Predator could not provide any possible suspects.

From the below CL observing some changes related to 'ChunkDemuxer' hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/c12349df233fd24786c532115ada069b1f31a4fb..2f23df2837d3a0a8597a541c8eddee74cf54ff10?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/0e1c1dd4a2a33d41403b4360441fa1bdd1c21036

wolenetz@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Excellent - we have a CF repro of unexpectedly bad state in the extra state CHECKs added to diagnose the larger issue exposed in bug 786975.

I couldn't repro this locally to get better info about the state, but it looks from the stack trace to be just like bug 815207. Probable fix is in CQ: https://chromium-review.googlesource.com/c/chromium/src/+/942237

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21d0f03dc419aa224e5d7425469f846ed6287184

commit 21d0f03dc419aa224e5d7425469f846ed6287184
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Thu Mar 01 03:08:29 2018

MSE: Prevent UnmarkEOS from undoing PARSE_ERROR or SHUTDOWN

If a previous parse error's ReportError_Locked(...) error has not yet reached
HTMLMediaElement due to thread hopping delays (through media thread via
pipeline_impl), then another appendBuffer operation on one of that
HTMLMediaElement's MediaSource's SourceBuffers could race that error state.

This change prevents such a race from resetting the ChunkDemuxer's |state_|
from PARSE_ERROR to INITIALIZED in UnmarkEndOfStream. Note that the
MediaSource's append error algorithm (including marking end of stream with a
decode error) would have already been done synchronously.  allowing subsequent
ignoring of a racing UnmarkEndOfStream call.  Eventually, the media element
will have a non-null error attribute, preventing further attempts at
appendBuffer on those SourceBuffers. This change lets the SourceBuffers fail
any racing appendBuffer that occurs in the interim, preventing conditions that
sometimes led to running a null ChunkDemuxer |init_cb_|.

BUG=786975,815207, 816407 

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Id76d6ccd9a03c63637c65b8bd492ab382175f0f4
Reviewed-on: https://chromium-review.googlesource.com/942237
Reviewed-by: Chrome Cunningham <chcunningham@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540014}
[modify] https://crrev.com/21d0f03dc419aa224e5d7425469f846ed6287184/media/filters/chunk_demuxer.cc
[modify] https://crrev.com/21d0f03dc419aa224e5d7425469f846ed6287184/media/filters/chunk_demuxer_unittest.cc

ClusterFuzz has detected this issue as fixed in range 540000:540017.

Detailed report: https://clusterfuzz.com/testcase?key=6275786030710784

Fuzzer: inferno_twister
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !(state_ >= PARSE_ERROR && new_state < PARSE_ERROR) in chunk_demuxer.cc
  media::ChunkDemuxer::ChangeState_Locked
  media::ChunkDemuxer::UnmarkEndOfStream
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=538495:538532
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=540000:540017

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6275786030710784

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6275786030710784 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.