The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54429 

------------------------------------------------------------------------
r54429 | thestig@chromium.org | 2010-07-30 21:25:24 -0700 (Fri, 30 Jul 2010) | 6 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=54429&r2=54428

Suppress a reliability crash.

BUG=50822
TEST=reliability bot goes green.
TBR=vandebo
Review URL: http://codereview.chromium.org/2883049
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54435 

------------------------------------------------------------------------
r54435 | thestig@chromium.org | 2010-07-31 00:09:46 -0700 (Sat, 31 Jul 2010) | 6 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=54435&r2=54434

Suppress a reliability crash (try 2)

BUG=50822
TEST=reliability bot goes green.
TBR=vandebo
Review URL: http://codereview.chromium.org/3040029
------------------------------------------------------------------------

There are a lot of crashes, and it's adding a lot of noise. marking this a P0

Please try reverting if possible.

I will look at this as soon as I can (later tonight or tomorrow). Go ahead and revert if it is too noisy. 54405+fix will need to merge to 472 though.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54614 

------------------------------------------------------------------------
r54614 | nick@chromium.org | 2010-08-02 15:00:19 -0700 (Mon, 02 Aug 2010) | 16 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_auth_handler_mock.cc?r1=54614&r2=54613
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_auth_handler_mock.h?r1=54614&r2=54613
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction.cc?r1=54614&r2=54613
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction_unittest.cc?r1=54614&r2=54613
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/socket_test_util.cc?r1=54614&r2=54613

Revert 54528 - Digest authentication uses a uri field to prevent replay attacks.

[Reason for revert: we want to revert r54505, this was a dependent change.  cbentzel agrees to reland.]

When authenticating to an HTTP proxy to establish a secure tunnel (via CONNECT), the uri should be the hostname of the server and the destination port, such as "www.example.com:443". When authenticating to an HTTP proxy for a non-secure content, the uri should be the path at the server, i.e. "/index.html".

If the site we are trying to connect to previously advertised "Alternate-Protocol: 443:spdy-npn/1" a request to "http://www.example.com" will be attempted on a secure port.
However, the URL passed into the digest authenticator was an unsecure one, and it decided to have a uri in the form "/index.html" rather than the correct "www.example.com:443". This causes persistent failure with the password and many password prompts.

BUG=49865,50822
TEST=Run with --use-spdy=npn, force connection through a digest authenticating proxy, and browse a site which advertises Alternate-Protocol through http URLs.

Review URL: http://codereview.chromium.org/3028021

TBR=cbentzel@chromium.org
Review URL: http://codereview.chromium.org/3091001
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54616 

------------------------------------------------------------------------
r54616 | nick@chromium.org | 2010-08-02 15:03:12 -0700 (Mon, 02 Aug 2010) | 13 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/base/net_error_list.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction_unittest.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket_pool.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket_pool.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket_pool_unittest.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/client_socket_handle.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/client_socket_handle.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/socket_test_util.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/socket_test_util.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool.cc?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool.h?r1=54616&r2=54615
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=54616&r2=54615

Revert 54405 - Fix late binding induced mismatch of Socket and AuthController

[Reason for revert: large spike in crash rate on reliability bots]

ClientSocketPool treats all pending SocketParams as interchangeable. Therefore they can not contain any connection specific data.  This only affects the Http Proxy tunnel case. The lowest risk change to fix this problem is to create the HttpAuthController in the HttpProxyClientSocket.  If we get a 407 and need to restart the Tunnel, the pending HttpProxyClientSocket is returned to the HttpNetworkTransaction in the additional error state of the connection and then complete the auth in a pair of states in the HttpNetworkTransaction.  This reintroduces a dependency between tunnel setup and the HttpNetworkTransaction, but that will need to be fixed at a later date.

BUG=49493,50822
TEST=existing unit tests + manually visiting many SSL sites through a kerberized http proxy.

Review URL: http://codereview.chromium.org/3058013

TBR=vandebo@chromium.org
Review URL: http://codereview.chromium.org/3056040
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54617 

------------------------------------------------------------------------
r54617 | nick@chromium.org | 2010-08-02 15:05:23 -0700 (Mon, 02 Aug 2010) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=54617&r2=54616

Revert 54435 - Suppress a reliability crash (try 2)

BUG=50822
TEST=reliability bot goes green.
TBR=vandebo
Review URL: http://codereview.chromium.org/3040029

TBR=thestig@chromium.org
Review URL: http://codereview.chromium.org/2819087
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54618 

------------------------------------------------------------------------
r54618 | nick@chromium.org | 2010-08-02 15:05:58 -0700 (Mon, 02 Aug 2010) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=54618&r2=54617

Revert 54429 - Suppress a reliability crash.

BUG=50822
TEST=reliability bot goes green.
TBR=vandebo
Review URL: http://codereview.chromium.org/2883049

TBR=thestig@chromium.org
Review URL: http://codereview.chromium.org/3046040
------------------------------------------------------------------------

Here is some initial dump analysis (using http://chromebot/dump?build=buildbot_54591_ext&id=a9410511-6ce9-4365-918f-d0bc31014dec-full

The crash occurred when accessing this->group_map_, because |this| was already freed. Thanks to having the full-memory dump, we can see this pretty clearly from the following values:

this->in_destructor_ = true
this->ref_count_ = 0;

eroman: any thoughts about below fix?

Hmm,  It seems that ConnectJobs should use a CancellableCompletionCallback, so that they can ignore what ever they are waiting on after they get deleted (cancelled).  I would guess this hasn't been a problem so far only because the ordering just happens to work out.

(No comment was entered for this change.)

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54715 

------------------------------------------------------------------------
r54715 | vandebo@chromium.org | 2010-08-03 00:43:26 -0700 (Tue, 03 Aug 2010) | 8 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket_pool.cc?r1=54715&r2=54714

Mange ciricular reference to HttpNetworkTransaction in HttpProxyClientSocktPool.

Without explicit management of the cirucular reference to HttpNetworkTransaction, it can get deleted at inopportune times and cause undesirable effects (i.e. triggering a pool to delete itself while in the middle of other operations).  This change breaks the cirucular reference at points in execution where it is safe.

BUG=50822, 49254
TEST=green reliability bot

Review URL: http://codereview.chromium.org/3084011
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54733 

------------------------------------------------------------------------
r54733 | vandebo@chromium.org | 2010-08-03 04:16:48 -0700 (Tue, 03 Aug 2010) | 12 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/net/http/http_proxy_client_socket_pool.cc?r1=54733&r2=54732

Merge 54715 - Mange ciricular reference to HttpNetworkTransaction in HttpProxyClientSocktPool.

Without explicit management of the cirucular reference to HttpNetworkTransaction, it can get deleted at inopportune times and cause undesirable effects (i.e. triggering a pool to delete itself while in the middle of other operations).  This change breaks the cirucular reference at points in execution where it is safe.

BUG=50822
TEST=green reliability bot

Review URL: http://codereview.chromium.org/3084011

TBR=vandebo@chromium.org

Review URL: http://codereview.chromium.org/3032051
------------------------------------------------------------------------

Maybe r54405?

Stack trace:
chrome_2690000!net::internal::ClientSocketPoolBaseHelper::FindTopStalledGroup+0xc [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_pool_base.cc @ 569]
chrome_2690000!net::internal::ClientSocketPoolBaseHelper::CheckForStalledSocketGroups+0x3f [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_pool_base.cc @ 540]
chrome_2690000!net::internal::ClientSocketPoolBaseHelper::OnConnectJobComplete+0x2ad [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_pool_base.cc @ 622]
chrome_2690000!net::ConnectJob::NotifyDelegateOfCompletion+0x24 [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_pool_base.cc @ 85]
chrome_2690000!net::HttpProxyConnectJob::OnIOComplete+0x1a [c:\b\slave\chromium-rel-xp\build\src\net\http\http_proxy_client_socket_pool.cc @ 78]
chrome_2690000!net::ClientSocketHandle::OnIOComplete+0x28 [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_handle.cc @ 79]
chrome_2690000!net::internal::ClientSocketPoolBaseHelper::InvokeUserCallback+0xeb [c:\b\slave\chromium-rel-xp\build\src\net\socket\client_socket_pool_base.cc @ 819]
chrome_2690000!RunnableMethod<history::HistoryBackend,void (__thiscall history::HistoryBackend::*)(HistoryService::URLEnumerator *),Tuple1<HistoryService::URLEnumerator *> >::Run+0x17 [c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 327]
chrome_2690000!MessageLoop::RunTask+0xff [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 410]
chrome_2690000!MessageLoop::DoWork+0x176 [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 525]
chrome_2690000!base::MessagePumpForIO::DoRunLoop+0x7e [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 466]
chrome_2690000!base::MessagePumpWin::Run+0x42 [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.h @ 80]

This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.

(No comment was entered for this change.)