================================================================= ==12943== ERROR: AddressSanitizer heap-use-after-free on address 0x7fffed58b280 at pc 0x55555b9b7376 bp 0x7fffffff09f0 sp 0x7fffffff09e8 READ of size 8 at 0x7fffed58b280 thread T0 #0 0x55555b9b7376 in WebCore::RenderSVGContainer::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #1 0x55555b964e67 in WebCore::RenderSVGResourceMarker::draw(WebCore::PaintInfo&, WebCore::AffineTransform const&) ???:0 #2 0x55555b97c0ce in WebCore::SVGMarkerLayoutInfo::drawMarkers(WebCore::PaintInfo&) ???:0 #3 0x55555b974640 in WebCore::RenderSVGShape::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #4 0x55555ac21ee7 in WebCore::RenderBox::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #5 0x55555b66d7a4 in WebCore::RenderSVGRoot::paintReplaced(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #6 0x55555ad9feed in WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #7 0x55555ab28cb4 in WebCore::InlineBox::paint(WebCore::PaintInfo&, WebCore::IntPoint const&, int, int) ???:0 #8 0x55555ab3b3c6 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::IntPoint const&, int, int) ???:0 #9 0x55555ae5b361 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::IntPoint const&, int, int) ???:0 #10 0x55555ad3f64e in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::IntPoint const&) const ???:0 #11 0x55555ab93de0 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #12 0x55555ab953d6 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #13 0x55555ab901f8 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #14 0x55555ab946b3 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #15 0x55555ab93df0 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #16 0x55555ab953d6 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #17 0x55555ab901f8 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) ???:0 #18 0x55555acfb5bd in WebCore::RenderLayer::paintLayerContents(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap, WTF::HashTraits, WTF::HashTraits >*, unsigned int) ???:0 #19 0x55555acf8d56 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap, WTF::HashTraits, WTF::HashTraits >*, unsigned int) ???:0 #20 0x55555acfbfee in WebCore::RenderLayer::paintLayerContents(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap, WTF::HashTraits, WTF::HashTraits >*, unsigned int) ???:0 #21 0x55555acf8d56 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap, WTF::HashTraits, WTF::HashTraits >*, unsigned int) ???:0 #22 0x55555acf78dd in WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, unsigned int) ???:0 #23 0x55555a661b25 in WebCore::FrameView::paintContents(WebCore::GraphicsContext*, WebCore::IntRect const&) ???:0 #24 0x555559cb0396 in WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) ???:0 #25 0x55555923ea76 in WebKit::WebFrameImpl::paintWithContext(WebCore::GraphicsContext&, WebKit::WebRect const&) ???:0 #26 0x55555923edc1 in WebKit::WebFrameImpl::paint(SkCanvas*, WebKit::WebRect const&) ???:0 #27 0x555559281201 in WebKit::WebViewImpl::paint(SkCanvas*, WebKit::WebRect const&) ???:0 #28 0x55555c813a36 in RenderWidget::PaintRect(gfx::Rect const&, gfx::Point const&, skia::PlatformCanvas*) ???:0 #29 0x55555c817de0 in RenderWidget::DoDeferredUpdate() ???:0 #30 0x55555c80d8f1 in RenderWidget::OnUpdateRectAck() ???:0 #31 0x55555c80bce4 in RenderWidget::OnMessageReceived(IPC::Message const&) ???:0 #32 0x55555c7bf942 in RenderViewImpl::OnMessageReceived(IPC::Message const&) ???:0 #33 0x555559155399 in MessageRouter::RouteMessage(IPC::Message const&) ???:0 #34 0x555559155200 in MessageRouter::OnMessageReceived(IPC::Message const&) ???:0 #35 0x555559078569 in ChildThread::OnMessageReceived(IPC::Message const&) ???:0 #36 0x5555591ca3e9 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0 #37 0x555557a25a51 in MessageLoop::RunTask(base::PendingTask const&) ???:0 #38 0x555557a26206 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ???:0 #39 0x555557a274e7 in MessageLoop::DoWork() ???:0 #40 0x555557a32067 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0 #41 0x555557a2469e in MessageLoop::RunInternal() ???:0 #42 0x555557a2288f in MessageLoop::Run() ???:0 #43 0x55555c834a7a in RendererMain(content::MainFunctionParams const&) ???:0 #44 0x555557982340 in (anonymous namespace)::RunNamedProcessTypeMain(std::basic_string, std::allocator > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main.cc:0 #45 0x555557981814 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ???:0 #46 0x5555561bb127 in ChromeMain ??:0 #47 0x5555561bb04b in main ???:0 #48 0x7ffff202b76d in ?? ??:0 0x7fffed58b280 is located 0 bytes inside of 240-byte region [0x7fffed58b280,0x7fffed58b370) freed by thread T0 here: #0 0x55555d9cba92 in free ??:0 #1 0x5555598da9fc in WebCore::Node::detach() ???:0 #2 0x55555989b655 in WebCore::Element::detach() ???:0 #3 0x555559818cd9 in WebCore::ContainerNode::detach() ???:0 #4 0x55555989b655 in WebCore::Element::detach() ???:0 #5 0x55555989cadb in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #6 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #7 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #8 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #9 0x555559838702 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) ???:0 #10 0x55555983a74b in WebCore::Document::updateStyleIfNeeded() ???:0 #11 0x55555983a045 in WebCore::Document::implicitClose() ???:0 #12 0x55555a4fbbda in WebCore::FrameLoader::checkCompleted() ???:0 #13 0x55555a4f8198 in WebCore::FrameLoader::finishedParsing() ???:0 #14 0x55555985a64a in WebCore::Document::finishedParsing() ???:0 #15 0x555559b633f3 in WebCore::HTMLDocumentParser::prepareToStopParsing() ???:0 #16 0x55555a4dddc4 in WebCore::DocumentWriter::endIfNotLoadingMainResource() ???:0 #17 0x55555a514ec9 in WebCore::FrameLoader::finishedLoading() ???:0 #18 0x55555a53bb21 in WebCore::MainResourceLoader::didFinishLoading(double) ???:0 #19 0x55555bcddef7 in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string, std::allocator > const&, base::TimeTicks const&) ???:0 #20 0x5555591762bb in ResourceDispatcher::OnRequestComplete(int, net::URLRequestStatus const&, std::basic_string, std::allocator > const&, base::TimeTicks const&) ???:0 #21 0x555559173b15 in ResourceDispatcher::DispatchMessage(IPC::Message const&) ???:0 #22 0x5555591718f1 in ResourceDispatcher::OnMessageReceived(IPC::Message const&) ???:0 #23 0x555559077faf in ChildThread::OnMessageReceived(IPC::Message const&) ???:0 #24 0x5555591ca3e9 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0 #25 0x555557a25a51 in MessageLoop::RunTask(base::PendingTask const&) ???:0 #26 0x555557a26206 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ???:0 #27 0x555557a274e7 in MessageLoop::DoWork() ???:0 #28 0x555557a32067 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0 #29 0x555557a2469e in MessageLoop::RunInternal() ???:0 previously allocated by thread T0 here: #0 0x55555d9cbb52 in malloc ??:0 #1 0x55555b8067c4 in WebCore::SVGMarkerElement::createRenderer(WebCore::RenderArena*, WebCore::RenderStyle*) ???:0 #2 0x5555598fdfc3 in WebCore::NodeRendererFactory::createRenderer() ???:0 #3 0x5555598feb4c in WebCore::NodeRendererFactory::createRendererIfNeeded() ???:0 #4 0x5555598da916 in WebCore::Node::createRendererIfNeeded() ???:0 #5 0x55555989ad72 in WebCore::Element::attach() ???:0 #6 0x55555b8ae56e in WebCore::SVGStyledElement::attach() ???:0 #7 0x555559818c09 in WebCore::ContainerNode::attach() ???:0 #8 0x55555989ae12 in WebCore::Element::attach() ???:0 #9 0x55555b8ae56e in WebCore::SVGStyledElement::attach() ???:0 #10 0x55555989cb1c in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #11 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #12 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #13 0x55555989d666 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) ???:0 #14 0x555559838702 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) ???:0 #15 0x55555983a74b in WebCore::Document::updateStyleIfNeeded() ???:0 #16 0x555559855d9c in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) ???:0 #17 0x55555b3a337b in WebCore::DocumentInternal::execCommandCallback(v8::Arguments const&) out/Release/obj/gen/webkit/bindings/V8DerivedSources16.cpp:0 #18 0x555558721846 in v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>, v8::internal::Isolate*) v8/src/builtins.cc:0 #19 0x3d12e2d0610e in #20 0x3d12e2d32098 in #21 0x3d12e2d0986e in ==12943== ABORTING Stats: 5M malloced (7M for red zones) by 21597 calls Stats: 0M realloced by 61 calls Stats: 4M freed by 12274 calls Stats: 0M really freed by 0 calls Stats: 48M (12295 full pages) mmaped in 12 calls mmaps by size class: 8:32766; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256; 15:128; 16:64; 17:32; 18:16; mallocs by size class: 8:15296; 9:4445; 10:1163; 11:407; 12:74; 13:58; 14:123; 15:11; 16:11; 17:7; 18:2; frees by size class: 8:6744; 9:4004; 10:1039; 11:284; 12:35; 13:41; 14:110; 15:7; 16:4; 17:4; 18:2; rfrees by size class: Stats: malloc large: 9 small slow: 108 Shadow byte and word: 0x1ffffdab1650: fd 0x1ffffdab1650: fd fd fd fd fd fd fd fd More shadow bytes: 0x1ffffdab1630: fa fa fa fa fa fa fa fa 0x1ffffdab1638: fa fa fa fa fa fa fa fa 0x1ffffdab1640: fa fa fa fa fa fa fa fa 0x1ffffdab1648: fa fa fa fa fa fa fa fa =>0x1ffffdab1650: fd fd fd fd fd fd fd fd 0x1ffffdab1658: fd fd fd fd fd fd fd fd 0x1ffffdab1660: fd fd fd fd fd fd fd fd 0x1ffffdab1668: fd fd fd fd fd fd fd fd 0x1ffffdab1670: fa fa fa fa fa fa fa fa [12883:12904:7183271510:ERROR:nss_ocsp.cc(588)] No URLRequestContext for OCSP handler.