Chrome dies with use-after-free in a Chrome_IOThread
Reported by
wmangl...@gmail.com,
Jul 23 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Steps to reproduce the problem: 1. Unlock computer that I'd left running Chrome for Mac for several days. 2. Find an Apple "Google Chrome quit unexpectedly" Problem Report dialog, and no Chrome What is the expected behavior? Chrome should still be running. What went wrong? It died with a use-after-free in a Chrome_IOThread instead. Crashed report ID: No - chrome://crashes had no crashes How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 51.0.2704.103 Channel: n/a OS Version: OS X 10.11.5 Flash Version: Shockwave Flash 22.0 r0 "client_id2":"548227D6-B2D3-4182-9F49-3EA9A23918FC" Google Chrome 51.0.2704.103 (Official Build) (64-bit) Revision aa7c8d23c098e96a388ffedf6698230bda650bb3-refs/branch-heads/2704@{#723} OS Mac OS X Blink 537.36 (@aa7c8d23c098e96a388ffedf6698230bda650bb3) JavaScript V8 5.1.281.65 Flash 22.0.0.209 User Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Command Line /Applications/Google Chrome.app/Contents/MacOS/Google Chrome --flag-switches-begin --flag-switches-end Executable Path /Applications/Google Chrome.app/Contents/MacOS/Google Chrome Profile Path /Users/wmangley3/Library/Application Support/Google/Chrome/Default Variations b3888d8d-afba0f91 92fb4fc2-3f4a17df 6345b824-3d47f4f4 7c1bc906-f55a7974 ba3f87da-ca7d8d80 f049a919-3d47f4f4 775ebbd7-3f4a17df 31362330-3f4a17df c70841c8-a2567007 f15c1c09-ca7d8d80 9e5c75f1-e1c7cd46 2c3080ba-ca7d8d80 f5dd6118-3d47f4f4 f79cb77b-3d47f4f4 b7786474-64e7d9a 4ea303a6-121b72d9 d5b671a5-3d47f4f4 4117e878-eea0543d 9736de91-ca7d8d80 dbffab5d-ca7d8d80 12a73824-3f4a17df f47ae82a-746c2ad4 3ac60855-486e2a9c f296190c-116bbed1 4442aae2-7158671e ed1d377-e1cc0f14 75f0f0a0-a5822863 e2b18481-4c073154 e7e71889-4ad60575 c674d85e-3f4a17df 6ab14220-3f4a17df 8d27a1d0-ca7d8d80
,
Jul 25 2016
Can you please help providing crash report ID(chrome://crashes by the latest relevant to it) to help further triage it.
,
Jul 25 2016
Thread 12 Crashed:: Chrome_IOThread 0 libsystem_kernel.dylib 0x00007fff88e52f06 __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff8cc3e4ec pthread_kill + 90 2 libsystem_c.dylib 0x00007fff8934b6e7 abort + 129 3 libsystem_malloc.dylib 0x00007fff9a764041 free + 425 4 com.google.Chrome.framework 0x00000001044235f8 linked_hash_map<base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, base::StringPieceHash>::clear() + __hash_table:1525 5 com.google.Chrome.framework 0x000000010442357e net::SpdyHeaderBlock::clear() + memory:2729 6 com.google.Chrome.framework 0x00000001043e58f8 net::QuicHttpStream::DoSendHeaders() + quic_http_stream.cc:649 7 com.google.Chrome.framework 0x00000001043e4056 net::QuicHttpStream::DoLoop(int) + quic_http_stream.cc:599 8 com.google.Chrome.framework 0x00000001043e4800 net::QuicHttpStream::SendRequest(net::HttpRequestHeaders const&, net::HttpResponseInfo*, base::Callback<void (int), (base::internal::CopyMode)1> const&) + quic_http_stream.cc:330 9 com.google.Chrome.framework 0x0000000104397f8f net::HttpNetworkTransaction::DoLoop(int) + http_network_transaction.cc:1147 10 com.google.Chrome.framework 0x0000000104399001 net::HttpNetworkTransaction::OnStreamReady(net::SSLConfig const&, net::ProxyInfo const&, net::HttpStream*) + http_network_transaction.cc:664 11 com.google.Chrome.framework 0x00000001043b322e net::HttpStreamFactoryImpl::Job::OnStreamReadyCallback() + http_stream_factory_impl_job.cc:437 12 com.google.Chrome.framework 0x00000001043b6b6b base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void (net::HttpStreamFactoryImpl::Job::*)()>, void (net::HttpStreamFactoryImpl::Job*), base::WeakPtr<net::HttpStreamFactoryImpl::Job> >, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (net::HttpStreamFactoryImpl::Job::*)()> >, void ()>::Run(base::internal::BindStateBase*) + bind_internal.h:181 13 com.google.Chrome.framework 0x0000000103f24a2b base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) + callback.h:397 14 com.google.Chrome.framework 0x0000000103f47663 base::MessageLoop::RunTask(base::PendingTask const&) + vector:640 15 com.google.Chrome.framework 0x0000000103f4797c base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) + message_loop.cc:488 16 com.google.Chrome.framework 0x0000000103f47b6b base::MessageLoop::DoWork() + message_loop.cc:600 17 com.google.Chrome.framework 0x0000000103f19381 base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + message_pump_libevent.cc:230 18 com.google.Chrome.framework 0x0000000103f5e173 base::RunLoop::Run() + run_loop.cc:36 19 com.google.Chrome.framework 0x0000000103f46ded base::MessageLoop::Run() + message_loop.cc:296 20 com.google.Chrome.framework 0x0000000107285114 content::BrowserThreadImpl::IOThreadRun(base::MessageLoop*) + browser_thread_impl.cc:216 21 com.google.Chrome.framework 0x00000001072851ed content::BrowserThreadImpl::Run(base::MessageLoop*) + browser_thread_impl.cc:251 22 com.google.Chrome.framework 0x0000000103f80748 base::Thread::ThreadMain() + lock.h:26 23 com.google.Chrome.framework 0x0000000103f7cc97 base::(anonymous namespace)::ThreadFunc(void*) + platform_thread_posix.cc:72 24 libsystem_pthread.dylib 0x00007fff8cc3b99d _pthread_body + 131 25 libsystem_pthread.dylib 0x00007fff8cc3b91a _pthread_start + 168 26 libsystem_pthread.dylib 0x00007fff8cc39351 thread_start + 13 Thread 13:: IndexedDB 0 libsystem_kernel.dylib 0x00007fff88e4cf72 mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fff88e4c3b3 mach_msg + 55 2 com.apple.CoreFoundation 0x00007fff8c0281c4 __CFRunLoopServiceMachPort + 212 3 com.apple.CoreFoundation 0x00007fff8c02768c __CFRunLoopRun + 1356 4 com.apple.CoreFoundation 0x00007fff8c026ed8 CFRunLoopRunSpecific + 296 5 com.google.Chrome.framework 0x0000000103f1a2df base::MessagePumpCFRunLoop::DoRun(base::MessagePump::Delegate*) + message_pump_mac.mm:554 6 com.google.Chrome.framework 0x0000000103f19d64 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + message_pump_mac.mm:246 7 com.google.Chrome.framework 0x0000000103f5e173 base::RunLoop::Run() + run_loop.cc:36 8 com.google.Chrome.framework 0x0000000103f46ded base::MessageLoop::Run() + message_loop.cc:296 9 com.google.Chrome.framework 0x0000000103f80748 base::Thread::ThreadMain() + lock.h:26 10 com.google.Chrome.framework 0x0000000103f7cc97 base::(anonymous namespace)::ThreadFunc(void*) + platform_thread_posix.cc:72 11 libsystem_pthread.dylib 0x00007fff8cc3b99d _pthread_body + 131 12 libsystem_pthread.dylib 0x00007fff8cc3b91a _pthread_start + 168 13 libsystem_pthread.dylib 0x00007fff8cc39351 thread_start + 13 |
|||
►
Sign in to add a comment |
|||
Comment 1 by wmangl...@gmail.com
, Jul 23 2016