OUTPUT CONTAINS "AddressSanitizer", so we are treating this test as if it crashed, even though it did not. ================================================================= ==7==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000f9dd0 at pc 0x000004119f7b bp 0x7fdecaefde40 sp 0x7fdecaefde38 WRITE of size 1 at 0x6030000f9dd0 thread T130 (WebCore: Worker) #0 0x4119f7a in cancelTask third_party/WebKit/Source/core/workers/WorkerThread.cpp:102:25 #1 0x4119f7a in blink::WorkerSharedTimer::stop() third_party/WebKit/Source/core/workers/WorkerThread.cpp:159:0 #2 0x3da2932 in stop third_party/WebKit/Source/core/frame/DOMTimer.cpp:173:5 #3 0x3da2932 in non-virtual thunk to blink::DOMTimer::stop() third_party/WebKit/Source/core/frame/DOMTimer.cpp:178:0 #4 0x31ca01b in blink::ContextLifecycleNotifier::notifyStoppingActiveDOMObjects() third_party/WebKit/Source/core/dom/ContextLifecycleNotifier.cpp:113:13 #5 0x4118d0a in blink::WorkerThreadShutdownStartTask::performTask(blink::ExecutionContext*) third_party/WebKit/Source/core/workers/WorkerThread.cpp:390:9 #6 0x41196f7 in blink::WorkerThreadTask::run() third_party/WebKit/Source/core/workers/WorkerThread.cpp:204:13 #7 0x6f798c in Run base/callback.h:401:12 #8 0x6f798c in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 #9 0x66cb3c in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:446:3 #10 0x66dbd7 in DeferOrRunPendingTask base/message_loop/message_loop.cc:456:5 #11 0x66dbd7 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:565:0 #12 0x672291 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:32:21 #13 0x68b5d5 in base::RunLoop::Run() base/run_loop.cc:54:3 #14 0x66b384 in base::MessageLoop::Run() base/message_loop/message_loop.cc:308:3 #15 0x7373b84 in base::Thread::ThreadMain() base/threading/thread.cc:228:5 #16 0x6ba797 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:80:3 #17 0x7fdf04f5ee99 in start_thread /build/buildd/eglibc-2.15/nptl/pthread_create.c:308:0 #18 0x7fdf03f7e3fc in clone /build/buildd/eglibc-2.15/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:112:0 0x6030000f9dd0 is located 16 bytes inside of 24-byte region [0x6030000f9dc0,0x6030000f9dd8) freed by thread T130 (WebCore: Worker) here: #0 0x4a014b in __interceptor_free ??:0:0 #1 0x41194ab in deletePtr third_party/WebKit/Source/wtf/OwnPtrCommon.h:52:9 #2 0x41194ab in ~OwnPtr third_party/WebKit/Source/wtf/OwnPtr.h:67:0 #3 0x41194ab in ~WorkerThreadTask third_party/WebKit/Source/core/workers/WorkerThread.cpp:191:0 #4 0x41194ab in blink::WorkerThreadTask::~WorkerThreadTask() third_party/WebKit/Source/core/workers/WorkerThread.cpp:191:0 #5 0x6892017 in ~OwnedWrapper base/bind_helpers.h:335:21 #6 0x6892017 in ~BindState base/bind_internal.h:2566:0 #7 0x6892017 in base::internal::BindState, void (blink::WebThread::Task*), void (base::internal::OwnedWrapper)>::~BindState() base/bind_internal.h:2565:0 #8 0x6811d1 in base::PendingTask::~PendingTask() base/pending_task.cc:34:1 #9 0x66e762 in base::MessageLoop::DoDelayedWork(base::TimeTicks*) base/message_loop/message_loop.cc:604:1 #10 0x672136 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:36:17 #11 0x68b5d5 in base::RunLoop::Run() base/run_loop.cc:54:3 #12 0x66b384 in base::MessageLoop::Run() base/message_loop/message_loop.cc:308:3 #13 0x7373b84 in base::Thread::ThreadMain() base/threading/thread.cc:228:5 #14 0x6ba797 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:80:3 #15 0x7fdf04f5ee99 in start_thread /build/buildd/eglibc-2.15/nptl/pthread_create.c:308:0 previously allocated by thread T130 (WebCore: Worker) here: #0 0x4a03cb in __interceptor_malloc ??:0:0 #1 0x1f6b32a in partitionAllocGenericFlags third_party/WebKit/Source/wtf/PartitionAlloc.h:538:20 #2 0x1f6b32a in partitionAllocGeneric third_party/WebKit/Source/wtf/PartitionAlloc.h:554:0 #3 0x1f6b32a in WTF::fastMalloc(unsigned long) third_party/WebKit/Source/wtf/FastMalloc.cpp:74:0 #4 0x4119ac6 in operator new third_party/WebKit/Source/core/workers/WorkerThread.cpp:89:55 #5 0x4119ac6 in create third_party/WebKit/Source/core/workers/WorkerThread.cpp:93:0 #6 0x4119ac6 in blink::WorkerSharedTimer::setFireInterval(double) third_party/WebKit/Source/core/workers/WorkerThread.cpp:151:0 #7 0x3da14b9 in startRepeating third_party/WebKit/Source/platform/Timer.h:50:9 #8 0x3da14b9 in blink::DOMTimer::DOMTimer(blink::ExecutionContext*, WTF::PassOwnPtr, int, bool, int) third_party/WebKit/Source/core/frame/DOMTimer.cpp:108:0 #9 0x306495c in create third_party/WebKit/Source/core/frame/DOMTimer.h:65:16 #10 0x306495c in blink::ExecutionContext::installNewTimeout(WTF::PassOwnPtr, int, bool) third_party/WebKit/Source/core/dom/ExecutionContext.cpp:192:0 #11 0x3da03df in blink::DOMTimer::install(blink::ExecutionContext*, WTF::PassOwnPtr, int, bool) third_party/WebKit/Source/core/frame/DOMTimer.cpp:73:21 #12 0x82c1c12 in blink::DOMWindowTimers::setTimeout(blink::EventTarget&, WTF::PassOwnPtr, int) third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp:45:12 #13 0x585e713 in blink::setTimeoutOrInterval(v8::FunctionCallbackInfo const&, bool) third_party/WebKit/Source/bindings/core/v8/custom/V8WorkerGlobalScopeCustom.cpp:90:19 #14 0x544b50f in blink::WorkerGlobalScopeV8Internal::setTimeoutMethodCallback(v8::FunctionCallbackInfo const&) /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/gen/blink/bindings/core/v8/V8WorkerGlobalScope.cpp:451:5 #15 0x2bc25ce in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo const&)) v8/src/arguments.cc:33:3 #16 0x216bf74 in HandleApiCallHelper v8/src/builtins.cc:1145:35 #17 0x216bf74 in Builtin_implHandleApiCall v8/src/builtins.cc:1162:0 #18 0x216bf74 in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) v8/src/builtins.cc:1161:0 #11 0x7fdea43063ad () #12 0x7fdea43653af () #13 0x7fdea435c03f () #14 0x7fdea432e990 () #19 0x229222b in v8::internal::Invoke(bool, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*) v8/src/execution.cc:91:9 #20 0x20da201 in v8::Function::Call(v8::Handle, int, v8::Handle*) v8/src/api.cc:4118:28 #21 0x4d88e39 in blink::V8ScriptRunner::callFunction(v8::Handle, blink::ExecutionContext*, v8::Handle, int, v8::Handle*, v8::Isolate*) third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.cpp:224:35 #22 0x587c25d in blink::V8WorkerGlobalScopeEventListener::callListenerFunction(v8::Handle, blink::Event*) third_party/WebKit/Source/bindings/core/v8/V8WorkerGlobalScopeEventListener.cpp:93:35 #23 0x5876196 in blink::V8AbstractEventListener::invokeEventHandler(blink::Event*, v8::Local) third_party/WebKit/Source/bindings/core/v8/V8AbstractEventListener.cpp:128:23 #24 0x587b489 in blink::V8WorkerGlobalScopeEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) third_party/WebKit/Source/bindings/core/v8/V8WorkerGlobalScopeEventListener.cpp:70:5 #25 0x319a8e7 in blink::EventTarget::fireEventListeners(blink::Event*, blink::EventTargetData*, WTF::Vector&) third_party/WebKit/Source/core/events/EventTarget.cpp:351:9 #26 0x31995a0 in blink::EventTarget::fireEventListeners(blink::Event*) third_party/WebKit/Source/core/events/EventTarget.cpp:287:9 #27 0x3198f85 in blink::EventTarget::dispatchEvent(WTF::PassRefPtr) third_party/WebKit/Source/core/events/EventTarget.cpp:197:29 #28 0x410bbbc in blink::MessageWorkerGlobalScopeTask::performTask(blink::ExecutionContext*) third_party/WebKit/Source/core/workers/WorkerMessagingProxy.cpp:78:9 #29 0x41196f7 in blink::WorkerThreadTask::run() third_party/WebKit/Source/core/workers/WorkerThread.cpp:204:13 #30 0x6f798c in Run base/callback.h:401:12 #31 0x6f798c in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 #32 0x66cb3c in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:446:3 #33 0x66dbd7 in DeferOrRunPendingTask base/message_loop/message_loop.cc:456:5 #34 0x66dbd7 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:565:0 #35 0x672291 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:32:21 Thread T130 (WebCore: Worker) created by T0 (content_shell) here: #0 0x487eff in __interceptor_pthread_create ??:0:0 #1 0x6b9f79 in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:120:13 #2 0x7373324 in base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:108:8 #3 0x73730d1 in base::Thread::Start() base/threading/thread.cc:93:10 #4 0x6890368 in content::WebThreadImpl::WebThreadImpl(char const*) content/child/webthread_impl.cc:60:3 #5 0x682b331 in content::BlinkPlatformImpl::createThread(char const*) content/child/blink_platform_impl.cc:478:3 #6 0x7ffcf10 in WebThreadSupportingGC third_party/WebKit/Source/platform/WebThreadSupportingGC.cpp:16:25 #7 0x7ffcf10 in blink::WebThreadSupportingGC::create(char const*) third_party/WebKit/Source/platform/WebThreadSupportingGC.cpp:12:0 #8 0x4114974 in blink::WorkerThread::start() third_party/WebKit/Source/core/workers/WorkerThread.cpp:268:16 #9 0x410751b in blink::WorkerMessagingProxy::startWorkerGlobalScope(blink::KURL const&, WTF::String const&, WTF::String const&, blink::WorkerThreadStartMode) third_party/WebKit/Source/core/workers/WorkerMessagingProxy.cpp:125:5 #10 0x83152ab in blink::Worker::notifyFinished() third_party/WebKit/Source/core/workers/Worker.cpp:133:9 #11 0x41133ff in notifyFinished third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp:193:5 #12 0x41133ff in blink::WorkerScriptLoader::didFinishLoading(unsigned long, double) third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp:157:0 #13 0x3d66e70 in blink::Resource::checkNotify() third_party/WebKit/Source/core/fetch/Resource.cpp:213:9 #14 0x3d67cb0 in blink::Resource::finish(double) third_party/WebKit/Source/core/fetch/Resource.cpp:273:5 #15 0x3d9460e in blink::ResourceLoader::didFinishLoading(blink::WebURLLoader*, double, long) third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:455:5 #16 0x687a0e9 in content::WebURLLoaderImpl::Context::OnCompletedRequest(int, bool, bool, std::__1::basic_string, std::__1::allocator > const&, base::TimeTicks const&, long) content/child/web_url_loader_impl.cc:677:7 #17 0x68616f4 in content::ResourceDispatcher::OnRequestComplete(int, ResourceMsg_RequestCompleteData const&) content/child/resource_dispatcher.cc:568:3 #18 0x685c5b9 in DispatchToMethod base/tuple.h:555:3 #19 0x685c5b9 in Dispatch content/common/resource_messages.h:325:0 #20 0x685c5b9 in content::ResourceDispatcher::DispatchMessage(IPC::Message const&) content/child/resource_dispatcher.cc:716:0 #21 0x685ad78 in content::ResourceDispatcher::OnMessageReceived(IPC::Message const&) content/child/resource_dispatcher.cc:320:3 #22 0x6834607 in content::ChildThread::OnMessageReceived(IPC::Message const&) content/child/child_thread.cc:456:7 #23 0x738c57e in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ipc/ipc_channel_proxy.cc:274:3 #24 0x6f798c in Run base/callback.h:401:12 #25 0x6f798c in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 #26 0x66cb3c in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:446:3 #27 0x66dbd7 in DeferOrRunPendingTask base/message_loop/message_loop.cc:456:5 #28 0x66dbd7 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:565:0 #29 0x672291 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:32:21 #30 0x68b5d5 in base::RunLoop::Run() base/run_loop.cc:54:3 #31 0x66b384 in base::MessageLoop::Run() base/message_loop/message_loop.cc:308:3 #32 0x69a0bf8 in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:231:7 #33 0x5f63e5 in content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:344:14 #34 0x5f847b in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:769:12 #35 0x5f5a4a in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:15 #36 0x4bcaa9 in main content/shell/app/shell_main.cc:49:10 #37 0x7fdf03eab76c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ?? Shadow bytes around the buggy address: 0x0c0680017360: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c0680017370: 00 00 00 00 fa fa 00 00 00 00 fa fa fa fa fa fa 0x0c0680017380: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fd fd 0x0c0680017390: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c06800173a0: fd fd fd fa fa fa 00 00 00 fa fa fa fd fd fd fa =>0x0c06800173b0: fa fa fd fd fd fa fa fa fd fd[fd]fa fa fa fa fa 0x0c06800173c0: fa fa fa fa 00 00 00 00 fa fa fd fd fd fa fa fa 0x0c06800173d0: 00 00 00 fa fa fa 00 00 00 00 fa fa fd fd fd fa 0x0c06800173e0: fa fa fd fd fd fa fa fa fd fd fd fd fa fa 00 00 0x0c06800173f0: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680017400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac ASan internal: fe