Static cast in NetInternalsMessageHandler::IOThreadImpl::OnGetSessionNetworkStats results in crash in incognito mode |
|||
Issue descriptionChrome Version: Commit in backing tree 4f56da4755ccc370cd682cce472d4ba1c0781207 (== p438529 landed 12/14) OS: Mac OS X El Capitan 10.11.6 (though I don't believe that's relevant) What steps will reproduce the problem? (1) Build Chromium at the given tag and launch it (2) Create an incognito window, bring up net-internals in one tab, switch to the "Capture" subtab (3) In another tab, load http://cr.kungfoo.net/loading/1000spacers/ (believed relevance: Takes a while to load) (4) Go back to the capture tab and click "Stop" repeatedly (doesn't respond very quickly) What is the expected result? The net-internals capture stops and the events source list is displayed. What happens instead? Chromium with the below stack backtrace. Please use labels and text to provide additional information. For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report. * thread #23: tid = 0x1ecba, 0x00000001161afa34 libbase.dylib`base::debug::BreakDebugger() + 20 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/debug/debugger_posix.cc:262, stop reason = EXC_BREAKPOINT (code=EXC_I386_BPT, subcode=0x0) frame #0: 0x00000001161afa34 libbase.dylib`base::debug::BreakDebugger() + 20 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/debug/debugger_posix.cc:262 frame #1: 0x000000011624ace3 libbase.dylib`logging::LogMessage::~LogMessage() + 4387 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/logging.cc:759 frame #2: 0x0000000116247715 libbase.dylib`logging::LogMessage::~LogMessage() + 21 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/logging.cc:533 frame #3: 0x00000001163f7bfe libbase.dylib`base::internal::LockImpl::Lock() + 270 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/synchronization/lock_impl_posix.cc:65 frame #4: 0x0000000116161033 libbase.dylib`base::Lock::Acquire() + 35 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/synchronization/lock.h:45 frame #5: 0x0000000116161003 libbase.dylib`base::AutoLock::AutoLock(base::Lock&) + 35 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/synchronization/lock.h:115 frame #6: 0x000000011616026d libbase.dylib`base::AutoLock::AutoLock(base::Lock&) + 29 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/synchronization/lock.h:114 frame #7: 0x0000000116485854 libbase.dylib`base::ThreadCheckerImpl::CalledOnValidThread() const + 52 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/threading/thread_checker_impl.cc:19 frame #8: 0x00000001094e5932 libchrome_dll.dylib`data_reduction_proxy::DataReductionProxyNetworkDelegate::SessionNetworkStatsInfoToValue() const + 114 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../components/data_reduction_proxy/core/browser/data_reduction_proxy_network_delegate.cc:205 * frame #9: 0x0000000109bca2d2 libchrome_dll.dylib`(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::OnGetSessionNetworkStats(base::ListValue const*) + 530 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../chrome/browser/ui/webui/net_internals/net_internals_ui.cc:885 frame #10: 0x0000000109bd893a libchrome_dll.dylib`void base::internal::FunctorTraits<void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::*)(base::ListValue const*), void>::Invoke<scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl> const&, base::ListValue*>(void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::*)(base::ListValue const*), scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl> const&&&, base::ListValue*&&) + 154 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/bind_internal.h:214 frame #11: 0x0000000109bd880f libchrome_dll.dylib`void base::internal::InvokeHelper<false, void>::MakeItSo<void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::* const&)(base::ListValue const*), scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl> const&, base::ListValue*>(void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::* const&&&)(base::ListValue const*), scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl> const&&&, base::ListValue*&&) + 95 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/bind_internal.h:285 frame #12: 0x0000000109bd878c libchrome_dll.dylib`void base::internal::Invoker<base::internal::BindState<void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::*)(base::ListValue const*), scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl>, base::internal::OwnedWrapper<base::ListValue> >, void ()>::RunImpl<void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::* const&)(base::ListValue const*), std::__1::tuple<scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl>, base::internal::OwnedWrapper<base::ListValue> > const&, 0ul, 1ul>(void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::* const&&&)(base::ListValue const*), std::__1::tuple<scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl>, base::internal::OwnedWrapper<base::ListValue> > const&&&, base::IndexSequence<0ul, 1ul>) + 124 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/bind_internal.h:361 frame #13: 0x0000000109bd869c libchrome_dll.dylib`base::internal::Invoker<base::internal::BindState<void ((anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl::*)(base::ListValue const*), scoped_refptr<(anonymous namespace)::NetInternalsMessageHandler::IOThreadImpl>, base::internal::OwnedWrapper<base::ListValue> >, void ()>::Run(base::internal::BindStateBase*) + 44 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/bind_internal.h:339 frame #14: 0x00000001161b32fa libbase.dylib`base::internal::RunMixin<base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0> >::Run() + 90 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/callback.h:68 frame #15: 0x00000001161b304b libbase.dylib`base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 699 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/debug/task_annotator.cc:52 frame #16: 0x00000001162a007b libbase.dylib`base::MessageLoop::RunTask(base::PendingTask*) + 923 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/message_loop/message_loop.cc:413 frame #17: 0x00000001162a05f4 libbase.dylib`base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 68 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/message_loop/message_loop.cc:422 frame #18: 0x00000001162a102d libbase.dylib`base::MessageLoop::DoWork() + 669 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/message_loop/message_loop.cc:515 frame #19: 0x00000001162b0f2f libbase.dylib`base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 319 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/message_loop/message_pump_libevent.cc:218 frame #20: 0x000000011629fb05 libbase.dylib`base::MessageLoop::RunHandler() + 645 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/message_loop/message_loop.cc:378 frame #21: 0x0000000116382c73 libbase.dylib`base::RunLoop::Run() + 307 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/run_loop.cc:37 frame #22: 0x0000000116482a0c libbase.dylib`base::Thread::Run(base::RunLoop*) + 428 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/threading/thread.cc:245 frame #23: 0x000000011cc10e67 libcontent.dylib`content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) + 71 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../content/browser/browser_thread_impl.cc:252 frame #24: 0x000000011cc1116c libcontent.dylib`content::BrowserThreadImpl::Run(base::RunLoop*) + 588 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../content/browser/browser_thread_impl.cc:287 frame #25: 0x0000000116483cd8 libbase.dylib`base::Thread::ThreadMain() + 3512 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/threading/thread.cc:328 frame #26: 0x000000011645cf41 libbase.dylib`base::(anonymous namespace)::ThreadFunc(void*) + 705 at /Users/rdsmith/Sandboxen/chrome/src/out/Default/../../base/threading/platform_thread_posix.cc:71 frame #27: 0x00007fff95dd199d libsystem_pthread.dylib`_pthread_body + 131 frame #28: 0x00007fff95dd191a libsystem_pthread.dylib`_pthread_start + 168 frame #29: 0x00007fff95dcf351 libsystem_pthread.dylib`thread_start + 13 Looking over the code, I think the problem is this line in NetInternalsMessageHandler::IOThreadImpl::OnGetSessionNetworkStats: if (http_network_session) { // TODO(mmenke): This cast is ugly. Can we get rid of it, or, better, // remove DRP data from net-internals entirely? data_reduction_proxy::DataReductionProxyNetworkDelegate* net_delegate = static_cast<data_reduction_proxy::DataReductionProxyNetworkDelegate*>( // <<<<< context->network_delegate()); if (net_delegate) network_info = net_delegate->SessionNetworkStatsInfoToValue(); } Comparing the instantiation of the URLRequestContextStorage in ProfileImplIOData and OffTheRecordProfileImplIOData, it appears that the first makes the delegate a DataReductionProxyNetworkDelegate (as assumed above) and the second does not. So the above cast is not valid in incognito mode, and I think the lock error is compatible with calling a method on an invalid network delegate. I don't know the context for the static cast, so I'm not sure whether this counts as a DRP bug or a NetLog bug, so I'll mention both components :-}. I will note that I don't consider this a high priority bug (only showing up in a debugging context, with an easy workaround of running net-internals in the non-incognito window); I only pursued it this far to make sure it wasn't the CL I was working on.
,
Dec 16 2016
The DomainReliability stuff adds another wrapped NetworkDelegate...I don't think that would only be used in incognito, though (Or used at all in incognito), so presumably running into something else. Regardless, let's get rid of that static cast. Also worth noting that we're working on removing net-internals from Chrome all together, so maybe just remove that tab? If you guys still need that information, move it to its own chrome:// page or something?
,
Dec 16 2016
(And yea, we've been saying that for years, but now we actually have someone working on it)
,
Dec 16 2016
I'm going to move this to be UI thread based instead of IO thread based. This will be exposed in DataReductionProxyService (available from DRP keyed service) instead of DRPNetworkDelegate, so that the static_cast can be removed, and we can still get the same network stats information.
,
Dec 21 2016
,
Dec 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f0ef225bd59782ebf43f3cb7033dd46902c13a97 commit f0ef225bd59782ebf43f3cb7033dd46902c13a97 Author: ryansturm <ryansturm@chromium.org> Date: Thu Dec 22 23:18:59 2016 Move session network stats from IO to UI This allows the removal of a nasty looking, crash causing, cast in net_internals_ui.cc. There is no real benefit of having this on the IO thread, so moving it to the UI thread will get the same information to the user without a crash. BUG= 674748 Review-Url: https://codereview.chromium.org/2592783002 Cr-Commit-Position: refs/heads/master@{#440535} [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/chrome/browser/ui/webui/net_internals/net_internals_ui.cc [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_compression_stats.cc [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_compression_stats.h [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_network_delegate.cc [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_network_delegate.h [modify] https://crrev.com/f0ef225bd59782ebf43f3cb7033dd46902c13a97/components/data_reduction_proxy/core/browser/data_reduction_proxy_network_delegate_unittest.cc
,
Dec 22 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by bengr@chromium.org
, Dec 15 2016Status: Assigned (was: Untriaged)