The culprit who touched the CL is very old.
Could some one please look into the issue and update.
Thank You. 

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

John, want to help out with this one?

Looking through the stacktrace, media::CalculateDuration() is called with a bad duration (-3.35064e+07). Duration appears to come from vorbis_context_s::audio_samplerate, with the only place it is set (vorbis_parse_id_hdr(), [1]) checking that it's valid.

I tried running the fuzzer locally using the minimized and unminimized testcase. In both cases the test ran without causing the DCHECK to fire. (reproducing.md link noted in the original description returns a 404, so simply ran the test with the testcase as input.)

As I'm unable to repro, my guess is that the header is invalid, sets audio_samplerate with the bad value, but returns AVERROR_INVALIDDATA. Something (maybe the fuzzer?) ignores the failure, and reads the next buffer. As audio_samplerate is only set in a header, the bad value is still set for the next buffer, and thus the error.

[1] https://cs.chromium.org/chromium/src/third_party/ffmpeg/libavcodec/vorbisdec.c?l=978

Digging a bit more, audio_samplerate (in ffmpeg) is a uint32_t. So it shouldn't be negative. Maybe it's a conversion error somewhere along the way.

Looks like a problem in ffmpeg. In several places [1], [2], the code assigns uint32_t audio_samplerate to int sample_rate (and same for |channels|). The fuzzer modified the header so that |samplerate| was 4261460864u, which becomes a negative number as an int.

The code in vorbis_parse_id_hdr [3] appears to treat the values as int:
    vc->audio_samplerate = get_bits_long(gb, 32);
    if (vc->audio_samplerate <= 0) {
        av_log(vc->avctx, AV_LOG_ERROR, "Invalid samplerate\n");
        return AVERROR_INVALIDDATA;
    }
However, since |audio_samplerate| is an uint32_t, the test for <= 0 will never happen.

[1] https://cs.chromium.org/chromium/src/third_party/ffmpeg/libavcodec/vorbisdec.c?l=1086
[2] https://cs.chromium.org/chromium/src/third_party/ffmpeg/libavcodec/vorbisdec.c?l=1768
[3] https://cs.chromium.org/chromium/src/third_party/ffmpeg/libavcodec/vorbisdec.c?l=979

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb8a8a4e7b8818d093b4d46138a492e4a002c543

commit cb8a8a4e7b8818d093b4d46138a492e4a002c543
Author: John Rummell <jrummell@chromium.org>
Date: Thu Oct 26 01:32:57 2017

media: Fail to create an AudioBuffer if requested sample_rate out of bounds

Verify that |sample_rate| is in the range allowed.

BUG= 762479 
TEST=fuzzer test case doesn't repro

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Ibd89116e7933a0ab0dbf630c6388c1da8b140bd1
Reviewed-on: https://chromium-review.googlesource.com/738810
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Commit-Queue: John Rummell <jrummell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511683}
[modify] https://crrev.com/cb8a8a4e7b8818d093b4d46138a492e4a002c543/media/filters/ffmpeg_audio_decoder.cc

ClusterFuzz has detected this issue as fixed in range 511682:511715.

Detailed report: https://clusterfuzz.com/testcase?key=6655114243997696

Fuzzer: libFuzzer_mediasource_WEBM_VORBIS_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  sample_rate > 0 in audio_buffer.cc
  media::CalculateDuration
  media::AudioBuffer::AudioBuffer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=499783:499873
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=511682:511715

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6655114243997696

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6655114243997696 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.