Issue 620175 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	scottmg@chromium.org
Closed:	Dec 2016
Cc:	mark@chromium.org
Components:	Internals>CrashReporting
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug

Bad unloaded modules list in crashpad

Project Member Reported by brucedaw...@chromium.org, Jun 15 2016

Issue description

On a recent crash dump (1cf2b37a00000000) the unloaded module list was severely managed. I was not able to find other crashes with unloaded modules so I don't know if this is a common problem or a one-off. I'm reporting it in case this is a pervasive problem. Here's what the output from the lm command looked like:

0:001> lm
start    end        module name
00ae0000 00bd0000   chrome
...
77e60000 77e8e000   chrome_elf   (deferred)             

Unloaded modules:
007d03b4 00fa0768   Unknown_Module_007d03b4
007d1234 00fa1ce8   若|Ҵ}﯄|᮴}䋴{|ऴ}ᘴ}㼄{ྴ}왘瞕왘瞕Ꮄ}ᢴ}ڴ}ᔴ}
007cf204 00fa0c38   ᖴ}䏜{䏜{࠴}ኴ}|ᠴ}|ﲌ|ش}଴}਴}ิ}
007b0b5a 00f61d10   Unknown_Module_007b0b5a
007b0f84 00f61ff4   જ{୚{ஶ{྄{࿀{
00000000 00000002   Unknown_Module_00000000
00000000 7428efa9   㿆沫꘶疎戬䰏츄抺鍶妥㿆沫ҏ㞟͆㉦㚮㒉◑唟菈寵慽䢊⓯晅曧伣투᭖䄠⣎
65440fc8 ca85d94c   슫簊慞卌딡䫗 ⫝̸ත曊孙做핫ࢰ︼掐숅瑬⫀▘ 䃟〢䆋투᭖㢨Ꮵ ⫝̸ᢘ哸
40dfdf73 889afaf5   ঋ䗋曧伣 㵈 彰㭫臮䣫㛜변洵玞澐Ὓᒖ䔈ڎ변洵髧ᡵ㠂慽䢊︾孌
0405634a 40daa6b1   먴券䑬䍸觧濎⮐➀乚˂⨚┳৿덜෿烣┊䔈ڎ쭛൱戬䰏䵶⍺䑬䍸〢䆋鵖搶
62bace04 c8fff2f3   푭慟ᾯ်츚ਫ歾ⅿ厏ム痬䨐딡䫗䍧㳕䉽㤁࿈敄閻买㢸綩⇆ॸ쭛൱ᢡ⛫夎㋒
47bb1b82 a91aefef   ϱ᧢勱緩㠂叝츚ਫ몐ⓜ桺궮ᛑゎ堖
00000021 b9820069   蹰릎      
0002c000 0002c00d   Unknown_Module_0002c000
6d320000 6d371000   Unknown_Module_6d320000
00000001 a5b93f63   Unknown_Module_00000001
00025000 00025001   Unknown_Module_00025000
756f0000 7570b000   쀀       
00000001 46a844e8   쁈ꐡ      
00006000 00005fff   Unknown_Module_00006000
77200000 772cc000   퀀     

Note that the addresses are mostly not plausible - modules should always start on a multiple of 64 KiB.

Comment 1 by brucedaw...@chromium.org, Dec 12 2016

Labels: -Pri-3 Pri-2

This is still a problem. From crash ID e176f4ff00000000 the trailing results from 'lm' are:

Unloaded modules:
0040f69c 0081ef38   ⱜ@AAꗠ眒ꗠ眒@@＜@＜@列@ﺜ@@@AAꘐ眒
0040fc1c 0081f6b8   Unknown_Module_0040fc1c
004032b4 008068b0   Unknown_Module_004032b4
00400b74 00801d52   Unknown_Module_00400b74
00400fd6 00802098   Unknown_Module_00400fd6
00000000 00000003   Unknown_Module_00000000
00000000 28fb4ba9   刐═ꗗς嚥㱐䉙槽칧秉籴濏㾌⍩蟧ʙ趙摵ў䩐넝䙟记൅ⵢᄜ૳澼凉ފ
73a0e244 d250f92f   Unknown_Module_73a0e244
53b6fde7 70d92361   Unknown_Module_53b6fde7
70bb193f 83935285   ᛫庰왇帋衖磆㦧鈅孄뭝ᔭ팷ˈ樬⧼喟ث歹ჳ䉙⢺瓉⊟䧛邋亗헲祗矒
27a9742f 80bdf9d9   㪞恚묜⬱ꗗς폙⫰᩻笑⌌壌裟䆥怌扜㻞ᖁ鐤糩锪㞓苈ស춰囈襗旡垗嘤㪞Ⓡ
16937253 88c5a73a   菳緾뢜␚ӆ瘟꧇㇑྾罂൚ྛõ有䅝
00000259 06355b59   饹      
00058000 00058001   Unknown_Module_00058000
74800000 74817000   耀       
00000002 7213a744   륫      
0001f000 0001f002   Unknown_Module_0001f000
76360000 76400000   退Ä[

Comment 2 by brucedaw...@chromium.org, Dec 12 2016

Cc: scottmg@chromium.org

PTAL?

Comment 3 by scottmg@chromium.org, Dec 13 2016

Cc: mark@chromium.org

I see the same thing in most dumps, but I didn't think it was specific to Crashpad-generated dumps. I guess it is? I'll see if I can find something wrong in the module list walking, or any pattern to when it happens (maybe an OS mismatch if we're not matching the target OS structures properly?)

Project Member

Comment 4 by bugdroid1@chromium.org, Dec 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/crashpad/crashpad.git/+/0567536f86fb10f9663fb30d6ebf08a7c35b975d

commit 0567536f86fb10f9663fb30d6ebf08a7c35b975d
Author: Scott Graham <scottmg@chromium.org>
Date: Fri Dec 16 18:04:18 2016

win: Attempt to fix unloaded modules list by using RtlGetUnloadEventTraceEx

I haven't been able to reproduce this locally, but we see errors in
crash dumps where the unloaded module list consists of a number of
modules with invalid names and implausible addresses. My assumption is
that RTL_UNLOAD_EVENT_TRACE isn't correct for some OS levels. Instead of
trying to finesse and test that, use RtlGetUnloadEventTraceEx() instead
of RtlGetUnloadEventTrace(), which returns an element size. (This
function is Vista+ which is why it wasn't used the first time around.)

R=mark@chromium.org
BUG= chromium:620175 

Change-Id: I4d7080a03623276f9c1c038d6e7329af70e4a64c
Reviewed-on: https://chromium-review.googlesource.com/421564
Reviewed-by: Mark Mentovai <mark@chromium.org>

[modify] https://crrev.com/0567536f86fb10f9663fb30d6ebf08a7c35b975d/handler/win/crashy_test_program.cc
[modify] https://crrev.com/0567536f86fb10f9663fb30d6ebf08a7c35b975d/snapshot/win/process_snapshot_win.cc
[modify] https://crrev.com/0567536f86fb10f9663fb30d6ebf08a7c35b975d/util/win/nt_internals.cc
[modify] https://crrev.com/0567536f86fb10f9663fb30d6ebf08a7c35b975d/util/win/nt_internals.h

Comment 5 by scottmg@chromium.org, Dec 19 2016

Cc: -scottmg@chromium.org
Owner: scottmg@chromium.org
Status: Fixed (was: Untriaged)

I just looked at a few browser crash reports on Canary (57.0.2956.0), and they seem to have reasonable unloaded module lists now. LMK if you see any more badness.

►

Issue 620175 link

Issue metadata

Bad unloaded modules list in crashpad

Issue description

Comment 1 by brucedaw...@chromium.org, Dec 12 2016

Comment 1 Deleted

Comment 2 by brucedaw...@chromium.org, Dec 12 2016

Comment 2 Deleted

Comment 3 by scottmg@chromium.org, Dec 13 2016

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Dec 16 2016

Comment 4 Deleted

Comment 5 by scottmg@chromium.org, Dec 19 2016

Comment 5 Deleted

Sign in to add a comment