Issue 590674 link

Starred by 0 users

Issue metadata

Status:	Duplicate
Merged:	issue 590468
Owner:	eroman@chromium.org
Closed:	Feb 2016
Cc:	█ olli.ra...@intel.com davidben@chromium.org gov...@chromium.org ligim...@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	1
Type:	Bug
Stability-Crash ReleaseBlock-Beta Hotlist-SyzyASAN M-51

Chrome: [Win-ASAN]Crash Report - net::ProxyService::PacRequest::Cancel

Project Member Reported by ranjitkan@chromium.org, Feb 29 2016

Issue description

Product name: Chrome
Magic Signature: net::ProxyService::PacRequest::Cancel

Current link:
crash.corp.google.com/browse?q=product.name%3D'Chrome'%20AND%20product.version%3D'51.0.2662.1'%20AND%20custom_data.ChromeCrashProto.ptype%3D'browser'%20AND%20ReportID%3D'6fcdf77000000000'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'net%3A%3AProxyService%3A%3APacRequest%3A%3ACancel'&ignore_case=false#3


Search properties:
product.name: Chrome
product.version: 51.0.2662.1
custom_data.chromecrashproto.ptype: browser
reportid: 6fcdf77000000000

Metadata :
Product Name: Chrome
Product Version: 51.0.2662.1
Report ID: 6fcdf77000000000
Report Time: Sun, 28 Feb 2016 23:42:17 GMT
Cumulative Uptime: 0 ms
User Email: 
OS Name: Windows NT
OS Version: 10.0.10586 
CPU Architecture: x86
CPU Info: AuthenticAMD family 21 model 2 stepping 0

Stack Signature:
================
CRASHED [EXCEPTION_BOUNDS_EXCEEDED @ 0x5e6ac5dd ] MAGIC SIGNATURE THREAD
0x5e6ac5dd	(chrome.dll -proxy_service.cc:818 )	net::ProxyService::PacRequest::Cancel()
0x5e6ac611	(chrome.dll -proxy_service.cc:1312 )	net::ProxyService::CancelPacRequest(net::ProxyService::PacRequest *)
0x5e761b9d	(chrome.dll -http_stream_factory_impl_job.cc:241 )	net::HttpStreamFactoryImpl::Job::~Job()
0x5e6da514	(chrome.dll -http_stream_factory_impl.cc:361 )	net::HttpStreamFactoryImpl::OnOrphanedJobComplete(net::HttpStreamFactoryImpl::Job const *)
0x5e765332	(chrome.dll -http_stream_factory_impl_job.cc:353 )	net::HttpStreamFactoryImpl::Job::Orphan(net::HttpStreamFactoryImpl::Request const *)
0x5e6da5a7	(chrome.dll -http_stream_factory_impl.cc:310 )	net::HttpStreamFactoryImpl::OrphanJob(net::HttpStreamFactoryImpl::Job *,net::HttpStreamFactoryImpl::Request const *)
0x5e767589	(chrome.dll -http_stream_factory_impl_request.cc:375 )	net::HttpStreamFactoryImpl::Request::OrphanJobs()
0x5e766e03	(chrome.dll -http_stream_factory_impl_request.cc:365 )	net::HttpStreamFactoryImpl::Request::BindJob(net::HttpStreamFactoryImpl::Job *)
0x5e7670ff	(chrome.dll -http_stream_factory_impl_request.cc:418 )	net::HttpStreamFactoryImpl::Request::OnJobSucceeded(net::HttpStreamFactoryImpl::Job *)
0x5e7674a5	(chrome.dll -http_stream_factory_impl_request.cc:90 )	net::HttpStreamFactoryImpl::Request::OnStreamReady(net::HttpStreamFactoryImpl::Job *,net::SSLConfig const &,net::ProxyInfo const &,net::HttpStream *)
0x5e76518d	(chrome.dll -http_stream_factory_impl_job.cc:436 )	net::HttpStreamFactoryImpl::Job::OnStreamReadyCallback()
0x5fb640b1	(chrome.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)> >::MakeItSo<base::WeakPtr<HoverTabSelector> >(base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)>,base::WeakPtr<HoverTabSelector>)
0x5fb64186	(chrome.dll -bind_internal.h:354 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)>,void ,base::WeakPtr<HoverTabSelector> >,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)> >,void >::Run(base::internal::BindStateBase *)
0x5d8786f1	(chrome.dll -task_annotator.cc:51 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &)
0x5d802540	(chrome.dll -message_loop.cc:476 )	base::MessageLoop::RunTask(base::PendingTask const &)
0x5d803872	(chrome.dll -message_loop.cc:597 )	base::MessageLoop::DoWork()
0x5d877d33	(chrome.dll -message_pump_win.cc:485 )	base::MessagePumpForIO::DoRunLoop()
0x5d876c6d	(chrome.dll -message_pump_win.cc:50 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x5d86234e	(chrome.dll -run_loop.cc:35 )	base::RunLoop::Run()
0x5d82c16c	(chrome.dll -thread.cc:202 )	base::Thread::Run(base::MessageLoop *)
0x5eb2d7ba	(chrome.dll -browser_thread_impl.cc:215 )	content::BrowserThreadImpl::IOThreadRun(base::MessageLoop *)
0x5eb2de30	(chrome.dll -browser_thread_impl.cc:251 )	content::BrowserThreadImpl::Run(base::MessageLoop *)
0x5d82c3bc	(chrome.dll -thread.cc:254 )	base::Thread::ThreadMain()
0x5d83e4d6	(chrome.dll -platform_thread_win.cc:84 )	base::`anonymous namespace'::ThreadFunc(void *)
0x749138f3	(kernel32.dll + 0x000138f3 )	BaseThreadInitThunk
0x770f5e12	(ntdll.dll + 0x00065e12 )	__RtlUserThreadStart
0x770f5ddd	(ntdll.dll + 0x00065ddd )	_RtlUserThreadStart
ASAN Free Stack Trace
0x6320951a	(syzyasan_rtl.dll -block_heap_manager.cc:294 )	agent::asan::heap_managers::BlockHeapManager::Free(unsigned int,void *)
0x6320c80d	(syzyasan_rtl.dll -rtl_impl.cc:123 )	asan_HeapFree
0x5f43b014	(chrome.dll -free.c:51 )	free
0x5e6ae33f	(chrome.dll -ref_counted.h:419 )	scoped_refptr<net::ProxyService::PacRequest>::Release(net::ProxyService::PacRequest *)
0x5e6ae37b	(chrome.dll -proxy_service.cc:1329 )	net::ProxyService::RemovePendingRequest(net::ProxyService::PacRequest *)
0x5e6ae05e	(chrome.dll -proxy_service.cc:883 )	net::ProxyService::PacRequest::QueryComplete(int)
0x5ed8bed0	(chrome.dll -bind_internal.h:355 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( content::AppCacheDiskCache::ActiveCall::*)(int)>,void ,scoped_refptr<content::AppCacheDiskCache::ActiveCall> &>,base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<void ( content::AppCacheDiskCache::ActiveCall::*)(int)> >,void >::Run(base::internal::BindStateBase *,int const &)
0x5fd9a3b8	(chrome.dll -proxy_resolver_factory_mojo.cc:257 )	net::`anonymous namespace'::ProxyResolverMojo::Job::CompleteRequest(int)
0x5fd99e2e	(chrome.dll -proxy_resolver_factory_mojo.cc:205 )	net::`anonymous namespace'::ProxyResolverMojo::RequestImpl::~RequestImpl()
0x5fd99fa6	(chrome.dll + 0x025d9fa6 )	net::`anonymous namespace'::ProxyResolverMojo::RequestImpl::`scalar deleting destructor'(unsigned int)
0x5e6ac665	(chrome.dll -proxy_service.cc:808 )	net::ProxyService::PacRequest::CancelResolveJob()
0x5e6ac5d0	(chrome.dll -proxy_service.cc:818 )	net::ProxyService::PacRequest::Cancel()
0x5e761b9e	(chrome.dll -http_stream_factory_impl_job.cc:244 )	net::HttpStreamFactoryImpl::Job::~Job()
0x5e6da515	(chrome.dll -http_stream_factory_impl.cc:361 )	net::HttpStreamFactoryImpl::OnOrphanedJobComplete(net::HttpStreamFactoryImpl::Job const *)
0x5e765333	(chrome.dll -http_stream_factory_impl_job.cc:353 )	net::HttpStreamFactoryImpl::Job::Orphan(net::HttpStreamFactoryImpl::Request const *)
0x5e6da5a8	(chrome.dll -http_stream_factory_impl.cc:310 )	net::HttpStreamFactoryImpl::OrphanJob(net::HttpStreamFactoryImpl::Job *,net::HttpStreamFactoryImpl::Request const *)
0x5e76758a	(chrome.dll -http_stream_factory_impl_request.cc:374 )	net::HttpStreamFactoryImpl::Request::OrphanJobs()
0x5e766e04	(chrome.dll -http_stream_factory_impl_request.cc:365 )	net::HttpStreamFactoryImpl::Request::BindJob(net::HttpStreamFactoryImpl::Job *)
0x5e767100	(chrome.dll -http_stream_factory_impl_request.cc:418 )	net::HttpStreamFactoryImpl::Request::OnJobSucceeded(net::HttpStreamFactoryImpl::Job *)
0x5e7674a6	(chrome.dll -http_stream_factory_impl_request.cc:91 )	net::HttpStreamFactoryImpl::Request::OnStreamReady(net::HttpStreamFactoryImpl::Job *,net::SSLConfig const &,net::ProxyInfo const &,net::HttpStream *)
0x5e76518e	(chrome.dll -http_stream_factory_impl_job.cc:436 )	net::HttpStreamFactoryImpl::Job::OnStreamReadyCallback()
0x5fb640b2	(chrome.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)> >::MakeItSo<base::WeakPtr<HoverTabSelector> >(base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)>,base::WeakPtr<HoverTabSelector>)
0x5fb64187	(chrome.dll -bind_internal.h:354 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)>,void ,base::WeakPtr<HoverTabSelector> >,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( HoverTabSelector::*)(void)> >,void >::Run(base::internal::BindStateBase *)
0x5d8786f2	(chrome.dll -task_annotator.cc:51 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &)
0x5d802541	(chrome.dll -message_loop.cc:478 )	base::MessageLoop::RunTask(base::PendingTask const &)
0x5d803873	(chrome.dll -message_loop.cc:598 )	base::MessageLoop::DoWork()
0x5d877d34	(chrome.dll -message_pump_win.cc:485 )	base::MessagePumpForIO::DoRunLoop()
0x5d876c6e	(chrome.dll -message_pump_win.cc:52 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x5d86234f	(chrome.dll -run_loop.cc:36 )	base::RunLoop::Run()
0x5d82c16d	(chrome.dll -thread.cc:202 )	base::Thread::Run(base::MessageLoop *)
0x5eb2d7bb	(chrome.dll -browser_thread_impl.cc:216 )	content::BrowserThreadImpl::IOThreadRun(base::MessageLoop *)
0x5eb2de31	(chrome.dll -browser_thread_impl.cc:251 )	content::BrowserThreadImpl::Run(base::MessageLoop *)
0x5d82c3bd	(chrome.dll -thread.cc:257 )	base::Thread::ThreadMain()
0x5d83e4d7	(chrome.dll -platform_thread_win.cc:86 )	base::`anonymous namespace'::ThreadFunc(void *)
0x749138f4	(kernel32.dll + 0x000138f4 )	BaseThreadInitThunk
0x770f5e13	(ntdll.dll + 0x00065e13 )	__RtlUserThreadStart
0x770f5dde	(ntdll.dll + 0x00065dde )	_RtlUserThreadStart
ASAN Allocation Stack Trace
0x6320921e	(syzyasan_rtl.dll -block_heap_manager.cc:190 )	agent::asan::heap_managers::BlockHeapManager::Allocate(unsigned int,unsigned int)
0x6320c763	(syzyasan_rtl.dll -rtl_impl.cc:102 )	asan_HeapAlloc
0x5f43e706	(chrome.dll -malloc.c:92 )	malloc
0x5f439f39	(chrome.dll -new.cpp:59 )	operator new(unsigned int)
0x5e6ae8d4	(chrome.dll -proxy_service.cc:1044 )	net::ProxyService::ResolveProxyHelper(GURL const &,int,net::ProxyInfo *,base::Callback<void > const &,net::ProxyService::PacRequest * *,net::ProxyDelegate *,net::BoundNetLog const &)
0x5e6ae765	(chrome.dll -proxy_service.cc:1004 )	net::ProxyService::ResolveProxy(GURL const &,int,net::ProxyInfo *,base::Callback<void > const &,net::ProxyService::PacRequest * *,net::ProxyDelegate *,net::BoundNetLog const &)
0x5e763c25	(chrome.dll -http_stream_factory_impl_job.cc:874 )	net::HttpStreamFactoryImpl::Job::DoResolveProxy()
0x5e7639d6	(chrome.dll -http_stream_factory_impl_job.cc:762 )	net::HttpStreamFactoryImpl::Job::DoLoop(int)
0x5e765c84	(chrome.dll -http_stream_factory_impl_job.cc:623 )	net::HttpStreamFactoryImpl::Job::RunLoop(int)
0x5e76671a	(chrome.dll -http_stream_factory_impl_job.cc:809 )	net::HttpStreamFactoryImpl::Job::StartInternal()
0x5e7666d1	(chrome.dll -http_stream_factory_impl_job.cc:254 )	net::HttpStreamFactoryImpl::Job::Start(net::HttpStreamFactoryImpl::Request *)
0x5e6daad6	(chrome.dll -http_stream_factory_impl.cc:164 )	net::HttpStreamFactoryImpl::RequestStreamInternal(net::HttpRequestInfo const &,net::RequestPriority,net::SSLConfig const &,net::SSLConfig const &,net::HttpStreamRequest::Delegate *,net::WebSocketHandshakeStreamBase::CreateHelper *,net::BoundNetLog const &)
0x5e6da85f	(chrome.dll -http_stream_factory_impl.cc:64 )	net::HttpStreamFactoryImpl::RequestStream(net::HttpRequestInfo const &,net::RequestPriority,net::SSLConfig const &,net::SSLConfig const &,net::HttpStreamRequest::Delegate *,net::BoundNetLog const &)
0x5e7124ab	(chrome.dll -http_network_transaction.cc:858 )	net::HttpNetworkTransaction::DoCreateStream()
0x5e712c9a	(chrome.dll -http_network_transaction.cc:723 )	net::HttpNetworkTransaction::DoLoop(int)
0x5e7159fe	(chrome.dll -http_network_transaction.cc:213 )	net::HttpNetworkTransaction::Start(net::HttpRequestInfo const *,base::Callback<void > const &,net::BoundNetLog const &)
0x5e3e676f	(chrome.dll -devtools_network_transaction.cc:147 )	DevToolsNetworkTransaction::Start(net::HttpRequestInfo const *,base::Callback<void > const &,net::BoundNetLog const &)
0x5e6e224a	(chrome.dll -http_cache_transaction.cc:1318 )	net::HttpCache::Transaction::DoSendRequest()
0x5e6e16e8	(chrome.dll -http_cache_transaction.cc:769 )	net::HttpCache::Transaction::DoLoop(int)
0x5fe538a2	(chrome.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( metrics::FileMetricsProvider::*)(std::list<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> >,std::allocator<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> > > > *)> >::MakeItSo<base::WeakPtr<metrics::FileMetricsProvider>,std::list<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> >,std::allocator<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> > > > *>(base::internal::RunnableAdapter<void ( metrics::FileMetricsProvider::*)(std::list<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> >,std::allocator<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> > > > *)>,base::WeakPtr<metrics::FileMetricsProvider>,std::list<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> >,std::allocator<scoped_ptr<metrics::FileMetricsProvider::FileInfo,std::default_delete<metrics::FileMetricsProvider::FileInfo> > > > * &&)
0x5e77ad6b	(chrome.dll -bind_internal.h:354 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( net::URLRequestSimpleJob::*)(int)>,void ,base::WeakPtr<net::URLRequestSimpleJob> >,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( net::URLRequestSimpleJob::*)(int)> >,void >::Run(base::internal::BindStateBase *,int const &)
0x5e67c6ad	(chrome.dll -http_cache.cc:158 )	net::HttpCache::WorkItem::NotifyTransaction(int,net::HttpCache::ActiveEntry *)
0x5e67cac2	(chrome.dll -http_cache.cc:1065 )	net::HttpCache::OnIOComplete(int,net::HttpCache::PendingOp *)
0x5e67cce9	(chrome.dll -http_cache.cc:1114 )	net::HttpCache::OnPendingOpComplete(base::WeakPtr<net::HttpCache> const &,net::HttpCache::PendingOp *,int)
0x5e67d2d0	(chrome.dll -bind_internal.h:354 )	base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<void (*)(base::WeakPtr<net::HttpCache> const &,net::HttpCache::PendingOp *,int)>,void ,base::WeakPtr<net::HttpCache>,net::HttpCache::PendingOp * &>,base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<void (*)(base::WeakPtr<net::HttpCache> const &,net::HttpCache::PendingOp *,int)> >,void >::Run(base::internal::BindStateBase *,int const &)
0x5e7cbd90	(chrome.dll -in_flight_backend_io.cc:531 )	disk_cache::InFlightBackendIO::OnOperationComplete(disk_cache::BackgroundIO *,bool)
0x5e7ca1ce	(chrome.dll -in_flight_io.cc:108 )	disk_cache::InFlightIO::InvokeCallback(disk_cache::BackgroundIO *,bool)
0x5e7ca2b0	(chrome.dll -in_flight_io.cc:28 )	disk_cache::BackgroundIO::OnIOSignalled()
0x5d8786f2	(chrome.dll -task_annotator.cc:51 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &)
0x5d802541	(chrome.dll -message_loop.cc:478 )	base::MessageLoop::RunTask(base::PendingTask const &)
0x5d803873	(chrome.dll -message_loop.cc:598 )	base::MessageLoop::DoWork()
0x5d877d34	(chrome.dll -message_pump_win.cc:485 )	base::MessagePumpForIO::DoRunLoop()
0x5d876c6e	(chrome.dll -message_pump_win.cc:52 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x5d86234f	(chrome.dll -run_loop.cc:36 )	base::RunLoop::Run()
0x5d82c16d	(chrome.dll -thread.cc:202 )	base::Thread::Run(base::MessageLoop *)
0x5eb2d7bb	(chrome.dll -browser_thread_impl.cc:216 )	content::BrowserThreadImpl::IOThreadRun(base::MessageLoop *)
0x5eb2de31	(chrome.dll -browser_thread_impl.cc:251 )	content::BrowserThreadImpl::Run(base::MessageLoop *)
0x5d82c3bd	(chrome.dll -thread.cc:257 )	base::Thread::ThreadMain()
0x5d83e4d7	(chrome.dll -platform_thread_win.cc:86 )	base::`anonymous namespace'::ThreadFunc(void *)
0x749138f4	(kernel32.dll + 0x000138f4 )	BaseThreadInitThunk
0x770f5e13	(ntdll.dll + 0x00065e13 )	__RtlUserThreadStart
0x770f5dde	(ntdll.dll + 0x00065dde )	_RtlUserThreadStart

This is a Win ASAN Crash with more than 140 instances on build 51.0.2662.1. No other builds are observed with this crash instances.

Below link gives in detail about the same:

https://goto.google.com/zqiad

Using code search suspecting change r377856 could be the possible suspect. 

Review URL: https://codereview.chromium.org/1439053002

Note:
1. This is in top #1 browser crash on Win ASAN - 51.0.2662.1 and crash has more than 140 instances
2. Number of crash instances are more, hence adding 'Blocker' label as of now. Please remove if not the case.
3. crash is not observed in Non ASAN builds.

Comment 1 by ranjitkan@chromium.org, Feb 29 2016

Summary: Chrome: [Win-ASAN]Crash Report - net::ProxyService::PacRequest::Cancel (was: Chrome: [Win-ASAN]]Crash Report - net::ProxyService::PacRequest::Cancel)

Comment 2 by ranjitkan@chromium.org, Feb 29 2016

Cc: gov...@chromium.org ligim...@chromium.org

Assuming this could be related to  Issue 590468 , 

@eroman: Could you please confirm.

Comment 3 by eroman@chromium.org, Feb 29 2016

Yes same issue.
Revert in progress (https://codereview.chromium.org/1745133002/)

Comment 4 by eroman@chromium.org, Feb 29 2016

Mergedinto: 590468
Status: Duplicate (was: Assigned)

Comment 5 by eroman@chromium.org, Jul 11 2016

Labels: -Restrict-View-Google

►

Issue 590674 link

Issue metadata

Chrome: [Win-ASAN]Crash Report - net::ProxyService::PacRequest::Cancel

Issue description

Comment 1 by ranjitkan@chromium.org, Feb 29 2016

Comment 1 Deleted

Comment 2 by ranjitkan@chromium.org, Feb 29 2016

Comment 2 Deleted

Comment 3 by eroman@chromium.org, Feb 29 2016

Comment 3 Deleted

Comment 4 by eroman@chromium.org, Feb 29 2016

Comment 4 Deleted

Comment 5 by eroman@chromium.org, Jul 11 2016

Comment 5 Deleted

Sign in to add a comment