Issue metadata
Sign in to add a comment
|
syzyasan_rtl WinHeapMalloc ConditionVariable hang Browser Process Main Thread |
||||||||||||||||||||||
Issue description
Version: Chrome 56.0.2896.1 Canary SyzyAsan Windows
The browser process main thread is hung waiting on a Condition Variable in syzyasan_rtl. A few other threads are waiting too.
There's also a Fiber Local Storage free in thread 38 below as well.
. 0 Id: 1e5c.2b2c Suspend: 1 Teb: 050ec000 Unfrozen
# ChildEBP RetAddr
00 052fdf50 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 052fdf9c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 052fdfc0 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 052fe0ac 6569408e syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 052fe0c8 6569a423 syzyasan_rtl!agent::asan::BlockProtectRedzones+0x1e
09 052fe270 656920d3 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Allocate+0x263
0a (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapAlloc+0x3
0b 052fe290 106c42c1 syzyasan_rtl!asan_HeapAlloc+0x43
0c 052fe2a4 106c421b chrome_f6c0000!base::allocator::WinHeapMalloc+0x1d
0d 052fe2b0 106c4100 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapMallocImpl+0xb
0e 052fe2c8 11ee6cb5 chrome_f6c0000!ShimMalloc+0x11
0f 052fe2d4 0f7b3be6 chrome_f6c0000!operator new+0x2c
10 052fe2e0 11a4b536 chrome_f6c0000!std::_Allocate+0x41
11 (Inline) -------- chrome_f6c0000!std::allocator<std::pair<TemplateURL *,TemplateURLData> >::allocate+0x8238b529
12 (Inline) -------- chrome_f6c0000!std::_Wrap_alloc<std::allocator<std::pair<TemplateURL *,TemplateURLData> > >::allocate+0x8238b529
13 052fe300 11a4b7a6 chrome_f6c0000!std::vector<std::pair<TemplateURL *,TemplateURLData>,std::allocator<std::pair<TemplateURL *,TemplateURLData> > >::_Reallocate+0x19
14 052fe318 11a4bfd4 chrome_f6c0000!std::vector<std::pair<TemplateURL *,TemplateURLData>,std::allocator<std::pair<TemplateURL *,TemplateURLData> > >::_Reserve+0x68
15 052fe32c 11a464f4 chrome_f6c0000!std::vector<std::pair<TemplateURL *,TemplateURLData>,std::allocator<std::pair<TemplateURL *,TemplateURLData> > >::push_back+0x59
16 052fe5a4 11a3c118 chrome_f6c0000!KeywordWebDataService::UpdateKeyword+0x4b
17 052fe5f0 11a38a0f chrome_f6c0000!TemplateURLService::UpdateNoNotify+0x14f
18 052fe8e8 120f697b chrome_f6c0000!TemplateURLService::MergeDataAndStartSyncing+0x315
19 052feb04 11e8b4d8 chrome_f6c0000!syncer::UIDataTypeController::Associate+0x4f9
1a (Inline) -------- chrome_f6c0000!base::internal::FunctorTraits<void (__thiscall cast::CastRemotingSender::*)(void),void>::Invoke+0x827cb4c1
1b 052feb14 11e8cf4e chrome_f6c0000!base::internal::InvokeHelper<1,void>::MakeItSo<void (__thiscall cast::CastRemotingSender::*const &)(void),base::WeakPtr<cast::CastRemotingSender> const &>+0x26
1c (Inline) -------- chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall cast::CastRemotingSender::*)(void),base::WeakPtr<cast::CastRemotingSender> >,void __cdecl(void)>::RunImpl+0x827ccf29
1d 052feb24 1016cbb9 chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall cast::CastRemotingSender::*)(void),base::WeakPtr<cast::CastRemotingSender> >,void __cdecl(void)>::Run+0x13
1e (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
1f 052feb98 100eb49f chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
11 Id: 1e5c.37f8 Suspend: 1 Teb: 05110000 Unfrozen
# ChildEBP RetAddr
00 0ba9f020 77a26f92 ntdll!NtWaitForAlertByThreadId+0xc
01 0ba9f040 77a26ebd ntdll!RtlpWaitOnAddressWithTimeout+0x42
02 0ba9f084 77a26daf ntdll!RtlpWaitOnAddress+0xa5
03 0ba9f0c0 77a4a096 ntdll!RtlpWaitOnCriticalSection+0xaa
04 0ba9f0e0 77a49fb5 ntdll!RtlpEnterCriticalSectionContended+0xd6
05 0ba9f0ec 11ee6466 ntdll!RtlEnterCriticalSection+0x45
06 0ba9f0f8 116260ca chrome_f6c0000!_Mtxlock+0xc
07 0ba9f108 11614a2e chrome_f6c0000!sqlite3Malloc+0x33
08 0ba9f11c 11614b22 chrome_f6c0000!sqlite3DbMallocRaw+0x43
09 0ba9f134 1162cfd9 chrome_f6c0000!sqlite3DbMallocZero+0x12
0a 0ba9f164 11625ea7 chrome_f6c0000!sqlite3Prepare+0x1d
0b 0ba9f198 115d4fb8 chrome_f6c0000!sqlite3LockAndPrepare+0x43
0c 0ba9f1bc 115c48bf chrome_f6c0000!sqlite3_prepare_v2+0x1b
0d 0ba9f1e4 115c4534 chrome_f6c0000!sql::Connection::GetStatementImpl+0x52
0e (Inline) -------- chrome_f6c0000!sql::Connection::GetUniqueStatement+0x81f04532
0f 0ba9f20c 117617b1 chrome_f6c0000!sql::Connection::GetCachedStatement+0x51
10 0ba9f554 1016cbb9 chrome_f6c0000!net::SQLitePersistentCookieStore::Backend::Commit+0x85
11 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
12 0ba9f5c8 10186fb0 chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
12 Id: 1e5c.3ed8 Suspend: 1 Teb: 05113000 Unfrozen
# ChildEBP RetAddr
00 0be1d8e4 7762daaf ntdll!NtQueryVirtualMemory+0xc
01 0be1d90c 65693864 KERNELBASE!VirtualQuery+0x1f
02 0be1da14 6569d2af syzyasan_rtl!agent::asan::ShadowWalker::Next+0x54
03 0be1db64 6569d089 syzyasan_rtl!agent::asan::HeapChecker::GetCorruptRangesInSlab+0x1ff
04 0be1db88 6568c2f4 syzyasan_rtl!agent::asan::HeapChecker::IsHeapCorrupt+0x69
05 0be1e524 6568bebe syzyasan_rtl!agent::asan::AsanRuntime::ExceptionFilterImpl+0x424
06 0be1e534 776af4a2 syzyasan_rtl!agent::asan::AsanRuntime::UnhandledExceptionFilter+0xe
07 0be1e5c4 77aa35ee KERNELBASE!UnhandledExceptionFilter+0x172
08 0be1fd00 77a65dae ntdll!__RtlUserThreadStart+0x3d83a
09 0be1fd10 00000000 ntdll!_RtlUserThreadStart+0x1b
13 Id: 1e5c.1934 Suspend: 1 Teb: 05116000 Unfrozen
# ChildEBP RetAddr
00 0bf5e4a0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 0bf5e4ec 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 0bf5e510 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 0bf5e5fc 6569408e syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 0bf5e618 6569a423 syzyasan_rtl!agent::asan::BlockProtectRedzones+0x1e
09 0bf5e7c8 656920d3 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Allocate+0x263
0a (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapAlloc+0x3
0b 0bf5e7e8 106c42c1 syzyasan_rtl!asan_HeapAlloc+0x43
0c 0bf5e7fc 106c421b chrome_f6c0000!base::allocator::WinHeapMalloc+0x1d
0d 0bf5e808 106c4100 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapMallocImpl+0xb
0e 0bf5e820 11ee6cb5 chrome_f6c0000!ShimMalloc+0x11
0f 0bf5e82c 1159d480 chrome_f6c0000!operator new+0x2c
10 0bf5e83c 11593d88 chrome_f6c0000!leveldb::log::Reader::Reader+0x21
11 0bf5e954 11593b27 chrome_f6c0000!leveldb::DBImpl::RecoverLogFile+0xfd
12 0bf5ea48 11592fb5 chrome_f6c0000!leveldb::DBImpl::Recover+0x3fd
13 0bf5eb00 10df9704 chrome_f6c0000!leveldb::DB::Open+0x7b
14 0bf5eb68 10dfad12 chrome_f6c0000!LazyLevelDb::EnsureDbIsOpen+0x80
15 0bf5ebd0 10dfacd5 chrome_f6c0000!LeveldbValueStore::Get+0x2b
16 0bf5ebf0 10dac384 chrome_f6c0000!LeveldbValueStore::Get+0x49
17 0bf5ec08 10dad898 chrome_f6c0000!extensions::SettingsStorageQuotaEnforcer::Get+0x15
18 0bf5ec54 10dacf5f chrome_f6c0000!extensions::StorageStorageAreaGetFunction::RunWithStorage+0x148
19 0bf5ec90 109f1008 chrome_f6c0000!extensions::SettingsFunction::AsyncRunWithStorage+0x17
1a (Inline) -------- chrome_f6c0000!base::internal::FunctorTraits<void (__thiscall content::DOMStorageContextWrapper::*)(enum base::MemoryPressureListener::MemoryPressureLevel),void>::Invoke+0x81330ffe
1b (Inline) -------- chrome_f6c0000!base::internal::InvokeHelper<0,void>::MakeItSo+0x81331001
1c (Inline) -------- chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall content::DOMStorageContextWrapper::*)(enum base::MemoryPressureListener::MemoryPressureLevel),scoped_refptr<content::DOMStorageContextWrapper> >,void __cdecl(enum base::MemoryPressureListener::MemoryPressureLevel)>::RunImpl+0x81331001
1d 0bf5eca0 10dabdeb chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall content::DOMStorageContextWrapper::*)(enum base::MemoryPressureListener::MemoryPressureLevel),scoped_refptr<content::DOMStorageContextWrapper> >,void __cdecl(enum base::MemoryPressureListener::MemoryPressureLevel)>::Run+0x17
1e (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(ValueStore *),1,1> >::Run+0x816ebdd7
1f 0bf5ecc4 10dadd8c chrome_f6c0000!extensions::LocalValueStoreCache::RunWithValueStoreForExtension+0x6f
20 0bf5ecd8 10daddc2 chrome_f6c0000!base::internal::FunctorTraits<void (__thiscall extensions::ValueStoreCache::*)(base::Callback<void __cdecl(ValueStore *),1,1> const &,scoped_refptr<extensions::Extension const >),void>::Invoke<extensions::ValueStoreCache *,base::Callback<void __cdecl(ValueStore *),1,1> const &,scoped_refptr<extensions::Extension const > const &>+0x26
21 (Inline) -------- chrome_f6c0000!base::internal::InvokeHelper<0,void>::MakeItSo+0x816edda6
22 0bf5ecf0 10dae8e5 chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall extensions::ValueStoreCache::*)(base::Callback<void __cdecl(ValueStore *),1,1> const &,scoped_refptr<extensions::Extension const >),base::internal::UnretainedWrapper<extensions::ValueStoreCache>,base::Callback<void __cdecl(ValueStore *),1,1>,scoped_refptr<extensions::Extension const > >,void __cdecl(void)>::RunImpl<void (__thiscall extensions::ValueStoreCache::*const &)(base::Callback<void __cdecl(ValueStore *),1,1> const &,scoped_refptr<extensions::Extension const >),std::tuple<base::internal::UnretainedWrapper<extensions::ValueStoreCache>,base::Callback<void __cdecl(ValueStore *),1,1>,scoped_refptr<extensions::Extension const > > const &,0,1,2>+0x1f
23 0bf5ed04 1016cbb9 chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall extensions::ValueStoreCache::*)(base::Callback<void __cdecl(ValueStore *),1,1> const &,scoped_refptr<extensions::Extension const >),base::internal::UnretainedWrapper<extensions::ValueStoreCache>,base::Callback<void __cdecl(ValueStore *),1,1>,scoped_refptr<extensions::Extension const > >,void __cdecl(void)>::Run+0x16
24 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
25 0bf5ed78 100eb49f chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
26 0bf5f6f4 100ec645 chrome_f6c0000!base::MessageLoop::RunTask+0x35c
17 Id: 1e5c.29d4 Suspend: 1 Teb: 05122000 Unfrozen
# ChildEBP RetAddr
00 0c45d7c0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 0c45d80c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 0c45d830 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 0c45d91c 6569408e syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 0c45d938 6569a423 syzyasan_rtl!agent::asan::BlockProtectRedzones+0x1e
09 0c45dae8 656920d3 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Allocate+0x263
0a (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapAlloc+0x3
0b 0c45db08 106c42c1 syzyasan_rtl!asan_HeapAlloc+0x43
0c 0c45db1c 106c421b chrome_f6c0000!base::allocator::WinHeapMalloc+0x1d
0d 0c45db28 106c4100 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapMallocImpl+0xb
0e 0c45db40 11ee6cb5 chrome_f6c0000!ShimMalloc+0x11
0f 0c45db4c 112781fc chrome_f6c0000!operator new+0x2c
10 0c45dd80 11267def chrome_f6c0000!net::QuicStreamSequencerBuffer::OnStreamData+0x67d
11 0c45debc 11233d3e chrome_f6c0000!net::QuicStreamSequencer::OnStreamFrame+0xb2
12 0c45def4 111d0ab8 chrome_f6c0000!net::ReliableQuicStream::OnStreamFrame+0xc0
13 0c45df0c 111da170 chrome_f6c0000!net::QuicSession::OnStreamFrame+0x3b
14 0c45df24 111c9cf0 chrome_f6c0000!net::QuicChromiumClientSession::OnStreamFrame+0x6a
15 0c45e00c 112286ee chrome_f6c0000!net::QuicConnection::OnStreamFrame+0x160
16 0c45e098 112285e3 chrome_f6c0000!net::QuicFramer::ProcessFrameData+0xae
17 0c45e1a4 112290a7 chrome_f6c0000!net::QuicFramer::ProcessDataPacket+0x136
18 0c45e8e8 111caaec chrome_f6c0000!net::QuicFramer::ProcessPacket+0x151
19 0c45e9c4 111d9c9f chrome_f6c0000!net::QuicConnection::ProcessUdpPacket+0x248
1a 0c45e9e4 111c2549 chrome_f6c0000!net::QuicChromiumClientSession::OnPacket+0x20
1b 0c45ea64 124e69de chrome_f6c0000!net::QuicChromiumPacketReader::OnReadComplete+0xa5
1c (Inline) -------- chrome_f6c0000!base::internal::FunctorTraits<void (__thiscall syncer::ModelTypeConnector::*)(enum syncer::ModelType),void>::Invoke+0x82e269c4
1d 0c45ea74 1178d75a chrome_f6c0000!base::internal::InvokeHelper<1,void>::MakeItSo<void (__thiscall syncer::ModelTypeConnector::*const &)(enum syncer::ModelType),base::WeakPtr<syncer::ModelTypeConnector> const &,enum syncer::ModelType const &>+0x26
1e (Inline) -------- chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall storage::QuotaManager::HostDataDeleter::*)(enum storage::QuotaStatusCode),base::WeakPtr<storage::QuotaManager::HostDataDeleter> >,void __cdecl(enum storage::QuotaStatusCode)>::RunImpl+0x820cd6da
1f 0c45ea88 110b60fd chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall storage::QuotaManager::HostDataDeleter::*)(enum storage::QuotaStatusCode),base::WeakPtr<storage::QuotaManager::HostDataDeleter> >,void __cdecl(enum storage::QuotaStatusCode)>::Run+0x16
20 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(int),1,1> >::Run+0x819f60ab
21 0c45eaa0 110b5ede chrome_f6c0000!net::UDPSocketWin::DoReadCallback+0x2c
22 0c45eacc 110b6f04 chrome_f6c0000!net::UDPSocketWin::DidCompleteRead+0xca
23 0c45eaf4 10139e45 chrome_f6c0000!net::UDPSocketWin::Core::ReadDelegate::OnObjectSignaled+0x15
24 (Inline) -------- chrome_f6c0000!base::internal::FunctorTraits<void (__thiscall base::win::ObjectWatcher::*)(base::win::ObjectWatcher::Delegate *),void>::Invoke+0x25
25 (Inline) -------- chrome_f6c0000!base::internal::InvokeHelper<1,void>::MakeItSo+0x56
26 (Inline) -------- chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall base::win::ObjectWatcher::*)(base::win::ObjectWatcher::Delegate *),base::WeakPtr<base::win::ObjectWatcher>,base::win::ObjectWatcher::Delegate *>,void __cdecl(void)>::RunImpl+0x56
27 0c45eb0c 1016cbb9 chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__thiscall base::win::ObjectWatcher::*)(base::win::ObjectWatcher::Delegate *),base::WeakPtr<base::win::ObjectWatcher>,base::win::ObjectWatcher::Delegate *>,void __cdecl(void)>::Run+0x37
28 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
29 0c45eb80 100eb49f chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
21 Id: 1e5c.2e30 Suspend: 1 Teb: 0512e000 Unfrozen
# ChildEBP RetAddr
00 0cbbf1c0 77a26f92 ntdll!NtWaitForAlertByThreadId+0xc
01 0cbbf1e0 77a26ebd ntdll!RtlpWaitOnAddressWithTimeout+0x42
02 0cbbf224 77a26daf ntdll!RtlpWaitOnAddress+0xa5
03 0cbbf260 77a4a096 ntdll!RtlpWaitOnCriticalSection+0xaa
04 0cbbf280 77a49fb5 ntdll!RtlpEnterCriticalSectionContended+0xd6
05 0cbbf28c 11ee6466 ntdll!RtlEnterCriticalSection+0x45
06 0cbbf298 116260ca chrome_f6c0000!_Mtxlock+0xc
07 0cbbf2a8 11614a2e chrome_f6c0000!sqlite3Malloc+0x33
08 0cbbf2bc 11614b22 chrome_f6c0000!sqlite3DbMallocRaw+0x43
09 0cbbf2d4 1162cfd9 chrome_f6c0000!sqlite3DbMallocZero+0x12
0a 0cbbf304 11625ea7 chrome_f6c0000!sqlite3Prepare+0x1d
0b 0cbbf338 115d4fb8 chrome_f6c0000!sqlite3LockAndPrepare+0x43
0c 0cbbf35c 115c48bf chrome_f6c0000!sqlite3_prepare_v2+0x1b
0d 0cbbf384 115c4534 chrome_f6c0000!sql::Connection::GetStatementImpl+0x52
0e (Inline) -------- chrome_f6c0000!sql::Connection::GetUniqueStatement+0x81f04532
0f 0cbbf3ac 117617b1 chrome_f6c0000!sql::Connection::GetCachedStatement+0x51
10 0cbbf6f4 1016cbb9 chrome_f6c0000!net::SQLitePersistentCookieStore::Backend::Commit+0x85
11 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
12 0cbbf768 10186fb0 chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
13 0cbbf7e0 101896c8 chrome_f6c0000!base::internal::TaskTracker::RunTask+0x266
14 0cbbfc18 100dd8ff chrome_f6c0000!base::internal::SchedulerWorker::Thread::ThreadMain+0x310
15 0cbbfc38 76d438f4 chrome_f6c0000!base::`anonymous namespace'::ThreadFunc+0x8b
16 0cbbfc4c 77a65de3 KERNEL32!BaseThreadInitThunk+0x24
22 Id: 1e5c.390c Suspend: 1 Teb: 05131000 Unfrozen
# ChildEBP RetAddr
00 0ccfe550 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 0ccfe59c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 0ccfe5c0 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 0ccfe6ac 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 0ccfe6c8 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 0ccfe6e4 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 0ccfe808 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 0ccfe828 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 0ccfe9b8 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 0ccfe9d0 106c427c syzyasan_rtl!asan_HeapFree+0x3d
10 0ccfe9e4 106c41ff chrome_f6c0000!base::allocator::WinHeapFree+0x1a
11 0ccfe9f0 106c40e1 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapFreeImpl+0xb
12 0ccfea00 0f7b3c6d chrome_f6c0000!ShimFree+0xf
13 0ccfea0c 1014c928 chrome_f6c0000!std::_Deallocate+0x56
14 (Inline) -------- chrome_f6c0000!std::allocator<int>::deallocate+0x80a8c926
15 (Inline) -------- chrome_f6c0000!std::_Wrap_alloc<std::allocator<int> >::deallocate+0x80a8c926
16 (Inline) -------- chrome_f6c0000!std::vector<int,std::allocator<int> >::_Tidy+0x2b
17 (Inline) -------- chrome_f6c0000!std::vector<int,std::allocator<int> >::{dtor}+0x2b
18 (Inline) -------- chrome_f6c0000!base::BucketRanges::{dtor}+0x2b
19 (Inline) -------- chrome_f6c0000!std::default_delete<base::BucketRanges const >::operator()+0x2b
1a (Inline) -------- chrome_f6c0000!std::unique_ptr<base::BucketRanges const ,std::default_delete<base::BucketRanges const > >::{dtor}+0x80a8c8da
1b 0ccfea48 10112afc chrome_f6c0000!base::StatisticsRecorder::RegisterOrDeleteDuplicateRanges+0x154
1c 0ccfea70 10112e50 chrome_f6c0000!base::Histogram::Factory::Build+0x51
1d 0ccfeaa0 10112ebf chrome_f6c0000!base::Histogram::FactoryGet+0x74
1e 0ccfeac8 11c736c9 chrome_f6c0000!base::Histogram::FactoryTimeGet+0x6a
1f 0ccfeb60 11c72835 chrome_f6c0000!ThreadWatcher::Initialize+0x5a
20 0ccfeb78 11c746f6 chrome_f6c0000!ThreadWatcher::ThreadWatcher+0xaa
21 0ccfeba0 11c747c1 chrome_f6c0000!ThreadWatcher::StartWatching+0x78
22 0ccfec10 11c738d1 chrome_f6c0000!ThreadWatcherList::StartWatching+0x72
23 0ccfecf4 10dc2ff4 chrome_f6c0000!ThreadWatcherList::InitializeAndStartWatching+0x11c
24 (Inline) -------- chrome_f6c0000!base::internal::FunctorTraits<void (__cdecl*)(void *,std::set<extensions::Warning,std::less<extensions::Warning>,std::allocator<extensions::Warning> > const &),void>::Invoke+0x1b
25 (Inline) -------- chrome_f6c0000!base::internal::InvokeHelper<0,void>::MakeItSo+0x1b
26 (Inline) -------- chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(void *,std::set<extensions::Warning,std::less<extensions::Warning>,std::allocator<extensions::Warning> > const &),void *,std::set<extensions::Warning,std::less<extensions::Warning>,std::allocator<extensions::Warning> > >,void __cdecl(void)>::RunImpl+0x1b
27 0ccfed04 1016cbb9 chrome_f6c0000!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(void *,std::set<extensions::Warning,std::less<extensions::Warning>,std::allocator<extensions::Warning> > const &),void *,std::set<extensions::Warning,std::less<extensions::Warning>,std::allocator<extensions::Warning> > >,void __cdecl(void)>::Run+0x10
28 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
29 0ccfed78 100eb49f chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
24 Id: 1e5c.2f14 Suspend: 1 Teb: 05137000 Unfrozen
# ChildEBP RetAddr
00 0e60dff0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 0e60e03c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 0e60e060 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 0e60e14c 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 0e60e168 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 0e60e184 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 0e60e2a8 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 0e60e2c8 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 0e60e458 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 0e60e474 106c427c syzyasan_rtl!asan_HeapFree+0x3d
10 0e60e488 106c41ff chrome_f6c0000!base::allocator::WinHeapFree+0x1a
11 0e60e494 106c40e1 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapFreeImpl+0xb
12 0e60e4a4 115d332c chrome_f6c0000!ShimFree+0xf
13 0e60e4bc 116149b6 chrome_f6c0000!sqlite3_free+0x39
14 0e60e4cc 11636adc chrome_f6c0000!sqlite3DbFree+0x4c
15 0e60e4e4 1163fa7c chrome_f6c0000!sqlite3VdbeDelete+0x47
16 0e60e4f8 115c9351 chrome_f6c0000!sqlite3VdbeFinalize+0x2b
17 0e60e50c 115c32fd chrome_f6c0000!sqlite3_finalize+0x52
18 0e60e520 115c2f85 chrome_f6c0000!sql::Connection::StatementRef::Close+0x16
19 0e60e538 115c7a45 chrome_f6c0000!sql::Connection::StatementRef::~StatementRef+0x19
1a (Inline) -------- chrome_f6c0000!scoped_refptr<sql::Connection::StatementRef>::{dtor}+0x16
1b 0e60e5c0 119a165d chrome_f6c0000!sql::Statement::~Statement+0x16
1c 0e60e5d0 119b875e chrome_f6c0000!history::HistoryBackend::GetVisitsSource+0x1c
1d 0e60e5f4 00000000 chrome_f6c0000!history::TypedUrlSyncableService::ShouldIgnoreVisits+0x2e
28 Id: 1e5c.34f0 Suspend: 1 Teb: 05149000 Unfrozen
# ChildEBP RetAddr
00 3774f920 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 3774f96c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 3774f990 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 3774fa7c 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 3774fa98 6569b636 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 3774fabc 6569b545 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePristineBlock+0x36
0a 3774fadc 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0xa5
0b (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0c 3774fc00 6569bbbc syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0d 3774fc1c 656a6084 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::DeferredFreeDoWork+0x1c
0e (Inline) -------- syzyasan_rtl!base::Callback<void __cdecl(void),1>::Run+0x8
0f 3774fd00 656ba7f6 syzyasan_rtl!agent::asan::heap_managers::DeferredFreeThread::ThreadMain+0xa4
10 3774fd2c 76d438f4 syzyasan_rtl!base::`anonymous namespace'::ThreadFunc+0xc6
11 3774fd40 77a65de3 KERNEL32!BaseThreadInitThunk+0x24
12 3774fd88 77a65dae ntdll!__RtlUserThreadStart+0x2f
13 3774fd98 00000000 ntdll!_RtlUserThreadStart+0x1b
31 Id: 1e5c.3d68 Suspend: 1 Teb: 05152000 Unfrozen
# ChildEBP RetAddr
00 381df220 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 381df26c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 381df290 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 381df37c 6569408e syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 381df398 6569a423 syzyasan_rtl!agent::asan::BlockProtectRedzones+0x1e
09 381df548 656920d3 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Allocate+0x263
0a (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapAlloc+0x3
0b 381df568 106c42c1 syzyasan_rtl!asan_HeapAlloc+0x43
0c 381df57c 106c421b chrome_f6c0000!base::allocator::WinHeapMalloc+0x1d
0d 381df588 106c4100 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapMallocImpl+0xb
0e 381df5a0 111aed3b chrome_f6c0000!ShimMalloc+0x11
0f 381df5b8 111aee91 chrome_f6c0000!net::internal::`anonymous namespace'::ReadIpHelper+0x25
10 381df824 111ae2ec chrome_f6c0000!net::internal::`anonymous namespace'::ReadSystemSettings+0x26
11 381df908 11219b58 chrome_f6c0000!net::internal::DnsConfigServiceWin::ConfigReader::DoWork+0x3c
12 381df934 10154b8c chrome_f6c0000!net::SerialWorker::DoWorkJob+0xe
13 (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x21
14 381df990 77a62614 chrome_f6c0000!base::`anonymous namespace'::WorkItemCallback+0x199
15 381dfac8 77a2cd41 ntdll!RtlpTpWorkCallback+0x154
16 381dfc78 76d438f4 ntdll!TppWorkerThread+0x671
17 381dfc8c 77a65de3 KERNEL32!BaseThreadInitThunk+0x24
18 381dfcd4 77a65dae ntdll!__RtlUserThreadStart+0x2f
19 381dfce4 00000000 ntdll!_RtlUserThreadStart+0x1b
33 Id: 1e5c.3e6c Suspend: 1 Teb: 0515b000 Unfrozen
# ChildEBP RetAddr
00 3b02f40c 77a4a90a ntdll!NtWaitForSingleObject+0xc
01 3b02f430 77a33809 ntdll!LdrpDrainWorkQueue+0xbd
02 3b02f454 7761f3d6 ntdll!LdrUnloadDll+0x79
03 3b02f468 7781f18f KERNELBASE!FreeLibrary+0x16
04 3b02f478 7781f143 combase!FreeLibraryWithLogging+0x1f
05 3b02f488 7781f083 combase!CClassCache::CDllPathEntry::CFinishObject::Finish+0x33
06 3b02f4a8 7779e383 combase!CClassCache::CFinishComposite::Finish+0x51
07 3b02f680 777989be combase!CClassCache::FreeUnused+0xc9
08 3b02f688 77798997 combase!CCFreeUnused+0x1c
09 3b02f698 7782de99 combase!CoFreeUnusedLibrariesEx+0x37
0a (Inline) -------- combase!CoFreeUnusedLibraries+0x9
0b 3b02f6a4 76e484f3 combase!STAHostTimerProc+0x9
0c 3b02f6d0 76e244f7 USER32!_InternalCallWinProc+0x2b
0d 3b02f764 76e2661f USER32!UserCallWinProc+0x105
0e 3b02f7c8 76e26300 USER32!DispatchMessageWorker+0x30f
0f 3b02f7d4 777eb10b USER32!DispatchMessageW+0x10
10 3b02f810 777eb244 combase!CDllHost::STAWorkerLoop+0x8b
11 3b02f830 7782e14e combase!CDllHost::WorkerThread+0xa9
12 3b02f83c 777ec4fa combase!DLLHostThreadEntry+0xe
13 3b02f868 7780d38f combase!CRpcThread::WorkerLoop+0x11c
14 3b02f878 76d438f4 combase!CRpcThreadCache::RpcWorkerThreadEntry+0x1f
15 3b02f88c 77a65de3 KERNEL32!BaseThreadInitThunk+0x24
16 3b02f8d4 77a65dae ntdll!__RtlUserThreadStart+0x2f
17 3b02f8e4 00000000 ntdll!_RtlUserThreadStart+0x1b
35 Id: 1e5c.314c Suspend: 1 Teb: 05161000 Unfrozen
# ChildEBP RetAddr
00 3df7da70 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 3df7dab4 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 3df7dad8 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 3df7dbc4 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 3df7dbe0 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 3df7dbfc 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 3df7dd20 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 3df7dd40 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 3df7ded0 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 3df7dee8 106c427c syzyasan_rtl!asan_HeapFree+0x3d
10 3df7defc 106c41ff chrome_f6c0000!base::allocator::WinHeapFree+0x1a
11 3df7df08 106c40e1 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapFreeImpl+0xb
12 3df7df18 0f7b3c6d chrome_f6c0000!ShimFree+0xf
13 3df7df24 0f7b668f chrome_f6c0000!std::_Deallocate+0x56
14 (Inline) -------- chrome_f6c0000!std::allocator<char>::deallocate+0x800f668f
15 (Inline) -------- chrome_f6c0000!std::_Wrap_alloc<std::allocator<char> >::deallocate+0x800f668f
16 3df7df44 1128257a chrome_f6c0000!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Tidy+0x35
17 (Inline) -------- chrome_f6c0000!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::{dtor}+0x81bc2571
18 3df7df5c 1213cf37 chrome_f6c0000!google::protobuf::internal::ArenaStringPtr::DestroyNoArena+0x1d
19 3df7df88 121077c5 chrome_f6c0000!sync_pb::DataTypeProgressMarker::SharedDtor+0x1f
1a 3df7ee98 124d812a chrome_f6c0000!syncer::syncable::Directory::SaveChanges+0x76
1b 3df7eea4 101295dd chrome_f6c0000!syncer::SyncBackendHostCore::SaveChanges+0x10
1c (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),1,1> >::Run+0xf
1d 3df7eec4 1016cbb9 chrome_f6c0000!base::Timer::RunScheduledTask+0xaf
1e (Inline) -------- chrome_f6c0000!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x25
1f 3df7ef38 100eb49f chrome_f6c0000!base::debug::TaskAnnotator::RunTask+0x18e
37 Id: 1e5c.3d2c Suspend: 1 Teb: 05167000 Unfrozen
# ChildEBP RetAddr
00 42e1edc0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 42e1ee04 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 42e1ee28 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 42e1ef14 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 42e1ef30 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 42e1ef4c 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 42e1f070 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 42e1f090 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 42e1f220 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 42e1f23c 106c427c syzyasan_rtl!asan_HeapFree+0x3d
10 42e1f250 106c41ff chrome_f6c0000!base::allocator::WinHeapFree+0x1a
11 42e1f25c 106c40e1 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapFreeImpl+0xb
12 42e1f26c 0f7b3c6d chrome_f6c0000!ShimFree+0xf
13 42e1f278 100bcce0 chrome_f6c0000!std::_Deallocate+0x56
14 (Inline) -------- chrome_f6c0000!std::allocator<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > >::deallocate+0x809fccde
15 (Inline) -------- chrome_f6c0000!std::_Wrap_alloc<std::allocator<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > > >::deallocate+0x809fccde
16 42e1f2a4 100bedbf chrome_f6c0000!std::vector<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::allocator<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > > >::_Tidy+0x3a
17 (Inline) -------- chrome_f6c0000!std::vector<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::allocator<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > > >::{dtor}+0x809fedb7
18 42e1f2b8 11401044 chrome_f6c0000!base::CommandLine::~CommandLine+0x51
19 42e1f304 11401109 chrome_f6c0000!installer::ProductState::Clear+0xb6
1a 42e1f394 113f6d1b chrome_f6c0000!installer::ProductState::Initialize+0x5b
1b 42e1f450 113fee48 chrome_f6c0000!InstallUtil::IsMultiInstall+0x3a
1c 42e1f484 11c4ba40 chrome_f6c0000!GoogleUpdateSettings::RecordChromeUpdatePolicyHistograms+0x25
1d 42e1f4a8 656920d3 chrome_f6c0000!`anonymous namespace'::RecordStartupMetricsOnBlockingPool+0x8
1e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapAlloc+0x3
1f 42e1f508 10186fb0 syzyasan_rtl!asan_HeapAlloc+0x43
20 42e1f580 101896c8 chrome_f6c0000!base::internal::TaskTracker::RunTask+0x266
38 Id: 1e5c.362c Suspend: 1 Teb: 0516a000 Unfrozen
# ChildEBP RetAddr
00 42f6f7d0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 42f6f81c 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 42f6f840 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 42f6f92c 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 42f6f948 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 42f6f964 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 42f6fa88 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 42f6faa8 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 42f6fc38 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 42f6fc50 11f18d46 syzyasan_rtl!asan_HeapFree+0x3d
10 42f6fc64 11f1ab29 chrome_f6c0000!_free_base+0x1c
11 42f6fc74 77a32fc8 chrome_f6c0000!destroy_fls+0x1b
12 42f6fc9c 77a45b62 ntdll!RtlProcessFlsData+0xf8
13 42f6fd40 77a681fc ntdll!LdrShutdownThread+0x32
14 42f6fe14 76d438fb ntdll!RtlExitUserThread+0x4c
15 42f6fe28 77a65de3 KERNEL32!BaseThreadInitThunk+0x2b
16 42f6fe70 77a65dae ntdll!__RtlUserThreadStart+0x2f
17 42f6fe80 00000000 ntdll!_RtlUserThreadStart+0x1b
40 Id: 1e5c.2df4 Suspend: 1 Teb: 05170000 Unfrozen
# ChildEBP RetAddr
00 431ee2d0 77a6d8dc ntdll!NtWaitForAlertByThreadId+0xc
01 431ee314 776a7f73 ntdll!RtlSleepConditionVariableSRW+0xdc
02 431ee338 656a9573 KERNELBASE!SleepConditionVariableSRW+0x23
03 (Inline) -------- syzyasan_rtl!base::ConditionVariable::TimedWait+0x3f
04 (Inline) -------- syzyasan_rtl!base::ConditionVariable::Wait+0x53
05 431ee424 6569401a syzyasan_rtl!common::RecursiveLock::TryImpl+0xc3
06 (Inline) -------- syzyasan_rtl!common::RecursiveLock::Acquire+0xc
07 (Inline) -------- syzyasan_rtl!common::AutoRecursiveLock::{ctor}+0xc
08 431ee440 6569b4c8 syzyasan_rtl!agent::asan::BlockProtectNone+0x2a
09 431ee45c 6569b437 syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreePotentiallyCorruptBlock+0x28
0a (Inline) -------- syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::FreeBlock+0x27
0b 431ee580 6569bb3e syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimQuarantine+0x157
0c 431ee5a0 6569a6ad syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::TrimOrScheduleIfNecessary+0x4e
0d 431ee730 6569217d syzyasan_rtl!agent::asan::heap_managers::BlockHeapManager::Free+0x27d
0e (Inline) -------- syzyasan_rtl!agent::asan::WindowsHeapAdapter::HeapFree+0x2
0f 431ee74c 106c427c syzyasan_rtl!asan_HeapFree+0x3d
10 431ee760 106c41ff chrome_f6c0000!base::allocator::WinHeapFree+0x1a
11 431ee76c 106c40e1 chrome_f6c0000!`anonymous namespace'::DefaultWinHeapFreeImpl+0xb
12 431ee77c 10121526 chrome_f6c0000!ShimFree+0xf
13 431efbb0 1017f914 chrome_f6c0000!`anonymous namespace'::OnThreadExitInternal+0x53
14 (Inline) -------- chrome_f6c0000!base::internal::PlatformThreadLocalStorage::OnThreadExit+0x1c
15 431efbb8 77a76b8e chrome_f6c0000!OnThreadExit+0x2b
16 431efbd8 77a45ade ntdll!LdrxCallInitRoutine+0x16
17 431efc28 77a9d437 ntdll!LdrpCallInitRoutine+0x43
18 431efc68 77a45c61 ntdll!LdrpCallTlsInitializers+0x45215
19 431efd08 77a681fc ntdll!LdrShutdownThread+0x131
1a 431efddc 76d438fb ntdll!RtlExitUserThread+0x4c
1b 431efdf0 77a65de3 KERNEL32!BaseThreadInitThunk+0x2b
1c 431efe38 77a65dae ntdll!__RtlUserThreadStart+0x2f
1d 431efe48 00000000 ntdll!_RtlUserThreadStart+0x1b
,
Oct 20 2016
Do you have a crash dump (a minidump is fine)?
,
Oct 20 2016
Ah, nevermind. You've taken an AV on thread 12. The runtime is surveying all memory for heap corruption. Gab just had a similar crash - let it finish and it should report the crash. 12 Id: 1e5c.3ed8 Suspend: 1 Teb: 05113000 Unfrozen # ChildEBP RetAddr 00 0be1d8e4 7762daaf ntdll!NtQueryVirtualMemory+0xc 01 0be1d90c 65693864 KERNELBASE!VirtualQuery+0x1f 02 0be1da14 6569d2af syzyasan_rtl!agent::asan::ShadowWalker::Next+0x54 03 0be1db64 6569d089 syzyasan_rtl!agent::asan::HeapChecker::GetCorruptRangesInSlab+0x1ff 04 0be1db88 6568c2f4 syzyasan_rtl!agent::asan::HeapChecker::IsHeapCorrupt+0x69 05 0be1e524 6568bebe syzyasan_rtl!agent::asan::AsanRuntime::ExceptionFilterImpl+0x424 06 0be1e534 776af4a2 syzyasan_rtl!agent::asan::AsanRuntime::UnhandledExceptionFilter+0xe 07 0be1e5c4 77aa35ee KERNELBASE!UnhandledExceptionFilter+0x172 08 0be1fd00 77a65dae ntdll!__RtlUserThreadStart+0x3d83a 09 0be1fd10 00000000 ntdll!_RtlUserThreadStart+0x1b
,
Oct 20 2016
Any idea why it takes so long to generate the crash? .dump /ma completes within a few seconds.
,
Oct 20 2016
,
Oct 20 2016
It takes a while because the SyzyASAN RTL is cross-checking every single allocation, to make sure it tags crashes with heap corruption as such. This crawls all of the shadow memory, verifies the headers of all allocations as well as checksumming the contents of quarantined blocks, among other things. This is to cut down on noise, to save you from ever seeing a bug report that's not actionable. Minidumping happens later. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by siggi@chromium.org
, Oct 20 2016