New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 823287 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
On parental leave until 3/15/19
Closed: Apr 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Crash with DoH enabled and chrome://net-internals open

Project Member Reported by lassey@google.com, Mar 19 2018

Issue description

Chrome Version: 67
OS: OSX 

What steps will reproduce the problem?
(1) configure DoH to be enbled
(2) open chrome://net-internals
(3) navigate to another site in another tab

What is the expected result?  no crash

What happens instead? Crash

Please use labels and text to provide additional information.

some lldb output:

(lldb) f 0
frame #0: 0x000000011cb6a104 libnet.dylib`net::NetLogSource::AddToEventParameters(this=0x0000000000000080, event_params=0x000000015f6a2cf0) const at net_log_source.cc:48
   45  	void NetLogSource::AddToEventParameters(
   46  	    base::DictionaryValue* event_params) const {
   47  	  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-> 48  	  dict->SetInteger("type", static_cast<int>(type));
   49  	  dict->SetInteger("id", static_cast<int>(id));
   50  	  event_params->Set("source_dependency", std::move(dict));
   51  	}
(lldb) p this
(net::NetLogSource *) $3 = 0x0000000000000080
(lldb) bt 5
* thread #8, name = 'Chrome_IOThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x80)
  * frame #0: 0x000000011cb6a104 libnet.dylib`net::NetLogSource::AddToEventParameters(this=0x0000000000000080, event_params=0x000000015f6a2cf0) const at net_log_source.cc:48
    frame #1: 0x000000011cef7368 libnet.dylib`net::(anonymous namespace)::DnsAttempt::NetLogResponseCallback(this=0x000000015cfd1690, capture_mode=(value_ = 1)) const at dns_transaction.cc:172
    frame #2: 0x000000011cef7a22 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::FunctorTraits<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (method=50 70 ef 1c 01 00 00 00 00 00 00 00 00 00 00 00, receiver_ptr=0x000070000fc309b0, args=0x000070000fc30a60)::DnsAttempt::*)(net::NetLogCaptureMode) const, void>::Invoke<net::(anonymous namespace)::DnsAttempt const*, net::NetLogCaptureMode>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::*)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*&&, net::NetLogCaptureMode&&) at bind_internal.h:462
    frame #3: 0x000000011cef7936 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::InvokeHelper<false, std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > >::MakeItSo<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (functor=0x0000000100456230, args=0x000070000fc309b0, args=0x000070000fc30a60)::DnsAttempt::* const&)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*, net::NetLogCaptureMode>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&&&)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*&&, net::NetLogCaptureMode&&) at bind_internal.h:530
    frame #4: 0x000000011cef78a2 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::Invoker<base::internal::BindState<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (functor=0x0000000100456230, bound=0x0000000100456240, (null)=std::__1::index_sequence<0UL> @ 0x000070000fc30980, unbound_args=0x000070000fc30a60)::DnsAttempt::*)(net::NetLogCaptureMode) const, base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> >, std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::NetLogCaptureMode)>::RunImpl<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&)(net::NetLogCaptureMode) const, std::__1::tuple<base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> > const&, 0ul>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&&&)(net::NetLogCaptureMode) const, std::__1::tuple<base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> > const&&&, std::__1::integer_sequence<unsigned long, 0ul>, net::NetLogCaptureMode&&) at bind_internal.h:604
(lldb) f 1
frame #1: 0x000000011cef7368 libnet.dylib`net::(anonymous namespace)::DnsAttempt::NetLogResponseCallback(this=0x000000015cfd1690, capture_mode=(value_ = 1)) const at dns_transaction.cc:172
   169 	    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   170 	    dict->SetInteger("rcode", GetResponse()->rcode());
   171 	    dict->SetInteger("answer_count", GetResponse()->answer_count());
-> 172 	    GetSocketNetLog().source().AddToEventParameters(dict.get());
   173 	    return std::move(dict);
   174 	  }
   175 	
(lldb) p ((DnsHTTPAttempt*)this)->request_
(std::__1::unique_ptr<net::URLRequest, std::__1::default_delete<net::URLRequest> >) $6 = {
  __ptr_ = {
    std::__1::__compressed_pair_elem<net::URLRequest *, 0, false> = {
      __value_ = 0x0000000000000000
    }
  }
}

So, request is null, which presumably means this is running after the request completes and request_ is reset.


 
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 30 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6dddf0d60a153c049b22d2bd9688e889a3f62ff3

commit 6dddf0d60a153c049b22d2bd9688e889a3f62ff3
Author: Brad Lassey <lassey@chromium.org>
Date: Fri Mar 30 18:08:03 2018

Create a base net log for use before the request is created and hold the request's net log for use after the request completes

R=mgersh@chromium.org

Bug:  823287 
Change-Id: Ie0d2176ce5937b8d6a6d690da79a220a54242ce6
Reviewed-on: https://chromium-review.googlesource.com/968866
Commit-Queue: Brad Lassey <lassey@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Miriam Gershenson <mgersh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#547206}
[modify] https://crrev.com/6dddf0d60a153c049b22d2bd9688e889a3f62ff3/net/dns/dns_transaction.cc
[modify] https://crrev.com/6dddf0d60a153c049b22d2bd9688e889a3f62ff3/net/dns/dns_transaction_unittest.cc

Status: Fixed (was: Untriaged)

Sign in to add a comment