New issue
Advanced search Search tips

Issue 715320 link

Starred by 2 users
Status: Duplicate
Owner: ----
Closed: Apr 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

crash in gfx::operator

Reported by chromium...@gmail.com, Apr 25 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3080.0 Safari/537.36

Steps to reproduce the problem:
1. facebook.com

What is the expected behavior?
No crash

What went wrong?
Crash

Crashed report ID: 5fcead4e80000000

How much crashed? Just one tab

Is it a problem with a plugin? N/A 

Did this work before? N/A 

Chrome version: 60.0.3080.0  Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 25.0 r0

rax=00000000042fec08 rbx=000000000583c920 rcx=0000000000000130
rdx=00000000042fec08 rsi=00000000087bf850 rdi=000000000583c978
rip=000007feed4d2c6c rsp=00000000042feba8 rbp=0000000000000000
 r8=00000000086b9f00  r9=000000000000000a r10=00000100000001b3
r11=0000000009e452e8 r12=0e38e38e38e38e39 r13=0000000000000100
r14=0000000009e450a0 r15=0000000009e44fa0
iopl=0         nv up ei pl nz na po nc
cs=0033  ss=0000  ds=0000  es=0000  fs=0053  gs=002b             efl=00010206
*** WARNING: Unable to verify checksum for chrome_child.dll
chrome_child!gfx::operator!=:
000007fe`ed4d2c6c f30f1001        movss   xmm0,dword ptr [rcx] ds:00000000`00000130=????????
0:006> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
00000000`042feba8 000007fe`ed7a7271 chrome_child!gfx::operator!= [c:\b\build\slave\win64-pgo\build\src\ui\gfx\geometry\size_f.h @ 80]
00000000`042febb0 000007fe`ed77095c chrome_child!cc::LayerTreeHostCommon::CallFunctionForEveryLayer<<lambda_b56d60d29b383d2620cdd80e2674361e> >+0xad [c:\b\build\slave\win64-pgo\build\src\cc\trees\layer_tree_host_common.h @ 197]
00000000`042fec00 000007fe`ed76fd38 chrome_child!cc::LayerTreeImpl::UpdatePropertyTreeScrollingAndAnimationFromMainThread+0x88 [c:\b\build\slave\win64-pgo\build\src\cc\trees\layer_tree_impl.cc @ 824]
00000000`042fec50 000007fe`ed76fa4c chrome_child!cc::LayerTreeHost::FinishCommitOnImplThread+0x154 [c:\b\build\slave\win64-pgo\build\src\cc\trees\layer_tree_host.cc @ 344]
00000000`042fed60 000007fe`ed4ae8b4 chrome_child!cc::ProxyImpl::ScheduledActionCommit+0x54 [c:\b\build\slave\win64-pgo\build\src\cc\trees\proxy_impl.cc @ 549]
00000000`042fedd0 000007fe`ed76f9c4 chrome_child!cc::Scheduler::ProcessScheduledActions+0x4ec [c:\b\build\slave\win64-pgo\build\src\cc\scheduler\scheduler.cc @ 660]
00000000`042feef0 000007fe`ed76f8c0 chrome_child!cc::Scheduler::NotifyReadyToCommit+0x44 [c:\b\build\slave\win64-pgo\build\src\cc\scheduler\scheduler.cc @ 156]
00000000`042fef70 000007fe`ed76f831 chrome_child!cc::ProxyImpl::NotifyReadyToCommitOnImpl+0x88 [c:\b\build\slave\win64-pgo\build\src\cc\trees\proxy_impl.cc @ 292]
00000000`042feff0 000007fe`ed3d2728 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl cc::ProxyImpl::*)(cc::CompletionEvent * __ptr64,cc::LayerTreeHost * __ptr64,base::TimeTicks,bool) __ptr64,base::internal::UnretainedWrapper<cc::ProxyImpl>,cc::CompletionEvent * __ptr64,cc::LayerTreeHost * __ptr64,base::TimeTicks,bool>,void __cdecl(void)>::RunOnce+0x39 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 330]
00000000`042ff030 000007fe`ed42e6b5 chrome_child!base::debug::TaskAnnotator::RunTask+0x258 [c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 59]
00000000`042ff230 000007fe`ed3d0cf1 chrome_child!blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue+0x1f1 [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 542]
00000000`042ff4e0 000007fe`ed76e567 chrome_child!blink::scheduler::TaskQueueManager::DoWork+0x17d [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 337]
00000000`042ff650 000007fe`ed3d2728 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl blink::scheduler::TaskQueueManager::*)(bool) __ptr64,base::WeakPtr<blink::scheduler::TaskQueueManager>,bool>,void __cdecl(void)>::Run+0x4b [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 343]
00000000`042ff690 000007fe`ed42e3df chrome_child!base::debug::TaskAnnotator::RunTask+0x258 [c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 59]
00000000`042ff890 000007fe`ed3d2252 chrome_child!base::MessageLoop::RunTask+0xbf [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 424]
00000000`042ff9b0 000007fe`ed3d0907 chrome_child!base::MessageLoop::DoWork+0x17a [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 527]
00000000`042ffb50 000007fe`ed333216 chrome_child!base::MessagePumpDefault::Run+0x23 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_default.cc @ 34]
00000000`042ffb80 000007fe`ed3330df chrome_child!base::RunLoop::Run+0xb2 [c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 38]
00000000`042ffc30 000007fe`ed331e24 chrome_child!base::Thread::ThreadMain+0xdf [c:\b\build\slave\win64-pgo\build\src\base\threading\thread.cc @ 336]
*** WARNING: Unable to verify checksum for kernel32.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll - 
00000000`042ffcd0 00000000`7783f56d chrome_child!base::`anonymous namespace'::ThreadFunc+0xb8 [c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc @ 91]

Comment 1 by ajha@chromium.org, Apr 26 2017

Labels: Needs-Triage-M60

Comment 2 by ajha@chromium.org, Apr 26 2017

Mergedinto: 712298
Status: Duplicate (was: Unconfirmed)
Based on the stack trace this looks similar to Issue 712298. Hence merging into that. Feel free to unmerge if anyone thinks otherwise.

Stack trace of 5fcead4e80000000:
=================================
Thread 6 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000130 ] MAGIC SIGNATURE THREAD
Stack Quality95%Show frame trust levels
0x000007feed4d2c6c	(chrome_child.dll -size_f.h:81 )	gfx::operator!=(gfx::ScrollOffset const &,gfx::ScrollOffset const &)
0x000007feed7a7270	(chrome_child.dll -layer_tree_host_common.h:197 )	cc::LayerTreeHostCommon::CallFunctionForEveryLayer<<lambda_b56d60d29b383d2620cdd80e2674361e> >(cc::LayerTreeImpl *,<lambda_b56d60d29b383d2620cdd80e2674361e> const &)
0x000007feed77095b	(chrome_child.dll -layer_tree_impl.cc:821 )	cc::LayerTreeImpl::UpdatePropertyTreeScrollingAndAnimationFromMainThread()
0x000007feed76fd37	(chrome_child.dll -layer_tree_host.cc:342 )	cc::LayerTreeHost::FinishCommitOnImplThread(cc::LayerTreeHostImpl *)
0x000007feed76fa4b	(chrome_child.dll -proxy_impl.cc:542 )	cc::ProxyImpl::ScheduledActionCommit()
0x000007feed4ae8b3	(chrome_child.dll -scheduler.cc:659 )	cc::Scheduler::ProcessScheduledActions()
0x000007feed76f9c3	(chrome_child.dll -scheduler.cc:155 )	cc::Scheduler::NotifyReadyToCommit()
0x000007feed76f8bf	(chrome_child.dll -proxy_impl.cc:291 )	cc::ProxyImpl::NotifyReadyToCommitOnImpl(cc::CompletionEvent *,cc::LayerTreeHost *,base::TimeTicks,bool)
0x000007feed76f830	(chrome_child.dll -bind_internal.h:326 )	base::internal::Invoker<base::internal::BindState<void ( cc::ProxyImpl::*)(cc::CompletionEvent *,cc::LayerTreeHost *,base::TimeTicks,bool),base::internal::UnretainedWrapper<cc::ProxyImpl>,cc::CompletionEvent *,cc::LayerTreeHost *,base::TimeTicks,bool>,void >::RunOnce(base::internal::BindStateBase *)
0x000007feed3d2727	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007feed42e6b4	(chrome_child.dll -task_queue_manager.cc:539 )	blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *)
0x000007feed3d0cf0	(chrome_child.dll -task_queue_manager.cc:337 )	blink::scheduler::TaskQueueManager::DoWork(bool)
0x000007feed76e566	(chrome_child.dll -bind_internal.h:339 )	base::internal::Invoker<base::internal::BindState<void ( blink::scheduler::TaskQueueManager::*)(bool),base::WeakPtr<blink::scheduler::TaskQueueManager>,bool>,void >::Run(base::internal::BindStateBase *)
0x000007feed3d2727	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007feed42e3de	(chrome_child.dll -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask *)
0x000007feed3d2251	(chrome_child.dll -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x000007feed3d0906	(chrome_child.dll -message_pump_default.cc:33 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x000007feed333215	(chrome_child.dll -run_loop.cc:37 )	base::RunLoop::Run()
0x000007feed3330de	(chrome_child.dll -thread.cc:333 )	base::Thread::ThreadMain()
0x000007feed331e23	(chrome_child.dll -platform_thread_win.cc:89 )	base::`anonymous namespace'::ThreadFunc
0x7783f56c	(kernel32.dll + 0x0001f56c )	BaseThreadInitThunk
0x77a73280	(ntdll.dll + 0x00033280 )	RtlUserThreadStart

Sign in to add a comment