crash log for renderer (pid 2210): STDOUT: STDERR: ================================================================= STDERR: ==4==ERROR: AddressSanitizer: use-after-poison on address 0x188a9a521a20 at pc 0x0000047c1f15 bp 0x7fff8e3e85f0 sp 0x7fff8e3e85e8 STDERR: READ of size 8 at 0x188a9a521a20 thread T0 (content_shell) STDERR: #0 0x47c1f14 in get third_party/WebKit/Source/platform/heap/Handle.h:776:29 STDERR: #1 0x47c1f14 in blink::LocalDOMWindow::document() const third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp:1078:0 STDERR: #2 0x5610f70 in svgRootElement third_party/WebKit/Source/core/svg/graphics/SVGImage.cpp:131:12 STDERR: #3 0x5610f70 in blink::SVGImage::resetAnimation() third_party/WebKit/Source/core/svg/graphics/SVGImage.cpp:387:0 STDERR: #4 0x46f3e11 in blink::ImageResource::allClientsRemoved() third_party/WebKit/Source/core/fetch/ImageResource.cpp:137:9 STDERR: #5 0x47114a5 in blink::Resource::removeClient(blink::ResourceClient*) third_party/WebKit/Source/core/fetch/Resource.cpp:602:13 STDERR: #6 0x4ab3966 in blink::ImageLoader::~ImageLoader() third_party/WebKit/Source/core/loader/ImageLoader.cpp:162:9 STDERR: #7 0x1d4f93e in blink::HeapObjectHeader::finalize(unsigned char*, unsigned long) third_party/WebKit/Source/platform/heap/Heap.cpp:210:9 STDERR: #8 0x1d54378 in blink::NormalPage::sweep() third_party/WebKit/Source/platform/heap/Heap.cpp:1218:13 STDERR: #9 0x1d50c80 in sweepUnsweptPage third_party/WebKit/Source/platform/heap/Heap.cpp:460:9 STDERR: #10 0x1d50c80 in blink::BaseHeap::completeSweep() third_party/WebKit/Source/platform/heap/Heap.cpp:499:0 STDERR: #11 0x1d6353f in eagerSweep third_party/WebKit/Source/platform/heap/ThreadState.cpp:1015:9 STDERR: #12 0x1d6353f in blink::ThreadState::preSweep() third_party/WebKit/Source/platform/heap/ThreadState.cpp:953:0 STDERR: #13 0x1d56da7 in ~SafePointScope third_party/WebKit/Source/platform/heap/SafePoint.h:28:13 STDERR: #14 0x1d56da7 in ~GCScope third_party/WebKit/Source/platform/heap/Heap.cpp:182:0 STDERR: #15 0x1d56da7 in blink::Heap::collectGarbage(blink::ThreadState::StackState, blink::ThreadState::GCType, blink::Heap::GCReason) third_party/WebKit/Source/platform/heap/Heap.cpp:2079:0 STDERR: #16 0x573283e in blink::V8GCController::gcEpilogue(v8::GCType, v8::GCCallbackFlags) third_party/WebKit/Source/bindings/core/v8/V8GCController.cpp:408:9 STDERR: #17 0x208a716 in CallGCEpilogueCallbacks v8/src/heap/heap.cc:1316:9 STDERR: #18 0x208a716 in v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) v8/src/heap/heap.cc:1277:0 STDERR: #19 0x2089027 in v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, char const*, char const*, v8::GCCallbackFlags) v8/src/heap/heap.cc:940:11 STDERR: #20 0x20873e2 in CollectGarbage v8/src/heap/heap-inl.h:513:10 STDERR: #21 0x20873e2 in v8::internal::Heap::CollectAllGarbage(int, char const*, v8::GCCallbackFlags) v8/src/heap/heap.cc:824:0 STDERR: #22 0x1e0d840 in v8::Isolate::RequestGarbageCollectionForTesting(v8::Isolate::GarbageCollectionType) v8/src/api.cc:7088:5 STDERR: #23 0x56d851 in Run base/callback.h:396:12 STDERR: #24 0x56d851 in DispatchToCallback gin/function_template.h:180:0 STDERR: #25 0x56d851 in gin::internal::Dispatcher::DispatchToCallback(v8::FunctionCallbackInfo const&) gin/function_template.h:214:0 STDERR: #26 0x2969025 in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo const&)) v8/src/arguments.cc:33:3 STDERR: #27 0x1e886e7 in v8::internal::MaybeHandle v8::internal::HandleApiCallHelper(v8::internal::Isolate*, v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>&) v8/src/builtins.cc:1100:35 STDERR: #28 0x1e915e4 in Builtin_implHandleApiCall v8/src/builtins.cc:1123:3 STDERR: #29 0x1e915e4 in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) v8/src/builtins.cc:1119:0 STDERR: #19 0x7ff6944095ba () STDERR: #20 0x7ff694536c06 () STDERR: #21 0x7ff694531382 () STDERR: #22 0x7ff69453664a () STDERR: #23 0x7ff6944311bc () STDERR: #24 0x7ff694416321 () STDERR: #30 0x1fca6df in v8::internal::Invoke(bool, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*) v8/src/execution.cc:128:9 STDERR: #31 0x1dfd5e5 in v8::Function::Call(v8::Local, v8::Local, int, v8::Local*) v8/src/api.cc:4542:11 STDERR: #32 0x575d25a in blink::V8ScriptRunner::callFunction(v8::Local, blink::ExecutionContext*, v8::Local, int, v8::Local*, v8::Isolate*) third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.cpp:488:40 STDERR: #33 0x56be869 in blink::ScriptController::callFunction(blink::ExecutionContext*, v8::Local, v8::Local, int, v8::Local*, v8::Isolate*) third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:154:40 STDERR: #34 0x5741be1 in blink::V8LazyEventListener::callListenerFunction(blink::ScriptState*, v8::Local, blink::Event*) third_party/WebKit/Source/bindings/core/v8/V8LazyEventListener.cpp:100:10 STDERR: #35 0x57105d7 in blink::V8AbstractEventListener::invokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local) third_party/WebKit/Source/bindings/core/v8/V8AbstractEventListener.cpp:125:23 STDERR: #36 0x5710049 in blink::V8AbstractEventListener::handleEvent(blink::ScriptState*, blink::Event*) third_party/WebKit/Source/bindings/core/v8/V8AbstractEventListener.cpp:100:5 STDERR: #37 0x570fd29 in blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) third_party/WebKit/Source/bindings/core/v8/V8AbstractEventListener.cpp:85:5 STDERR: #38 0x3c1e46a in blink::EventTarget::fireEventListeners(blink::Event*, blink::EventTargetData*, WTF::Vector&) third_party/WebKit/Source/core/events/EventTarget.cpp:356:9 STDERR: #39 0x3c1d239 in blink::EventTarget::fireEventListeners(blink::Event*) third_party/WebKit/Source/core/events/EventTarget.cpp:292:9 STDERR: #40 0x3c3444e in blink::NodeEventContext::handleLocalEvents(blink::Event&) const third_party/WebKit/Source/core/events/NodeEventContext.cpp:67:5 STDERR: #41 0x3c02443 in dispatchEventAtTarget third_party/WebKit/Source/core/events/EventDispatcher.cpp:171:5 STDERR: #42 0x3c02443 in blink::EventDispatcher::dispatch() third_party/WebKit/Source/core/events/EventDispatcher.cpp:126:0 STDERR: #43 0x3c0090f in blink::EventDispatcher::dispatchEvent(blink::Node&, WTF::RawPtr) third_party/WebKit/Source/core/events/EventDispatcher.cpp:50:12 STDERR: #44 0x3b0b005 in blink::Node::dispatchEvent(WTF::RawPtr) third_party/WebKit/Source/core/dom/Node.cpp:2109:12 STDERR: #45 0x55220a5 in blink::SVGElement::sendSVGLoadEventIfPossible() third_party/WebKit/Source/core/svg/SVGElement.cpp:805:9 STDERR: #46 0x550a37b in blink::SVGDocumentExtensions::dispatchSVGLoadEventToOutermostSVGElements() third_party/WebKit/Source/core/svg/SVGDocumentExtensions.cpp:132:13 STDERR: #47 0x3a0b2fe in blink::Document::implicitClose() third_party/WebKit/Source/core/dom/Document.cpp:2489:9 STDERR: #48 0x4aa537d in blink::FrameLoader::checkCompleted() third_party/WebKit/Source/core/loader/FrameLoader.cpp:550:9 STDERR: #49 0x4aa511c in blink::FrameLoader::finishedParsing() third_party/WebKit/Source/core/loader/FrameLoader.cpp:469:5 STDERR: #50 0x3a2c074 in blink::Document::finishedParsing() third_party/WebKit/Source/core/dom/Document.cpp:4561:9 STDERR: #51 0x4c64f88 in blink::XMLDocumentParser::end() third_party/WebKit/Source/core/xml/parser/XMLDocumentParser.cpp:438:5 STDERR: #52 0x4a88ad7 in blink::DocumentWriter::end() third_party/WebKit/Source/core/loader/DocumentWriter.cpp:117:5 STDERR: #53 0x4a6d429 in endWriting third_party/WebKit/Source/core/loader/DocumentLoader.cpp:740:5 STDERR: #54 0x4a6d429 in blink::DocumentLoader::finishedLoading(double) third_party/WebKit/Source/core/loader/DocumentLoader.cpp:244:0 STDERR: #55 0x4a6d0c5 in blink::DocumentLoader::notifyFinished(blink::Resource*) third_party/WebKit/Source/core/loader/DocumentLoader.cpp:213:9 STDERR: #56 0x470e1c4 in blink::Resource::checkNotify() third_party/WebKit/Source/core/fetch/Resource.cpp:248:9 STDERR: #57 0x470ef3d in blink::Resource::finish() third_party/WebKit/Source/core/fetch/Resource.cpp:307:5 STDERR: #58 0x473b767 in blink::ResourceLoader::didFinishLoading(blink::WebURLLoader*, double, long) third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:457:5 STDERR: #59 0x71ac7dc in content::WebURLLoaderImpl::Context::OnCompletedRequest(int, bool, bool, std::__1::basic_string, std::__1::allocator > const&, base::TimeTicks const&, long) content/child/web_url_loader_impl.cc:758:9 STDERR: #60 0x718a31b in content::ResourceDispatcher::OnRequestComplete(int, ResourceMsg_RequestCompleteData const&) content/child/resource_dispatcher.cc:381:3 STDERR: #61 0x7184e1d in DispatchToMethodImpl base/tuple.h:254:3 STDERR: #62 0x7184e1d in DispatchToMethod base/tuple.h:261:0 STDERR: #63 0x7184e1d in Dispatch content/common/resource_messages.h:348:0 STDERR: #64 0x7184e1d in content::ResourceDispatcher::DispatchMessage(IPC::Message const&) content/child/resource_dispatcher.cc:527:0 STDERR: #65 0x718376d in content::ResourceDispatcher::OnMessageReceived(IPC::Message const&) content/child/resource_dispatcher.cc:119:3 STDERR: #66 0x696067 in Run base/callback.h:396:12 STDERR: #67 0x696067 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #68 0x725a47b in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(unsigned long, bool, base::PendingTask*) components/scheduler/child/task_queue_manager.cc:674:5 STDERR: #69 0x7258822 in scheduler::TaskQueueManager::DoWork(bool) components/scheduler/child/task_queue_manager.cc:627:9 STDERR: #70 0x696067 in Run base/callback.h:396:12 STDERR: #71 0x696067 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #72 0x5d51e7 in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:458:3 STDERR: #73 0x5d63a4 in DeferOrRunPendingTask base/message_loop/message_loop.cc:468:5 STDERR: #74 0x5d63a4 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:580:0 STDERR: #75 0x5dbac0 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:34:21 STDERR: #76 0x5f7498 in base::RunLoop::Run() base/run_loop.cc:55:3 STDERR: #77 0x5d3bbe in base::MessageLoop::Run() base/message_loop/message_loop.cc:286:3 STDERR: #78 0x735765a in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:220:7 STDERR: #79 0x56fbe6 in content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:307:14 STDERR: #80 0x571a7d in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:802:12 STDERR: #81 0x56f1aa in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:15 STDERR: #82 0x4e47a2 in main content/shell/app/shell_main.cc:49:10 STDERR: #83 0x7ff6c766b76c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: AddressSanitizer can not describe address in more detail (wild memory access suspected). STDERR: SUMMARY: AddressSanitizer: use-after-poison (/mnt/data/b/build/slave/WebKit_Linux_Oilpan_ASAN/build/src/out/Release/content_shell+0x47c1f14) STDERR: Shadow bytes around the buggy address: STDERR: 0x0311d349c2f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: 0x0311d349c300: 00 00 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c310: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c320: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c330: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: =>0x0311d349c340: f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c350: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c360: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c370: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0311d349c380: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00 00 00 STDERR: 0x0311d349c390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 STDERR: Shadow byte legend (one shadow byte represents 8 application bytes): STDERR: Addressable: 00 STDERR: Partially addressable: 01 02 03 04 05 06 07 STDERR: Heap left redzone: fa STDERR: Heap right redzone: fb STDERR: Freed heap region: fd STDERR: Stack left redzone: f1 STDERR: Stack mid redzone: f2 STDERR: Stack right redzone: f3 STDERR: Stack partial redzone: f4 STDERR: Stack after return: f5 STDERR: Stack use after scope: f8 STDERR: Global redzone: f9 STDERR: Global init order: f6 STDERR: Poisoned by user: f7 STDERR: Container overflow: fc STDERR: Array cookie: ac STDERR: Intra object redzone: bb STDERR: ASan internal: fe STDERR: Left alloca redzone: ca STDERR: Right alloca redzone: cb STDERR: ==4==ABORTING