crash log for renderer (pid 5802): STDOUT: layer at (0,0) size 800x600 STDOUT: LayoutView at (0,0) size 800x600 STDOUT: layer at (0,0) size 800x101 STDOUT: LayoutBlockFlow {HTML} at (0,0) size 800x101 STDOUT: LayoutBlockFlow {BODY} at (8,8) size 784x85 STDOUT: LayoutImage {IMG} at (0,0) size 160x80 STDOUT: LayoutText {#text} at (0,0) size 0x0 STDERR: ================================================================= STDERR: ==4==ERROR: AddressSanitizer: use-after-poison on address 0x7ea72dde1f00 at pc 0x00000664a758 bp 0x7fffb94fc8e0 sp 0x7fffb94fc8d8 STDERR: READ of size 8 at 0x7ea72dde1f00 thread T0 (content_shell) STDERR: #0 0x664a757 in invalidateRect third_party/WebKit/Source/core/svg/graphics/SVGImageChromeClient.cpp:66:9 STDERR: #1 0x622b518 in invalidatePaintRectangleOnWindow third_party/WebKit/Source/core/layout/LayoutObject.cpp:1196:9 STDERR: #2 0x622b518 in invalidatePaintUsingContainer third_party/WebKit/Source/core/layout/LayoutObject.cpp:1226:0 STDERR: #3 0x62307a8 in fullyInvalidatePaint third_party/WebKit/Source/core/layout/LayoutObject.cpp:1565:5 STDERR: #4 0x622f422 in invalidatePaintIfNeeded third_party/WebKit/Source/core/layout/LayoutObject.cpp:1452:5 STDERR: #5 0x665bd0d in invalidateTreeIfNeeded third_party/WebKit/Source/core/layout/svg/LayoutSVGModelObject.cpp:137:5 STDERR: #6 0x622db9e in invalidatePaintOfSubtreesIfNeeded third_party/WebKit/Source/core/layout/LayoutObject.cpp:1319:13 STDERR: #7 0x6104401 in invalidatePaintOfSubtreesIfNeeded third_party/WebKit/Source/core/layout/LayoutBox.cpp:1497:5 STDERR: #8 0x61431fc in invalidateTreeIfNeeded third_party/WebKit/Source/core/layout/LayoutBoxModelObject.cpp:380:5 STDERR: #9 0x622db9e in invalidatePaintOfSubtreesIfNeeded third_party/WebKit/Source/core/layout/LayoutObject.cpp:1319:13 STDERR: #10 0x6104401 in invalidatePaintOfSubtreesIfNeeded third_party/WebKit/Source/core/layout/LayoutBox.cpp:1497:5 STDERR: #11 0x605c4a0 in invalidatePaintOfSubtreesIfNeeded third_party/WebKit/Source/core/layout/LayoutBlock.cpp:309:5 STDERR: #12 0x61431fc in invalidateTreeIfNeeded third_party/WebKit/Source/core/layout/LayoutBoxModelObject.cpp:380:5 STDERR: #13 0x632e4e6 in invalidateTreeIfNeeded third_party/WebKit/Source/core/layout/LayoutView.cpp:434:5 STDERR: #14 0x56e26fb in invalidateTreeIfNeeded third_party/WebKit/Source/core/frame/FrameView.cpp:1072:5 STDERR: #15 0x56f373c in invalidateTreeIfNeededRecursive third_party/WebKit/Source/core/frame/FrameView.cpp:2602:9 STDERR: #16 0x56f1a17 in updateLifecyclePhasesInternal third_party/WebKit/Source/core/frame/FrameView.cpp:2397:17 STDERR: #17 0x6649f79 in animationTimerFired third_party/WebKit/Source/core/svg/graphics/SVGImageChromeClient.cpp:107:5 STDERR: #18 0xa647089 in ?? third_party/WebKit/Source/platform/Timer.cpp:134:5 STDERR: #19 0xa647472 in ?? third_party/WebKit/Source/platform/Timer.h:111:17 STDERR: #20 0x821d871 in Run base/bind_internal.h:157:12 STDERR: #21 0x821d871 in MakeItSo base/bind_internal.h:297:0 STDERR: #22 0x821d871 in Run base/bind_internal.h:347:0 STDERR: #23 0x6f4b21 in Run base/callback.h:394:12 STDERR: #24 0x6f4b21 in RunTask base/debug/task_annotator.cc:51:0 STDERR: #25 0x82320de in ProcessTaskFromWorkQueue components/scheduler/base/task_queue_manager.cc:264:3 STDERR: #26 0x822edd0 in DoWork components/scheduler/base/task_queue_manager.cc:180:13 STDERR: #27 0x6f4b21 in Run base/callback.h:394:12 STDERR: #28 0x6f4b21 in RunTask base/debug/task_annotator.cc:51:0 STDERR: #29 0x62a7a9 in RunTask base/message_loop/message_loop.cc:486:3 STDERR: #30 0x62bb28 in DeferOrRunPendingTask base/message_loop/message_loop.cc:495:5 STDERR: #31 0x62bb28 in DoWork base/message_loop/message_loop.cc:607:0 STDERR: #32 0x632080 in Run base/message_loop/message_pump_default.cc:33:21 STDERR: #33 0x651d45 in Run base/run_loop.cc:56:3 STDERR: #34 0x628f0e in ?? base/message_loop/message_loop.cc:293:3 STDERR: #35 0x834dfe6 in RendererMain content/renderer/renderer_main.cc:233:7 STDERR: #36 0x5c726e in RunZygote content/app/content_main_runner.cc:306:14 STDERR: #37 0x5c9add in Run content/app/content_main_runner.cc:787:12 STDERR: #38 0x5c657a in ContentMain content/app/content_main.cc:19:15 STDERR: #39 0x4fea42 in main content/shell/app/shell_main.cc:48:10 STDERR: #40 0x7f6e5d7d476c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: AddressSanitizer can not describe address in more detail (wild memory access suspected). STDERR: SUMMARY: AddressSanitizer: use-after-poison (/mnt/data/b/build/slave/WebKit_Linux_Oilpan_ASAN/build/src/out/Release/content_shell+0x664a757) STDERR: Shadow bytes around the buggy address: STDERR: 0x0fd565bb4390: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb43a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb43b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb43c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb43d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: =>0x0fd565bb43e0:[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb43f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb4400: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb4410: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb4420: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: 0x0fd565bb4430: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 STDERR: Shadow byte legend (one shadow byte represents 8 application bytes): STDERR: Addressable: 00 STDERR: Partially addressable: 01 02 03 04 05 06 07 STDERR: Heap left redzone: fa STDERR: Heap right redzone: fb STDERR: Freed heap region: fd STDERR: Stack left redzone: f1 STDERR: Stack mid redzone: f2 STDERR: Stack right redzone: f3 STDERR: Stack partial redzone: f4 STDERR: Stack after return: f5 STDERR: Stack use after scope: f8 STDERR: Global redzone: f9 STDERR: Global init order: f6 STDERR: Poisoned by user: f7 STDERR: Container overflow: fc STDERR: Array cookie: ac STDERR: Intra object redzone: bb STDERR: ASan internal: fe STDERR: Left alloca redzone: ca STDERR: Right alloca redzone: cb STDERR: [5714:5790:0120/114302:7070842675:WARNING:crash_handler_host_linux.cc(293)] Could not translate tid - assuming crashing thread is thread group leader; syscall_supported=1 STDERR: ==4==ABORTING