Updates:
Summary: Browser crash @ std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0>
Status: Untriaged
Cc: [email protected] [email protected]
Labels: -Area-Misc Area-Compat Crash
Comment #1 on issue 9286 by [email protected]: Browser crash @
std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0>
http://code.google.com/p/chromium/issues/detail?id=9286
Confirmed on Trunk (r12445).
Crash Analysis
##############
FAULTING_IP:
+69727473
69727473 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 69727473
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 69727473
Attempt to execute non-executable address 69727473
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
PROCESS_NAME: chrome.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at
"0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 69727473
FAILED_INSTRUCTION_ADDRESS:
+69727473
69727473 ?? ???
FAULTING_THREAD: 00000f78
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_INSTRUCTION_PTR
LAST_CONTROL_TRANSFER: from 012f7975 to 69727473
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0013ebb0 012f7975 03246018 03287280 00000000 0x69727473
0013ec10 01188abf 0013ecb8 031f56e8 04aa2a28
chrome_1000000!std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0> *,std::less<unsigned
int>,std::allocator<std::pair<unsigned int const
,ObserverList<NotificationObserver,0> *> >,0> >::erase+0x85 [c:\program
files
(x86)\microsoft visual studio 8\vc\include\xtree @ 758]
0013ecc0 011eea5b 03287280 0013ee88 01188c33
chrome_1000000!InterstitialPage::~InterstitialPage+0xaf
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\tab_contents\interstitial_page.cc
@
131]
0013eccc 01188c33 00000001 0013eff8 03287280
chrome_1000000!SSLBlockingPage::`scalar
deleting destructor'+0xb
0013ecdc 01189756 00000000 0013ef3c 00000000
chrome_1000000!InterstitialPage::Hide+0x83
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\tab_contents\interstitial_page.cc
@
193]
0013ee88 012f8264 00000005 0013eff8 0013effc
chrome_1000000!InterstitialPage::Observe+0x126
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\tab_contents\interstitial_page.cc
@
235]
0013ef44 010f570c 00000005 031e5d40 0013effc
chrome_1000000!NotificationService::Notify+0x384
[c:\b\slave\chromium-rel-xp\build\src\chrome\common\notification_service.cc
@ 114]
0013eff0 0110a0fb 031e5d40 0013f010 00f712e8
chrome_1000000!NavigationController::RendererDidNavigate+0x27c
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\tab_contents\navigation_controller.cc
@ 631]
0013f0a4 0112f214 049edbd0 0013f0cc 03159f3c
chrome_1000000!WebContents::DidNavigate+0xeb
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\tab_contents\web_contents.cc
@
795]
0013f448 0112f956 03159f38 03159f38 03183bb4
chrome_1000000!RenderViewHost::OnMsgNavigate+0x154
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\renderer_host\render_view_host.cc
@
895]
0013f4ec 011dd2df 03159f38 0013f8e8 031519b0
chrome_1000000!RenderViewHost::OnMessageReceived+0x1b6
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\renderer_host\render_view_host.cc
@
686]
0013f590 011ce597 03159f38 03159f28 01011eb0
chrome_1000000!BrowserRenderProcessHost::OnMessageReceived+0x16f
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\renderer_host\browser_render_process_host.cc
@ 601]
0013f59c 01011eb0 00000000 0013f8e8 00000001
chrome_1000000!RunnableMethod<CancelableRequest<CallbackRunner<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> > >,void (__thiscall
CancelableRequest<CallbackRunner<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> >
> >::*)(Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> const
&),Tuple1<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
>
*> > >::Run+0x17 [c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 307]
0013f63c 01012eca 03159f28 003e9600 003e95e0
chrome_1000000!MessageLoop::RunTask+0x80
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 309]
0013f68c 0102375a 00000000 003e95e0 00000000
chrome_1000000!MessageLoop::DoWork+0x1ea
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 424]
0013f6bc 01022972 0013f8e8 0013f8e8 0013f8e8
chrome_1000000!base::MessagePumpForUI::DoRunLoop+0x5a
[c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 209]
0013f6dc 010124a9 0013f8e8 00ead108 00e90228
chrome_1000000!base::MessagePumpWin::RunWithDispatcher+0x42
[c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 54]
0013f780 010128e0 9229ee1e 003e79b8 00e90228
chrome_1000000!MessageLoop::RunInternal+0xa9
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 192]
0013f7b4 01012949 00000001 00000000 00ead108
chrome_1000000!MessageLoop::RunHandler+0xa0
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 181]
0013f7d0 0107b9aa 00ead108 0013faf0 0107d161
chrome_1000000!MessageLoopForUI::Run+0x49
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 567]
0013f7dc 0107d161 003e99e0 003e8760 ffffffff chrome_1000000!`anonymous
namespace'::RunUIMessageLoop+0x1a
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\browser_main.cc @ 182]
0013faf0 01005b11 0013fbe8 01000000 00000008
chrome_1000000!BrowserMain+0x1391
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\browser_main.cc @ 571]
0013fc80 004038bc 00400000 0013fcf8 000213f6 chrome_1000000!ChromeMain+0x601
[c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_dll_main.cc @ 410]
0013ff28 00432af8 00400000 00000000 000213f6 chrome!wWinMain+0x2ac
[c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_exe_main.cc @ 102]
0013ffc0 7c817067 0013f65c 0043e064 7ffd7000 chrome!__tmainCRTStartup+0x176
[f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c @ 324]
0013fff0 00000000 00432b61 00000000 00000000 kernel32!BaseProcessStart+0x23
STACK_COMMAND: ~0s; .ecxr ; kb
FOLLOWUP_IP:
chrome_1000000!std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0> *,std::less<unsigned
int>,std::allocator<std::pair<unsigned int const
,ObserverList<NotificationObserver,0> *> >,0> >::erase+85 [c:\program files
(x86)\microsoft visual studio 8\vc\include\xtree @ 758]
012f7975 8d45b4 lea eax,[ebp-4Ch]
FAULTING_SOURCE_CODE:
No source found for 'c:\program files (x86)\microsoft visual studio
8\vc\include\xtree'
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: chrome_1000000!std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0> *,std::less<unsigned
int>,std::allocator<std::pair<unsigned int const
,ObserverList<NotificationObserver,0> *> >,0> >::erase+85
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: chrome_1000000
IMAGE_NAME: chrome.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 49ca4ac2
FAILURE_BUCKET_ID:
SOFTWARE_NX_FAULT_c0000005_chrome.dll!std::_Tree<std::_Tmap_traits<unsigned
int,ObserverList<NotificationObserver,0> *,std::less<unsigned
int>,std::allocator<std::pair<unsigned int const
,ObserverList<NotificationObserver,0> *> >,0> >::erase
BUCKET_ID:
APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_INSTRUCTION_PTR_BAD_IP_chrome_1000000!std::_Tree_std::_Tmap_traits_unsigned_int,ObserverList_NotificationObserver,0__*,std::less_unsigned_int_,std::allocator_std::pair_unsigned_int_const_,ObserverList_NotificationObser
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
