New issue
Advanced search Search tips

Issue 600861 link

Starred by 1 user
Status: WontFix
Owner:
chrisha@chromium.org
Closed: Apr 2016
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug-Regression



Sign in to add a comment

Chrome_ASAN: Crash Report - base::debug::AsanHeapUseAfterFree

Project Member Reported by ligim...@chromium.org, Apr 5 2016 
This crash : go/crash/f7d0408400000000, has been found by the last SyzyASAN Canary (50.0.2700.1) 

Bad access information:

Error Type: heap-use-after-free
Location: 0x3525af33
Access Mode: read
Access Size: 4
User Size : 20

Magic Stack
==========
Thread 0 CRASHED [EXCEPTION_BOUNDS_EXCEEDED @ 0x02b543fc ] MAGIC SIGNATURE THREAD
0x02b543fc	(chrome.dll -asan_invalid_access.cc:90 )	base::debug::AsanHeapUseAfterFree()
0x03dc26a6	(chrome.dll -debug_urls.cc:163 )	content::`anonymous namespace'::HandleAsanDebugURL
0x03dc2729	(chrome.dll -debug_urls.cc:192 )	content::HandleDebugURL(GURL const &,ui::PageTransition)
0x03d85507	(chrome.dll -navigation_controller_impl.cc:669 )	content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const &)
0x03c88637	(chrome.dll -browser_navigator.cc:274 )	`anonymous namespace'::LoadURLInContents
0x03c88a69	(chrome.dll -browser_navigator.cc:533 )	chrome::Navigate(chrome::NavigateParams *)
0x03c9bed6	(chrome.dll -browser_commands.cc:516 )	chrome::OpenCurrentURL(Browser *)
0x03c50c9e	(chrome.dll -browser_command_controller.cc:337 )	chrome::BrowserCommandController::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc089	(chrome.dll -command_updater.cc:50 )	CommandUpdater::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc03b	(chrome.dll -command_updater.cc:43 )	CommandUpdater::ExecuteCommand(int)
0x04c8738a	(chrome.dll -chrome_omnibox_edit_controller.cc:24 )	ChromeOmniboxEditController::OnAutocompleteAccept(GURL const &,WindowOpenDisposition,ui::PageTransition)
0x045ffd9d	(chrome.dll -omnibox_edit_model.cc:773 )	OmniboxEditModel::OpenMatch(AutocompleteMatch,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x04605ce2	(chrome.dll -omnibox_view.cc:70 )	OmniboxView::OpenMatch(AutocompleteMatch const &,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x045fc95e	(chrome.dll -omnibox_edit_model.cc:624 )	OmniboxEditModel::AcceptInput(WindowOpenDisposition,bool)
0x04c89759	(chrome.dll -omnibox_view_views.cc:744 )	OmniboxViewViews::OnKeyPressed(ui::KeyEvent const &)
0x0358698c	(chrome.dll -view.cc:1003 )	views::View::OnKeyEvent(ui::KeyEvent *)
0x039410c5	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192b	(chrome.dll -event_dispatcher.cc:191 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea1	(chrome.dll -event_dispatcher.cc:139 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7d	(chrome.dll -event_dispatcher.cc:86 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a16	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420aa	(chrome.dll -event_processor.cc:35 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151c	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941600	(chrome.dll -event_source.cc:51 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03595572	(chrome.dll -widget.cc:1139 )	views::Widget::OnKeyEvent(ui::KeyEvent *)
0x035ba1b8	(chrome.dll -desktop_native_widget_aura.cc:1030 )	views::DesktopNativeWidgetAura::OnKeyEvent(ui::KeyEvent *)
0x039410c5	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192b	(chrome.dll -event_dispatcher.cc:191 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea1	(chrome.dll -event_dispatcher.cc:139 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7d	(chrome.dll -event_dispatcher.cc:86 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a16	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420aa	(chrome.dll -event_processor.cc:35 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151c	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941600	(chrome.dll -event_source.cc:51 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03b9a1bc	(chrome.dll -window_tree_host.cc:198 )	aura::WindowTreeHost::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1e33b	(chrome.dll -input_method_base.cc:118 )	ui::InputMethodBase::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1d6e8	(chrome.dll -input_method_win.cc:198 )	ui::InputMethodWin::ProcessKeyEventDone(ui::KeyEvent *,std::vector<tagMSG,std::allocator<tagMSG> > const *,bool)
0x04b1c643	(chrome.dll -input_method_win.cc:187 )	ui::InputMethodWin::DispatchKeyEvent(ui::KeyEvent *)
0x59855755	(syzyasan_rtl.dll + 0x00015755 )	
0x035bea20	(chrome.dll -hwnd_message_handler.cc:1513 )	views::HWNDMessageHandler::OnKeyEvent(unsigned int,unsigned int,long)
0x035bea20	(chrome.dll -hwnd_message_handler.cc:1513 )	views::HWNDMessageHandler::OnKeyEvent(unsigned int,unsigned int,long)
0x59855c83	(syzyasan_rtl.dll + 0x00015c83 )	
0x035c1d8f	(chrome.dll -hwnd_message_handler.h:344 )	views::HWNDMessageHandler::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x035c0759	(chrome.dll -hwnd_message_handler.cc:889 )	views::HWNDMessageHandler::OnWndProc(unsigned int,unsigned int,long)
0x0396050d	(chrome.dll -window_impl.cc:302 )	gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x0395fc9c	(chrome.dll -wrapped_window_proc.h:76 )	base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x76b362f9	(USER32.dll + 0x000162f9 )	InternalCallWinProc
0x76b36d39	(USER32.dll + 0x00016d39 )	UserCallWinProcCheckWow
0x76b377d2	(USER32.dll + 0x000177d2 )	DispatchMessageWorker
0x76b37899	(USER32.dll + 0x00017899 )	DispatchMessageW
0x0277cc9c	(chrome.dll -message_pump_win.cc:367 )	base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &)
0x0277c66d	(chrome.dll -message_pump_win.cc:163 )	base::MessagePumpForUI::DoRunLoop()
0x0277c22f	(chrome.dll -message_pump_win.cc:50 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x02762122	(chrome.dll -run_loop.cc:35 )	base::RunLoop::Run()
0x033fcca8	(chrome.dll -chrome_browser_main.cc:1851 )	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x03de0c32	(chrome.dll -browser_main_loop.cc:945 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x03ddcf63	(chrome.dll -browser_main_runner.cc:154 )	content::BrowserMainRunnerImpl::Run()
0x03d8235e	(chrome.dll -browser_main.cc:45 )	content::BrowserMain(content::MainFunctionParams const &)
0x03581d07	(chrome.dll -content_main_runner.cc:390 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x03581c5b	(chrome.dll -content_main_runner.cc:751 )	content::ContentMainRunnerImpl::Run()
0x0357ee6f	(chrome.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x03379424	(chrome.dll -chrome_main.cc:84 )	ChromeMain
0x011df4b8	(chrome.exe -main_dll_loader_win.cc:183 )	MainDllLoader::Launch(HINSTANCE__ *)
0x011de886	(chrome.exe -chrome_exe_main_win.cc:217 )	wWinMain
0x0120d7dd	(chrome.exe -exe_common.inl:255 )	__scrt_common_main_seh
0x76573389	(kernel32.dll + 0x00013389 )	BaseThreadInitThunk
0x77059a01	(ntdll.dll + 0x00039a01 )	__RtlUserThreadStart
0x770599d4	(ntdll.dll + 0x000399d4 )	_RtlUserThreadStart

ASAN Free Stack
================
ASAN Free Stack Trace (TID: 15296)
0x5985756e	(syzyasan_rtl.dll + 0x0001756e )	
0x5985b106	(syzyasan_rtl.dll + 0x0001b106 )	
0x5985cbae	(syzyasan_rtl.dll + 0x0001cbae )	
0x046abb8f	(chrome.dll -free_base.cpp:107 )	_free_base
0x02b543ef	(chrome.dll -asan_invalid_access.cc:89 )	base::debug::AsanHeapUseAfterFree()
0x03dc26a7	(chrome.dll -debug_urls.cc:169 )	content::`anonymous namespace'::HandleAsanDebugURL
0x03dc272a	(chrome.dll -debug_urls.cc:192 )	content::HandleDebugURL(GURL const &,ui::PageTransition)
0x03d85508	(chrome.dll -navigation_controller_impl.cc:669 )	content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const &)
0x03c88638	(chrome.dll -browser_navigator.cc:275 )	`anonymous namespace'::LoadURLInContents
0x03c88a6a	(chrome.dll -browser_navigator.cc:533 )	chrome::Navigate(chrome::NavigateParams *)
0x03c9bed7	(chrome.dll -browser_commands.cc:523 )	chrome::OpenCurrentURL(Browser *)
0x03c50c9f	(chrome.dll -browser_command_controller.cc:338 )	chrome::BrowserCommandController::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc08a	(chrome.dll -command_updater.cc:51 )	CommandUpdater::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc03c	(chrome.dll -command_updater.cc:44 )	CommandUpdater::ExecuteCommand(int)
0x04c8738b	(chrome.dll -chrome_omnibox_edit_controller.cc:25 )	ChromeOmniboxEditController::OnAutocompleteAccept(GURL const &,WindowOpenDisposition,ui::PageTransition)
0x045ffd9e	(chrome.dll -omnibox_edit_model.cc:777 )	OmniboxEditModel::OpenMatch(AutocompleteMatch,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x04605ce3	(chrome.dll -omnibox_view.cc:73 )	OmniboxView::OpenMatch(AutocompleteMatch const &,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x045fc95f	(chrome.dll -omnibox_edit_model.cc:624 )	OmniboxEditModel::AcceptInput(WindowOpenDisposition,bool)
0x04c8975a	(chrome.dll -omnibox_view_views.cc:745 )	OmniboxViewViews::OnKeyPressed(ui::KeyEvent const &)
0x0358698d	(chrome.dll -view.cc:1003 )	views::View::OnKeyEvent(ui::KeyEvent *)
0x039410c6	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192c	(chrome.dll -event_dispatcher.cc:192 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea2	(chrome.dll -event_dispatcher.cc:140 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7e	(chrome.dll -event_dispatcher.cc:87 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a17	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420ab	(chrome.dll -event_processor.cc:37 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151d	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941601	(chrome.dll -event_source.cc:52 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03595573	(chrome.dll -widget.cc:1140 )	views::Widget::OnKeyEvent(ui::KeyEvent *)
0x035ba1b9	(chrome.dll -desktop_native_widget_aura.cc:1030 )	views::DesktopNativeWidgetAura::OnKeyEvent(ui::KeyEvent *)
0x039410c6	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192c	(chrome.dll -event_dispatcher.cc:192 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea2	(chrome.dll -event_dispatcher.cc:140 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7e	(chrome.dll -event_dispatcher.cc:87 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a17	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420ab	(chrome.dll -event_processor.cc:37 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151d	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941601	(chrome.dll -event_source.cc:52 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03b9a1bd	(chrome.dll -window_tree_host.cc:198 )	aura::WindowTreeHost::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1e33c	(chrome.dll -input_method_base.cc:118 )	ui::InputMethodBase::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1d6e9	(chrome.dll -input_method_win.cc:199 )	ui::InputMethodWin::ProcessKeyEventDone(ui::KeyEvent *,std::vector<tagMSG,std::allocator<tagMSG> > const *,bool)
0x04b1c644	(chrome.dll -input_method_win.cc:189 )	ui::InputMethodWin::DispatchKeyEvent(ui::KeyEvent *)
0x035bea21	(chrome.dll -hwnd_message_handler.cc:1514 )	views::HWNDMessageHandler::OnKeyEvent(unsigned int,unsigned int,long)
0x035c1d90	(chrome.dll -hwnd_message_handler.h:344 )	views::HWNDMessageHandler::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x035c075a	(chrome.dll -hwnd_message_handler.cc:890 )	views::HWNDMessageHandler::OnWndProc(unsigned int,unsigned int,long)
0x0396050e	(chrome.dll -window_impl.cc:303 )	gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x0395fc9d	(chrome.dll -wrapped_window_proc.h:76 )	base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x76b362fa	(USER32.dll + 0x000162fa )	InternalCallWinProc
0x76b36d3a	(USER32.dll + 0x00016d3a )	UserCallWinProcCheckWow
0x76b377d3	(USER32.dll + 0x000177d3 )	DispatchMessageWorker
0x76b3789a	(USER32.dll + 0x0001789a )	DispatchMessageW
0x0277cc9d	(chrome.dll -message_pump_win.cc:369 )	base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &)
0x0277c66e	(chrome.dll -message_pump_win.cc:163 )	base::MessagePumpForUI::DoRunLoop()
0x0277c230	(chrome.dll -message_pump_win.cc:52 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x02762123	(chrome.dll -run_loop.cc:36 )	base::RunLoop::Run()
0x033fcca9	(chrome.dll -chrome_browser_main.cc:1853 )	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x03de0c33	(chrome.dll -browser_main_loop.cc:947 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x03d8235f	(chrome.dll -browser_main.cc:45 )	content::BrowserMain(content::MainFunctionParams const &)
0x03581d08	(chrome.dll -content_main_runner.cc:390 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x03581c5c	(chrome.dll -content_main_runner.cc:751 )	content::ContentMainRunnerImpl::Run()
0x0357ee70	(chrome.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x03379425	(chrome.dll -chrome_main.cc:87 )	ChromeMain

ASAN Allocation Stack
======================

ASAN Allocation Stack Trace (TID: 15296)
0x59856a51	(syzyasan_rtl.dll + 0x00016a51 )	
0x5985b097	(syzyasan_rtl.dll + 0x0001b097 )	
0x5985cace	(syzyasan_rtl.dll + 0x0001cace )	
0x046abbef	(chrome.dll -malloc_base.cpp:29 )	_malloc_base
0x0467e99e	(chrome.dll -new_scalar.cpp:19 )	operator new(unsigned int)
0x02b543e0	(chrome.dll -asan_invalid_access.cc:86 )	base::debug::AsanHeapUseAfterFree()
0x03dc26a7	(chrome.dll -debug_urls.cc:169 )	content::`anonymous namespace'::HandleAsanDebugURL
0x03dc272a	(chrome.dll -debug_urls.cc:192 )	content::HandleDebugURL(GURL const &,ui::PageTransition)
0x03d85508	(chrome.dll -navigation_controller_impl.cc:669 )	content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const &)
0x03c88638	(chrome.dll -browser_navigator.cc:275 )	`anonymous namespace'::LoadURLInContents
0x03c88a6a	(chrome.dll -browser_navigator.cc:533 )	chrome::Navigate(chrome::NavigateParams *)
0x03c9bed7	(chrome.dll -browser_commands.cc:523 )	chrome::OpenCurrentURL(Browser *)
0x03c50c9f	(chrome.dll -browser_command_controller.cc:338 )	chrome::BrowserCommandController::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc08a	(chrome.dll -command_updater.cc:51 )	CommandUpdater::ExecuteCommandWithDisposition(int,WindowOpenDisposition)
0x047cc03c	(chrome.dll -command_updater.cc:44 )	CommandUpdater::ExecuteCommand(int)
0x04c8738b	(chrome.dll -chrome_omnibox_edit_controller.cc:25 )	ChromeOmniboxEditController::OnAutocompleteAccept(GURL const &,WindowOpenDisposition,ui::PageTransition)
0x045ffd9e	(chrome.dll -omnibox_edit_model.cc:777 )	OmniboxEditModel::OpenMatch(AutocompleteMatch,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x04605ce3	(chrome.dll -omnibox_view.cc:73 )	OmniboxView::OpenMatch(AutocompleteMatch const &,WindowOpenDisposition,GURL const &,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned int)
0x045fc95f	(chrome.dll -omnibox_edit_model.cc:624 )	OmniboxEditModel::AcceptInput(WindowOpenDisposition,bool)
0x04c8975a	(chrome.dll -omnibox_view_views.cc:745 )	OmniboxViewViews::OnKeyPressed(ui::KeyEvent const &)
0x0358698d	(chrome.dll -view.cc:1003 )	views::View::OnKeyEvent(ui::KeyEvent *)
0x039410c6	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192c	(chrome.dll -event_dispatcher.cc:192 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea2	(chrome.dll -event_dispatcher.cc:140 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7e	(chrome.dll -event_dispatcher.cc:87 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a17	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420ab	(chrome.dll -event_processor.cc:37 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151d	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941601	(chrome.dll -event_source.cc:52 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03595573	(chrome.dll -widget.cc:1140 )	views::Widget::OnKeyEvent(ui::KeyEvent *)
0x035ba1b9	(chrome.dll -desktop_native_widget_aura.cc:1030 )	views::DesktopNativeWidgetAura::OnKeyEvent(ui::KeyEvent *)
0x039410c6	(chrome.dll -event_handler.cc:27 )	ui::EventHandler::OnEvent(ui::Event *)
0x0394192c	(chrome.dll -event_dispatcher.cc:192 )	ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *)
0x03941ea2	(chrome.dll -event_dispatcher.cc:140 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *)
0x03941c7e	(chrome.dll -event_dispatcher.cc:87 )	ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *)
0x03941a17	(chrome.dll -event_dispatcher.cc:58 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *)
0x039420ab	(chrome.dll -event_processor.cc:37 )	ui::EventProcessor::OnEventFromSource(ui::Event *)
0x0394151d	(chrome.dll -event_source.cc:73 )	ui::EventSource::DeliverEventToProcessor(ui::Event *)
0x03941601	(chrome.dll -event_source.cc:52 )	ui::EventSource::SendEventToProcessor(ui::Event *)
0x03b9a1bd	(chrome.dll -window_tree_host.cc:198 )	aura::WindowTreeHost::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1e33c	(chrome.dll -input_method_base.cc:118 )	ui::InputMethodBase::DispatchKeyEventPostIME(ui::KeyEvent *)
0x04b1d6e9	(chrome.dll -input_method_win.cc:199 )	ui::InputMethodWin::ProcessKeyEventDone(ui::KeyEvent *,std::vector<tagMSG,std::allocator<tagMSG> > const *,bool)
0x04b1c644	(chrome.dll -input_method_win.cc:189 )	ui::InputMethodWin::DispatchKeyEvent(ui::KeyEvent *)
0x035bea21	(chrome.dll -hwnd_message_handler.cc:1514 )	views::HWNDMessageHandler::OnKeyEvent(unsigned int,unsigned int,long)
0x035c1d90	(chrome.dll -hwnd_message_handler.h:344 )	views::HWNDMessageHandler::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x035c075a	(chrome.dll -hwnd_message_handler.cc:890 )	views::HWNDMessageHandler::OnWndProc(unsigned int,unsigned int,long)
0x0396050e	(chrome.dll -window_impl.cc:303 )	gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x0395fc9d	(chrome.dll -wrapped_window_proc.h:76 )	base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x76b362fa	(USER32.dll + 0x000162fa )	InternalCallWinProc
0x76b36d3a	(USER32.dll + 0x00016d3a )	UserCallWinProcCheckWow
0x76b377d3	(USER32.dll + 0x000177d3 )	DispatchMessageWorker
0x76b3789a	(USER32.dll + 0x0001789a )	DispatchMessageW
0x0277cc9d	(chrome.dll -message_pump_win.cc:369 )	base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &)
0x0277c66e	(chrome.dll -message_pump_win.cc:163 )	base::MessagePumpForUI::DoRunLoop()
0x0277c230	(chrome.dll -message_pump_win.cc:52 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x02762123	(chrome.dll -run_loop.cc:36 )	base::RunLoop::Run()
0x033fcca9	(chrome.dll -chrome_browser_main.cc:1853 )	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x03de0c33	(chrome.dll -browser_main_loop.cc:947 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x03d8235f	(chrome.dll -browser_main.cc:45 )	content::BrowserMain(content::MainFunctionParams const &)
0x03581d08	(chrome.dll -content_main_runner.cc:390 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x03581c5c	(chrome.dll -content_main_runner.cc:751 )	content::ContentMainRunnerImpl::Run()
0x0357ee70	(chrome.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)

This ASAN crash is introduced in 50.0.2630.1 ,3 instances so far from 3 distinct clients.

51.0.2700.1	33.33%	1	
51.0.2684.1	33.33%	1	
50.0.2630.1	33.33%	1	

Possible suspect:
===================
https://chromium.googlesource.com/chromium/src/+/fdc6e5fdae6311b97e1e528dc4b9b8cd9d47a0b8

Note this crash is NOT seen in non asan builds.

Link to the build which introduced the crash which helps in future triaging.
=============================================================================

https://crash.corp.google.com/browse?q=special_protos.asan_report.is_actionable%3D1%20AND%20product.name%3D%27Chrome%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3Adebug%3A%3AAsanHeapUseAfterFree%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Comment 1 by chrisha@chromium.org, Apr 6 2016

Labels: -Hotlist-SyzyASAN
Owner: chrisha@chromium.org
Status: WontFix (was: Assigned)
Sorry, this is noise. This is a crash deliberately generated from a testing URL. Closing this.

Sign in to add a comment