Assigning to the concern owner from find it results --
The result is a list of CLs that change the crashed files. 

Author: lukasza
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/9d858647530db2c22e1267e443034d23f2e602d9
Time: Thu Dec 08 21:52:12 2016
File CSSParserImpl.cpp is changed in this cl (and is part of stack frame #4, "blink::CSSParserImpl::consumeDeclarationValue"; frame #5, "blink::CSSParserImpl::consumeDeclaration"; frame #6, "blink::CSSParserImpl::consumeDeclarationList")
Minimum distance from crash line to modified line: 3. (file: CSSParserImpl.cpp, crashed on: 948, modified: 951). 

Author: csharrison
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1f7a3938ff76d3db59e3f54159bd25a153832357
Time: Mon Dec 05 13:50:32 2016
File CSSParserImpl.cpp is changed in this cl (and is part of stack frame #4, "blink::CSSParserImpl::consumeDeclarationValue"; frame #5, "blink::CSSParserImpl::consumeDeclaration"; frame #6, "blink::CSSParserImpl::consumeDeclarationList")
Minimum distance from crash line to modified line: 33. (file: CSSParserImpl.cpp, crashed on: 838, modified: 805). 

Author: aazzam
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/13f6e06ed6b80d003e7298b501e57a58695ca951
Time: Tue Dec 13 04:36:33 2016
File CSSPropertyParser.cpp is changed in this cl (and is part of stack frame #0, "consumeCursor"; frame #1, "blink::CSSPropertyParser::parseSingleValue"; frame #2, "blink::CSSPropertyParser::parseValueStart"; frame #3, "blink::CSSPropertyParser::parseValue")
Minimum distance from crash line to modified line: 70. (file: CSSPropertyParser.cpp, crashed on: 114, modified: 44). 

Author: drott
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/ba39ed57a09afdcf993eff77d70268b8c110be34
Time: Mon Dec 12 12:40:10 2016
File CSSPropertyParser.cpp is changed in this cl (and is part of stack frame #0, "consumeCursor"; frame #1, "blink::CSSPropertyParser::parseSingleValue"; frame #2, "blink::CSSPropertyParser::parseValueStart"; frame #3, "blink::CSSPropertyParser::parseValue")
Minimum distance from crash line to modified line: 97. (file: CSSPropertyParser.cpp, crashed on: 114, modified: 17).

@lukasza -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

ClusterFuzz has detected this issue as fixed in range 440242:440280.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5000284016476160

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  consumeCursor
  blink::CSSPropertyParser::parseSingleValue
  blink::CSSPropertyParser::parseValueStart
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280

Minimized Testcase (0.47 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96xCF_LUL4wYFf_nUih0Us64-5aNxw4b4uRr54cb5UAztnNdrukJPftva34PUPMGdh_9Duh6jzS2gr3aKyFmrloThG-KBPd5xghn_HlC1HdzAL5RQHkYVSmTTvWz9RfAHOEKaOAv7vZ__MDpXfIu25et-2OEA?testcase_id=5000284016476160

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5000284016476160 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.