Chrome --single-process does not work
Reported by
romi0...@gmail.com,
Nov 28 2016
|
|||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Steps to reproduce the problem:
1. start chrome with command line chrome.exe --single-process
2. enable the windows dump
3. Chrome will crash with _c0000135_80000003_chrome.exe!Unknown
It crashes with 2 dumps
attached
What is the expected behavior?
It is known that --single-process is deprecated with chrome builds but on passing the --single-process argument process should handle exception gracefully
Attached is the crash dump and stack trace
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=000000000019f000 rbx=000000000000007e rcx=000000000019f000
rdx=00000000001c4860 rsi=000000000019f478 rdi=0000000000000000
rip=000007fed8684d6e rsp=000000000019ef80 rbp=000000000019f080
r8=000000000000000e r9=0000000000000000 r10=0000000000363860
r11=000000000019f000 r12=0000000000000000 r13=0000000000000007
r14=000000000019f480 r15=0000000000000003
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00000246
chrome_7fed76f0000!base::debug::BreakDebugger+0xd [inlined in chrome_7fed76f0000!logging::LogMessage::~LogMessage+0x22e]:
000007fe`d8684d6e cc int 3
Resetting default scope
FAULTING_IP:
chrome_7fed76f0000!logging::LogMessage::~LogMessage+22e [c:\b\build\slave\win64-pgo\build\src\base\logging.cc @ 748]
000007fe`d8684d6e cc int 3
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 000007fed8684d6e (chrome_7fed76f0000!base::debug::BreakDebugger+0x000000000000000d)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: chrome.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 0000000000000000
WATSON_BKT_PROCSTAMP: 582209d1
WATSON_BKT_PROCVER: 54.0.2840.99
PROCESS_VER_PRODUCT: Google Chrome
WATSON_BKT_MODULE: chrome.dll
WATSON_BKT_MODSTAMP: 5822070f
WATSON_BKT_MODOFFSET: f94d6e
WATSON_BKT_MODVER: 54.0.2840.99
MODULE_VER_PRODUCT: Google Chrome
BUILD_VERSION_STRING: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
MODLIST_WITH_TSCHKSUM_HASH: 6f296657a8812d0b27480817c873bcaf4cc1f411
MODLIST_SHA1_HASH: d4019214fe7d6e353bb9af6278d44171a000a3de
NTGLOBALFLAG: 0
DUMP_FLAGS: 0
DUMP_TYPE: 2
APP: chrome.exe
ANALYSIS_SESSION_HOST: YY014800
ANALYSIS_SESSION_TIME: 11-29-2016 00:15:39.0646
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
Tid [0x0]
Frame [0x00]
String [STATUS_BREAKPOINT]
Data Bucketing
BUGCHECK_STR: STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fed85bff74 to 000007fed8684d6e
STACK_TEXT:
00000000`0019ef80 000007fe`d85bff74 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00376490 : chrome_7fed76f0000!logging::LogMessage::~LogMessage+0x22e
00000000`0019f430 000007fe`d77d3897 : 000007fe`da97c7b8 00000000`00356b20 00000000`0019f6f0 00000000`0019f6f0 : chrome_7fed76f0000!content::ContentMainRunnerImpl::Run+0x120
00000000`0019f5e0 00000001`3f6672ff : 002ea0f7`23e36360 00000042`b8daab03 002ea0f7`23e68042 00000042`b8ddc7e5 : chrome_7fed76f0000!ChromeMain+0x233
00000000`0019f6a0 00000001`3f662523 : 00000000`00000000 00000001`3f660000 00000000`00000000 00000000`00361c90 : chrome!MainDllLoader::Launch+0x3c3
00000000`0019f7f0 00000001`3f6e9d7a : 00000000`00000000 00000000`0000000a 00000000`00000000 00000000`00000000 : chrome!wWinMain+0x457
00000000`0019fc60 00000000`77b159cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome!__scrt_common_main_seh+0x11e
00000000`0019fca0 00000000`77c4a561 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0019fcd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
THREAD_SHA1_HASH_MOD_FUNC: 30b7f9d8c3be5deae4ac3829f7644bc9be973e48
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 57789ef97b65265f08f8c108ff120b3a64bf5619
THREAD_SHA1_HASH_MOD: c21ff256962c611c3e0196898faea551618b442b
FOLLOWUP_IP:
chrome_7fed76f0000!logging::LogMessage::~LogMessage+22e [c:\b\build\slave\win64-pgo\build\src\base\logging.cc @ 748]
000007fe`d8684d6e cc int 3
FAULT_INSTR_CODE: 448b48cc
FAULTING_SOURCE_LINE: c:\b\build\slave\win64-pgo\build\src\base\logging.cc
FAULTING_SOURCE_FILE: c:\b\build\slave\win64-pgo\build\src\base\logging.cc
FAULTING_SOURCE_LINE_NUMBER: 748
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: chrome_7fed76f0000!logging::LogMessage::~LogMessage+22e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: chrome_7fed76f0000
IMAGE_NAME: chrome.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5822070f
STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; .ecxr ; kb
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_chrome.dll!logging::LogMessage::_LogMessage
BUCKET_ID: X64_STATUS_BREAKPOINT_chrome_7fed76f0000!logging::LogMessage::_LogMessage+22e
PRIMARY_PROBLEM_CLASS: X64_STATUS_BREAKPOINT_chrome_7fed76f0000!logging::LogMessage::_LogMessage+22e
BUCKET_ID_OFFSET: 22e
BUCKET_ID_MODULE_STR: chrome_7fed76f0000
BUCKET_ID_MODTIMEDATESTAMP: 5822070f
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 54.0.2840.99
BUCKET_ID_PREFIX_STR: X64_STATUS_BREAKPOINT_
FAILURE_PROBLEM_CLASS: STATUS_BREAKPOINT
FAILURE_EXCEPTION_CODE: 80000003
FAILURE_IMAGE_NAME: chrome.dll
FAILURE_FUNCTION_NAME: logging::LogMessage::_LogMessage
BUCKET_ID_FUNCTION_STR: logging::LogMessage::_LogMessage
FAILURE_SYMBOL_NAME: chrome.dll!logging::LogMessage::_LogMessage
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/chrome.exe/54.0.2840.99/582209d1/chrome.dll/54.0.2840.99/5822070f/80000003/00f94d6e.htm?Retriage=1
TARGET_TIME: 2016-11-28T18:44:08.000Z
OSBUILD: 7601
OSSERVICEPACK: 23569
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 0
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (23569)
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-10-07 21:05:15
BUILDDATESTAMP_STR: 161007-0600
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23569
ANALYSIS_SESSION_ELAPSED_TIME: 9f1bc
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_chrome.dll!logging::logmessage::_logmessage
FAILURE_ID_HASH: {84e14178-bec5-d8fc-738c-277d404598d5}
Followup: MachineOwner
---------
0:000> ~kb
# RetAddr : Args to Child : Call Site
00 000007fe`fd981203 : 00000000`0019dec8 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!ZwDelayExecution+0xa
01 000007fe`e74c9ab4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNELBASE!SleepEx+0xab
02 00000000`77b9bc10 : 00000000`00000000 00000000`00000000 00000000`00000001 9f135289`e68b08c0 : chrome_elf!`anonymous namespace'::UnhandledExceptionHandler+0x64 [c:\b\build\slave\win64-pgo\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc @ 110]
03 00000000`77ca0108 : 00000000`0019e130 00000000`00000006 00000000`00000000 00000000`00000001 : kernel32!UnhandledExceptionFilter+0x160
04 00000000`77c37958 : 00000000`00000000 00000000`00000409 00000000`00000000 00000000`77c473aa : ntdll! ?? ::FNODOBFM::`string'+0x2025
05 00000000`77c4812d : 00000000`001a0000 00000000`0019fcd0 00000000`0019fcd0 00000000`77d5f818 : ntdll!_C_specific_handler+0x8c
06 00000000`77c3855f : 00000000`001a0000 00000000`77c0dd88 00000000`000127ec 00000007`00000009 : ntdll!RtlpExecuteHandlerForException+0xd
07 00000000`77c6bcb8 : 00000000`0019ed70 00000000`0019e880 00000000`00000000 00000000`00000000 : ntdll!RtlDispatchException+0x45a
08 000007fe`d8684d6e : 00000000`0019f000 00000000`0000007e 00000000`00000001 000007fe`da810290 : ntdll!KiUserExceptionDispatch+0x2e
09 (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : chrome_7fed76f0000!base::debug::BreakDebugger+0xd [c:\b\build\slave\win64-pgo\build\src\base\debug\debugger_win.cc @ 18]
0a 000007fe`d85bff74 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00376490 : chrome_7fed76f0000!logging::LogMessage::~LogMessage+0x22e [c:\b\build\slave\win64-pgo\build\src\base\logging.cc @ 748]
0b (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : chrome_7fed76f0000!content::RegisterMainThreadFactories+0x81 [c:\b\build\slave\win64-pgo\build\src\content\app\content_main_runner.cc @ 365]
0c (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : chrome_7fed76f0000!content::RunNamedProcessTypeMain+0x81 [c:\b\build\slave\win64-pgo\build\src\content\app\content_main_runner.cc @ 400]
0d 000007fe`d77d3897 : 000007fe`da97c7b8 00000000`00356b20 00000000`0019f6f0 00000000`0019f6f0 : chrome_7fed76f0000!content::ContentMainRunnerImpl::Run+0x120 [c:\b\build\slave\win64-pgo\build\src\content\app\content_main_runner.cc @ 786]
0e (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : chrome_7fed76f0000!content::ContentMain+0x81 [c:\b\build\slave\win64-pgo\build\src\content\app\content_main.cc @ 20]
0f 00000001`3f6672ff : 002ea0f7`23e36360 00000042`b8daab03 002ea0f7`23e68042 00000042`b8ddc7e5 : chrome_7fed76f0000!ChromeMain+0x233 [c:\b\build\slave\win64-pgo\build\src\chrome\app\chrome_main.cc @ 85]
10 00000001`3f662523 : 00000000`00000000 00000001`3f660000 00000000`00000000 00000000`00361c90 : chrome!MainDllLoader::Launch+0x3c3 [c:\b\build\slave\win64-pgo\build\src\chrome\app\main_dll_loader_win.cc @ 183]
11 00000001`3f6e9d7a : 00000000`00000000 00000000`0000000a 00000000`00000000 00000000`00000000 : chrome!wWinMain+0x457 [c:\b\build\slave\win64-pgo\build\src\chrome\app\chrome_exe_main_win.cc @ 253]
12 (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : chrome!invoke_main+0x21 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 113]
13 00000000`77b159cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome!__scrt_common_main_seh+0x11e [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 255]
14 00000000`77c4a561 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
15 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
What went wrong?
Chrome Crashed with command line arguments chrome.exe --single-process
Did this work before? N/A
Chrome version: 54.0.2840.99 Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 23.0 r0
,
Nov 28 2016
I'm pretty sure we explicitly say the single-process mode is much less stable and prone to bugs than other modes. Assigning low severity for now. +wfh - any thoughts on this Windows + single-process crasher?
,
Feb 14 2018
Friendly ping, Will.
,
May 15 2018
error from content::RegisterMainThreadFactories is: [34968:9112:0515/163522.414:FATAL:content_main_runner.cc(590)] --single-process is not supported in chrome multiple dll browser. (8898.2398): Break instruction exception - code 80000003 (first chance) it seems --single-process is now gated on having both CHROME_MULTIPLE_DLL_BROWSER and CHROME_MULTIPLE_DLL_CHILD undefined, but * CHROME_MULTIPLE_DLL_BROWSER is certainly being defined on non-component builds here -> https://cs.chromium.org/chromium/src/build/config/chrome_build.gni?l=13 and perhaps try running --single-process on a component build? It's possible that --single-process is now totally deprecated in which case it should be removed.
,
May 15 2018
oh, and this is not a security bug. a LOG(FATAL) is never a security bug.
,
May 15 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by romi0...@gmail.com
, Nov 28 2016just in case additional information 00000000`77c6c07a c3 ret 02 00000000`0019deb0 00000000`77b9bc10 chrome_elf!`anonymous namespace'::UnhandledExceptionHandler+0x64 [c:\b\build\slave\win64-pgo\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc @ 110] @rdi struct _EXCEPTION_POINTERS * exception_pointers = 0x00000000`0019e130 000007fe`e751e4b0 int64 have_crashed = <Memory access error> 0:000> dx -r1 (*((chrome_elf!_EXCEPTION_POINTERS *)0x19e130)) (*((chrome_elf!_EXCEPTION_POINTERS *)0x19e130)) [Type: _EXCEPTION_POINTERS] [+0x000] ExceptionRecord : 0x19ed70 [Type: _EXCEPTION_RECORD *] [+0x008] ContextRecord : 0x19e880 [Type: _CONTEXT *] Which explains what exactly crashed