Issue metadata
Sign in to add a comment
|
Security: Crash in net::internal::ClientSocketPoolBaseHelper::RemoveConnectJob
Reported by
chromium...@gmail.com,
Nov 25 2016
|
||||||||||||||||||||
Issue descriptionChrome Version: 57.0.2931.0 canary (64-bit) Operating System: Windows 7 REPRODUCTION CASE This crash happened when I was trying to open a page from chrome://bookmarks. Crash ID: 17590f4f-de2c-461a-9457-52ce9943dbc2 rax=000007fedb984ab8 rbx=000000000b5433c0 rcx=000000001040a420 rdx=0000000000000000 rsi=00006a52000005a1 rdi=000000001040a3d0 rip=000007feda094ba5 rsp=0000000009add440 rbp=0000000009add549 r8=000001b800060002 r9=000001b9001c0003 r10=6666666666666667 r11=0000000009add460 r12=0000000000000000 r13=00000000ffffff77 r14=00000000103fba60 r15=000000001040a3d0 iopl=0 nv up ei pl nz na pe nc cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00010202 *** WARNING: Unable to verify checksum for chrome.dll chrome_7fed8cd0000!net::internal::ClientSocketPoolBaseHelper::RemoveConnectJob+0xa5: 000007fe`da094ba5 488b06 mov rax,qword ptr [rsi] ds:00006a52`000005a1=???????????????? 0:015> k *** Stack trace for last set context - .thread/.cxr resets it Child-SP RetAddr Call Site 00000000`09add440 000007fe`da094756 chrome_7fed8cd0000!net::internal::ClientSocketPoolBaseHelper::RemoveConnectJob+0xa5 [c:\b\build\slave\win64-pgo\build\src\net\socket\client_socket_pool_base.cc @ 981] 00000000`09add470 000007fe`da0921ca chrome_7fed8cd0000!net::internal::ClientSocketPoolBaseHelper::OnConnectJobComplete+0x1ee [c:\b\build\slave\win64-pgo\build\src\net\socket\client_socket_pool_base.cc @ 945] 00000000`09add5b0 000007fe`da026205 chrome_7fed8cd0000!net::ConnectJob::NotifyDelegateOfCompletion+0x116 [c:\b\build\slave\win64-pgo\build\src\net\socket\client_socket_pool_base.cc @ 138] 00000000`09add680 000007fe`d9fc8ff7 chrome_7fed8cd0000!net::TransportConnectJob::OnIOComplete+0x1d [c:\b\build\slave\win64-pgo\build\src\net\socket\transport_client_socket_pool.cc @ 221] 00000000`09add6b0 000007fe`d9fc82f0 chrome_7fed8cd0000!net::HostResolverImpl::Job::CompleteRequests+0x5eb [c:\b\build\slave\win64-pgo\build\src\net\dns\host_resolver_impl.cc @ 1801] 00000000`09addc60 000007fe`d9fc5196 chrome_7fed8cd0000!net::HostResolverImpl::Job::OnProcTaskComplete+0x378 [c:\b\build\slave\win64-pgo\build\src\net\dns\host_resolver_impl.cc @ 1627] 00000000`09adde10 000007fe`d9fccc69 chrome_7fed8cd0000!net::HostResolverImpl::ProcTask::OnLookupComplete+0x3c2 [c:\b\build\slave\win64-pgo\build\src\net\dns\host_resolver_impl.cc @ 835] 00000000`09addf30 000007fe`d9df5c28 chrome_7fed8cd0000!base::internal::Invoker<base::internal::BindState<void (__cdecl net::HostResolverImpl::ProcTask::*)(net::AddressList const & __ptr64,base::TimeTicks const & __ptr64,unsigned int,int,int) __ptr64,scoped_refptr<net::HostResolverImpl::ProcTask>,net::AddressList,base::TimeTicks,unsigned int,int,int>,void __cdecl(void)>::Run+0x29 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 343] 00000000`09addf70 000007fe`d9da8ebb chrome_7fed8cd0000!base::debug::TaskAnnotator::RunTask+0x288 [c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 52] 00000000`09ade120 000007fe`d9da9ab0 chrome_7fed8cd0000!base::MessageLoop::RunTask+0x43b [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 414] 00000000`09adf460 000007fe`d9df6947 chrome_7fed8cd0000!base::MessageLoop::DoWork+0x420 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 515] 00000000`09adf710 000007fe`d9df5d84 chrome_7fed8cd0000!base::MessagePumpForIO::DoRunLoop+0x147 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_win.cc @ 612] 00000000`09adf9a0 000007fe`d9dcd554 chrome_7fed8cd0000!base::MessagePumpWin::Run+0x54 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_win.cc @ 58] 00000000`09adf9f0 000007fe`d979ccba chrome_7fed8cd0000!base::RunLoop::Run+0xa4 [c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 36] 00000000`09adfa40 000007fe`d979cdd4 chrome_7fed8cd0000!content::BrowserThreadImpl::IOThreadRun+0x36 [c:\b\build\slave\win64-pgo\build\src\content\browser\browser_thread_impl.cc @ 254] 00000000`09adfb90 000007fe`d9da78e0 chrome_7fed8cd0000!content::BrowserThreadImpl::Run+0x94 [c:\b\build\slave\win64-pgo\build\src\content\browser\browser_thread_impl.cc @ 288] 00000000`09adfbc0 000007fe`d9d77ffd chrome_7fed8cd0000!base::Thread::ThreadMain+0x1d0 [c:\b\build\slave\win64-pgo\build\src\base\threading\thread.cc @ 331] *** WARNING: Unable to verify timestamp for kernel32.dll *** ERROR: Module load completed but symbols could not be loaded for kernel32.dll 00000000`09adfc60 00000000`773bf56d chrome_7fed8cd0000!base::`anonymous namespace'::ThreadFunc+0xed [c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc @ 86] 00000000`09adfcd0 00000000`00000434 kernel32+0x1f56d 00000000`09adfcd8 00000000`00000434 0x434
,
Nov 28 2016
This is the second crash with 17590f4f-de2c-461a-9457-52ce9943dbc2 and caa30913-a70b-45ea-bdd2-3409bd243a3c at chrome://crashes rax=ffffffffffffffff rbx=000007fefe820008 rcx=20534f44206e6920 rdx=0000000000000000 rsi=0000000000000000 rdi=000007fefe820068 rip=000007fee09efed7 rsp=0000000017e5da80 rbp=0000000017e5dbe0 r8=0000000000000001 r9=3354b703603ad648 r10=00000000088b1808 r11=0000000000000000 r12=0000000000000018 r13=00000000073a8e80 r14=0000000000000001 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00010246 *** WARNING: Unable to verify checksum for chrome.dll chrome_7fee0930000!std::_Deallocate+0x27: 000007fe`e09efed7 488b41f8 mov rax,qword ptr [rcx-8] ds:20534f44`206e6918=???????????????? 0:095> k *** Stack trace for last set context - .thread/.cxr resets it Child-SP RetAddr Call Site 00000000`17e5da80 000007fe`e12aab8a chrome_7fee0930000!std::_Deallocate+0x27 [c:\b\depot_tools\win_toolchain\vs_files\d5dc33b15d1b2c086f2f6632e2fd15882f80dbd3\vc\include\xmemory0 @ 103] 00000000`17e5dab0 000007fe`e266dfa1 chrome_7fee0930000!GaiaAuthConsumer::ClientLoginResult::~ClientLoginResult+0x3a [c:\b\build\slave\win64-pgo\build\src\google_apis\gaia\gaia_auth_consumer.cc @ 25] 00000000`17e5dae0 000007fe`e1a55c28 chrome_7fee0930000!net::SQLitePersistentCookieStore::Backend::Commit+0x5d9 [c:\b\build\slave\win64-pgo\build\src\net\extras\sqlite\sqlite_persistent_cookie_store.cc @ 1172] 00000000`17e5e650 000007fe`e1a5f28d chrome_7fee0930000!base::debug::TaskAnnotator::RunTask+0x288 [c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 52] 00000000`17e5e800 000007fe`e1a5f071 chrome_7fee0930000!base::internal::TaskTracker::PerformRunTask+0x1d [c:\b\build\slave\win64-pgo\build\src\base\task_scheduler\task_tracker.cc @ 288] 00000000`17e5e830 000007fe`e1a60a54 chrome_7fee0930000!base::internal::TaskTracker::RunTask+0x331 [c:\b\build\slave\win64-pgo\build\src\base\task_scheduler\task_tracker.cc @ 261] 00000000`17e5e9f0 000007fe`e19d7ffd chrome_7fee0930000!base::internal::SchedulerWorker::Thread::ThreadMain+0x504 [c:\b\build\slave\win64-pgo\build\src\base\task_scheduler\scheduler_worker.cc @ 84] *** WARNING: Unable to verify timestamp for kernel32.dll *** ERROR: Module load completed but symbols could not be loaded for kernel32.dll 00000000`17e5f750 00000000`773bf56d chrome_7fee0930000!base::`anonymous namespace'::ThreadFunc+0xed [c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc @ 86] 00000000`17e5f7c0 00000000`00000de8 kernel32+0x1f56d 00000000`17e5f7c8 00000000`00000de8 0xde8 00000000`17e5f7d0 00000000`00000000 0xde8
,
Nov 29 2016
Thanks for the report. Is this crash reproducible for you?
,
Nov 29 2016
Actually the crash is no longer seen. Verified on 57.0.2936.1 on Windows.
,
Dec 6 2016
,
Mar 15 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by dominickn@chromium.org
, Nov 28 2016