Chrome dev causes Windows kernel to crash
Reported by
bced...@gmail.com,
Aug 21 2016
|
|||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2832.2 Safari/537.36 Steps to reproduce the problem: Completely random, in my case it occured when playing back part of a video on YouTube using Chrome dev 54.0.2832.2 What is the expected behavior? What went wrong? I got a BSOD and after analysing the minidump it turns out Chrome has caused it through memory_corruption on system service level. The contents from minidump: (as can be seen, process_name is chrome.exe) SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff803edf4c5d2, Address of the instruction which caused the bugcheck Arg3: ffff82820242cfa0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". FAULTING_IP: nt!KxWaitForLockOwnerShipWithIrql+12 fffff803`edf4c5d2 48890a mov qword ptr [rdx],rcx CONTEXT: ffff82820242cfa0 -- (.cxr 0xffff82820242cfa0) rax=0000000000000000 rbx=ffffb7827c289dd0 rcx=ffff82820242da00 rdx=8a06000000000000 rsi=0000000000000000 rdi=ffff82820242da00 rip=fffff803edf4c5d2 rsp=ffff82820242d9b0 rbp=ffffb7827c7d03c0 r8=ffff82820242da60 r9=0000000000000000 r10=fffffb49388a1a04 r11=000000ec86d22000 r12=0000000000000000 r13=00007ffc869b4cd8 r14=0000000000000001 r15=0000000000010001 iopl=0 nv up di ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010082 nt!KxWaitForLockOwnerShipWithIrql+0x12: fffff803`edf4c5d2 48890a mov qword ptr [rdx],rcx ds:002b:8a060000`00000000=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: 0x3B PROCESS_NAME: chrome.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff803edebd167 to fffff803edf4c5d2 STACK_TEXT: ffff8282`0242d9b0 fffff803`edebd167 : ffffb782`7c289dd0 00000000`00000000 000000ec`86b4f080 fffffb49`393ed48c : nt!KxWaitForLockOwnerShipWithIrql+0x12 ffff8282`0242d9e0 fffff803`edebce4b : 00000000`00000002 000001cb`001f60d6 00000000`00000000 ffff8282`0242db80 : nt!ExAcquireResourceExclusiveLite+0x2a7 ffff8282`0242da60 fffffb49`38a6e80c : ffffb782`74ec6a90 00000000`004096f7 ffff8282`0242daa8 000000ec`86b4f4e0 : nt!ExEnterCriticalRegionAndAcquireResourceExclusive+0x1b ffff8282`0242da90 fffffb49`393ebe7f : 00000000`00000036 00000000`00000000 00000000`00041cff 00000000`00000000 : win32kbase!EnterCrit+0x3c ffff8282`0242dad0 fffff803`edfcbc93 : ffffb782`7c7d03c0 ffffb782`7c7d03c0 ffff8282`0242db80 0000022b`b6f9c840 : win32kfull!NtUserCallOneParam+0x1f ffff8282`0242db00 00007ffc`a6c610e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 000000ec`86b4f0b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffc`a6c610e4 MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: LARGE_32 STACK_COMMAND: .cxr 0xffff82820242cfa0 ; kb FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_32 BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_32 Followup: memory_corruption Crashed report ID: How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 54.0.2832.2 Channel: dev OS Version: 10.0 Flash Version: Shockwave Flash 23.0 r0 It is certainly not a PC, environment or hardware issue. I have not made changes to my system recently, and this specific bugcheck/exception class is known to be nonhardware/software fault in other cases: f.e, https://www.osronline.com/showthread.cfm?link=190116 It is likely something broke in last dev release. Apparently a Chrome bug is now able to bluescreen a PC. I determine this through the specified source process in provided minidump (also attached as file) The WER report: (less valuable than minidump) Version=1 EventType=BlueScreen EventTime=131162715766008229 ReportType=4 Consent=1 UploadTime=131162715766685622 ReportIdentifier=c47adc13-67be-11e6-826f-10feed10c432 IntegratorReportIdentifier=c314fba7-87d1-46f4-b004-d53c0af316bf NsAppName=BlueScreen AppSessionGuid=00000000-0000-0000-0000-000000000000 BootId=46 Response.BucketId=0x3B_win32kbase!gpresUser Response.type=4 Response.CabId=c8ccf7ad-14b6-4567-99da-eefee56ee0e6 Sig[0].Name=Code Sig[0].Value=3b Sig[1].Name=Parameter 1 Sig[1].Value=c0000005 Sig[2].Name=Parameter 2 Sig[2].Value=fffff803edf4c5d2 Sig[3].Name=Parameter 3 Sig[3].Value=ffff82820242cfa0 Sig[4].Name=Parameter 4 Sig[4].Value=0 Sig[5].Name=Versie besturingssysteem Sig[5].Value=10_0_14393 Sig[6].Name=Servicepack Sig[6].Value=0_0 Sig[7].Name=Product Sig[7].Value=768_1 DynamicSig[1].Name=Versie van besturingssysteem DynamicSig[1].Value=10.0.14393.2.0.0.768.101 DynamicSig[2].Name=Landinstelling-id DynamicSig[2].Value=1043 State[0].Key=Transport.DoneStage1 State[0].Value=1 File[0].CabName=082116-7765-01.dmp File[0].Path=082116-7765-01.dmp File[0].Flags=589826 File[0].Type=2 File[0].Original.Path=\\?\C:\WINDOWS\Minidump\082116-7765-01.dmp File[1].CabName=sysdata.xml File[1].Path=WER-8656-0.sysdata.xml File[1].Flags=589826 File[1].Type=5 File[1].Original.Path=\\?\C:\Windows\Temp\WER-8656-0.sysdata.xml File[2].CabName=WERInternalMetadata.xml File[2].Path=WER3028.tmp.WERInternalMetadata.xml File[2].Flags=851970 File[2].Type=5 File[2].Original.Path=\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3028.tmp.WERInternalMetadata.xml File[3].CabName=Report.cab File[3].Path=Report.cab File[3].Flags=196608 File[3].Type=11 File[3].Original.Path=\\?\C:\WINDOWS\system32\Report.cab Ns[0].Name=stopcode Ns[0].Value=0000003B Ns[1].Name=p1 Ns[1].Value=00000000C0000005 Ns[2].Name=p2 Ns[2].Value=FFFFF803EDF4C5D2 Ns[3].Name=p3 Ns[3].Value=FFFF82820242CFA0 Ns[4].Name=p4 Ns[4].Value=0000000000000000 FriendlyEventName=Onverwacht afgesloten ConsentKey=BlueScreen AppName=Windows AppPath=C:\Windows\System32\WerFault.exe NsPartner=windows NsGroup=windows8 ApplicationIdentity=00000000000000000000000000000000 MetadataHash=1455403535
,
Aug 24 2016
Thanks for filing the issue. Request you to please update chrome to the latest dev version and try again. Unable to reproduce on Windows 7 and Win 10, played some youtube videos. Also can you please help us with a crash ID generated from chrome://crashes. Thanks.!
,
Aug 24 2016
,
Aug 24 2016
@ ranjitkan, a crashreport from chrome://crashes didn't generate (although I got it and auto-sending enabled and it does work for other crashes, so likely kernel crashed so fast Chrome didnt recognize/crashhandle it) Also ive just updated to dev 54.0.2837.0, if it happens again I will post here. @ brajkumar it was totally out of the blue, I could watch videos the whole day in the exact same circumstances, until it happened. Later it happened without even watching Youtube/videos. So I don't think it's reproducable, but directly caused by an unknown factor.
,
Aug 25 2016
Sorry, OS>Kernel>Video is a Chrome OS component.
,
Sep 1 2016
Thank you for providing more feedback. Adding requester "ranjitkan@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 15 2016
@ bced991: Can you please update us the current behavior which you are observing on the latest stable version 54.0.2840.99. We just tried again and unable to reproduce it. Thanks.!
,
Nov 15 2016
The crash hasn't happened again after the instance I reported, so its either very rare or fixed by some later commit.
,
Nov 16 2016
Thanks for the update, closing the issue as per above comment.! |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by bced...@gmail.com
, Aug 22 2016