Issue metadata
Sign in to add a comment
|
crash chrome_child!ChromeMain+0x748c7d
Reported by
unkowndo...@gmail.com,
Feb 23 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. run web.py 2. view http://127.0.0.1/ 3. crash What is the expected behavior? What went wrong? (9b8.bac): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. chrome_child!ChromeMain+0x748c7d: 000007fe`d95f2731 428b4408ff mov eax,dword ptr [rax+r9-1] ds:00000385`f4fcde50=???????? ExceptionAddress: 000007fed95f2731 (chrome_child!ChromeMain+0x0000000000748c7d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000385f4fcde50 Attempt to read from address 00000385f4fcde50 Child-SP RetAddr Call Site 00000000`001cd590 000007fe`d8cab5de chrome_child!ChromeMain+0x748c7d 00000000`001cd5c0 000007fe`d8a86049 chrome_child!ovly_debug_event+0x17486e 00000000`001cd660 000007fe`d8a88fd6 chrome_child+0x166049 00000000`001cd7b0 000007fe`d8d3b112 chrome_child+0x168fd6 00000000`001cd7e0 000007fe`d8c18d0a chrome_child!ovly_debug_event+0x2043a2 00000000`001cd830 000007fe`d8c1b727 chrome_child!ovly_debug_event+0xe1f9a 00000000`001cdcc0 000007fe`d8c1b6a6 chrome_child!ovly_debug_event+0xe49b7 00000000`001ce000 000007fe`d8c18239 chrome_child!ovly_debug_event+0xe4936 00000000`001ce030 000007fe`d8caa05e chrome_child!ovly_debug_event+0xe14c9 00000000`001ce290 000007fe`d910011d chrome_child!ovly_debug_event+0x1732ee 00000000`001ce390 000007fe`d91000d1 chrome_child!ChromeMain+0x256669 00000000`001ce3e0 000007fe`d97c8d65 chrome_child!ChromeMain+0x25661d 00000000`001ce410 000007fe`d90ba2dc chrome_child!ChromeMain+0x91f2b1 00000000`001ce4d0 000007fe`d90ba1a4 chrome_child!ChromeMain+0x210828 00000000`001ce650 000007fe`d8b39ae7 chrome_child!ChromeMain+0x2106f0 Did this work before? N/A Chrome version: 56.0.2924.87 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 24.0 r0
,
Feb 23 2017
58.0.3018.3 dev can't reproduce sad.
,
Mar 2 2017
Thanks for reporting the issue. I can't repro this either. Neither on Stable, not on Dev (as mentioned in #c2). Please feel free to re-open the bug with another PoC that causes the crash more reliably.
,
Mar 7 2017
test chrome 56.0.2924.87 (stable) (32) windows 7 58.0.3018.3 dev can't reproduce (fe8.948): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. chrome_child!v8::internal::HeapObject::SizeFromMap+0x9 [inlined in chrome_child!v8::internal::HeapObject::SizeFromMap+0x9]: 675da3a9 0fb64203 movzx eax,byte ptr [edx+3] ds:002b:484e1103=?? 6:064:x86> .exr -1 ExceptionAddress: 00000000675da3a9 (chrome_child!v8::internal::HeapObject::SizeFromMap+0x0000000000000009) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000484e1103 Attempt to read from address 00000000484e1103 6:064:x86> kp ChildEBP RetAddr (Inline) -------- chrome_child!v8::internal::HeapObject::SizeFromMap+0x9 [c:\b\build\slave\win-pgo\build\src\v8\src\objects-inl.h @ 4489] 0050e774 675dad4d chrome_child!v8::internal::HeapObject::SizeFromMap(class v8::internal::Map * map = 0x484e1100)+0x9 [c:\b\build\slave\win-pgo\build\src\v8\src\objects-inl.h @ 4547] (Inline) -------- chrome_child!v8::internal::RootMarkingVisitor::MarkObjectByPointer+0x30d [c:\b\build\slave\win-pgo\build\src\v8\src\objects-inl.h @ 1443] (Inline) -------- chrome_child!v8::internal::RootMarkingVisitor::MarkObjectByPointer+0x30d [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact-inl.h @ 18] (Inline) -------- chrome_child!v8::internal::RootMarkingVisitor::MarkObjectByPointer+0x30d [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact-inl.h @ 41] (Inline) -------- chrome_child!v8::internal::MarkCompactCollector::EmptyMarkingDeque+0x20d [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 2032] 0050e7dc 675d1697 chrome_child!v8::internal::RootMarkingVisitor::MarkObjectByPointer(class v8::internal::Object ** p = 0x05cec1e0)+0x30d [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 1379] (Inline) -------- chrome_child!v8::internal::GlobalHandles::IterateStrongRoots+0x47 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 1349] 0050e7f4 675d1a51 chrome_child!v8::internal::GlobalHandles::IterateStrongRoots(class v8::internal::ObjectVisitor * v = 0x0050eb08)+0x47 [c:\b\build\slave\win-pgo\build\src\v8\src\global-handles.cc @ 1085] 0050e820 678eafd6 chrome_child!v8::internal::Heap::IterateStrongRoots(class v8::internal::ObjectVisitor * v = 0x0050eb08, v8::internal::VisitMode mode = VISIT_ONLY_STRONG (0n3))+0x170 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 4952] 0050e834 67771007 chrome_child!v8::internal::MarkCompactCollector::MarkRoots(class v8::internal::RootMarkingVisitor * visitor = 0x0050eb08)+0x12 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 1976] 0050eb20 679b2412 chrome_child!v8::internal::MarkCompactCollector::MarkLiveObjects(void)+0x15c [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 2304] 0050ed08 679b21d0 chrome_child!v8::internal::MarkCompactCollector::CollectGarbage(void)+0x1d [c:\b\build\slave\win-pgo\build\src\v8\src\heap\mark-compact.cc @ 308] 0050ed20 67770849 chrome_child!v8::internal::Heap::MarkCompact(void)+0x60 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 1449] 0050ee58 678a816a chrome_child!v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector collector = MARK_COMPACTOR (0n1), v8::GCCallbackFlags gc_callback_flags = kNoGCCallbackFlags (0n0))+0x12e [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 1326] 0050eed8 678a75f8 chrome_child!v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector collector = MARK_COMPACTOR (0n1), v8::internal::GarbageCollectionReason gc_reason = kContextDisposal (0n3), char * collector_reason = 0x697a5d78 "GC in old space requested", v8::GCCallbackFlags gc_callback_flags = kNoGCCallbackFlags (0n0))+0xcf [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 1004] 0050eefc 679b0cd5 chrome_child!v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace space = OLD_SPACE (0n1), v8::internal::GarbageCollectionReason gc_reason = kContextDisposal (0n3), v8::GCCallbackFlags callbackFlags = kNoGCCallbackFlags (0n0))+0x2c [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap-inl.h @ 682] 0050ef1c 6813f6e3 chrome_child!v8::internal::Heap::CollectAllGarbage(int flags = 0n0, v8::internal::GarbageCollectionReason gc_reason = kContextDisposal (0n3), v8::GCCallbackFlags gc_callback_flags = kNoGCCallbackFlags (0n0))+0x20 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 849] 0050ef78 67c6ea79 chrome_child!v8::internal::Heap::PerformIdleTimeAction+0x4d0b00 [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 4285] 0050f018 67c6e954 chrome_child!v8::internal::Heap::IdleNotification(double deadline_in_seconds = <Value unavailable error>)+0x10c [c:\b\build\slave\win-pgo\build\src\v8\src\heap\heap.cc @ 4382] (Inline) -------- chrome_child!blink::V8GCForContextDispose::pseudoIdleTimerFired+0x30 [c:\b\build\slave\win-pgo\build\src\v8\src\api.cc @ 8344] 0050f030 67762bb7 chrome_child!blink::V8GCForContextDispose::pseudoIdleTimerFired(class blink::TimerBase * __formal = 0x23280320)+0x30 [c:\b\build\slave\win-pgo\build\src\third_party\webkit\source\bindings\core\v8\v8gcforcontextdispose.cpp @ 71] 0050f038 676cca73 chrome_child!blink::TaskRunnerTimer<blink::EventHandler>::fired(void)+0x9 [c:\b\build\slave\win-pgo\build\src\third_party\webkit\source\platform\timer.h @ 142] 0050f078 676cca11 chrome_child!blink::TimerBase::runInternal(void)+0x5c [c:\b\build\slave\win-pgo\build\src\third_party\webkit\source\platform\timer.cpp @ 144] (Inline) -------- chrome_child!base::internal::FunctorTraits<void +0xb [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 214] (Inline) -------- chrome_child!base::internal::InvokeHelper<1,void>::MakeItSo+0x19 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 305] (Inline) -------- chrome_child!base::internal::Invoker<base::internal::BindState<void +0x20 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 361] 0050f094 675adf93 chrome_child!base::internal::Invoker<base::internal::BindState<void (class base::internal::BindStateBase * base = 0x03cae7c8)+0x2e [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 343] (Inline) -------- chrome_child!base::debug::TaskAnnotator::RunTask+0x223 [c:\b\build\slave\win-pgo\build\src\base\callback.h @ 47] 0050f180 675acd37 chrome_child!base::debug::TaskAnnotator::RunTask(char * queue_function = 0x69707d40 "TaskQueueManager::PostTask", struct base::PendingTask * pending_task = 0x0050f1a0)+0x223 [c:\b\build\slave\win-pgo\build\src\base\debug\task_annotator.cc @ 52] 0050f25c 676c86e0 chrome_child!blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(class blink::scheduler::internal::WorkQueue * work_queue = <Value unavailable error>)+0x152 [c:\b\build\slave\win-pgo\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 361] 0050f31c 676c7b9c chrome_child!blink::scheduler::TaskQueueManager::DoWork(class base::TimeTicks run_time = class base::TimeTicks, bool from_main_thread = false)+0x189 [c:\b\build\slave\win-pgo\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 250] (Inline) -------- chrome_child!base::internal::FunctorTraits<void +0x1b [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 214] (Inline) -------- chrome_child!base::internal::InvokeHelper<1,void>::MakeItSo+0x35 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 305] (Inline) -------- chrome_child!base::internal::Invoker<base::internal::BindState<void +0x35 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 361] 0050f344 675adf93 chrome_child!base::internal::Invoker<base::internal::BindState<void (class base::internal::BindStateBase * base = 0x00733160)+0x44 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 343] (Inline) -------- chrome_child!base::debug::TaskAnnotator::RunTask+0x223 [c:\b\build\slave\win-pgo\build\src\base\callback.h @ 47] 0050f438 675acac1 chrome_child!base::debug::TaskAnnotator::RunTask(char * queue_function = 0x69700fac "MessageLoop::PostTask", struct base::PendingTask * pending_task = 0x0050f4f0)+0x223 [c:\b\build\slave\win-pgo\build\src\base\debug\task_annotator.cc @ 52] 0050f4b4 675ae640 chrome_child!base::MessageLoop::RunTask(struct base::PendingTask * pending_task = 0x0050f4f0)+0x9d [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 414] (Inline) -------- chrome_child!base::MessageLoop::DeferOrRunPendingTask+0x14 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 422] 0050f6e8 675ad72b chrome_child!base::MessageLoop::DoWork(void)+0x1a2 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 515] 0050f724 67849b9b chrome_child!base::MessagePumpDefault::Run(class base::MessagePump::Delegate * delegate = 0x00731ce0)+0x1d [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_pump_default.cc @ 36] (Inline) -------- chrome_child!base::RunLoop::Run+0x48 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 378] 0050f750 67a2b092 chrome_child!base::RunLoop::Run(void)+0x48 [c:\b\build\slave\win-pgo\build\src\base\run_loop.cc @ 36] 0050f844 67987cdd chrome_child!content::RendererMain(struct content::MainFunctionParams * parameters = 0x0050f888)+0x1a5 [c:\b\build\slave\win-pgo\build\src\content\renderer\renderer_main.cc @ 198] 0050f864 67987bca chrome_child!content::RunNamedProcessTypeMain(class std::basic_string<char,std::char_traits<char>,std::allocator<char> > * process_type = 0x0050f894, struct content::MainFunctionParams * main_function_params = 0x0050f888, class content::ContentMainDelegate * delegate = 0x0050f8d0)+0x4d [c:\b\build\slave\win-pgo\build\src\content\app\content_main_runner.cc @ 408] 0050f8b0 67987b1c chrome_child!content::ContentMainRunnerImpl::Run(void)+0x98 [c:\b\build\slave\win-pgo\build\src\content\app\content_main_runner.cc @ 774] 0050f8bc 67987a94 chrome_child!content::ContentMain(struct content::ContentMainParams * params = <Value unavailable error>)+0x54 [c:\b\build\slave\win-pgo\build\src\content\app\content_main.cc @ 20] 0050f900 002e58d9 chrome_child!ChromeMain(struct HINSTANCE__ * instance = 0x002e0000, struct sandbox::SandboxInterfaceInfo * sandbox_info = 0x0050f928, int64 exe_entry_point_ticks = 0n7098164838)+0xa0 [c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_main.cc @ 114] 0050f9c4 002e1c24 chrome!MainDllLoader::Launch(struct HINSTANCE__ * instance = 0x002e0000, class base::TimeTicks exe_entry_point_ticks = class base::TimeTicks)+0x2ef [c:\b\build\slave\win-pgo\build\src\chrome\app\main_dll_loader_win.cc @ 174] 0050faec 0034bff8 chrome!wWinMain(struct HINSTANCE__ * instance = 0x002e0000, struct HINSTANCE__ * prev = 0x00000000, wchar_t * __formal = 0x006d282e "--type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Defau...", int __formal = 0n10)+0x16e [c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_exe_main_win.cc @ 249] (Inline) -------- chrome!invoke_main+0x1a [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 113] 0050fb38 74f4336a chrome!__scrt_common_main_seh(void)+0xf6 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253] 0050fb44 774b9902 kernel32!BaseThreadInitThunk+0xe 0050fb84 774b98d5 ntdll32!__RtlUserThreadStart+0x70 0050fb9c 00000000 ntdll32!_RtlUserThreadStart+0x1b
,
Mar 11 2017
57.0.2987.98 stable can't reproduce.
,
Jun 9 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Feb 23 2017Labels: Needs-Feedback