================================================================= ==7641== ERROR: AddressSanitizer heap-use-after-free on address 0x7fffe7a80bf0 at pc 0x55555ae2ae4a bp 0x7fffffff7bf0 sp 0x7fffffff7be8 READ of size 8 at 0x7fffe7a80bf0 thread T0 #0 0x55555ae2ae4a in WebCore::RenderQuote::placeQuote() ???:0 #1 0x55555ae256a8 in WebCore::RenderObjectChildList::appendChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) ???:0 #2 0x55555ae0a0dd in WebCore::RenderObject::addChild(WebCore::RenderObject*, WebCore::RenderObject*) ???:0 #3 0x55555ad5a2e2 in WebCore::RenderInline::addChildIgnoringContinuation(WebCore::RenderObject*, WebCore::RenderObject*) ???:0 #4 0x55555ae2886c in WebCore::RenderObjectChildList::updateBeforeAfterContent(WebCore::RenderObject*, WebCore::PseudoId, WebCore::RenderObject const*) ???:0 #5 0x55555ad586b3 in WebCore::RenderInline::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) ???:0 #6 0x55555ae1991d in WebCore::RenderObject::setStyle(WTF::PassRefPtr) ???:0 #7 0x55555ae18d79 in WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr) ???:0 #8 0x5555599ab196 in WebCore::Node::setRenderStyle(WTF::PassRefPtr) ???:0 #9 0x555559970588 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #10 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #11 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #12 0x555559910662 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) ???:0 #13 0x55555991247b in WebCore::Document::updateStyleIfNeeded() ???:0 #14 0x555559911df9 in WebCore::Document::implicitClose() ???:0 #15 0x55555a5bfeb6 in WebCore::FrameLoader::checkCompleted() ???:0 #16 0x55555a5bc7a8 in WebCore::FrameLoader::finishedParsing() ???:0 #17 0x55555992feaa in WebCore::Document::finishedParsing() ???:0 #18 0x555559c3c733 in WebCore::HTMLDocumentParser::prepareToStopParsing() ???:0 #19 0x55555a5a1e74 in WebCore::DocumentWriter::endIfNotLoadingMainResource() ???:0 #20 0x55555a5d8b89 in WebCore::FrameLoader::finishedLoading() ???:0 #21 0x55555a5ff3c1 in WebCore::MainResourceLoader::didFinishLoading(double) ???:0 #22 0x55555bcda292 in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string, std::allocator > const&, base::TimeTicks const&) ???:0 #23 0x555559288aea in ResourceDispatcher::OnRequestComplete(int, net::URLRequestStatus const&, std::basic_string, std::allocator > const&, base::TimeTicks const&) ???:0 #24 0x555559289cdb in bool ResourceMsg_RequestComplete::Dispatch, std::allocator > const&, base::TimeTicks const&)>(IPC::Message const*, ResourceDispatcher*, ResourceDispatcher*, void (ResourceDispatcher::*)(int, net::URLRequestStatus const&, std::basic_string, std::allocator > const&, base::TimeTicks const&)) ???:0 #25 0x5555592862ac in ResourceDispatcher::DispatchMessage(IPC::Message const&) ???:0 #26 0x555559284230 in ResourceDispatcher::OnMessageReceived(IPC::Message const&) ???:0 #27 0x55555918cb1f in ChildThread::OnMessageReceived(IPC::Message const&) ???:0 #28 0x5555592e9949 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0 #29 0x555557ac5db6 in MessageLoop::RunTask(base::PendingTask const&) ???:0 #30 0x555557ac6616 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ???:0 #31 0x555557ac78fb in MessageLoop::DoWork() ???:0 #32 0x555557ad2337 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0 #33 0x555557ac497e in MessageLoop::RunInternal() ???:0 #34 0x555557ac2b6f in MessageLoop::Run() ???:0 #35 0x55555c868f32 in RendererMain(content::MainFunctionParams const&) ???:0 #36 0x555557a22708 in (anonymous namespace)::RunNamedProcessTypeMain(std::basic_string, std::allocator > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main.cc:0 #37 0x555557a21bd4 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ???:0 #38 0x555556244167 in ChromeMain ??:0 #39 0x5555562440bb in main ???:0 #40 0x7ffff20a530d in ?? ??:0 0x7fffe7a80bf0 is located 112 bytes inside of 120-byte region [0x7fffe7a80b80,0x7fffe7a80bf8) freed by thread T0 here: #0 0x55555da84712 in free ??:0 #1 0x55555ae242da in WebCore::RenderObjectChildList::destroyLeftoverChildren() ???:0 #2 0x55555ad5764a in WebCore::RenderInline::willBeDestroyed() ???:0 #3 0x55555ae1eff2 in WebCore::RenderObject::destroy() ???:0 #4 0x55555ae27054 in WebCore::RenderObjectChildList::updateBeforeAfterContent(WebCore::RenderObject*, WebCore::PseudoId, WebCore::RenderObject const*) ???:0 #5 0x55555ad586b3 in WebCore::RenderInline::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) ???:0 #6 0x55555ae1991d in WebCore::RenderObject::setStyle(WTF::PassRefPtr) ???:0 #7 0x55555ae18d79 in WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr) ???:0 #8 0x5555599ab196 in WebCore::Node::setRenderStyle(WTF::PassRefPtr) ???:0 #9 0x555559970588 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #10 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #11 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #12 0x555559910662 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) ???:0 #13 0x55555991247b in WebCore::Document::updateStyleIfNeeded() ???:0 #14 0x55555a2b79d5 in WebCore::DeleteButtonController::enable() ???:0 #15 0x55555a98d9bf in WebCore::EditCommandComposition::unapply() ???:0 #16 0x5555593df922 in WebKit::EditorClientImpl::undo() ???:0 #17 0x55555a30e350 in WebCore::executeUndo(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) third_party/WebKit/Source/WebCore/editing/EditorCommand.cpp:0 #18 0x55555a3071c1 in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const ???:0 #19 0x55555992b776 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) ???:0 #20 0x55555b3cf32b in WebCore::DocumentInternal::execCommandCallback(v8::Arguments const&) out/Release/obj/gen/webkit/bindings/V8DerivedSources16.cpp:0 #21 0x5555587c6896 in v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>, v8::internal::Isolate*) v8/src/builtins.cc:0 #22 0x96661c0424e #23 0x96661c30cf1 #24 0x96661c0702e #25 0x96661c1fba1 #26 0x96661c08677 #27 0x555558813458 in v8::internal::Invoke(bool, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*, bool*) v8/src/execution.cc:0 #28 0x55555877b872 in v8::Function::Call(v8::Handle, int, v8::Handle*) ???:0 previously allocated by thread T0 here: #0 0x55555da847d2 in malloc ??:0 #1 0x55555ae2861a in WebCore::RenderObjectChildList::updateBeforeAfterContent(WebCore::RenderObject*, WebCore::PseudoId, WebCore::RenderObject const*) ???:0 #2 0x55555ad586b3 in WebCore::RenderInline::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) ???:0 #3 0x55555ae1991d in WebCore::RenderObject::setStyle(WTF::PassRefPtr) ???:0 #4 0x55555ae18d79 in WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr) ???:0 #5 0x5555599ab196 in WebCore::Node::setRenderStyle(WTF::PassRefPtr) ???:0 #6 0x555559970588 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #7 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #8 0x555559970d12 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #9 0x555559910662 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) ???:0 #10 0x55555991247b in WebCore::Document::updateStyleIfNeeded() ???:0 #11 0x55555991286e in WebCore::Document::updateLayout() ???:0 #12 0x555559912b36 in WebCore::Document::updateLayoutIgnorePendingStylesheets() ???:0 #13 0x55555a9ce2b3 in WebCore::DeleteSelectionCommand::fixupWhitespace() ???:0 #14 0x55555a9d7b5a in WebCore::DeleteSelectionCommand::doApply() ???:0 #15 0x55555a98ef01 in WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr) ???:0 #16 0x55555a99af00 in WebCore::CompositeEditCommand::deleteSelection(bool, bool, bool, bool) ???:0 #17 0x55555a9ef792 in WebCore::InsertTextCommand::doApply() ???:0 #18 0x55555a98f2da in WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr, WebCore::VisibleSelection const&) ???:0 #19 0x55555a3df67d in WebCore::TypingCommand::insertTextRunWithoutNewlines(WTF::String const&, bool) ???:0 #20 0x55555a3db2a2 in WebCore::TypingCommand::insertText(WTF::String const&, bool) ???:0 #21 0x55555a98e57a in WebCore::CompositeEditCommand::apply() ???:0 #22 0x55555a3da845 in WebCore::TypingCommand::insertText(WebCore::Document*, WTF::String const&, WebCore::VisibleSelection const&, unsigned int, WebCore::TypingCommand::TextCompositionType) ???:0 ==7641== ABORTING Stats: 8M malloced (11M for red zones) by 35294 calls Stats: 2M realloced by 1747 calls Stats: 7M freed by 26000 calls Stats: 0M really freed by 0 calls Stats: 52M (13320 full pages) mmaped in 13 calls mmaps by size class: 8:32766; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256; 15:128; 16:64; 17:32; 18:16; 19:8; mallocs by size class: 8:29184; 9:3663; 10:1308; 11:556; 12:300; 13:80; 14:154; 15:25; 16:11; 17:9; 18:1; 19:3; frees by size class: 8:20682; 9:3205; 10:1195; 11:428; 12:256; 13:60; 14:140; 15:20; 16:4; 17:6; 18:1; 19:3; rfrees by size class: Stats: malloc large: 13 small slow: 151 Shadow byte and word: 0x1ffffcf5017e: fd 0x1ffffcf50178: fd fd fd fd fd fd fd fd More shadow bytes: 0x1ffffcf50158: fd fd fd fd fd fd fd fd 0x1ffffcf50160: fa fa fa fa fa fa fa fa 0x1ffffcf50168: fa fa fa fa fa fa fa fa 0x1ffffcf50170: fd fd fd fd fd fd fd fd =>0x1ffffcf50178: fd fd fd fd fd fd fd fd 0x1ffffcf50180: fa fa fa fa fa fa fa fa 0x1ffffcf50188: fa fa fa fa fa fa fa fa 0x1ffffcf50190: fd fd fd fd fd fd fd fd 0x1ffffcf50198: fd fd fd fd fd fd fd fd