Issue 726129 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	May 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Crash in page_load_metrics::MetricsWebContentsObserver::OnTimingUpdated

Reported by chromium...@gmail.com, May 24 2017

Issue description

VERSION
Chrome Version: 60.0.3109.0 canary
Operating System: Windows 7

REPRODUCTION CASE
- This crash occurred when I was trying to open some tabs quickly.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION

Type of crash: browser
Crash/07c11b8e40000000.

rax=000007fee9c80196 rbx=0000000026347430 rcx=0000000026347430
rdx=0000000026347430 rsi=0000000026347430 rdi=00000000240f67e0
rip=000007fee92a87fc rsp=000000000026e940 rbp=000000000026e9a0
 r8=00000000265d8dd0  r9=000000000026ea50 r10=0000000000000008
r11=000000000026e950 r12=00000000265d8dd0 r13=0000000000000000
r14=00000000237a5ec0 r15=000000000026ea50
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=0000  ds=0000  es=0000  fs=0053  gs=002b             efl=00010202
*** WARNING: Unable to verify checksum for chrome.dll
chrome_7fee7660000!page_load_metrics::MetricsWebContentsObserver::OnTimingUpdated+0x4c:
000007fe`e92a87fc ff5058          call    qword ptr [rax+58h] ds:000007fe`e9c801ee=2f2e2e2f2e2e0000
0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
00000000`0026e940 000007fe`e92a89ca chrome_7fee7660000!page_load_metrics::MetricsWebContentsObserver::OnTimingUpdated+0x4c [c:\b\c\b\win64_pgo\src\chrome\browser\page_load_metrics\metrics_web_contents_observer.cc @ 589]
00000000`0026e9c0 000007fe`e776dd14 chrome_7fee7660000!page_load_metrics::MetricsWebContentsObserver::UpdateTiming+0x2e [c:\b\c\b\win64_pgo\src\chrome\browser\page_load_metrics\metrics_web_contents_observer.cc @ 640]
00000000`0026ea30 000007fe`e80f2260 chrome_7fee7660000!page_load_metrics::mojom::PageLoadMetricsStubDispatch::Accept+0x168 [c:\b\c\b\win64_pgo\src\out\release_x64\gen\chrome\common\page_load_metrics\page_load_metrics.mojom.cc @ 254]
00000000`0026eaf0 000007fe`e80f677e chrome_7fee7660000!mojo::InterfaceEndpointClient::HandleValidatedMessage+0x20c [c:\b\c\b\win64_pgo\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc @ 410]
00000000`0026eb60 000007fe`e84fb1bb chrome_7fee7660000!mojo::FilterChain::Accept+0x4a [c:\b\c\b\win64_pgo\src\mojo\public\cpp\bindings\lib\filter_chain.cc @ 41]
00000000`0026eb90 000007fe`e84fbdf3 chrome_7fee7660000!IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptOnProxyThread+0xcf [c:\b\c\b\win64_pgo\src\ipc\ipc_mojo_bootstrap.cc @ 776]
00000000`0026ebf0 000007fe`e819c900 chrome_7fee7660000!base::internal::Invoker<base::internal::BindState<void (__cdecl IPC::`anonymous namespace'::ChannelAssociatedGroupController::*)(mojo::Message) __ptr64,scoped_refptr<IPC::`anonymous namespace'::ChannelAssociatedGroupController>,base::internal::PassedWrapper<mojo::Message> >,void __cdecl(void)>::Run+0x5f [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 339]
00000000`0026eca0 000007fe`e814dee6 chrome_7fee7660000!base::debug::TaskAnnotator::RunTask+0x1b0 [c:\b\c\b\win64_pgo\src\base\debug\task_annotator.cc @ 59]
00000000`0026ee50 000007fe`e814e906 chrome_7fee7660000!base::MessageLoop::RunTask+0x1f6 [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 410]
00000000`0026efb0 000007fe`e819ce81 chrome_7fee7660000!base::MessageLoop::DoWork+0x4b6 [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 508]
00000000`0026f1b0 000007fe`e819caf4 chrome_7fee7660000!base::MessagePumpForUI::DoRunLoop+0x71 [c:\b\c\b\win64_pgo\src\base\message_loop\message_pump_win.cc @ 174]
00000000`0026f220 000007fe`e8174cf4 chrome_7fee7660000!base::MessagePumpWin::Run+0x54 [c:\b\c\b\win64_pgo\src\base\message_loop\message_pump_win.cc @ 58]
00000000`0026f270 000007fe`e806ad94 chrome_7fee7660000!base::RunLoop::Run+0x64 [c:\b\c\b\win64_pgo\src\base\run_loop.cc @ 112]
00000000`0026f320 000007fe`e7a887e0 chrome_7fee7660000!ChromeBrowserMainParts::MainMessageLoopRun+0xf4 [c:\b\c\b\win64_pgo\src\chrome\browser\chrome_browser_main.cc @ 1965]
00000000`0026f3a0 000007fe`e7a81389 chrome_7fee7660000!content::BrowserMainRunnerImpl::Run+0x6c [c:\b\c\b\win64_pgo\src\content\browser\browser_main_runner.cc @ 142]
00000000`0026f3f0 000007fe`e7fbf788 chrome_7fee7660000!content::BrowserMain+0xb5 [c:\b\c\b\win64_pgo\src\content\browser\browser_main.cc @ 46]
00000000`0026f440 000007fe`e7fd9cd5 chrome_7fee7660000!content::ContentMainRunnerImpl::Run+0x38c [c:\b\c\b\win64_pgo\src\content\app\content_main_runner.cc @ 705]
00000000`0026f630 000007fe`e7fbef6c chrome_7fee7660000!service_manager::Main+0x2b9 [c:\b\c\b\win64_pgo\src\services\service_manager\embedder\main.cc @ 469]
00000000`0026f860 000007fe`e775cea8 chrome_7fee7660000!content::ContentMain+0x98 [c:\b\c\b\win64_pgo\src\content\app\content_main.cc @ 19]
*** WARNING: Unable to verify checksum for chrome.exe
00000000`0026f8d0 00000001`3fd27581 chrome_7fee7660000!ChromeMain+0x154 [c:\b\c\b\win64_pgo\src\chrome\app\chrome_main.cc @ 112]

Comment 1 by kenrb@chromium.org, May 25 2017

Mergedinto: 725776
Status: Duplicate (was: Unconfirmed)

Thanks for the report. This is a noisy one though, it was flagged a while ago.

Project Member

Comment 2 by sheriffbot@chromium.org, Aug 31 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 726129 link

Issue metadata

Security: Crash in page_load_metrics::MetricsWebContentsObserver::OnTimingUpdated

Issue description

Comment 1 by kenrb@chromium.org, May 25 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Aug 31 2017

Comment 2 Deleted

Sign in to add a comment