[jitsi-users] Chrome v 58.0.3029.81 crash using jitsi meet


#1

After installing new Chrome release today, all of us are experiencing random crash when using Jitsi Meet (meet.jit.si). We also tested against our own build JVB (early April version) with the same result.

Is this problem known? Any workaround?

Thanks,

Jerry


#2

Hi,

We had experienced it today, we had initial look at the problem and we
haven't found anything to workaround it. We see some memory errors in
chrome debug logs.
We see stuff like:
../../third_party/tcmalloc/chromium/src/free_list.h:118] Memory
corruption detected.

../../third_party/tcmalloc/chromium/src/tcmalloc.cc:289] Attempt to
free invalid pointer 0x41c720025df

Google Chrome Helper(4666,0x70000c6e9000) malloc: *** error for object
0x7fbe19f0ed10: pointer being freed was not allocated

*** set a breakpoint in malloc_error_break to debug

It needs more work to analyze the situation. If you discover something
we will be happy to discuss it.

Regards
damencho

···

On Thu, Apr 20, 2017 at 3:26 PM, <jerry@iotum.com> wrote:

After installing new Chrome release today, all of us are experiencing random
crash when using Jitsi Meet (meet.jit.si). We also tested against our own
build JVB (early April version) with the same result.

Is this problem known? Any workaround?

Thanks,

Jerry

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

I loaded the crash dump in windbg, it seems to be caused by freeing some invalid pointer in RTC Stats. I guess we’ll have to wait for Chromium to fix this.

0:021> k
Child-SP RetAddr Call Site
000000f0`55bfe048 00007ffa`78887b47 ntdll!NtDelayExecution+0x14
000000f0`55bfe050 00007ffa`4fffd8e0 KERNELBASE!SleepEx+0xa7
000000f0`55bfe0f0 00007ffa`78894f77 chrome_elf!crashpad::`anonymous namespace'::UnhandledExceptionHandler+0xd0 [c:\b\build\slave\win64-pgo\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc @ 172]
000000f0`55bfe330 00007ffa`7bfeed1b KERNELBASE!UnhandledExceptionFilter+0x157
000000f0`55bfe430 00007ffa`7bfd6bd6 ntdll!RtlUserThreadStart$filt$0+0x38
000000f0`55bfe460 00007ffa`7bfeab9d ntdll!_C_specific_handler+0x96
000000f0`55bfe4d0 00007ffa`7bf89913 ntdll!RtlpExecuteHandlerForException+0xd
000000f0`55bfe500 00007ffa`7bfe9cba ntdll!RtlDispatchException+0x373
000000f0`55bfec00 00007ffa`106f3ef1 ntdll!KiUserExceptionDispatch+0x3a
(Inline Function) --------`-------- chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75 [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h @ 252]
(Inline Function) --------`-------- chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75 [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h @ 97]
000000f0`55bff320 00007ffa`106f40e4 chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp @ 395]
000000f0`55bff350 00007ffa`0de633d6 chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting destructor'+0x14
(Inline Function) --------`-------- chrome_child!std::default_delete<v8_inspector::StringBuffer>::operator()+0xa [c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory @ 1195]
000000f0`55bff380 00007ffa`0fd6a116 chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer> >::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer> >+0x16 [c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory @ 1398]
000000f0`55bff3b0 00007ffa`0fd6a601 chrome_child!content::`anonymous namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12
000000f0`55bff3e0 00007ffa`0fd6ddc1 chrome_child!rtc::RefCountedObject<content::`anonymous namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15
000000f0`55bff410 00007ffa`1026df49 chrome_child!rtc::RefCountedObject<content::`anonymous namespace'::GetRTCStatsCallback>::Release+0x35 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\refcountedobject.h @ 40]
000000f0`55bff440 00007ffa`102832e9 chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\scoped_ref_ptr.h @ 100]
000000f0`55bff470 00007ffa`1027f5d6 chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback> > >::_Destroy+0x1d [c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector @ 1581]
(Inline Function) --------`-------- chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback> > >::clear+0x13 [c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector @ 1541]
000000f0`55bff4a0 00007ffa`1027f345 chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc @ 759]
000000f0`55bff4d0 00007ffa`1027f63f chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc @ 749]
(Inline Function) --------`-------- chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport> >::CallMethod+0x35 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 164]
(Inline Function) --------`-------- chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport> >::operator()+0x35 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 155]
000000f0`55bff500 00007ffa`10636454 chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>) __ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker-inl.h @ 49]
000000f0`55bff530 00007ffa`1024c043 chrome_child!rtc::AsyncInvoker::OnMessage+0x14 [c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker.cc @ 44]
000000f0`55bff560 00007ffa`1024c49e chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3 [c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 158]
000000f0`55bff5f0 00007ffa`0e2526f2 chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe [c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 282]
(Inline Function) --------`-------- chrome_child!base::internal::FunctorTraits<void (__cdecl extensions::ScriptInjectionManager::RFOHelper::*)(enum extensions::UserScript::RunLocation),void>::Invoke+0x23 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 214]
(Inline Function) --------`-------- chrome_child!base::internal::InvokeHelper<1,void>::MakeItSo+0x32 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 305]
(Inline Function) --------`-------- chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl extensions::ScriptInjectionManager::RFOHelper::*)(enum extensions::UserScript::RunLocation),base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum extensions::UserScript::RunLocation>,void __cdecl(void)>::RunImpl+0x36 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 361]
000000f0`55bff660 00007ffa`0df6001f chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl extensions::ScriptInjectionManager::RFOHelper::*)(enum extensions::UserScript::RunLocation) __ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42 [c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 343]
(Inline Function) --------`-------- chrome_child!base::debug::TaskAnnotator::RunTask+0x27f [c:\b\build\slave\win64-pgo\build\src\base\callback.h @ 68]
000000f0`55bff6a0 00007ffa`0df5d4b3 chrome_child!base::debug::TaskAnnotator::RunTask+0x27f [c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 59]
000000f0`55bff880 00007ffa`0df60477 chrome_child!base::MessageLoop::RunTask+0xbf [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 424]
(Inline Function) --------`-------- chrome_child!base::MessageLoop::DeferOrRunPendingTask+0x4a [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 434]
000000f0`55bff9a0 00007ffa`0df5fa13 chrome_child!base::MessageLoop::DoWork+0x1c7 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 527]
000000f0`55bffba0 00007ffa`0e327d22 chrome_child!base::MessagePumpDefault::Run+0x23 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_default.cc @ 34]
(Inline Function) --------`-------- chrome_child!base::RunLoop::Run+0xb2 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @ 387]
000000f0`55bffbd0 00007ffa`0e327bdf chrome_child!base::RunLoop::Run+0xb2 [c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 38]
000000f0`55bffc80 00007ffa`0e3299bc chrome_child!base::Thread::ThreadMain+0xdf [c:\b\build\slave\win64-pgo\build\src\base\threading\thread.cc @ 336]
000000f0`55bffd20 00007ffa`79718364 chrome_child!base::`anonymous namespace'::ThreadFunc+0xac [c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc @ 91]
000000f0`55bffd80 00007ffa`7bfa70d1 KERNEL32!BaseThreadInitThunk+0x14
000000f0`55bffdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x21

0:021> !analyze -v

···

*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** WARNING: Unable to verify checksum for KERNEL32.DLL
*** WARNING: Unable to verify checksum for USER32.dll
*** WARNING: Unable to verify checksum for ole32.dll
*** WARNING: Unable to verify checksum for chrome_elf.dll
*** The OS name list needs to be updated! Unknown Windows version: 10.0 ***

FAULTING_IP:
chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp @ 395]
00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007ffa106f3ef1 (chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x0000000000000075)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000000000 rbx=0000000000000000 rcx=000000f055bfe490
rdx=000000f055bff0f0 rsi=000000000000ea60 rdi=0000000000000000
rip=00007ffa7bfe6754 rsp=000000f055bfe048 rbp=000000f055bffdb0
r8=0000000000000000 r9=00007ffa7c093390 r10=00000000000014d1
r11=ffff8272ee46f830 r12=ffffffffffffffff r13=00007ffa78a31768
r14=000000f055bfe070 r15=00007ffa4fffd810
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00000246
ntdll!NtDelayExecution+0x14:
00007ffa`7bfe6754 c3 ret

PROCESS_NAME: chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000010

READ_ADDRESS: 0000000000000010

FOLLOWUP_IP:
chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp @ 395]
00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

NTGLOBALFLAG: 0

APP: chrome.exe

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

FAULTING_THREAD: 0000000000006be4

BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE

PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_READ_BEFORE_WRITE

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ_BEFORE_WRITE

LAST_CONTROL_TRANSFER: from 00007ffa106f40e4 to 00007ffa106f3ef1

STACK_TEXT:
000000f0`55bff320 00007ffa`106f40e4 : 00007ffa`108154a8 00007ffa`10784a10 00007ffa`000000ca 00007ffa`0df511c9 : chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d
000000f0`55bff350 00007ffa`0de633d6 : 0000026d`79e03830 0000026d`6a34c6c8 000000f0`55bff4a0 00007ffa`0df50edb : chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting destructor'+0x14
000000f0`55bff380 00007ffa`0fd6a116 : 0000026d`67820658 00000000`00000000 00000000`00075051 000000f0`55bf0001 : chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer> >::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer> >+0x16
000000f0`55bff3b0 00007ffa`0fd6a601 : 00000000`00000000 000000f0`55bff490 000000f0`55bff530 0000026d`7306b288 : chrome_child!content::`anonymous namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12
000000f0`55bff3e0 00007ffa`0fd6ddc1 : 00000000`00000000 000000f0`55bff490 00007ffa`10775278 0000026d`67820658 : chrome_child!rtc::RefCountedObject<content::`anonymous namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15
000000f0`55bff410 00007ffa`1026df49 : 00000000`00000000 0000026d`6a257780 0000026d`7306b288 000000f0`55bff530 : chrome_child!rtc::RefCountedObject<content::`anonymous namespace'::GetRTCStatsCallback>::Release+0x35
000000f0`55bff440 00007ffa`102832e9 : 00007ffa`10dfc140 00007ffa`10dfbcc0 0000026d`000002de 00007ffa`0fd6d9b6 : chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21
000000f0`55bff470 00007ffa`1027f5d6 : 0000026d`7306b288 0000026d`7306b280 0000026d`79e03810 0000026d`6a257828 : chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback> > >::_Destroy+0x1d
000000f0`55bff4a0 00007ffa`1027f345 : 0000026d`00000000 0000026d`6a257780 0000026d`7300f8e0 0000026d`6ed14a20 : chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52
000000f0`55bff4d0 00007ffa`1027f63f : 0000026d`792d86f0 0000026d`6a257780 00007ffa`1132cc01 0000026d`73211e00 : chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5
000000f0`55bff500 00007ffa`10636454 : 0000026d`792d86f0 0000026d`73029170 0000026d`6eec4920 000000f0`55bff7a0 : chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>) __ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f
000000f0`55bff530 00007ffa`1024c043 : 00007ffa`10bfcb80 00007ffa`10bfca78 00000000`000000fa 0000026d`6a34c6c8 : chrome_child!rtc::AsyncInvoker::OnMessage+0x14
000000f0`55bff560 00007ffa`1024c49e : 00000000`00001e92 000000f0`55bff640 0000026d`6a4e0320 00007ffa`1132cc01 : chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3
000000f0`55bff5f0 00007ffa`0e2526f2 : 0000026d`6a48ae58 0000026d`795bffc0 0000026d`6a4e0320 00000000`0000065d : chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe
000000f0`55bff660 00007ffa`0df6001f : 000000f0`55bff7a8 0000026d`6f1d5ad0 0000026d`6f1d5ad0 0000026d`72ea13e0 : chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl extensions::ScriptInjectionManager::RFOHelper::*)(enum extensions::UserScript::RunLocation) __ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42
000000f0`55bff6a0 00007ffa`0df5d4b3 : 0000026d`6a34c5a0 000000f0`55bff939 000000f0`55bff9d0 000000f0`55bff9d0 : chrome_child!base::debug::TaskAnnotator::RunTask+0x27f
000000f0`55bff880 00007ffa`0df60477 : 0000026d`6eeb1848 0000026d`6a34c5b8 00007ffa`110cc5a0 00000000`00000001 : chrome_child!base::MessageLoop::RunTask+0xbf
000000f0`55bff9a0 00007ffa`0df5fa13 : 0000026d`6a4d1b00 0000026d`6eeb1848 00000000`00000000 00007ffa`1024c252 : chrome_child!base::MessageLoop::DoWork+0x1c7
000000f0`55bffba0 00007ffa`0e327d22 : 000000f0`55bffcb0 000000f0`55bffcb9 0000026d`678be0a8 00007ffa`0e327f42 : chrome_child!base::MessagePumpDefault::Run+0x23
000000f0`55bffbd0 00007ffa`0e327bdf : 0000026d`678be0b8 00000000`00000000 000000f0`55bffcb9 0000026d`678be0a8 : chrome_child!base::RunLoop::Run+0xb2
000000f0`55bffc80 00007ffa`0e3299bc : 00000000`00006be4 00000000`00006be4 0000026d`6a2d2ae0 00000000`000005e0 : chrome_child!base::Thread::ThreadMain+0xdf
000000f0`55bffd20 00007ffa`79718364 : 00000000`000005e0 00000000`000005e0 00000000`00000000 00000000`00000000 : chrome_child!base::`anonymous namespace'::ThreadFunc+0xac
000000f0`55bffd80 00007ffa`7bfa70d1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000f0`55bffdb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

FAULTING_SOURCE_LINE: c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_FILE: c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_LINE_NUMBER: 395

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: chrome_child!blink::`anonymous namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: chrome_child

IMAGE_NAME: chrome_child.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 58f6edbe

STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~21s; .ecxr ; kb

FAILURE_BUCKET_ID: NULL_CLASS_PTR_READ_BEFORE_WRITE_c0000005_chrome_child.dll!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver

BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE_chrome_child!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver+2d

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:null_class_ptr_read_before_write_c0000005_chrome_child.dll!blink::_anonymous_namespace_::webrtcstatsreportcallbackresolver::_webrtcstatsreportcallbackresolver

FAILURE_ID_HASH: {ac86f487-b602-dedb-844d-f20c9d4e45a5}

Followup: MachineOwner

Jerry

From: Damian Minkov
Sent: Thursday, April 20, 2017 4:47 PM
To: Jitsi Users
Subject: Re: [jitsi-users] Chrome v 58.0.3029.81 crash using jitsi meet

Hi,

We had experienced it today, we had initial look at the problem and we
haven't found anything to workaround it. We see some memory errors in
chrome debug logs.
We see stuff like:
../../third_party/tcmalloc/chromium/src/free_list.h:118] Memory
corruption detected.

../../third_party/tcmalloc/chromium/src/tcmalloc.cc:289] Attempt to
free invalid pointer 0x41c720025df

Google Chrome Helper(4666,0x70000c6e9000) malloc: *** error for object
0x7fbe19f0ed10: pointer being freed was not allocated

*** set a breakpoint in malloc_error_break to debug

It needs more work to analyze the situation. If you discover something
we will be happy to discuss it.

Regards
damencho

On Thu, Apr 20, 2017 at 3:26 PM, <jerry@iotum.com> wrote:

After installing new Chrome release today, all of us are experiencing random
crash when using Jitsi Meet (meet.jit.si). We also tested against our own
build JVB (early April version) with the same result.

Is this problem known? Any workaround?

Thanks,

Jerry

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Hey,

Thanks for checking that and sharing.
Can you also update with that information this bug:
https://bugs.chromium.org/p/webrtc/issues/detail?id=7505

Thanks
damencho

···

On Thu, Apr 20, 2017 at 4:54 PM, <jerry@iotum.com> wrote:

I loaded the crash dump in windbg, it seems to be caused by freeing some
invalid pointer in RTC Stats. I guess we’ll have to wait for Chromium to fix
this.

0:021> k

Child-SP RetAddr Call Site

000000f0`55bfe048 00007ffa`78887b47 ntdll!NtDelayExecution+0x14

000000f0`55bfe050 00007ffa`4fffd8e0 KERNELBASE!SleepEx+0xa7

000000f0`55bfe0f0 00007ffa`78894f77 chrome_elf!crashpad::`anonymous
namespace'::UnhandledExceptionHandler+0xd0
[c:\b\build\slave\win64-pgo\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
@ 172]

000000f0`55bfe330 00007ffa`7bfeed1b
KERNELBASE!UnhandledExceptionFilter+0x157

000000f0`55bfe430 00007ffa`7bfd6bd6 ntdll!RtlUserThreadStart$filt$0+0x38

000000f0`55bfe460 00007ffa`7bfeab9d ntdll!_C_specific_handler+0x96

000000f0`55bfe4d0 00007ffa`7bf89913 ntdll!RtlpExecuteHandlerForException+0xd

000000f0`55bfe500 00007ffa`7bfe9cba ntdll!RtlDispatchException+0x373

000000f0`55bfec00 00007ffa`106f3ef1 ntdll!KiUserExceptionDispatch+0x3a

(Inline Function) --------`--------
chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h
@ 252]

(Inline Function) --------`--------
chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h
@ 97]

000000f0`55bff320 00007ffa`106f40e4 chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

000000f0`55bff350 00007ffa`0de633d6 chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting
destructor'+0x14

(Inline Function) --------`--------
chrome_child!std::default_delete<v8_inspector::StringBuffer>::operator()+0xa
[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory
@ 1195]

000000f0`55bff380 00007ffa`0fd6a116
chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>

::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>
+0x16

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory
@ 1398]

000000f0`55bff3b0 00007ffa`0fd6a601 chrome_child!content::`anonymous
namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12

000000f0`55bff3e0 00007ffa`0fd6ddc1
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15

000000f0`55bff410 00007ffa`1026df49
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::Release+0x35
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\refcountedobject.h
@ 40]

000000f0`55bff440 00007ffa`102832e9
chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\scoped_ref_ptr.h
@ 100]

000000f0`55bff470 00007ffa`1027f5d6
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::_Destroy+0x1d

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector
@ 1581]

(Inline Function) --------`--------
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::clear+0x13

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector
@ 1541]

000000f0`55bff4a0 00007ffa`1027f345
chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc
@ 759]

000000f0`55bff4d0 00007ffa`1027f63f
chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc
@ 749]

(Inline Function) --------`--------
chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport>

::CallMethod+0x35

[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 164]

(Inline Function) --------`--------
chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport>

::operator()+0x35

[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 155]

000000f0`55bff500 00007ffa`10636454
chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void
(__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>)
__ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker-inl.h
@ 49]

000000f0`55bff530 00007ffa`1024c043
chrome_child!rtc::AsyncInvoker::OnMessage+0x14
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker.cc
@ 44]

000000f0`55bff560 00007ffa`1024c49e
chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3
[c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 158]

000000f0`55bff5f0 00007ffa`0e2526f2
chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe
[c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 282]

(Inline Function) --------`--------
chrome_child!base::internal::FunctorTraits<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation),void>::Invoke+0x23
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 214]

(Inline Function) --------`--------
chrome_child!base::internal::InvokeHelper<1,void>::MakeItSo+0x32
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 305]

(Inline Function) --------`--------
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation),base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::RunImpl+0x36
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 361]

000000f0`55bff660 00007ffa`0df6001f
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation)
__ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 343]

(Inline Function) --------`--------
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f
[c:\b\build\slave\win64-pgo\build\src\base\callback.h @ 68]

000000f0`55bff6a0 00007ffa`0df5d4b3
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f
[c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 59]

000000f0`55bff880 00007ffa`0df60477
chrome_child!base::MessageLoop::RunTask+0xbf
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
424]

(Inline Function) --------`--------
chrome_child!base::MessageLoop::DeferOrRunPendingTask+0x4a
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
434]

000000f0`55bff9a0 00007ffa`0df5fa13
chrome_child!base::MessageLoop::DoWork+0x1c7
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
527]

000000f0`55bffba0 00007ffa`0e327d22
chrome_child!base::MessagePumpDefault::Run+0x23
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_default.cc
@ 34]

(Inline Function) --------`-------- chrome_child!base::RunLoop::Run+0xb2
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
387]

000000f0`55bffbd0 00007ffa`0e327bdf chrome_child!base::RunLoop::Run+0xb2
[c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 38]

000000f0`55bffc80 00007ffa`0e3299bc
chrome_child!base::Thread::ThreadMain+0xdf
[c:\b\build\slave\win64-pgo\build\src\base\threading\thread.cc @ 336]

000000f0`55bffd20 00007ffa`79718364 chrome_child!base::`anonymous
namespace'::ThreadFunc+0xac
[c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc
@ 91]

000000f0`55bffd80 00007ffa`7bfa70d1 KERNEL32!BaseThreadInitThunk+0x14

000000f0`55bffdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x21

0:021> !analyze -v

*******************************************************************************

*
*

* Exception Analysis
*

*
*

*******************************************************************************

*** WARNING: Unable to verify checksum for KERNEL32.DLL

*** WARNING: Unable to verify checksum for USER32.dll

*** WARNING: Unable to verify checksum for ole32.dll

*** WARNING: Unable to verify checksum for chrome_elf.dll

*** The OS name list needs to be updated! Unknown Windows version: 10.0 ***

FAULTING_IP:

chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)

ExceptionAddress: 00007ffa106f3ef1
(chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x0000000000000075)

   ExceptionCode: c0000005 (Access violation)

  ExceptionFlags: 00000000

NumberParameters: 2

   Parameter[0]: 0000000000000000

   Parameter[1]: 0000000000000010

Attempt to read from address 0000000000000010

CONTEXT: 0000000000000000 -- (.cxr 0x0;r)

rax=0000000000000000 rbx=0000000000000000 rcx=000000f055bfe490

rdx=000000f055bff0f0 rsi=000000000000ea60 rdi=0000000000000000

rip=00007ffa7bfe6754 rsp=000000f055bfe048 rbp=000000f055bffdb0

r8=0000000000000000 r9=00007ffa7c093390 r10=00000000000014d1

r11=ffff8272ee46f830 r12=ffffffffffffffff r13=00007ffa78a31768

r14=000000f055bfe070 r15=00007ffa4fffd810

iopl=0 nv up ei pl zr na po nc

cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b
efl=00000246

ntdll!NtDelayExecution+0x14:

00007ffa`7bfe6754 c3 ret

PROCESS_NAME: chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000010

READ_ADDRESS: 0000000000000010

FOLLOWUP_IP:

chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

NTGLOBALFLAG: 0

APP: chrome.exe

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

FAULTING_THREAD: 0000000000006be4

BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE

PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_READ_BEFORE_WRITE

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ_BEFORE_WRITE

LAST_CONTROL_TRANSFER: from 00007ffa106f40e4 to 00007ffa106f3ef1

STACK_TEXT:

000000f0`55bff320 00007ffa`106f40e4 : 00007ffa`108154a8 00007ffa`10784a10
00007ffa`000000ca 00007ffa`0df511c9 : chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d

000000f0`55bff350 00007ffa`0de633d6 : 0000026d`79e03830 0000026d`6a34c6c8
000000f0`55bff4a0 00007ffa`0df50edb : chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting
destructor'+0x14

000000f0`55bff380 00007ffa`0fd6a116 : 0000026d`67820658 00000000`00000000
00000000`00075051 000000f0`55bf0001 :
chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>

::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>
+0x16

000000f0`55bff3b0 00007ffa`0fd6a601 : 00000000`00000000 000000f0`55bff490
000000f0`55bff530 0000026d`7306b288 : chrome_child!content::`anonymous
namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12

000000f0`55bff3e0 00007ffa`0fd6ddc1 : 00000000`00000000 000000f0`55bff490
00007ffa`10775278 0000026d`67820658 :
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15

000000f0`55bff410 00007ffa`1026df49 : 00000000`00000000 0000026d`6a257780
0000026d`7306b288 000000f0`55bff530 :
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::Release+0x35

000000f0`55bff440 00007ffa`102832e9 : 00007ffa`10dfc140 00007ffa`10dfbcc0
0000026d`000002de 00007ffa`0fd6d9b6 :
chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21

000000f0`55bff470 00007ffa`1027f5d6 : 0000026d`7306b288 0000026d`7306b280
0000026d`79e03810 0000026d`6a257828 :
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::_Destroy+0x1d

000000f0`55bff4a0 00007ffa`1027f345 : 0000026d`00000000 0000026d`6a257780
0000026d`7300f8e0 0000026d`6ed14a20 :
chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52

000000f0`55bff4d0 00007ffa`1027f63f : 0000026d`792d86f0 0000026d`6a257780
00007ffa`1132cc01 0000026d`73211e00 :
chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5

000000f0`55bff500 00007ffa`10636454 : 0000026d`792d86f0 0000026d`73029170
0000026d`6eec4920 000000f0`55bff7a0 :
chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void
(__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>)
__ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f

000000f0`55bff530 00007ffa`1024c043 : 00007ffa`10bfcb80 00007ffa`10bfca78
00000000`000000fa 0000026d`6a34c6c8 :
chrome_child!rtc::AsyncInvoker::OnMessage+0x14

000000f0`55bff560 00007ffa`1024c49e : 00000000`00001e92 000000f0`55bff640
0000026d`6a4e0320 00007ffa`1132cc01 :
chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3

000000f0`55bff5f0 00007ffa`0e2526f2 : 0000026d`6a48ae58 0000026d`795bffc0
0000026d`6a4e0320 00000000`0000065d :
chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe

000000f0`55bff660 00007ffa`0df6001f : 000000f0`55bff7a8 0000026d`6f1d5ad0
0000026d`6f1d5ad0 0000026d`72ea13e0 :
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation)
__ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42

000000f0`55bff6a0 00007ffa`0df5d4b3 : 0000026d`6a34c5a0 000000f0`55bff939
000000f0`55bff9d0 000000f0`55bff9d0 :
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f

000000f0`55bff880 00007ffa`0df60477 : 0000026d`6eeb1848 0000026d`6a34c5b8
00007ffa`110cc5a0 00000000`00000001 :
chrome_child!base::MessageLoop::RunTask+0xbf

000000f0`55bff9a0 00007ffa`0df5fa13 : 0000026d`6a4d1b00 0000026d`6eeb1848
00000000`00000000 00007ffa`1024c252 :
chrome_child!base::MessageLoop::DoWork+0x1c7

000000f0`55bffba0 00007ffa`0e327d22 : 000000f0`55bffcb0 000000f0`55bffcb9
0000026d`678be0a8 00007ffa`0e327f42 :
chrome_child!base::MessagePumpDefault::Run+0x23

000000f0`55bffbd0 00007ffa`0e327bdf : 0000026d`678be0b8 00000000`00000000
000000f0`55bffcb9 0000026d`678be0a8 : chrome_child!base::RunLoop::Run+0xb2

000000f0`55bffc80 00007ffa`0e3299bc : 00000000`00006be4 00000000`00006be4
0000026d`6a2d2ae0 00000000`000005e0 :
chrome_child!base::Thread::ThreadMain+0xdf

000000f0`55bffd20 00007ffa`79718364 : 00000000`000005e0 00000000`000005e0
00000000`00000000 00000000`00000000 : chrome_child!base::`anonymous
namespace'::ThreadFunc+0xac

000000f0`55bffd80 00007ffa`7bfa70d1 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14

000000f0`55bffdb0 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

FAULTING_SOURCE_LINE:
c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_FILE:
c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_LINE_NUMBER: 395

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: chrome_child

IMAGE_NAME: chrome_child.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 58f6edbe

STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt
ntdll!LdrpFailureData ; ~21s; .ecxr ; kb

FAILURE_BUCKET_ID:
NULL_CLASS_PTR_READ_BEFORE_WRITE_c0000005_chrome_child.dll!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver

BUCKET_ID:
APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE_chrome_child!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver+2d

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING:
um:null_class_ptr_read_before_write_c0000005_chrome_child.dll!blink::_anonymous_namespace_::webrtcstatsreportcallbackresolver::_webrtcstatsreportcallbackresolver

FAILURE_ID_HASH: {ac86f487-b602-dedb-844d-f20c9d4e45a5}

Followup: MachineOwner

Jerry

From: Damian Minkov
Sent: Thursday, April 20, 2017 4:47 PM
To: Jitsi Users
Subject: Re: [jitsi-users] Chrome v 58.0.3029.81 crash using jitsi meet

Hi,

We had experienced it today, we had initial look at the problem and we

haven't found anything to workaround it. We see some memory errors in

chrome debug logs.

We see stuff like:

../../third_party/tcmalloc/chromium/src/free_list.h:118] Memory

corruption detected.

../../third_party/tcmalloc/chromium/src/tcmalloc.cc:289] Attempt to

free invalid pointer 0x41c720025df

Google Chrome Helper(4666,0x70000c6e9000) malloc: *** error for object

0x7fbe19f0ed10: pointer being freed was not allocated

*** set a breakpoint in malloc_error_break to debug

It needs more work to analyze the situation. If you discover something

we will be happy to discuss it.

Regards

damencho

On Thu, Apr 20, 2017 at 3:26 PM, <jerry@iotum.com> wrote:

After installing new Chrome release today, all of us are experiencing
random

crash when using Jitsi Meet (meet.jit.si). We also tested against our own

build JVB (early April version) with the same result.

Is this problem known? Any workaround?

Thanks,

Jerry

_______________________________________________

users mailing list

users@jitsi.org

Unsubscribe instructions and other list options:

http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________

users mailing list

users@jitsi.org

Unsubscribe instructions and other list options:

http://lists.jitsi.org/mailman/listinfo/users


#5

Yup, dumped the data over there.

Jerry

···

From: Damian Minkov
Sent: Thursday, April 20, 2017 5:59 PM
To: jerry@iotum.com
Cc: Jitsi Users
Subject: Re: [jitsi-users] Chrome v 58.0.3029.81 crash using jitsi meet

Hey,

Thanks for checking that and sharing.
Can you also update with that information this bug:
https://bugs.chromium.org/p/webrtc/issues/detail?id=7505

Thanks
damencho

On Thu, Apr 20, 2017 at 4:54 PM, <jerry@iotum.com> wrote:

I loaded the crash dump in windbg, it seems to be caused by freeing some
invalid pointer in RTC Stats. I guess we’ll have to wait for Chromium to fix
this.

0:021> k

Child-SP RetAddr Call Site

000000f0`55bfe048 00007ffa`78887b47 ntdll!NtDelayExecution+0x14

000000f0`55bfe050 00007ffa`4fffd8e0 KERNELBASE!SleepEx+0xa7

000000f0`55bfe0f0 00007ffa`78894f77 chrome_elf!crashpad::`anonymous
namespace'::UnhandledExceptionHandler+0xd0
[c:\b\build\slave\win64-pgo\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
@ 172]

000000f0`55bfe330 00007ffa`7bfeed1b
KERNELBASE!UnhandledExceptionFilter+0x157

000000f0`55bfe430 00007ffa`7bfd6bd6 ntdll!RtlUserThreadStart$filt$0+0x38

000000f0`55bfe460 00007ffa`7bfeab9d ntdll!_C_specific_handler+0x96

000000f0`55bfe4d0 00007ffa`7bf89913 ntdll!RtlpExecuteHandlerForException+0xd

000000f0`55bfe500 00007ffa`7bfe9cba ntdll!RtlDispatchException+0x373

000000f0`55bfec00 00007ffa`106f3ef1 ntdll!KiUserExceptionDispatch+0x3a

(Inline Function) --------`--------
chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h
@ 252]

(Inline Function) --------`--------
chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x75
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\platform\heap\persistent.h
@ 97]

000000f0`55bff320 00007ffa`106f40e4 chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

000000f0`55bff350 00007ffa`0de633d6 chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting
destructor'+0x14

(Inline Function) --------`--------
chrome_child!std::default_delete<v8_inspector::StringBuffer>::operator()+0xa
[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory
@ 1195]

000000f0`55bff380 00007ffa`0fd6a116
chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>

::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>
+0x16

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\memory
@ 1398]

000000f0`55bff3b0 00007ffa`0fd6a601 chrome_child!content::`anonymous
namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12

000000f0`55bff3e0 00007ffa`0fd6ddc1
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15

000000f0`55bff410 00007ffa`1026df49
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::Release+0x35
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\refcountedobject.h
@ 40]

000000f0`55bff440 00007ffa`102832e9
chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\scoped_ref_ptr.h
@ 100]

000000f0`55bff470 00007ffa`1027f5d6
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::_Destroy+0x1d

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector
@ 1581]

(Inline Function) --------`--------
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::clear+0x13

[c:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\vc\include\vector
@ 1541]

000000f0`55bff4a0 00007ffa`1027f345
chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc
@ 759]

000000f0`55bff4d0 00007ffa`1027f63f
chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\pc\rtcstatscollector.cc
@ 749]

(Inline Function) --------`--------
chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport>

::CallMethod+0x35

[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 164]

(Inline Function) --------`--------
chrome_child!rtc::MethodFunctor<webrtc::RTCStatsCollector,void (__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>),void,rtc::scoped_refptr<webrtc::RTCStatsReport>

::operator()+0x35

[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\bind.h @ 155]

000000f0`55bff500 00007ffa`10636454
chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void
(__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>)
__ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker-inl.h
@ 49]

000000f0`55bff530 00007ffa`1024c043
chrome_child!rtc::AsyncInvoker::OnMessage+0x14
[c:\b\build\slave\win64-pgo\build\src\third_party\webrtc\base\asyncinvoker.cc
@ 44]

000000f0`55bff560 00007ffa`1024c49e
chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3
[c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 158]

000000f0`55bff5f0 00007ffa`0e2526f2
chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe
[c:\b\build\slave\win64-pgo\build\src\jingle\glue\thread_wrapper.cc @ 282]

(Inline Function) --------`--------
chrome_child!base::internal::FunctorTraits<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation),void>::Invoke+0x23
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 214]

(Inline Function) --------`--------
chrome_child!base::internal::InvokeHelper<1,void>::MakeItSo+0x32
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 305]

(Inline Function) --------`--------
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation),base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::RunImpl+0x36
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 361]

000000f0`55bff660 00007ffa`0df6001f
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation)
__ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42
[c:\b\build\slave\win64-pgo\build\src\base\bind_internal.h @ 343]

(Inline Function) --------`--------
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f
[c:\b\build\slave\win64-pgo\build\src\base\callback.h @ 68]

000000f0`55bff6a0 00007ffa`0df5d4b3
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f
[c:\b\build\slave\win64-pgo\build\src\base\debug\task_annotator.cc @ 59]

000000f0`55bff880 00007ffa`0df60477
chrome_child!base::MessageLoop::RunTask+0xbf
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
424]

(Inline Function) --------`--------
chrome_child!base::MessageLoop::DeferOrRunPendingTask+0x4a
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
434]

000000f0`55bff9a0 00007ffa`0df5fa13
chrome_child!base::MessageLoop::DoWork+0x1c7
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
527]

000000f0`55bffba0 00007ffa`0e327d22
chrome_child!base::MessagePumpDefault::Run+0x23
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_default.cc
@ 34]

(Inline Function) --------`-------- chrome_child!base::RunLoop::Run+0xb2
[c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_loop.cc @
387]

000000f0`55bffbd0 00007ffa`0e327bdf chrome_child!base::RunLoop::Run+0xb2
[c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 38]

000000f0`55bffc80 00007ffa`0e3299bc
chrome_child!base::Thread::ThreadMain+0xdf
[c:\b\build\slave\win64-pgo\build\src\base\threading\thread.cc @ 336]

000000f0`55bffd20 00007ffa`79718364 chrome_child!base::`anonymous
namespace'::ThreadFunc+0xac
[c:\b\build\slave\win64-pgo\build\src\base\threading\platform_thread_win.cc
@ 91]

000000f0`55bffd80 00007ffa`7bfa70d1 KERNEL32!BaseThreadInitThunk+0x14

000000f0`55bffdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x21

0:021> !analyze -v

*******************************************************************************

*
*

* Exception Analysis
*

*
*

*******************************************************************************

*** WARNING: Unable to verify checksum for KERNEL32.DLL

*** WARNING: Unable to verify checksum for USER32.dll

*** WARNING: Unable to verify checksum for ole32.dll

*** WARNING: Unable to verify checksum for chrome_elf.dll

*** The OS name list needs to be updated! Unknown Windows version: 10.0 ***

FAULTING_IP:

chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)

ExceptionAddress: 00007ffa106f3ef1
(chrome_child!blink::WebRTCIceServer::~WebRTCIceServer+0x0000000000000075)

   ExceptionCode: c0000005 (Access violation)

  ExceptionFlags: 00000000

NumberParameters: 2

   Parameter[0]: 0000000000000000

   Parameter[1]: 0000000000000010

Attempt to read from address 0000000000000010

CONTEXT: 0000000000000000 -- (.cxr 0x0;r)

rax=0000000000000000 rbx=0000000000000000 rcx=000000f055bfe490

rdx=000000f055bff0f0 rsi=000000000000ea60 rdi=0000000000000000

rip=00007ffa7bfe6754 rsp=000000f055bfe048 rbp=000000f055bffdb0

r8=0000000000000000 r9=00007ffa7c093390 r10=00000000000014d1

r11=ffff8272ee46f830 r12=ffffffffffffffff r13=00007ffa78a31768

r14=000000f055bfe070 r15=00007ffa4fffd810

iopl=0 nv up ei pl zr na po nc

cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b
efl=00000246

ntdll!NtDelayExecution+0x14:

00007ffa`7bfe6754 c3 ret

PROCESS_NAME: chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000010

READ_ADDRESS: 0000000000000010

FOLLOWUP_IP:

chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d
[c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp
@ 395]

00007ffa`106f3ef1 488b4a10 mov rcx,qword ptr [rdx+10h]

NTGLOBALFLAG: 0

APP: chrome.exe

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

FAULTING_THREAD: 0000000000006be4

BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE

PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_READ_BEFORE_WRITE

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ_BEFORE_WRITE

LAST_CONTROL_TRANSFER: from 00007ffa106f40e4 to 00007ffa106f3ef1

STACK_TEXT:

000000f0`55bff320 00007ffa`106f40e4 : 00007ffa`108154a8 00007ffa`10784a10
00007ffa`000000ca 00007ffa`0df511c9 : chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+0x2d

000000f0`55bff350 00007ffa`0de633d6 : 0000026d`79e03830 0000026d`6a34c6c8
000000f0`55bff4a0 00007ffa`0df50edb : chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::`scalar deleting
destructor'+0x14

000000f0`55bff380 00007ffa`0fd6a116 : 0000026d`67820658 00000000`00000000
00000000`00075051 000000f0`55bf0001 :
chrome_child!std::unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>

::~unique_ptr<v8_inspector::StringBuffer,std::default_delete<v8_inspector::StringBuffer>
+0x16

000000f0`55bff3b0 00007ffa`0fd6a601 : 00000000`00000000 000000f0`55bff490
000000f0`55bff530 0000026d`7306b288 : chrome_child!content::`anonymous
namespace'::GetRTCStatsCallback::~GetRTCStatsCallback+0x12

000000f0`55bff3e0 00007ffa`0fd6ddc1 : 00000000`00000000 000000f0`55bff490
00007ffa`10775278 0000026d`67820658 :
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::`scalar deleting destructor'+0x15

000000f0`55bff410 00007ffa`1026df49 : 00000000`00000000 0000026d`6a257780
0000026d`7306b288 000000f0`55bff530 :
chrome_child!rtc::RefCountedObject<content::`anonymous
namespace'::GetRTCStatsCallback>::Release+0x35

000000f0`55bff440 00007ffa`102832e9 : 00007ffa`10dfc140 00007ffa`10dfbcc0
0000026d`000002de 00007ffa`0fd6d9b6 :
chrome_child!rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>::~scoped_refptr<webrtc::RTCStatsCollectorCallback>+0x21

000000f0`55bff470 00007ffa`1027f5d6 : 0000026d`7306b288 0000026d`7306b280
0000026d`79e03810 0000026d`6a257828 :
chrome_child!std::vector<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>,std::allocator<rtc::scoped_refptr<webrtc::RTCStatsCollectorCallback>

>::_Destroy+0x1d

000000f0`55bff4a0 00007ffa`1027f345 : 0000026d`00000000 0000026d`6a257780
0000026d`7300f8e0 0000026d`6ed14a20 :
chrome_child!webrtc::RTCStatsCollector::DeliverCachedReport+0x52

000000f0`55bff4d0 00007ffa`1027f63f : 0000026d`792d86f0 0000026d`6a257780
00007ffa`1132cc01 0000026d`73211e00 :
chrome_child!webrtc::RTCStatsCollector::AddPartialResults_s+0xe5

000000f0`55bff500 00007ffa`10636454 : 0000026d`792d86f0 0000026d`73029170
0000026d`6eec4920 000000f0`55bff7a0 :
chrome_child!rtc::FireAndForgetAsyncClosure<rtc::MethodFunctor<webrtc::RTCStatsCollector,void
(__cdecl
webrtc::RTCStatsCollector::*)(rtc::scoped_refptr<webrtc::RTCStatsReport>)
__ptr64,void,rtc::scoped_refptr<webrtc::RTCStatsReport> > >::Execute+0x3f

000000f0`55bff530 00007ffa`1024c043 : 00007ffa`10bfcb80 00007ffa`10bfca78
00000000`000000fa 0000026d`6a34c6c8 :
chrome_child!rtc::AsyncInvoker::OnMessage+0x14

000000f0`55bff560 00007ffa`1024c49e : 00000000`00001e92 000000f0`55bff640
0000026d`6a4e0320 00007ffa`1132cc01 :
chrome_child!jingle_glue::JingleThreadWrapper::Dispatch+0xa3

000000f0`55bff5f0 00007ffa`0e2526f2 : 0000026d`6a48ae58 0000026d`795bffc0
0000026d`6a4e0320 00000000`0000065d :
chrome_child!jingle_glue::JingleThreadWrapper::RunTask+0xfe

000000f0`55bff660 00007ffa`0df6001f : 000000f0`55bff7a8 0000026d`6f1d5ad0
0000026d`6f1d5ad0 0000026d`72ea13e0 :
chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl
extensions::ScriptInjectionManager::RFOHelper::*)(enum
extensions::UserScript::RunLocation)
__ptr64,base::WeakPtr<extensions::ScriptInjectionManager::RFOHelper>,enum
extensions::UserScript::RunLocation>,void __cdecl(void)>::Run+0x42

000000f0`55bff6a0 00007ffa`0df5d4b3 : 0000026d`6a34c5a0 000000f0`55bff939
000000f0`55bff9d0 000000f0`55bff9d0 :
chrome_child!base::debug::TaskAnnotator::RunTask+0x27f

000000f0`55bff880 00007ffa`0df60477 : 0000026d`6eeb1848 0000026d`6a34c5b8
00007ffa`110cc5a0 00000000`00000001 :
chrome_child!base::MessageLoop::RunTask+0xbf

000000f0`55bff9a0 00007ffa`0df5fa13 : 0000026d`6a4d1b00 0000026d`6eeb1848
00000000`00000000 00007ffa`1024c252 :
chrome_child!base::MessageLoop::DoWork+0x1c7

000000f0`55bffba0 00007ffa`0e327d22 : 000000f0`55bffcb0 000000f0`55bffcb9
0000026d`678be0a8 00007ffa`0e327f42 :
chrome_child!base::MessagePumpDefault::Run+0x23

000000f0`55bffbd0 00007ffa`0e327bdf : 0000026d`678be0b8 00000000`00000000
000000f0`55bffcb9 0000026d`678be0a8 : chrome_child!base::RunLoop::Run+0xb2

000000f0`55bffc80 00007ffa`0e3299bc : 00000000`00006be4 00000000`00006be4
0000026d`6a2d2ae0 00000000`000005e0 :
chrome_child!base::Thread::ThreadMain+0xdf

000000f0`55bffd20 00007ffa`79718364 : 00000000`000005e0 00000000`000005e0
00000000`00000000 00000000`00000000 : chrome_child!base::`anonymous
namespace'::ThreadFunc+0xac

000000f0`55bffd80 00007ffa`7bfa70d1 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14

000000f0`55bffdb0 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

FAULTING_SOURCE_LINE:
c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_FILE:
c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\modules\peerconnection\rtcpeerconnection.cpp

FAULTING_SOURCE_LINE_NUMBER: 395

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: chrome_child!blink::`anonymous
namespace'::WebRTCStatsReportCallbackResolver::~WebRTCStatsReportCallbackResolver+2d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: chrome_child

IMAGE_NAME: chrome_child.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 58f6edbe

STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt
ntdll!LdrpFailureData ; ~21s; .ecxr ; kb

FAILURE_BUCKET_ID:
NULL_CLASS_PTR_READ_BEFORE_WRITE_c0000005_chrome_child.dll!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver

BUCKET_ID:
APPLICATION_FAULT_NULL_CLASS_PTR_READ_BEFORE_WRITE_chrome_child!blink::_anonymous_namespace_::WebRTCStatsReportCallbackResolver::_WebRTCStatsReportCallbackResolver+2d

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING:
um:null_class_ptr_read_before_write_c0000005_chrome_child.dll!blink::_anonymous_namespace_::webrtcstatsreportcallbackresolver::_webrtcstatsreportcallbackresolver

FAILURE_ID_HASH: {ac86f487-b602-dedb-844d-f20c9d4e45a5}

Followup: MachineOwner

Jerry

From: Damian Minkov
Sent: Thursday, April 20, 2017 4:47 PM
To: Jitsi Users
Subject: Re: [jitsi-users] Chrome v 58.0.3029.81 crash using jitsi meet

Hi,

We had experienced it today, we had initial look at the problem and we

haven't found anything to workaround it. We see some memory errors in

chrome debug logs.

We see stuff like:

../../third_party/tcmalloc/chromium/src/free_list.h:118] Memory

corruption detected.

../../third_party/tcmalloc/chromium/src/tcmalloc.cc:289] Attempt to

free invalid pointer 0x41c720025df

Google Chrome Helper(4666,0x70000c6e9000) malloc: *** error for object

0x7fbe19f0ed10: pointer being freed was not allocated

*** set a breakpoint in malloc_error_break to debug

It needs more work to analyze the situation. If you discover something

we will be happy to discuss it.

Regards

damencho

On Thu, Apr 20, 2017 at 3:26 PM, <jerry@iotum.com> wrote:

After installing new Chrome release today, all of us are experiencing
random

crash when using Jitsi Meet (meet.jit.si). We also tested against our own

build JVB (early April version) with the same result.

Is this problem known? Any workaround?

Thanks,

Jerry

_______________________________________________

users mailing list

users@jitsi.org

Unsubscribe instructions and other list options:

http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________

users mailing list

users@jitsi.org

Unsubscribe instructions and other list options:

http://lists.jitsi.org/mailman/listinfo/users