Chrome has been doing this on -current for a while on my system. I spoke to robert about it, but it was not clear if it was something about my local setup causing this. Either way, no-one else could reproduce it at the time.
What graphics card do you have? I wonder if its something to do with hardware accelerated graphics? On 16 April 2016 03:58:09 BST, Greg Steuck <g...@nest.cx> wrote: >Out of the blue after 5.9 upgrade I've started getting chromium >reporting >use-after-free. I do not seem to be the only person with this problem >http://www.bsdforen.de/threads/chromium-st%C3%BCrzt-mit-dem-fehler-chrome-in-free-ab.32523/ >I suspect both of us have some bizarre left over state on our systems. >Still, if somebody knows what that state might be, I'm curious. > >% uname -a >OpenBSD mymachine 5.9 GENERIC#1761 amd64 >% gdb /usr/local/chrome/chrome >... >(gdb) r >Starting program: /usr/local/chrome/chrome > >Program received signal SIGCONT, Continued. >[Switching to thread 1022778] >__tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75 >75 call *%r8 >Current language: auto; currently asm >(gdb) c >Continuing. >chrome(2215) in free(): error: use after free 0x888158178c0 > >Program received signal SIGABRT, Aborted. >[Switching to thread 1003708] >0x00000888034b887a in thrkill () at <stdin>:2 >2 <stdin>: No such file or directory. > in <stdin> >(gdb) where >#0 0x00000888034b887a in thrkill () at <stdin>:2 >#1 0x00000888034b3f39 in *_libc_abort () at >/usr/src/lib/libc/stdlib/abort.c:52 >#2 0x0000088803496279 in wrterror (msg=0x888035bf378 "use after free", >p=0x888158178c0) at /usr/src/lib/libc/stdlib/malloc.c:283 >#3 0x000008880349784c in ofree (p=0x888158178c0) at >/usr/src/lib/libc/stdlib/malloc.c:1235 >#4 0x00000888034978ee in free (ptr=0x887ce8c9940) at >/usr/src/lib/libc/stdlib/malloc.c:1340 >#5 0x0000088810167f82 in SECMOD_LoadModule () from >/usr/local/lib/libnss3.so.39.0 >#6 0x00000888101680d5 in SECMOD_LoadModule () from >/usr/local/lib/libnss3.so.39.0 >#7 0x0000088810134024 in nss_Init () from >/usr/local/lib/libnss3.so.39.0 >#8 0x00000888101349eb in NSS_InitReadWrite () from >/usr/local/lib/libnss3.so.39.0 >#9 0x0000088574644112 in std::vector<unsigned char, >std::allocator<unsigned char> >::_M_fill_assign () from >/usr/local/chrome/chrome >#10 0x00000885748e9744 in std::_Rb_tree<int, int, std::_Identity<int>, >std::less<int>, std::allocator<int> >::count () from >/usr/local/chrome/chrome >#11 0x00000885749de4c3 in >_ZNSt6vectorIxSaIxEE19_M_emplace_back_auxIJxEEEvDpOT_ () from >/usr/local/chrome/chrome >#12 0x0000088574a93b7f in >std::vector<__gnu_cxx::_Hashtable_node<unsigned >long long>*, std::allocator<__gnu_cxx::_Hashtable_node<unsigned long >long>*> >::_M_fill_insert () > from /usr/local/chrome/chrome >#13 0x0000088574960dc5 in >_ZNSt6vectorISt4pairISsSsESaIS1_EE19_M_emplace_back_auxIJRKS1_EEEvDpOT_ >() >from /usr/local/chrome/chrome >#14 0x000008857496d64c in std::vector<unsigned long, >std::allocator<unsigned long> >::operator= () from >/usr/local/chrome/chrome >#15 0x0000088574237446 in std::_Rb_tree<std::string, std::string, >std::_Identity<std::string>, std::less<std::string>, >std::allocator<std::string> >::_M_copy () > from /usr/local/chrome/chrome >#16 0x0000088576efd817 in std::_Rb_tree<long long, long long, >std::_Identity<long long>, std::less<long long>, std::allocator<long >long> >>::erase () from /usr/local/chrome/chrome >#17 0x000008857712b1ba in std::_Rb_tree<std::string, >std::pair<std::string >const, std::set<int, std::less<int>, std::allocator<int> > >, >std::_Select1st<std::pair<std::string const, std::set<int, >std::less<int>, >std::allocator<int> > > >, std::less<std::string>, >std::allocator<std::pair<std::string const, std::set<int, >std::less<int>, >std::allocator<int> > > > >::_M_erase () > from /usr/local/chrome/chrome >#18 0x00000885745f0d5a in std::_Rb_tree<std::string, >std::pair<std::string >const, int>, std::_Select1st<std::pair<std::string const, int> >, >std::less<std::string>, std::allocator<std::pair<std::string const, >int> > >>::_M_insert_<std::pair<std::string, int> > () from >/usr/local/chrome/chrome >#19 0x00000885745eba25 in std::string::_M_replace_dispatch<wchar_t >const*> >() from /usr/local/chrome/chrome >#20 0x000008885b19080e in _rthread_start (v=Variable "v" is not >available. >) at /usr/src/lib/librthread/rthread.c:145 >#21 0x000008880344052b in __tfork_thread () at >/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75 >#22 0x0000000000000000 in ?? () > >% pkg_info chromium >Information for inst:chromium-48.0.2564.116 >... > >Thanks >Greg >-- >nest.cx is Gmail hosted, use PGP for anything private. Key: >http://goo.gl/6dMsr >Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0 -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
