Issue metadata
Sign in to add a comment
|
Chrome: Crash Report - [Third party - usermgrproxy.dll] Windows::System::UserMarshalClient::Release |
||||||||||||||||||
Issue descriptionreporter:ajha@google.com Magic Signature: [Third party - usermgrproxy.dll] Windows::System::UserMarshalClient::Release Crash link: https://crash.corp.google.com//browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D'%5BThird%20party%20-%20usermgrproxy.dll%5D%20Windows%3A%3ASystem%3A%3AUserMarshalClient%3A%3ARelease'%20AND%20product.name%3D'Chrome'%20AND%20product.Version%3D'64.0.3262.0'%20AND%20ReportID%3D'2761e0738330f108'&sql_dialect=dremelsql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome Magic Signature : [Third party - usermgrproxy.dll] Windows::System::UserMarshalClient::Release Product Version: 64.0.3262.0 Process type: utility Report ID: 2761e0738330f108 Report Url: https://crash.corp.google.com/2761e0738330f108 Report Time: 2017-11-08T13:47:40-08:00 Upload Time: 2017-11-08T13:47:41.339-08:00 Uptime: 1000 ms CumulativeProductUptime: 0 ms OS Name: Windows NT OS Version: 10.0.16199 1000 CPU Architecture: amd64 CPU Info: family 6 model 42 stepping 7 ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 100%. Thread id: 9476. ------------------------------------------------------------------------------- 0x00007fff30f232b5 (usermgrproxy.dll + 0x000032b5) Windows::System::UserMarshalClient::Release() 0x00007fff1ddc48f2 (StartTileData.dll + 0x002348f2) DataStoreCache::CloudUtil::Internal::CloudItemManager<DataStoreCache::CloudUtil::GenericCloudItem<Windows::Data::UnifiedTile::LocalStartGlobalProperties,0> >::~CloudItemManager<DataStoreCache::CloudUtil::GenericCloudItem<Windows::Data::UnifiedTile::LocalStartGlobalProperties,0> >() 0x00007fff1dbe11ff (StartTileData.dll + 0x000511ff) std::_Ref_count_base::_Decref() 0x00007fff1de46eae (StartTileData.dll + 0x002b6eae) DataStoreCache::CDSDataTransformer::CDSDataTransformerBase<Windows::Data::UnifiedTile::LocalStartGlobalProperties,Microsoft::WRL::ChainInterfaces<DataStoreCache::IGlobalLocalPropertiesTransformer,DataStoreCache::IGlobalCDSDataTransformer,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil>,0>::~CDSDataTransformerBase<Windows::Data::UnifiedTile::LocalStartGlobalProperties,Microsoft::WRL::ChainInterfaces<DataStoreCache::IGlobalLocalPropertiesTransformer,DataStoreCache::IGlobalCDSDataTransformer,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil>,0>() 0x00007fff1de48df3 (StartTileData.dll + 0x002b8df3) DataStoreCache::CDSDataTransformer::CDSDataTransformer<Windows::Data::UnifiedTile::LocalStartGlobalProperties,Microsoft::WRL::ChainInterfaces<DataStoreCache::IGlobalLocalPropertiesTransformer,DataStoreCache::IGlobalCDSDataTransformer,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil,Microsoft::WRL::Details::Nil> >::`vector deleting destructor'(unsigned int) 0x00007fff1dbe11ff (StartTileData.dll + 0x000511ff) std::_Ref_count_base::_Decref() 0x00007fff1de9ee48 (StartTileData.dll + 0x0030ee48) DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton::~ContainerSingleton() 0x00007fff1dbe11ff (StartTileData.dll + 0x000511ff) std::_Ref_count_base::_Decref() 0x00007fff1dea90e6 (StartTileData.dll + 0x003190e6) std::_List_buy<std::pair<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > const ,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton> >,std::allocator<std::pair<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > const ,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton> > > >::_Freenode(std::_List_node<std::pair<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > const ,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton> >,void *> *) 0x00007fff1de9e67d (StartTileData.dll + 0x0030e67d) std::_Hash<std::_Umap_traits<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> >,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton>,std::_Uhash_compare<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> >,std::hash<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > >,std::equal_to<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > > >,std::allocator<std::pair<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > const ,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton> > >,0> >::~_Hash<std::_Umap_traits<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> >,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton>,std::_Uhash_compare<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> >,std::hash<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > >,std::equal_to<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > > >,std::allocator<std::pair<std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator<unsigned short> > const ,std::shared_ptr<DataStoreCache::CuratedTileCollectionTransformer::Internal::ContainerSingleton> > >,0> >() 0x00007fff36611852 (ucrtbase.dll + 0x00011852) msize_base 0x00007fff3660c976 (ucrtbase.dll + 0x0000c976) register_onexit_function 0x00007fff36611500 (ucrtbase.dll + 0x00011500) execute_onexit_table 0x00007fff3660f064 (ucrtbase.dll + 0x0000f064) __crt_state_management::wrapped_invoke<int (*)(_onexit_table_t *),_onexit_table_t *,int>(int (*)(_onexit_table_t *),_onexit_table_t *) 0x00007fff1dc713d1 (StartTileData.dll + 0x000e13d1) _local_stdio_scanf_options 0x00007fff1dc714f7 (StartTileData.dll + 0x000e14f7) _local_stdio_scanf_options 0x00007fff394dfa6a (ntdll.dll + 0x0003fa6a) LdrpCallInitRoutine 0x00007fff394ebc3b (ntdll.dll + 0x0004bc3b) LdrShutdownProcess 0x00007fff394ebaf3 (ntdll.dll + 0x0004baf3) RtlExitUserProcess 0x00007fff3858c369 (KERNEL32.DLL + 0x0001c369) ExitProcessImplementation 0x00007ff77e13c774 (chrome.exe - exit.cpp: 129) exit_or_terminate_process 0x00007ff77e13c72a (chrome.exe - exit.cpp: 265) common_exit 0x00007ff77e12b864 (chrome.exe - exe_common.inl: 290) __scrt_common_main_seh 0x00007fff385831e3 (KERNEL32.DLL + 0x000131e3) BaseThreadInitThunk 0x00007fff394efac0 (ntdll.dll + 0x0004fac0) RtlUserThreadStart
,
Nov 11 2017
Closest code that we have in Chromium I can find is the ucrtbase.dll. I don't see any files for the starttiledata.dll or usermgrproxy.dll. Sergeyu, would you be able to help with this crash in any way?
,
Nov 20 2017
[stability sheriff] I am not sure how to attack these third party crash signatures. Some analysis: * All crashes I saw are in a utility process and started with exit_or_terminate_process, so the process was trying to exit already. * As c#2 states, nothing in the Chrome source tree mentions starttiledata.dll or usermgrproxy.dll. ucrtbase.dll looks like it's just copying something to the output directory. * starttiledata.dll is a DLL included in Windows 10 that seems related with the "start menu layout". ucrtbase.dll is something about the universal CRT/"Visual C++ C Runtime (CRT) for Visual Studio 2015". usermgrproxy.dll is also something included in Windows 10. * The crash signature definitely regressed in 64.0.3257.0, but I don't see anything obvious in the blame list from c#1. Some grepping of "utility" or "windows" yields: build: Set LTO opt level to 0 on Windows. https://chromium-review.googlesource.com/750194 Servicifying ZipFileCreator. https://chromium-review.googlesource.com/708517 Fix ChildControl binding in ChildProcessHostImpl https://chromium-review.googlesource.com/749639 CC members of those CLs in case something rings a bell.
,
Nov 20 2017
+wfh: do you know how to investigate this third party crash on Windows further?
,
Nov 27 2017
Just to update, the latest Dev(64.0.3269.3) has reported 44 crashes from 15 clients. Friendly ping for an update on this.
,
Nov 27 2017
,
Nov 28 2017
ping wfh@ for suggestions on how to investigate this further.
,
Nov 28 2017
,
Dec 4 2017
Friendly ping to get an update on this issue.
,
Dec 6 2017
I think the third-party module detection in crash is a little wonky, as the first-party and third-party lists are largely duplicated, and many of the identified third-party modules have the same version number as Windows (making me believe that they are not third-party at all). usermgrproxy.dll falls in this category. Windows appears to be hooking browser process shutdown, trying to update some UX state and crashing. I did some searching to see if there were other reports related to this DLL but didn't come up with anything. Not sure how to proceed, but I can look at more reports tomorrow to see if there are any clues. FWIW I don't think this is R-B-S as it's not code that we control.
,
Dec 6 2017
I looked at some crashes - the flags and loaded modules don't yield enough clues for me to figure out *which* utility process or processes is crashing in this way. Also looked at the change log for 64.0.3257.0 and didn't find anything beyond what falken@ did in C#20. I don't have much else to go on here; going to leave for the next sheriff to see if they can make any further progress.
,
Dec 12 2017
Just to update: Only 2 instances seen from 2 clients so far on latest Canary-65.0.3290.0 (live for 1 day). Link to the list of builds: -------------------------- https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BThird%20party%20-%20usermgrproxy.dll%5D%20Windows%3A%3ASystem%3A%3AUserMarshalClient%3A%3ARelease%27%20AND%20product.name%3D%27Chrome%27&sql_dialect=dremelsql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#productversion:1000 Since there are only 2 instances & as per C#10 removing RBS label for now.Please add if required. Need to wait for more crash data. Thanks..!
,
Dec 12 2017
,
Dec 19 2017
Crashing in OS code, has been seen in previous releases, and doesn’t occur that often. Is it really worth to have it on the Stability-Sheriff list? I took a quick look, and wonder if there could be some bad interactions with IShellLink related to the start tile data? E.g., could we sometimes delete data that is marshalled via the usermgrproxy for the StartTileData? Or something like that? I searched through the Chrome code and didn't find anything, but maybe I wasn't looking for the right thing. Any other idea? Anyone? :-)
,
Aug 1
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by ajha@chromium.org
, Nov 9 2017Labels: -Stability-Crash -Type-Bug -Pri-2 ReleaseBlock-Stable TE-CrashTriage M-64 Stability-ThirdParty Stability-Sheriff-Desktop Pri-1 Type-Bug-Regression