[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Owner: a...@chromium.org Cc: ana...@chromium.org Comment #12 on issue 6886 by a...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Status: Fixed Comment #13 on issue 6886 by ana...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 Fixed by Amit in revision: 9142 Hands off the intercept if 'unpatch' fails If IATPatchFunction::Unpatch fails during RestoreImportedFunction it means that we cannot safely unpatch the import address table patch. In this case its better to be hands off the intercept as trying to unpatch again in the destructor of IATPatchFunction is not going to be any safer. In real world, when we patch a plugin's SetCursor, we intercept npswf.dll's IAT entry of SetCursor. It seems that our unpatch fails when the plugin ref count goes to 0. It could be because some one else has patched on top of us. Then, during CRT uninitialization at process shutdown, the destructor of IATPatchFunction is called. It detects that we haven't unpatched yet and tries to unpatch. But at this time the plugin DLL is unloaded and the IAT thunk is invalid. There's no point in trying to unpatch unloaded DLL's IAT :) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #8 on issue 6886 by j...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 We have seen this crash on crash-staging as recent as 1/29 and 2.0.159.2. It is likely that it is still alive and well on the trunk. See http://crash-staging/search?query=Chrome+iat_patch::IATPatchFunction::Unpatch() -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Cc: patr...@chromium.org hu...@chromium.org Comment #9 on issue 6886 by de...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 I can't do anything useful here until full crash dumps work. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #10 on issue 6886 by hu...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 The original report has a link to full dump. http://go/chromebot/dump?build=official_2.0.158.0id=12549e2d-e31c-4b9e-b9ef- 51949e2a19e9-full -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Owner: ana...@chromium.org Comment #11 on issue 6886 by de...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 One of the green border guys is going to need to look at this one. Here is what's happening. We're crashing inside of Unpatch(). intercept_function_ and original_function_ are both correct, but iat_thunk_ is 0x30230470. It seems to always be this address, which made me think it's not corruption or an uninitialized variable. This should point into a pe header of user32.dll right? It's strange it happens on chromebot, there should be nothing particularly weird happening there. It's possible there is some race condition specifically here? I thought about perhaps we tried to Unpatch() (this happens on the last plugin, right?), and we failed, and now we're trying to unpatch again. Although my brief understanding of the code didn't make this seem likely... Don't really have any great ideas here. One thing to do would be to add some DCHECKs() around with some IsBadReadPtr() (or just try to read the value with GetIATFunction so we crash) and try to catch this earlier to see where 30230470 is coming from... -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #7 on issue 6886 by a...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 This bug is most likely due to user32.dll being unmapped first and then we try to unpatch during the exit sequence. Your fix might just work since it unpatches earlier now. Ideally, we shouldn't unpatch at all. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #5 on issue 6886 by bugdro...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 The following revision refers to this bug: http://src.chromium.org/viewvc/chrome?view=revrevision=8613 r8613 | de...@chromium.org | 2009-01-24 13:16:42 -0800 (Sat, 24 Jan 2009) | 10 lines Changed paths: M http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/webplugin_delegate_impl.cc?r1=8613r2=8612 M http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/webplugin_delegate_impl.h?r1=8613r2=8612 Attempt to fix a IAT unpatch crash. The IAT destructor (which will unpatch) now should run at AtExitManager shutdown, which is before we return from main(). It was a static constructor (bad), which registers an atexit() destructor which happens sometime during ExitProcess / LdrShutdown. Also this removes some static constructors (the iat patchers, the throttle_queue, etc). I removed a StatsCounter completely, removing its static initializer. BUG=6886 Review URL: http://codereview.chromium.org/18712 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #6 on issue 6886 by de...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 Btw, I'm not sure that above change will help, it was cleanup I was meaning to do anyway to remove the static constructors. I managed to get a full minidump from patrick (they were all truncated for some reason?), and I'll try to figure out what's going on with the Unpatch() crash. Sky also made a change to unload plugins on shutdown, which should cause Unpatch() to get called earlier. We should keep an eye on new runs to see if this crash is still around, but it will probably have a different stack. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Status: Assigned Owner: de...@chromium.org Comment #3 on issue 6886 by de...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 I have an idea, I'll take a look at the minidump -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Labels: -Area-Misc Area-WebKit Plugins Comment #4 on issue 6886 by lafo...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Updates: Owner: --- Labels: Crash-2.0.157.2 Comment #1 on issue 6886 by patr...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 Also, this crash is showing up outside of ChromeBot. See: http://crash/reportdetail?reportid=23bf2fe3d812271fproduct=Chromeversion=2.0.157.2date=signature=iat_patch::IATPatchFunction::Unpatch()-1977AE9 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
[chromium-bugs] Issue 6886 in chromium: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
Comment #2 on issue 6886 by patr...@chromium.org: Chrome: Crash Report - Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3 http://code.google.com/p/chromium/issues/detail?id=6886 Also, this crash is showing up outside of ChromeBot. See: http://go/crash/reportdetail?reportid=23bf2fe3d812271fproduct=Chromeversion=2.0.157.2date=signature=iat_patch::IATPatchFunction::Unpatch()-1977AE9 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~--~~~~--~~--~--~---
