meade@ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Looks like a dupe of 659481. Rune: this one has the same stack trace as the other one.

yup.

ClusterFuzz has detected this issue as fixed in range 427578:427987.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6649707041652736

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000024
Crash State:
  blink::StyleResolver::collectTreeBoundaryCrossingRulesV0CascadeOrder
  blink::StyleResolver::matchAuthorRulesV0
  blink::StyleResolver::matchAuthorRules
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=427199:427353
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=427578:427987

Minimized Testcase (0.20 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96ISfmRB5Qg-35kQjuPwI1xlC0f42wfG6SyVvj5DCM7Zgf8ESDkmjQ_VC_pxGIvuECm0RvBfpfu2zNLIcFKiJT9eAZnMTiKtClSJ1SdHI_XnBXpKX29rWiy0OxDctaTUeZ01RigG8HJ0JtLhUzdCIy3w8vnCQ?testcase_id=6649707041652736
<style>
    dropdown-demo {
    }
    dropdown-demo::shadow > section {
  </style>
<script> 
window.getSelection().modify("extend", "backward", "line")
document.styleSheets[0].disabled=true;;
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot