Not able to reproduce this with content_shell asan build on Linux 64.

I am able to repro this on content_shell asan build on Linux 64 by opening and closing dev tools with right click 'inspect element'

bugsnash@ Thanks for the repro tip! I'm able to reproduce this in normal content_shell release and debug builds. I'll take a look.

Thanks for taking this (and the other bugs) on Rune!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/67cfc67e3b62993bb0df9395559e1d1a76d26213

commit 67cfc67e3b62993bb0df9395559e1d1a76d26213
Author: rune <rune@opera.com>
Date: Wed Jan 25 13:09:54 2017

Return ActiveSheetsChanged when rulesets change in common prefix.

When comparing old and new active sheets, we only append the added
sheets to the ScopedStyleResolver if the old sheet vector is a prefix
of the new sheets. However, that's not correct if any of the RuleSets
in the common prefix changed due to media query changes or cssom
modifications of a stylesheet.

I can confirm that this fixes 681472. The other two issues in the BUG
field look like duplicates, but I've not been able to reproduce them.

R=meade@chromium.org,sashab@chromium.org
BUG= 681472 , 677371 , 681882 

Review-Url: https://codereview.chromium.org/2650743002
Cr-Commit-Position: refs/heads/master@{#446008}

[add] https://crrev.com/67cfc67e3b62993bb0df9395559e1d1a76d26213/third_party/WebKit/LayoutTests/fast/css/null-ruleset-non-matching-media-crash.html
[modify] https://crrev.com/67cfc67e3b62993bb0df9395559e1d1a76d26213/third_party/WebKit/Source/core/css/ActiveStyleSheets.cpp
[modify] https://crrev.com/67cfc67e3b62993bb0df9395559e1d1a76d26213/third_party/WebKit/Source/core/css/ActiveStyleSheetsTest.cpp

ClusterFuzz has detected this issue as fixed in range 445996:446011.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5826184748466176

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000158
Crash State:
  blink::ScopedStyleResolver::collectMatchingAuthorRules
  blink::StyleResolver::matchAuthorRulesV0
  blink::StyleResolver::matchAuthorRules
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=438853:439220
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=445996:446011

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94c4Eros9p0lqLiEQak5lNzGdG7myjtpHoy7yjrAKkPmW35MbCdckFG2HnyG5breCoUBtvwjZDgNUKwOGUq--2TcAhJ4-9P_yXH5BJgj0jPKgZlzigyaMFCn_4jfInUgyR5lO_hHLNCq7QgdNTu2QRhATSo1_qn6NLZUH6BKqaCiaxnlvumQGeoCIcvHvaiT4ExNLnEN48AWqPvD4HA1XJNuwZdQL62e9QpiuffCuMl6omrNMPFTahxt0hKuJ023WElZLRE4LyrC2tAxgMHziSMxvf5Enn7u3q_43nJF2M-V0Xbd14l1p3dWAaCk67zDr6QZUi1AFpHh6aIMl-RwI49aAfMiAA02O3HBv3VgYof9xNp9Es?testcase_id=5826184748466176

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 677371  has been merged into this issue.

Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4833c6af7aed66bb1fc500f45f43d6476b890b86

commit 4833c6af7aed66bb1fc500f45f43d6476b890b86
Author: Rune Lillesveen <rune@opera.com>
Date: Thu Jan 26 13:59:56 2017

Return ActiveSheetsChanged when rulesets change in common prefix.

When comparing old and new active sheets, we only append the added
sheets to the ScopedStyleResolver if the old sheet vector is a prefix
of the new sheets. However, that's not correct if any of the RuleSets
in the common prefix changed due to media query changes or cssom
modifications of a stylesheet.

I can confirm that this fixes 681472. The other two issues in the BUG
field look like duplicates, but I've not been able to reproduce them.

R=meade@chromium.org,sashab@chromium.org
BUG= 681472 , 677371 , 681882 

Review-Url: https://codereview.chromium.org/2650743002
Cr-Commit-Position: refs/heads/master@{#446008}
(cherry picked from commit 67cfc67e3b62993bb0df9395559e1d1a76d26213)

Review-Url: https://codereview.chromium.org/2655283002 .
Cr-Commit-Position: refs/branch-heads/2987@{#102}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[add] https://crrev.com/4833c6af7aed66bb1fc500f45f43d6476b890b86/third_party/WebKit/LayoutTests/fast/css/null-ruleset-non-matching-media-crash.html
[modify] https://crrev.com/4833c6af7aed66bb1fc500f45f43d6476b890b86/third_party/WebKit/Source/core/css/ActiveStyleSheets.cpp
[modify] https://crrev.com/4833c6af7aed66bb1fc500f45f43d6476b890b86/third_party/WebKit/Source/core/css/ActiveStyleSheetsTest.cpp

 Issue 681882  has been merged into this issue.