Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Dale Curtis
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/2f7fc637e426f4d432e35bae82609280add316fd
Time: Wed Jun 28 19:34:21 2017
Lines 388-393 of file vpx_video_decoder.cc which potentially caused crash are changed in this cl (frame #5, "media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed").
Minimum distance from crash line to modified line: 0. (file: vpx_video_decoder.cc, crashed on: 385, modified: 385).

@Dale Curtis -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Oh right, I fixed another section of this during submission but neglected this one. Since libvpx doesn't release its refs properly even after it's been destructed this check may fail. Will delete immediately.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e83141c3dfae618055d60c94128dabfe32989837

commit e83141c3dfae618055d60c94128dabfe32989837
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Thu Jun 29 23:15:21 2017

Remove incorrect DCHECK from libvpx MemoryPool.

Sadly libvpx does not clean up its refs during destruction, so we
can't count on the ref_cnt values being zero durin shutdown.

BUG= 737868 
TEST=fuzzer test

Change-Id: Ie13b109cb316536d741149640bdcd6bbae6d9c18
Reviewed-on: https://chromium-review.googlesource.com/556380
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#483537}
[modify] https://crrev.com/e83141c3dfae618055d60c94128dabfe32989837/media/filters/vpx_video_decoder.cc

ClusterFuzz has detected this issue as fixed in range 483373:483549.

Detailed report: https://clusterfuzz.com/testcase?key=5625952037240832

Fuzzer: libFuzzer_media_vpx_video_decoder_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !frame_buffer->ref_cnt in vpx_video_decoder.cc
  base::debug::DebugBreak
  media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=483010:483203
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=483373:483549

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5625952037240832


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.