Created attachment 265058 [details] Test Load the attached test with debug MiniBrowser: <style> * { transform: matrix3d(-30,0,0,-91,854,0,-68,-262,9304,0,-15,-74,-964,-454,-74,-957) skew(-473turn,180deg) skewY(270deg) } </style> <pre> <object align="left"> <p> <input></input> </p> </object> OS: Ubuntu 14.10 x86_64 Checked build: debug EFL Checked version: 9fa8210 Backtrace: ASSERTION FAILED: m_cachedInverseTransform == m_layerTransform.combined().inverse() ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp(916) : WebCore::IntRect WebCore::CoordinatedGraphicsLayer::transformedVisibleRect() 1 0x7f1d9d8e1e17 WTFCrash 2 0x7f1da46704cc WebCore::CoordinatedGraphicsLayer::transformedVisibleRect() 3 0x7f1da4670bd4 WebCore::CoordinatedGraphicsLayer::updateContentBuffers() 4 0x7f1da4670a22 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 5 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 6 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 7 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 8 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 9 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 10 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 11 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 12 0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 13 0x7f1da4663275 WebCore::CompositingCoordinator::flushPendingLayerChanges() 14 0x7f1da378dd56 WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush() 15 0x7f1da378de0e WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired() 16 0x7f1da378f657 void std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const 17 0x7f1da378f509 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) 18 0x7f1da378f381 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() 19 0x7f1da378f0da std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) 20 0x7f1da31f2ac2 std::function<void ()>::operator()() const 21 0x7f1da329f2da WebCore::Timer::fired() 22 0x7f1da4096a0d WebCore::ThreadTimers::sharedTimerFiredInternal() 23 0x7f1da40965fb 24 0x7f1da4096c1e 25 0x7f1da31f2ac2 std::function<void ()>::operator()() const 26 0x7f1da4e2a063 WebCore::MainThreadSharedTimer::fired() 27 0x7f1da503810e 28 0x7f1d9bc57fde 29 0x7f1d9bc5812b 30 0x7f1d9bc53e01 31 0x7f1d9bc54287 ecore_main_loop_begin Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f1d9d8e1e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007f1d9d8e1e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f1da46704cc in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:916 #2 0x00007f1da4670bd4 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995 #3 0x00007f1da4670a22 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967 #4 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84ff00) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #5 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84f6c0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #6 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84ee80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #7 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84e640) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #8 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82f080) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #9 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82e840) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #10 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82e000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #11 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b81d140) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #12 0x00007f1da4663275 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7f1d8bae1000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99 #13 0x00007f1da378dd56 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7f1d8bbe0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212 #14 0x00007f1da378de0e in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7f1d8bbe0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227 #15 0x00007f1da378f657 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (this=0x1ad1fe0, __object=0x7f1d8bbe0210) at /usr/include/c++/4.9/functional:569 #16 0x00007f1da378f509 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x1ad1fe0, __args=<unknown type in /home/renifuzz/data/REPOS/fuzztargets/webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10384fe3, DIE 0x104f431c>) at /usr/include/c++/4.9/functional:1264 #17 0x00007f1da378f381 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (this=0x1ad1fe0) at /usr/include/c++/4.9/functional:1323 #18 0x00007f1da378f0da in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039 #19 0x00007f1da31f2ac2 in std::function<void ()>::operator()() const (this=0x7f1d8bbe0280) at /usr/include/c++/4.9/functional:2439 #20 0x00007f1da329f2da in WebCore::Timer::fired (this=0x7f1d8bbe0248) at ../../Source/WebCore/platform/Timer.h:133 #21 0x00007f1da4096a0d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f1d8bbd4230) at ../../Source/WebCore/platform/ThreadTimers.cpp:121 #22 0x00007f1da40965fb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0x1ac84d0) at ../../Source/WebCore/platform/ThreadTimers.cpp:73 #23 0x00007f1da4096c1e in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039 #24 0x00007f1da31f2ac2 in std::function<void ()>::operator()() const (this=0x7f1da8f5b9e8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/4.9/functional:2439 #25 0x00007f1da4e2a063 in WebCore::MainThreadSharedTimer::fired (this=0x7f1da8f5b9e0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52 #26 0x00007f1da503810e in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44 #27 0x00007f1d9bc57fde in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336 #28 _ecore_timer_expired_call (when=26002.99624945) at lib/ecore/ecore_timer.c:733 #29 0x00007f1d9bc5812b in _ecore_timer_expired_timers_call (when=26002.99624945) at lib/ecore/ecore_timer.c:686 #30 0x00007f1d9bc53e01 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1812 #31 0x00007f1d9bc54287 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983 #32 0x00007f1d9d93cd03 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #33 0x00007f1da3792fad in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #34 0x00007f1da3792bbb in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #35 0x00000000004008fa in main (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44