Through code search on file  gpu_process_transport_factory.cc, suspected CL is
https://chromium.googlesource.com/chromium/src/+/2dd865b0da80e59a150b505a07d2fda05aa62d56%5E%21/content/browser/compositor/gpu_process_transport_factory.cc

enne@, could you please take a look and please help us to find correct owner if it is not related your changes.

Yeah, this is my change.  I turned a DCHECK into a CHECK in order to try to find more places where this is happening and was hoping to get something like this to try to track it down.  I'll investigate, thanks.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1d90e03773bf7c204fe5f0af5ccff1c20e03a90e

commit 1d90e03773bf7c204fe5f0af5ccff1c20e03a90e
Author: enne <enne@chromium.org>
Date: Wed Sep 28 18:51:27 2016

Close all windows in test controller shutdown

Content shell doesn't always call Shell::PlatformExit.  This is a
bandage patch to ensure that the BlinkTestController cleans up
in its destructor.

This came up because GpuProcessTransportFactory had a DCHECK in it
(changed temporarily to a CHECK) that all of the ui::Compositors
were not leaked.  These are owned indirectly via Shell::platform_.

R=mkwst@chromium.org
BUG= 646633 

Review-Url: https://codereview.chromium.org/2340693003
Cr-Commit-Position: refs/heads/master@{#421591}

[modify] https://crrev.com/1d90e03773bf7c204fe5f0af5ccff1c20e03a90e/content/shell/browser/layout_test/layout_test_browser_main.cc

ClusterFuzz has detected this issue as fixed in range 421564:421618.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6200984886050816

Fuzzer: inferno_layout_test_fuzzer
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  per_compositor_data_.empty() in gpu_process_transport_factory.cc
  content::GpuProcessTransportFactory::~GpuProcessTransportFactory
  content::GpuProcessTransportFactory::~GpuProcessTransportFactory
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=417948:418041
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=421564:421618

Minimized Testcase (2.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Fg4pV2v-FBMa4WHi0Lr4VYuEcQP5zikuQ7eZ4urVWbAl-3MKV64Srvo_xuAs6Gq8RFdw6QRX4Trpuxjk5Aa1bKDwwvzS4ArmP3xId2a71i3Px3oLYXau-Nlxu-aJ0mXJZGD7pJ6FZHlgmg3Mh7FhPn2rEkQ?testcase_id=6200984886050816

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot