz is injecting the keystroke before the shelf is constructed, so the applist tries to look up the app list button in the shelf, gets null, and we get this crash.

Note to other readers: The "testcase" above is a pornographic video. View at your own risk.

ClusterFuzz has detected this issue as fixed in range 441432:441510.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5260606732238848

Fuzzer: ochang_search_index_mutator
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  ash::GetCenterOfDisplayForView
  ash::AppListPresenterDelegate::Init
  app_list::AppListPresenterImpl::Show
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=439820:440026
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=441432:441510

Minimized Testcase (1205.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94MRKt9Lfk9X2QkIFT95KLFs1ZU3dMU-jVGgR2mRM4IBl0KRqSdlbHrSpXYsOeqPdKLg-oncpPXSNBu1d0Ci2yV9iesmz7roy_KZ28zUXOyuiTq4I5yaFsuu725lw2pW_4cWtUbhdETAYok9AHhwU8OEcTIxDtSGzB0bo4wbnkEzIszgrM?testcase_id=5260606732238848

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5260606732238848 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

I still think this is a legitimate issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/64a56f0578be10ab62cdb66cbbbf62d5f306b489

commit 64a56f0578be10ab62cdb66cbbbf62d5f306b489
Author: jamescook <jamescook@chromium.org>
Date: Thu Jan 05 16:39:27 2017

cros: Fix clusterfuzz crash when spawning app list very early in startup

The app list relies on the shelf being created for positioning. If a test
injects a search-key-press event as the very first event processed by the
message loop then the app list code that relies on the shelf may crash.

It's theoretically possible a user could hit the search key after login but
before the window manager has created the shelf. Don't rely on the existance
of the shelf app list button to init the app list.

BUG= 676843 
TEST=none

Review-Url: https://codereview.chromium.org/2615743002
Cr-Commit-Position: refs/heads/master@{#441673}

[modify] https://crrev.com/64a56f0578be10ab62cdb66cbbbf62d5f306b489/ash/app_list/app_list_presenter_delegate.cc

ClusterFuzz has detected this issue as fixed in range 441432:441510.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5260606732238848

Fuzzer: ochang_search_index_mutator
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  ash::GetCenterOfDisplayForView
  ash::AppListPresenterDelegate::Init
  app_list::AppListPresenterImpl::Show
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=439820:440026
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=441432:441510

Minimized Testcase (1205.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96fUL-V8s_yInPDYDzutVQeWK8cjtPMilvXkCUTnnf_EDvmYqtmSPK6HZ-7TDbDtXL_hq1cB7R-5YBQEm-ix3W-aHRGi8R-N1QjpCQHrRJpLB1twTFbFV27u2q5iV49tiC7q27cYmV2fVo33w4Nkt203rsUfnjjMQ1lRbjXTpnURoQwKQe-EphKnG_q3xmg03piwEXoCUuk5gFG69CQX1_Ua5dge_mmqJ2IyE49pRJTwXxADaqFvv_IrwHMJ7wMj9InugPJnpKge1xAItltFrfbGVKynHLoqQNImGaBdoKjOHkNEIkOV0CUzZlnnEBkuJ2bFNF3rivWK3iF_xTglQI2S7RPl5_RawGBKMsb7SWfoEjLEiF4g4UvU6J-7B8RcjPaRaY9paG8pU9FiLca9B4nStOZJQ?testcase_id=5260606732238848

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.