Find it result:
=================
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.) 

Author: lukasza
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c935882393f5644d8e06c2fbeaeab65f9527ffcb
Time: Thu Apr 07 14:43:46 2016
The CL last changed line 60 of file mock_webrtc_dtmf_sender_handler.cc, which is stack frame 0. 

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/27d1e313968955f1a120b65b31e316263365b1b3
Time: Tue Sep 13 05:28:59 2016
The CL last changed line 68 of file callback.h, which is stack frame 1. 

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/739ffe3fd7b83bcb9ef7eb2e4b5c52fdbf35f59d
Time: Fri Oct 14 14:34:58 2016
The CL last changed line 52 of file task_annotator.cc, which is stack frame 2. 

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/739ffe3fd7b83bcb9ef7eb2e4b5c52fdbf35f59d
Time: Fri Oct 14 14:34:58 2016
The CL last changed line 519 of file task_queue_manager.cc, which is stack frame 3. 

Author: alexclarke
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/b8e56c6b6d507d27a49f68db8e1034ed9e409887
Time: Mon Jan 23 16:13:56 2017
The CL last changed line 316 of file task_queue_manager.cc, which is stack frame 4. 

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/27d1e313968955f1a120b65b31e316263365b1b3
Time: Tue Sep 13 05:28:59 2016
The CL last changed line 68 of file callback.h, which is stack frame 5. 

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/739ffe3fd7b83bcb9ef7eb2e4b5c52fdbf35f59d
Time: Fri Oct 14 14:34:58 2016
The CL last changed line 52 of file task_annotator.cc, which is stack frame 6.

====================
From above CLs suspecting the below.
Review-Url: https://codereview.chromium.org/2654433002

Alex's patch just changed some internal scheduler implementation details which won't have caused this bug. Could someone in the WebRTC team find a more appropriate owner?

guidou@: Since this deals with test_runner::MockWebRTCDTMFSenderHandler in chromium, I think your team would be a better owner. I'm also reducing the priority since this crash only affects test code.

guidou@ can you help with triage?

hbos@: can you take a look? Please reassign if the bug is not in content/Blink

ClusterFuzz has detected this issue as fixed in range 474922:474938.

Detailed report: https://clusterfuzz.com/testcase?key=5140636262203392

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  test_runner::MockWebRTCDTMFSenderHandler::PlayTone
  base::debug::TaskAnnotator::RunTask
  blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=434769:434830
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=474922:474938

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5140636262203392


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5140636262203392 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.