Issue 127931 in chromium: Chrome: Crash Report - Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

[chro...@googlecode.com]

Status: Untriaged
Owner: ----
CC: rva...@chromium.org
Labels: Type-Bug Pri-1 Area-Internals Mstone-21 Stability-Crash

New issue 127931 by dhar...@google.com: Chrome: Crash Report -
Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

Product: Chrome
Stack Signature: -29559
New Signature Label: base::`anonymous namespace'::ThreadFunc(void *)
New Signature Hash: a12116ae_e7d21fa7_9b9665fc_b8c6b32e_b965c3e7

Report link: http://go/crash/reportdetail?reportid=0b4049fba2ff613d

Meta information:
Product Name: Chrome
Product Version: 21.0.1135.0
Report ID: 0b4049fba2ff613d
Report Time: 2012/05/12 20:44:54, Sat
Uptime: 386 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 5.1.2600 Service Pack 3
CPU Architecture: x86
CPU Info: GenuineIntel family 15 model 4 stepping 7
ptype: browser


Thread 8 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )

0x01c4de31 [chrome.dll] - platform_thread_win.cc:58 base::`anonymous
namespace'::ThreadFunc(void *)
0x7c80b728 [kernel32.dll] + 0x0000b728] BaseThreadStart

[chro...@googlecode.com]

Updates:
Status: Assigned
Owner: rva...@chromium.org

Comment #1 on issue 127931 by kar...@google.com: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

any chance you can help us? this is #2 browser crash. Eric looked at it
briefly yesterday.

[chro...@googlecode.com]

Comment #3 on issue 127931 by rva...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

(the actual crash that I debugged:
http://go/crash/reportdetail?reportid=2dd165c7fba93a17)

[chro...@googlecode.com]

Comment #4 on issue 127931 by will...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

I looked at the code and don't think anything's changed recently in
Chromium code (but maybe!). This looks pretty surprising, since it seems
like all threads are still running and the PlatformThread::Join() isn't
working. I think we should look at the WaitForSingleObject() return value
in PlatformThread::Join() and if it's a failure, then get the error from
GetLastError() and put it on the stack and then CHECK(false).

[chro...@googlecode.com]

Updates:
Summary: Chrome: Crash Report - Stack Signature: base::`anonymous
namespace'::ThreadFunc(voi...

Comment #5 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c5

The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=137541

------------------------------------------------------------------------
r137541 | rva...@google.com | Wed May 16 15:24:23 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/threading/platform_thread_win.cc?r1=137541&r2=137540&pathrev=137541

Base: Crash the process if we are not able to join threads.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10398060
------------------------------------------------------------------------

[chro...@googlecode.com]

Updates:
Cc: yzs...@chromium.org

Comment #6 on issue 127931 by yzs...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #7 on issue 127931 by kar...@google.com: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

Stack Trace (Jump to crashing thread)

Thread 0 *CRASHED* ( EXCEPTION_BREAKPOINT @ 0x02144227 )

0x02144227 [chrome.dll] - debugger_win.cc:107 base::debug::BreakDebugger()
0x01c8c85e [chrome.dll] - platform_thread_win.cc:190
base::PlatformThread::Join(void *)
0x0211e420 [chrome.dll] - thread.cc:102 base::Thread::Stop()
0x0212b9b9 [chrome.dll] - browser_process_sub_thread.cc:28
content::BrowserProcessSubThread::~BrowserProcessSubThread()
0x0212b997 [chrome.dll] + 0x004fb997]
content::BrowserProcessSubThread::`scalar deleting destructor'(unsigned int)
0x01c3e4c9 [chrome.dll] - scoped_ptr.h:185
scoped_ptr<ZoomMenuModel>::reset(ZoomMenuModel *)
0x02122513 [chrome.dll] - browser_main_loop.cc:565
content::BrowserMainLoop::ShutdownThreadsAndCleanUp()
0x03078b5f [chrome.dll] - browser_main_runner.cc:108 `anonymous
namespace'::BrowserMainRunnerImpl::Shutdown()
0x01cb21c2 [chrome.dll] - browser_main.cc:23
BrowserMain(content::MainFunctionParams const &)
0x01c4767b [chrome.dll] - content_main_runner.cc:318 `anonymous
namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char>
> const &,content::MainFunctionParams const &,content::ContentMainDelegate
*)
0x01c47602 [chrome.dll] - content_main_runner.cc:575 `anonymous
namespace'::ContentMainRunnerImpl::Run()
0x01c3a002 [chrome.dll] - content_main.cc:35
content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo
*,content::ContentMainDelegate *)
0x01c39f8e [chrome.dll] - chrome_main.cc:28 ChromeMain
0x00424d8b [chrome.exe] - client_util.cc:423
MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00423f87 [chrome.exe] - chrome_exe_main_win.cc:31 RunChrome(HINSTANCE__
*)
0x00423ff2 [chrome.exe] - chrome_exe_main_win.cc:47 wWinMain
0x0047c5d2 [chrome.exe] - crt0.c:275 __tmainCRTStartup
0x7c817076 [kernel32.dll] + 0x00017076] BaseProcessStart

[chro...@googlecode.com]

Comment #9 on issue 127931 by yzs...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

I looked at the following dumps:
3d8a5d554c21c210
31a30d389c9a0ea2
e5e552dd5e6e6540

A few facts that might be useful:
- I looked at several dumps, saw WaitForSingleObject returned 0x7c and
GetLastError returned 0xffffffff. Those are undocumented values. Haven't
figured out what they mean.

- The crash rate in base::`anonymous namespace'::ThreadFunc() increased
significantly in 21.0.1135.0 (0.65% of all browser crashes in 1134; 19.27%
in 1135). We may want to carefully examine the changelog.

- Carlos mentioned that the "Unloaded modules" section looks strange, and
should be paid attention to:
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll
75b80000 75ba1000 MSVFW32.dll
73b30000 73b43000 avicap32.dll

[chro...@googlecode.com]

Comment #10 on issue 127931 by yzs...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

Another fact:
- Almost all of them happened on WinXP SP3 and SP2.

I searched:
version: 1140.0
process type: browser
crashed call stack: contains base::PlatformThread::Join

It turns out 83.67% of those crashes are from "WinNT 5.1.2600 Service Pack
3"; 15.65% from "WinNT 5.1.2600 Service Pack 2".

[chro...@googlecode.com]

Comment #11 on issue 127931 by will...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

Sounds like another fun mysterious Windows issue. My bet is on 3rd party
DLLs screwing us over on WinXP.

[chro...@googlecode.com]

Comment #12 on issue 127931 by rva...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

It could be, but that doesn't explain the correlation with ppapi.

I have to look at more crashes (minidumps are quite limited) to see if we
are lucky with one of those... and I'll add a bit more debug info.

So far, the bad news is that even though it failed, everything looks fine:
we actually finished with the thread that we want to join, and there's no
sign of corruption anywhere. But this still could be a race in the way the
dump is generated.

[chro...@googlecode.com]

Comment #13 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c13

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=138014

------------------------------------------------------------------------
r138014 | rva...@google.com | Fri May 18 19:38:40 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/threading/thread.cc?r1=138014&r2=138013&pathrev=138014

Base: Don't overwrite the thread id when ThreadMain exits. There's
no need to do that, and it makes debugging easier to have the value.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10388202
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #14 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c14

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=138018

------------------------------------------------------------------------
r138018 | rva...@google.com | Fri May 18 19:50:03 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/threading/thread.cc?r1=138018&r2=138017&pathrev=138018

Revert 138014 - Base: Don't overwrite the thread id when ThreadMain exits.

There's
no need to do that, and it makes debugging easier to have the value.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10388202

TBR=rva...@google.com
Review URL: https://chromiumcodereview.appspot.com/10383256
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #15 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c15

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=138119

------------------------------------------------------------------------
r138119 | rva...@google.com | Mon May 21 11:49:37 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/threading/thread.cc?r1=138119&r2=138118&pathrev=138119
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/threading/thread.h?r1=138119&r2=138118&pathrev=138119

Base: Don't overwrite the thread id when ThreadMain exits. There's
no need to do that, and it makes debugging easier to have the value.

Change the logic of IsRunning() to use a dedicated member variable
instead of overloading the thread id.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10399097
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #17 on issue 127931 by rva...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

A random sampling of crashes show 100% of the crashes being an invalid
handle.

0:000> .ecxr
0:000> dd esp
0012fc2c 01c8c85f 00000006 ffffffff 0000007c

where error = 6 (invalid handle) and result = -1 (failure)

For some reason, the symbol address for the variables is not correct :(

And that brings us back to the problem. There's no memory corruption at all
on the thread structures, so this basically means that some random piece of
code is closing the incorrect handle (this thread!).

[chro...@googlecode.com]

Comment #18 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c18

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=138199

------------------------------------------------------------------------
r138199 | rva...@google.com | Mon May 21 19:32:33 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=138199&r2=138198&pathrev=138199

Base: Crash when failing to close an scoped handle.

BUG=127931
TEST=none
TBR=willchan
Review URL: https://chromiumcodereview.appspot.com/10383276
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #21 on issue 127931 by bruen...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

I'm seeing a use-after-free reported by Memcheck on the ChromeOS Valgrind
bots running the ipc test. It shows up non-deterministically, maybe every
7 runs or so. The use-after-free is reported on setting _running to false
which was just added in r138143, but also on the call to CleanUp(). I'm
guessing this is part of this issue.

I will add a suppression to keep the bots green.

as sheriff I saw it here:

http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10537/steps/memory%20test%3A%20ipc/logs/stdio

later here also:

http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10579/steps/memory%20test%3A%20ipc/logs/stdio

I see it on earlier runs too and it's hard to pinpoint where it started
making it hard to find the offending commit:

http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10477
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10464
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10461
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10452
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%282%29/builds/10348

it shows up like this:

13:59:33 memcheck_analyze.py [ERROR] FAIL! There were 2 errors:
13:59:33 memcheck_analyze.py [ERROR] Command:
InvalidWrite
Invalid write of size 1
base::Thread::ThreadMain() (base/threading/thread.cc:170)
base::(anonymous namespace)::ThreadFunc(void*)
(base/threading/platform_thread_posix.cc:65)
Address 0x73c5d92 is 162 bytes inside a block of size 208 free'd
operator delete(void*) (m_replacemalloc/vg_replace_malloc.c:1083)
IPC::(anonymous
namespace)::TestSyncMessageFilter::~TestSyncMessageFilter()
(ipc/ipc_sync_channel_unittest.cc:1114)
IPC::ChannelProxy::MessageFilter::OnDestruct() const
(ipc/ipc_channel_proxy.cc:37)

IPC::ChannelProxy::MessageFilterTraits::Destruct(IPC::ChannelProxy::MessageFilter
const*) (./ipc/ipc_channel_proxy.h:103)
base::RefCountedThreadSafe<IPC::ChannelProxy::MessageFilter,
IPC::ChannelProxy::MessageFilterTraits>::Release() const
(./base/memory/ref_counted.h:145)
base::internal::MaybeRefcount<true, IPC::(anonymous
namespace)::TestSyncMessageFilter*>::Release(IPC::(anonymous
namespace)::TestSyncMessageFilter*) (./base/bind_helpers.h:466)
base::internal::BindState<base::internal::RunnableAdapter<void
(IPC::(anonymous namespace)::TestSyncMessageFilter::*)()>, void
()(IPC::(anonymous namespace)::TestSyncMessageFilter*), void
()(IPC::(anonymous namespace)::TestSyncMessageFilter*)>::~BindState()
(./base/bind_internal.h:2566)
base::RefCountedThreadSafe<base::internal::BindStateBase,
base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>
>::DeleteInternal(base::internal::BindStateBase const*)
(./base/memory/ref_counted.h:151)

base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>::Destruct(base::internal::BindStateBase
const*) (./base/memory/ref_counted.h:116)
base::RefCountedThreadSafe<base::internal::BindStateBase,
base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>
>::Release() const (./base/memory/ref_counted.h:145)
scoped_refptr<base::internal::BindStateBase>::~scoped_refptr()
(./base/memory/ref_counted.h:243)
base::internal::CallbackBase::~CallbackBase()
(base/callback_internal.cc:33)
base::Callback<void ()()>::~Callback() (./base/callback_forward.h:12)
base::PendingTask::~PendingTask() (base/pending_task.cc:32)
MessageLoop::DoWork() (base/message_loop.cc:654)
base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
(base/message_pump_default.cc:28)
MessageLoop::RunInternal() (base/message_loop.cc:422)
MessageLoop::RunHandler() (base/message_loop.cc:395)
Suppression (error hash=#E6B7B8017752BDB2#):
For more info on using suppressions see
http://dev.chromium.org/developers/tree-sheriffs/sheriff-details-chromium/memory-sheriff#TOC-Suppressing-memory-reports
{
<insert_a_suppression_name_here>
Memcheck:Unaddressable
fun:_ZN4base6Thread10ThreadMainEv
fun:_ZN4base12_GLOBAL__N_110ThreadFuncEPv
}

13:59:33 memcheck_analyze.py [ERROR] Command:
InvalidRead
Invalid read of size 8
base::Thread::ThreadMain() (base/threading/thread.cc:173)
base::(anonymous namespace)::ThreadFunc(void*)
(base/threading/platform_thread_posix.cc:65)
Address 0x73c5d88 is 152 bytes inside a block of size 208 free'd
operator delete(void*) (m_replacemalloc/vg_replace_malloc.c:1083)
IPC::(anonymous
namespace)::TestSyncMessageFilter::~TestSyncMessageFilter()
(ipc/ipc_sync_channel_unittest.cc:1114)
IPC::ChannelProxy::MessageFilter::OnDestruct() const
(ipc/ipc_channel_proxy.cc:37)

IPC::ChannelProxy::MessageFilterTraits::Destruct(IPC::ChannelProxy::MessageFilter
const*) (./ipc/ipc_channel_proxy.h:103)
base::RefCountedThreadSafe<IPC::ChannelProxy::MessageFilter,
IPC::ChannelProxy::MessageFilterTraits>::Release() const
(./base/memory/ref_counted.h:145)
base::internal::MaybeRefcount<true, IPC::(anonymous
namespace)::TestSyncMessageFilter*>::Release(IPC::(anonymous
namespace)::TestSyncMessageFilter*) (./base/bind_helpers.h:466)
base::internal::BindState<base::internal::RunnableAdapter<void
(IPC::(anonymous namespace)::TestSyncMessageFilter::*)()>, void
()(IPC::(anonymous namespace)::TestSyncMessageFilter*), void
()(IPC::(anonymous namespace)::TestSyncMessageFilter*)>::~BindState()
(./base/bind_internal.h:2566)
base::RefCountedThreadSafe<base::internal::BindStateBase,
base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>
>::DeleteInternal(base::internal::BindStateBase const*)
(./base/memory/ref_counted.h:151)

base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>::Destruct(base::internal::BindStateBase
const*) (./base/memory/ref_counted.h:116)
base::RefCountedThreadSafe<base::internal::BindStateBase,
base::DefaultRefCountedThreadSafeTraits<base::internal::BindStateBase>
>::Release() const (./base/memory/ref_counted.h:145)
scoped_refptr<base::internal::BindStateBase>::~scoped_refptr()
(./base/memory/ref_counted.h:243)
base::internal::CallbackBase::~CallbackBase()
(base/callback_internal.cc:33)
base::Callback<void ()()>::~Callback() (./base/callback_forward.h:12)
base::PendingTask::~PendingTask() (base/pending_task.cc:32)
MessageLoop::DoWork() (base/message_loop.cc:654)
base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
(base/message_pump_default.cc:28)
MessageLoop::RunInternal() (base/message_loop.cc:422)
MessageLoop::RunHandler() (base/message_loop.cc:395)
Suppression (error hash=#7BF29E2A784AE44E#):
For more info on using suppressions see
http://dev.chromium.org/developers/tree-sheriffs/sheriff-details-chromium/memory-sheriff#TOC-Suppressing-memory-reports
{
<insert_a_suppression_name_here>
Memcheck:Unaddressable
fun:_ZN4base6Thread10ThreadMainEv
fun:_ZN4base12_GLOBAL__N_110ThreadFuncEPv
}

[chro...@googlecode.com]

Comment #22 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c22

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=138828

------------------------------------------------------------------------
r138828 | brue...@google.com | Thu May 24 10:53:39 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/memcheck/suppressions.txt?r1=138828&r2=138827&pathrev=138828

Suppress use-after-free in base::Thread::ThreadMain()

TBR=rva...@google.com
BUG=127931
TEST=waterfall.sh

Review URL: https://chromiumcodereview.appspot.com/10441024
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #23 on issue 127931 by rva...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

I created bug 129620 for that valgrind report. It is not related to this
bug.

[chro...@googlecode.com]

Comment #24 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c24

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=139722

------------------------------------------------------------------------
r139722 | rva...@google.com | Wed May 30 20:01:20 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_process_information.cc?r1=139722&r2=139721&pathrev=139722

Base: Crash when failing to close a process/thread handle.

BUG=127931
TEST=none
TBR=willchan
Review URL: https://chromiumcodereview.appspot.com/10447108
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #25 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c25

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=139736

------------------------------------------------------------------------
r139736 | rva...@chromium.org | Wed May 30 22:04:18 PDT 2012

Changed paths:
A
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.cc?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/cloud_print/service/win/cloud_print_service.cc?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/remoting/base/scoped_sc_handle_win.h?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/service/cloud_print/print_system_win.cc?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/printing/backend/win_helper.h?r1=139736&r2=139735&pathrev=139736
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/base.gypi?r1=139736&r2=139735&pathrev=139736

Base: Add a handle verifier to ScopedHandle.
This provides basic tracking of handles for XP.

BUG=127931
TEST=none

TBR=abodenha, wez

Review URL: https://chromiumcodereview.appspot.com/10453082
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #26 on issue 127931 by dhar...@google.com: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
http://code.google.com/p/chromium/issues/detail?id=127931

1156 was experimented yesterday with ppapi disabled. Interesting this crash
happened at very low rate (0.91%) in 1156.1 which didn't have ppapi.

[chro...@googlecode.com]

Comment #29 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c29

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=140105

------------------------------------------------------------------------
r140105 | rva...@google.com | Fri Jun 01 14:49:51 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/broker_services.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/policy_target_test.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/target_process.h?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/target_process.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/interception_unittest.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/process_policy_test.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/Wow64.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/job_unittest.cc?r1=140105&r2=140104&pathrev=140105
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/restricted_token_utils.cc?r1=140105&r2=140104&pathrev=140105

Revert 130716 - Use ScopedProcessInformation and other RAII types in
sandbox.

BUG=127931
TBR=cpu

-------

See http://codereview.chromium.org/9700038/ for the definition of
ScopedProcessInformation.

BUG=None
TEST=None

Review URL: https://chromiumcodereview.appspot.com/9959018

TBR=erikw...@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10493002
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #30 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c30

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=140417

------------------------------------------------------------------------
r140417 | rva...@google.com | Mon Jun 04 16:15:34 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=140417&r2=140416&pathrev=140417
M
http://src.chromium.org/viewvc/chrome/trunk/src/printing/backend/win_helper.h?r1=140417&r2=140416&pathrev=140417

Reland 139885 - Enable the handle verifier.

BUG=127931
TEST=none

TBR=willchan, wez, abodenha
Review URL: https://chromiumcodereview.appspot.com/10441124

TBR=rva...@google.com
Review URL: https://chromiumcodereview.appspot.com/10516004
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #31 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c31

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=140899

------------------------------------------------------------------------
r140899 | rva...@google.com | Wed Jun 06 17:26:51 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.cc?r1=140899&r2=140898&pathrev=140899
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=140899&r2=140898&pathrev=140899

Base: Add another pc to the handle verifier to get to the
actual caller. I was hoping for an inlining that didn't happened.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10537041
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #32 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c32

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=140907

------------------------------------------------------------------------
r140907 | rva...@google.com | Wed Jun 06 17:43:54 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.cc?r1=140907&r2=140906&pathrev=140907
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=140907&r2=140906&pathrev=140907

Revert 140899 - Base: Add another pc to the handle verifier to get to the

actual caller. I was hoping for an inlining that didn't happened.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10537041

TBR=rva...@google.com
Review URL: https://chromiumcodereview.appspot.com/10539033
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #33 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c33

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=140962

------------------------------------------------------------------------
r140962 | rva...@chromium.org | Wed Jun 06 22:32:34 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.cc?r1=140962&r2=140961&pathrev=140962
M
http://src.chromium.org/viewvc/chrome/trunk/src/base/win/scoped_handle.h?r1=140962&r2=140961&pathrev=140962

Base: Add another pc to the handle verifier to get to the
actual caller. I was hoping for an inlining that didn't happened.

BUG=127931
TEST=none

original review: https://chromiumcodereview.appspot.com/10537041

TBR=willchan

Review URL: https://chromiumcodereview.appspot.com/10541044
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #35 on issue 127931 by bugdro...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

http://code.google.com/p/chromium/issues/detail?id=127931#c35

The following revision refers to this bug:

http://src.chromium.org/viewvc/chrome?view=rev&revision=144571

------------------------------------------------------------------------
r144571 | rva...@google.com | Wed Jun 27 14:50:32 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/broker_services.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/policy_target_test.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/target_process.h?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/target_process.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/process_policy_test.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/Wow64.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/job_unittest.cc?r1=144571&r2=144570&pathrev=144571
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/restricted_token_utils.cc?r1=144571&r2=144570&pathrev=144571

Sandbox: Use ScopedProcessInformation.

This is a partial reland of 130716 - Use
ScopedProcessInformation and other RAII types in sandbox -
minus the bugs introduced by that cl.

BUG=127931
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10605002
------------------------------------------------------------------------

[chro...@googlecode.com]

Updates:
Cc: g...@chromium.org

Comment #39 on issue 127931 by g...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...

https://code.google.com/p/chromium/issues/detail?id=127931

ping here, the instrumentation for this issue is still in the code @
https://code.google.com/p/chromium/codesearch#chromium/src/base/threading/platform_thread_win.cc&l=223

This bug is marked as fixed but there are still plenty of crashes in the
instrumentation tagged with this bug:
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20CrashedStackTrace.StackFrame.FunctionName%20CONTAINS%20%27PlatformThread%3A%3AJoin%27%20OMIT%20RECORD%20IF%20SUM(CrashedStackTrace.StackFrame.SourceFileName%3D%27c%3A%5C%5Cb%5C%5Cbuild%5C%5Cslave%5C%5Cwin%5C%5Cbuild%5C%5Csrc%5C%5Cbase%5C%5Cthreading%5C%5Cplatform_thread_win.cc%27)%20%3D%200%20OR%20SUM(CrashedStackTrace.StackFrame.SourceLine%3D227)%20%3D%200#-signatures-header,samplereports

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Comment #41 on issue 127931 by g...@chromium.org: Chrome: Crash Report

- Stack Signature: base::`anonymous namespace'::ThreadFunc(voi...
https://code.google.com/p/chromium/issues/detail?id=127931

Forgot to mention: some part of this instrumentation will be stripped as
part of another cleanup (https://codereview.chromium.org/1164713007).
Please let us know if this is incorrect.