providing Findit results for internal purpose:

Suspected CLs	Findit could not determine the memory tool from the stacktrace. Is it in a new format?

unable to find the culprit, assigning to 'https://cs.chromium.org/chromium/src/cc/OWNERS' -
enne@, danakj@ - Would you mind checking the above issue & re-assign to concerned owner.

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

We end up with something like 52 million raster scale in this case, which breaks a lot of the logic. I've added an UMA stat to track what kind of raster scales we see in the wild and then will likely add a cap on raster scales in cc to ensure that this and similar pages don't break it.

As for this specific case, we end up with a chain of transforms (afaik these come from blink) that have all have strange values that accumulate to even stranger values. 

Here are some examples of to_parent transforms:
[ +85.0000 +0.0000 +0.0000 -70679.0000  
  +0.0000 +50.0454 +0.0000 -18269.4258  
  +0.0000 +0.0000 +0.9078 +0.0000  
  +0.0000 +0.0000 +0.0000 +1.0000 ]

[ +85.0000 +0.0000 +0.0000 -69999.0000  
  +0.0000 +50.0454 +0.0000 -17869.0625  
  +0.0000 +0.0000 +0.9078 +0.0000  
  +0.0000 +0.0000 +0.0000 +1.0000 ]

[ +85.0000 +0.0000 +0.0000 -3689.0000  
  +0.0000 +50.0454 +0.0000 -1324.2268  
  +0.0000 +0.0000 +0.9078 +0.0000  
  +0.0000 +0.0000 +0.0000 +1.0000 ]

The total matrix ends up being this:

[ +52200624.0000 +0.0000 +0.0000 -2298180608.0000  
  +0.0000 +6272749.0000 +0.0000 -170209136.0000  
  +0.0000 +0.0000 +0.9078 +0.0000  
  +0.0000 +0.0000 +0.0000 +1.0000 ]

chrishtr@ do you have cycles or know of someone who can track down why this is happening on this specific page?

Just FYI I've been looking at this, will update when have more.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a6aa89c844fa8a2769460131b594382e8347da2b

commit a6aa89c844fa8a2769460131b594382e8347da2b
Author: vmpstr <vmpstr@chromium.org>
Date: Mon Aug 15 23:27:31 2016

cc: Introduce a max ideal contents scale constant.

This patch adds a max ideal contents scale constant set to 10000.f.
This prevents overflow/badness issues that result from a contents scale
that is too large.

R=enne
BUG= 633148 , 635511 
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel

Review-Url: https://codereview.chromium.org/2252543002
Cr-Commit-Position: refs/heads/master@{#412093}

[modify] https://crrev.com/a6aa89c844fa8a2769460131b594382e8347da2b/cc/layers/picture_layer_impl.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a6aa89c844fa8a2769460131b594382e8347da2b

commit a6aa89c844fa8a2769460131b594382e8347da2b
Author: vmpstr <vmpstr@chromium.org>
Date: Mon Aug 15 23:27:31 2016

cc: Introduce a max ideal contents scale constant.

This patch adds a max ideal contents scale constant set to 10000.f.
This prevents overflow/badness issues that result from a contents scale
that is too large.

R=enne
BUG= 633148 , 635511 
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel

Review-Url: https://codereview.chromium.org/2252543002
Cr-Commit-Position: refs/heads/master@{#412093}

[modify] https://crrev.com/a6aa89c844fa8a2769460131b594382e8347da2b/cc/layers/picture_layer_impl.cc

ClusterFuzz has detected this issue as fixed in range 411957:412168.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6725096698019840

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  soon_border_rect_in_layer_space_.Contains(visible_rect_in_layer_space_) in pictu
  cc::PictureLayerTilingSet::UpdatePriorityRects
  cc::PictureLayerTilingSet::UpdateTilePriorities
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=398017:398731
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=411957:412168

Minimized Testcase (0.15 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv9553PZlkuIt64Xb1pu4X_yk-99UkIkzjG6bRqqRGHuHOooDg-25FXwurnnDWclBRRtrbKZIMlZ2kejbCJxQL3_bieiCcm3dxMHc-YibsOXLZ95OP81zfKob2CP2qwZL42eXK7Xs_UW8rOknMaUisEk7abgIIg?testcase_id=6725096698019840
<table>
	<caption>Frame="below" and Rules="groups"<style>
* { animation-name: cfpulse67; transform: scale3d(85, 50.0454358933, 0.907845) translate(7px);


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot