crash log for renderer (pid 24684): STDOUT: STDERR: ================================================================= STDERR: ==4==ERROR: AddressSanitizer: use-after-poison on address 0x3dbab4801860 at pc 0x000003c98120 bp 0x7fffd347e150 sp 0x7fffd347e148 STDERR: WRITE of size 8 at 0x3dbab4801860 thread T0 (content_shell) STDERR: #0 0x3c9811f in ResourceOwner third_party/WebKit/Source/core/fetch/ResourceOwner.h:49:47 STDERR: #1 0x3c9811f in blink::PendingScript::PendingScript(blink::PendingScript const&) third_party/WebKit/Source/core/dom/PendingScript.cpp:50:0 STDERR: #2 0x41273f5 in append third_party/WebKit/Source/wtf/Deque.h:381:50 STDERR: #3 0x41273f5 in append third_party/WebKit/Source/platform/heap/Heap.h:1771:0 STDERR: #4 0x41273f5 in blink::HTMLScriptRunner::requestDeferredScript(blink::Element*) third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:303:0 STDERR: #5 0x41263a5 in blink::HTMLScriptRunner::runScript(blink::Element*, WTF::TextPosition const&) third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:351:13 STDERR: #6 0x4125c7c in blink::HTMLScriptRunner::execute(WTF::PassRefPtr, WTF::TextPosition const&) third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:213:5 STDERR: #7 0x40f4e68 in blink::HTMLDocumentParser::runScriptsForPausedTreeBuilder() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:318:9 STDERR: #8 0x40f5232 in blink::HTMLDocumentParser::canTakeNextToken() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:328:9 STDERR: #9 0x40f2e3d in blink::HTMLDocumentParser::pumpTokenizer() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:624:12 STDERR: #10 0x40fe516 in pumpTokenizerIfPossible third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:290:5 STDERR: #11 0x40fe516 in blink::HTMLDocumentParser::insert(blink::SegmentedString const&) third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:744:0 STDERR: #12 0x3a2db80 in blink::Document::write(blink::SegmentedString const&, blink::Document*, blink::ExceptionState&) third_party/WebKit/Source/core/dom/Document.cpp:2693:5 STDERR: #13 0x3a2e05e in blink::Document::write(WTF::String const&, blink::Document*, blink::ExceptionState&) third_party/WebKit/Source/core/dom/Document.cpp:2698:5 STDERR: #14 0x3e38a62 in blink::HTMLDocument::write(blink::LocalDOMWindow*, WTF::Vector const&, blink::ExceptionState&) third_party/WebKit/Source/core/html/HTMLDocument.cpp:280:5 STDERR: #15 0x5aa739c in writeMethod /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/gen/blink/bindings/core/v8/V8HTMLDocument.cpp:289:5 STDERR: #16 0x5aa739c in blink::HTMLDocumentV8Internal::writeMethodCallback(v8::FunctionCallbackInfo const&) /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/gen/blink/bindings/core/v8/V8HTMLDocument.cpp:299:0 STDERR: #17 0x29893d5 in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo const&)) v8/src/arguments.cc:33:3 STDERR: #18 0x1f512f1 in v8::internal::MaybeHandle v8::internal::HandleApiCallHelper(v8::internal::Isolate*, v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>&) v8/src/builtins.cc:1109:35 STDERR: #19 0x1f59cb4 in Builtin_implHandleApiCall v8/src/builtins.cc:1132:3 STDERR: #20 0x1f59cb4 in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) v8/src/builtins.cc:1128:0 STDERR: #15 0x7fcf64407f1a () STDERR: #16 0x7fcf6492aff8 () STDERR: #17 0x7fcf6442e3fc () STDERR: #18 0x7fcf6441dde1 () STDERR: #21 0x2085e29 in v8::internal::Invoke(bool, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*) v8/src/execution.cc:128:9 STDERR: #22 0x1eadc08 in v8::Script::Run(v8::Local) v8/src/api.cc:1655:23 STDERR: #23 0x59809ab in blink::V8ScriptRunner::runCompiledScript(v8::Isolate*, v8::Local, blink::ExecutionContext*) third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.cpp:440:18 STDERR: #24 0x58df13e in blink::ScriptController::executeScriptAndReturnValue(v8::Local, blink::ScriptSourceCode const&, blink::AccessControlStatus, double*) third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:187:21 STDERR: #25 0x58e5957 in blink::ScriptController::evaluateScriptInMainWorld(blink::ScriptSourceCode const&, blink::AccessControlStatus, blink::ScriptController::ExecuteScriptPolicy, double*) third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:560:35 STDERR: #26 0x58e626e in blink::ScriptController::executeScriptInMainWorld(blink::ScriptSourceCode const&, blink::AccessControlStatus, double*) third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:531:5 STDERR: #27 0x3c888ca in blink::ScriptLoader::executeScript(blink::ScriptSourceCode const&, double*) third_party/WebKit/Source/core/dom/ScriptLoader.cpp:387:5 STDERR: #28 0x3c824ed in blink::ScriptLoader::prepareScript(WTF::TextPosition const&, blink::ScriptLoader::LegacyTypeSupport) third_party/WebKit/Source/core/dom/ScriptLoader.cpp:269:14 STDERR: #29 0x412636a in blink::HTMLScriptRunner::runScript(blink::Element*, WTF::TextPosition const&) third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:345:9 STDERR: #30 0x4125c7c in blink::HTMLScriptRunner::execute(WTF::PassRefPtr, WTF::TextPosition const&) third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:213:5 STDERR: #31 0x40f4e68 in blink::HTMLDocumentParser::runScriptsForPausedTreeBuilder() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:318:9 STDERR: #32 0x40f8863 in blink::HTMLDocumentParser::processParsedChunkFromBackgroundParser(WTF::PassOwnPtr) third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:502:13 STDERR: #33 0x40f429e in blink::HTMLDocumentParser::pumpPendingSpeculations() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:563:36 STDERR: #34 0x41017da in blink::HTMLDocumentParser::resumeParsingAfterScriptExecution() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:993:9 STDERR: #35 0x4101e2a in blink::HTMLDocumentParser::notifyScriptLoaded(blink::Resource*) third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:1029:9 STDERR: #36 0x482be04 in blink::Resource::checkNotify() third_party/WebKit/Source/core/fetch/Resource.cpp:248:9 STDERR: #37 0x482cb7d in blink::Resource::finish() third_party/WebKit/Source/core/fetch/Resource.cpp:307:5 STDERR: #38 0x485a54f in blink::ResourceLoader::didFinishLoading(blink::WebURLLoader*, double, long) third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:453:5 STDERR: #39 0x73e15e2 in content::WebURLLoaderImpl::Context::OnCompletedRequest(int, bool, bool, std::__1::basic_string, std::__1::allocator > const&, base::TimeTicks const&, long) content/child/web_url_loader_impl.cc:757:9 STDERR: #40 0x73c5916 in content::ResourceDispatcher::OnRequestComplete(int, ResourceMsg_RequestCompleteData const&) content/child/resource_dispatcher.cc:368:3 STDERR: #41 0x73c06d0 in DispatchToMethodImpl base/tuple.h:252:3 STDERR: #42 0x73c06d0 in DispatchToMethod base/tuple.h:259:0 STDERR: #43 0x73c06d0 in Dispatch content/common/resource_messages.h:349:0 STDERR: #44 0x73c06d0 in content::ResourceDispatcher::DispatchMessage(IPC::Message const&) content/child/resource_dispatcher.cc:514:0 STDERR: #45 0x73bf018 in content::ResourceDispatcher::OnMessageReceived(IPC::Message const&) content/child/resource_dispatcher.cc:117:3 STDERR: #46 0x733d37 in Run base/callback.h:396:12 STDERR: #47 0x733d37 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #48 0x747755d in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(unsigned long, bool, base::PendingTask*) components/scheduler/child/task_queue_manager.cc:653:5 STDERR: #49 0x7475af5 in scheduler::TaskQueueManager::DoWork(bool) components/scheduler/child/task_queue_manager.cc:608:9 STDERR: #50 0x733d37 in Run base/callback.h:396:12 STDERR: #51 0x733d37 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #52 0x6833a7 in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:444:3 STDERR: #53 0x6843ad in DeferOrRunPendingTask base/message_loop/message_loop.cc:454:5 STDERR: #54 0x6843ad in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:566:0 STDERR: #55 0x688f90 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:32:21 STDERR: #56 0x6a3a48 in base::RunLoop::Run() base/run_loop.cc:55:3 STDERR: #57 0x681dae in base::MessageLoop::Run() base/message_loop/message_loop.cc:303:3 STDERR: #58 0x756f783 in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:220:7 STDERR: #59 0x62e909 in content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:308:14 STDERR: #60 0x63087f in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:783:12 STDERR: #61 0x62de9a in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:15 STDERR: #62 0x4e0795 in main content/shell/app/shell_main.cc:49:10 STDERR: #63 0x7fcf9496f76c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: AddressSanitizer can not describe address in more detail (wild memory access suspected). STDERR: SUMMARY: AddressSanitizer: use-after-poison (/mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/content_shell+0x3c9811f) STDERR: Shadow bytes around the buggy address: STDERR: 0x07b7d68f82b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: 0x07b7d68f82c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: 0x07b7d68f82d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: 0x07b7d68f82e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: 0x07b7d68f82f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: =>0x07b7d68f8300: 00 00 00 00 00 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 STDERR: 0x07b7d68f8310: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x07b7d68f8320: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x07b7d68f8330: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x07b7d68f8340: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x07b7d68f8350: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: Shadow byte legend (one shadow byte represents 8 application bytes): STDERR: Addressable: 00 STDERR: Partially addressable: 01 02 03 04 05 06 07 STDERR: Heap left redzone: fa STDERR: Heap right redzone: fb STDERR: Freed heap region: fd STDERR: Stack left redzone: f1 STDERR: Stack mid redzone: f2 STDERR: Stack right redzone: f3 STDERR: Stack partial redzone: f4 STDERR: Stack after return: f5 STDERR: Stack use after scope: f8 STDERR: Global redzone: f9 STDERR: Global init order: f6 STDERR: Poisoned by user: f7 STDERR: Container overflow: fc STDERR: Array cookie: ac STDERR: Intra object redzone: bb STDERR: ASan internal: fe STDERR: Left alloca redzone: ca STDERR: Right alloca redzone: cb STDERR: ==4==ABORTING