Issue 89252 in chromium: BSOD when chrome closes

[chro...@googlecode.com]

Status: Available
Owner: ----
CC: k...@chromium.org, erik...@chromium.org, asar...@chromium.org
Labels: Type-Bug Pri-1 Area-Undefined OS-Windows Feature-GPU

New issue 89252 by c...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Current canary build (cupcake), Windows 7 (corp image)

What happens?
Open a bunch of tabs and close chrome. Blue screen of death guaranteed.

BUT, if you kill the gpu process first (via task manager) it does not
happen!!

This has been confirmed by two people.

[chro...@googlecode.com]

Comment #1 on issue 89252 by erik...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

More data points:
- canary is 14.0.821.0
- video card is Quadro FX 380
- if you reboot after killing the gpu, the problem starts again
- about:flags doesn't seem to matter (cleared them all and it still repros)
- it does seem to matter which pages you have open when you close the
browser (I lost my session restore and it stopped happening for me - I'm
trying to build up a minimal set of pages)
- it isn't happening for a couple of neighbors with near identical
configs. one notable difference, both Antony and I are dial headed and
repro, the other two are single-headed and don't.

[chro...@googlecode.com]

Updates:
Cc: anan...@chromium.org pav...@chromium.org

Comment #9 on issue 89252 by shubhoje...@chromium.org: BSOD when chrome
closes
http://code.google.com/p/chromium/issues/detail?id=89252

I had a BSOD this morning on my machine. I was running a couple of youtube
videos simultaneously in multiple tabs.

What logs can I give to help debug???

[chro...@googlecode.com]

Updates:
Status: Assigned
Owner: jbau...@chromium.org
Cc: rva...@chromium.org ero...@chromium.org
Labels: Stability-Crash

Comment #10 on issue 89252 by ero...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

@shubhojeets: please get a minidump for the kernel crash. On windows7 to
check if you are setup to write dumps go to the System control panel ->
Advanced system settings. Set the "Write debugging information" to 'Small
memory dump' (or alternately you can convert to minidump later). See the
path where dumps are saved to.

@jbauman: are you using the microsoft symbol servers?
(http://msdl.microsoft.com/download/symbols)

Tentatively assigning this to you since it sounded like you are already
working on it. @rvargas or @cpu can probably help you understand the
minidumps.

[chro...@googlecode.com]

Comment #12 on issue 89252 by shubhoje...@chromium.org: BSOD when chrome
closes
http://code.google.com/p/chromium/issues/detail?id=89252

Hey,
I have made the setting in my computer but dint get a BSOD ever since then,
I however have the memory.dmp from the kernel memory dump, but I have made
multiple reboots post that BSOD, you think this dump would help??? I can
attach it if you say its going to be of any help.

[chro...@googlecode.com]

Comment #13 on issue 89252 by vange...@google.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

erik, are you still able to repro the BSOD? Anybody else?

[chro...@googlecode.com]

Updates:
Status: WontFix

Comment #17 on issue 89252 by jbau...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

We changed our font-handling code a while back and I suspect that got rid
of this bug. I haven't heard of any reports of it recently.

[chro...@googlecode.com]

Comment #18 on issue 89252 by thal...@google.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Hey,

I've managed to hit this twice this week. Running M25. Shall I host the
memdump again?

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Comment #19 on issue 89252 by c...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Yes please. Lots of things have change since this bug was closed.

[chro...@googlecode.com]

Comment #25 on issue 89252 by thal...@google.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

It reproed the first time I went there then shut down the browser, but I've
repeated it a few times and it hasn't happened again, on stable or canary.

[chro...@googlecode.com]

Comment #29 on issue 89252 by ionut.am...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

I've had two bsod on chrome exit recently, so I'll just paste the dumps.

first:
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8292582c, address which referenced memory

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'USBSTOR' and 'USBSTOR.SYS' overlap

BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+215
8292582c 895f04 mov dword ptr [edi+4],ebx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

TRAP_FRAME: 8cb5b574 -- (.trap 0xffffffff8cb5b574)
ErrCode = 00000002
eax=82939adc ebx=82939408 ecx=000001ff edx=0000004d esi=829393fc
edi=00000000
eip=8292582c esp=8cb5b5e8 ebp=8cb5b620 iopl=0 nv up ei ng nz ac pe
cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010297
nt!ExDeferredFreePool+0x215:
8292582c 895f04 mov dword ptr [edi+4],ebx
ds:0023:00000004=????????
Resetting default scope

LOCK_ADDRESS: 8296b600 -- (!locks 8296b600)

Resource @ nt!PiEngineLock (0x8296b600) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be
corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be
corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0x8296b600
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from 8292582c to 82884fd9

STACK_TEXT:
8cb5b574 8292582c badb0d00 0000004d 00000000 nt!KiTrap0E+0x2e1
8cb5b620 82924858 829396e0 00000001 0000003e nt!ExDeferredFreePool+0x215
8cb5b68c 9148c67f 89378340 00000000 1dfc1877 nt!ExFreePoolWithTag+0x852
WARNING: Stack unwind information not available. Following frames may be
wrong.
8cb5b6d8 9148ceec 89378340 8a280000 8804d810 aswSP+0x1267f
8cb5b6f8 829a2a8a 8804d810 87ef9000 8cb5ba80 aswSP+0x12eec
8cb5b8dc 8299ad0e 00000000 8cb5b900 8cb5b90c nt!IopLoadDriver+0x805
8cb5b920 82a0a4a4 c28c61b8 00000001 c28c61a4
nt!PipCallDriverAddDeviceQueryRoutine+0x309
8cb5b95c 82a0a8d1 8cb5ba80 8cb5b9b0 a1435000
nt!RtlpCallQueryRegistryRoutine+0x25b
8cb5b9f4 82999516 40000000 80005610 8cb5ba28 nt!RtlQueryRegistryValues+0x418
8cb5bad8 82998a49 00000000 8cb5bd00 88818140 nt!PipCallDriverAddDevice+0x2ff
8cb5bcd4 829a0f53 8702d340 88818140 8cb5bd00 nt!PipProcessDevNodeTree+0x15c
8cb5bd08 828436d2 8293913c 85310828 82969520 nt!PiProcessReenumeration+0x5d
8cb5bd44 828dce4a 00000000 00000000 85310828 nt!PnpDeviceActionWorker+0x1e7
8cb5bd7c 82a0d016 00000000 9129f93e 00000000 nt!ExpWorkerThread+0xfd
8cb5bdc0 82875efe 828dcd4d 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+215
8292582c 895f04 mov dword ptr [edi+4],ebx

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExDeferredFreePool+215

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+215

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+215

Followup: Pool_corruption
---------

and second:
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 9da3de57, The address that the exception occurred at
Arg3: c814eb50, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
win32k!PFFOBJ::pPvtDataMatch+8
9da3de57 f6460804 test byte ptr [esi+8],4

TRAP_FRAME: c814eb50 -- (.trap 0xffffffffc814eb50)
ErrCode = 00000000
eax=fddfc008 ebx=00000000 ecx=c814ebd8 edx=00000000 esi=00000001
edi=c814ec14
eip=9da3de57 esp=c814ebc4 ebp=c814ebf0 iopl=0 nv up ei pl nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x8:
9da3de57 f6460804 test byte ptr [esi+8],4
ds:0023:00000009=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 9d98aae8 to 9da3de57

STACK_TEXT:
c814ebc4 9d98aae8 ff31419c fddfc008 fcf9a640
win32k!PFFOBJ::pPvtDataMatch+0x8
c814ebf0 9d93fb4f fddfc008 ff31419c 881df018
win32k!PFTOBJ::bUnloadWorkhorse+0x37
c814ec1c 9d93f749 fcccb7d8 00000000 00000000
win32k!vCleanupPrivateFonts+0x4d
c814ec34 9d93bf0d fcccb7d8 00000000 00000000 win32k!NtGdiCloseProcess+0x13d
c814ec54 9d93ba4c fcccb7d8 00000000 87caeb90 win32k!GdiProcessCallout+0x145
c814ec70 82a32a58 86376788 00000000 952bc5e6 win32k!W32pProcessCallout+0x5d
c814ecdc 82a0f487 00000000 85f363a0 85f36301 nt!PspExitThread+0x4a0
c814ecf4 828cdfba 88e96a50 c814ed20 c814ed2c nt!PsExitSpecialApc+0x22
c814ed4c 82864d26 00000001 00000000 c814ed64 nt!KiDeliverApc+0x1dc
c814ed4c 778d5cd4 00000001 00000000 c814ed64 nt!KiServiceExit+0x56
WARNING: Frame IP not in any known module. Following frames may be wrong.
01e7fc6c 00000000 00000000 00000000 00000000 0x778d5cd4


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!PFFOBJ::pPvtDataMatch+8
9da3de57 f6460804 test byte ptr [esi+8],4

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!PFFOBJ::pPvtDataMatch+8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 51354d1b

FAILURE_BUCKET_ID: 0x8E_win32k!PFFOBJ::pPvtDataMatch+8

BUCKET_ID: 0x8E_win32k!PFFOBJ::pPvtDataMatch+8

Followup: MachineOwner
---------

I hope they'll be of some help.

[chro...@googlecode.com]

Comment #30 on issue 89252 by c...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

ionut.ambrosie, the second one looks GDI/GPU related, in particular the
private fonts thing seems to point to a bsod related to webfonts.

You can monitor the GDI handle count of the chrome processes, maybe we
create too many private fonts.

[chro...@googlecode.com]

Comment #31 on issue 89252 by hrdi...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free
x64

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff97fff2cc2c9, Address of the instruction which caused the bugcheck
Arg3: fffffade47f8dd60, Address of the context record for the exception
that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"

referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!PFTOBJ::bUnloadWorkhorse+60
fffff97f`ff2cc2c9 f6430804 test byte ptr [rbx+8],4

CONTEXT: fffffade47f8dd60 -- (.cxr 0xfffffade47f8dd60)
rax=fffffa8003c622f0 rbx=0000006b00610070 rcx=fffffade47f8e630
rdx=fffffa800d645010 rsi=0000000000000000 rdi=fffffa800d645010
rip=fffff97fff2cc2c9 rsp=fffffade47f8e570 rbp=fffffa8003c62350
r8=fffffa8003c62350 r9=fffffade6f2c7a00 r10=0000000000000000
r11=fffffade6d903bf0 r12=fffffade6f2c7a00 r13=fffffade47f8e630
r14=0000000000000001 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b
efl=00010202
win32k!PFTOBJ::bUnloadWorkhorse+0x60:
fffff97f`ff2cc2c9 f6430804 test byte ptr [rbx+8],4
ds:002b:0000006b`00610078=??

Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff97fff2cb4f8 to fffff97fff2cc2c9

STACK_TEXT:
fffffade`47f8e570 fffff97f`ff2cb4f8 : 00000000`00034410 00000000`00000000
00000000`00001640 fffffade`6f2c7a00 : win32k!PFTOBJ::bUnloadWorkhorse+0x60
fffffade`47f8e600 fffff97f`ff0c6fc5 : fffff97f`fa000000 00000000`000022d6
00000000`00034410 00000000`000022d6 : win32k!vCleanupPrivateFonts+0x8f
fffffade`47f8e650 fffff97f`ff0c71b2 : 00000000`00000000 fffffade`47f8ec70
fffffa80`0567a400 00000000`00000000 : win32k!NtGdiCloseProcess+0x9f3
fffffade`47f8e6e0 fffff97f`ff0c80df : 00000000`00000000 fffffade`47f8ec70
fffffa80`0567a400 00000000`00000000 : win32k!GdiProcessCallout+0x17b
fffffade`47f8e760 fffff800`012926b1 : 00000000`00000000 00000000`00000001
00000000`00000000 fffffade`6d903bf0 : win32k!W32pProcessCallout+0x88
fffffade`47f8e790 fffff800`01280ae2 : 00000000`00000000 00000000`00000000
fffffade`6d903c38 00000000`00000000 : nt!PspExitThread+0x7cc
fffffade`47f8ea20 fffff800`01038e10 : 00000000`00000001 00000000`00000000
fffffade`6d903bf0 fffff800`0101f7f0 : nt!PsExitSpecialApc+0x1d
fffffade`47f8ea50 fffff800`01027d8b : 00000000`00000100 fffffade`47f8eaf0
fffff800`01280d30 00000000`012b0d28 : nt!KiDeliverApc+0x504
fffffade`47f8eaf0 fffff800`0102e672 : 00000000`35f00000 fffffade`47f8ecf0
00000000`00000000 fffffade`6d903bf0 : nt!KiInitiateUserApc+0x7b
fffffade`47f8ec70 00000000`78b842d9 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xad
00000000`05b1f108 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : 0x78b842d9


FOLLOWUP_IP:
win32k!PFTOBJ::bUnloadWorkhorse+60
fffff97f`ff2cc2c9 f6430804 test byte ptr [rbx+8],4

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!PFTOBJ::bUnloadWorkhorse+60

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 521eb30b

STACK_COMMAND: .cxr 0xfffffade47f8dd60 ; kb

FAILURE_BUCKET_ID: X64_0x3B_win32k!PFTOBJ::bUnloadWorkhorse+60

BUCKET_ID: X64_0x3B_win32k!PFTOBJ::bUnloadWorkhorse+60

Followup: MachineOwner
---------

[chro...@googlecode.com]

Comment #32 on issue 89252 by c...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

hrdinaf, also looks graphics related. What videocard do you have and how
old the drivers?

Or better yet, post where what you get from chrome://gpu page

[chro...@googlecode.com]

Updates:
Cc: sco...@chromium.org

Comment #33 on issue 89252 by sco...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

James' font exhaustion test can cause this on an XP VM.

Attachments:
win32k.png 49.3 KB

[chro...@googlecode.com]

Comment #34 on issue 89252 by SJWeig...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Had this happen atleast twice, third time is debateble. During the two
occurances, it was after Windows Updates.

Chrome Version: 32.0.1700.107 m
Windows Vista SP2 x86

I can run GTA IV fine, everything fine. Then I start the computer at
6:30am, browse a few sites (image intensive?), go to shutdown at 7:30a
leaving for work, exit Chrome and bam, dumps.

Chrome is downloading an update, so we'll see if that does anything.
Anyways, attached is the dump file from this morning.

Thanks,
Scott

Attachments:
Mini022014-01.dmp 140 KB

[chro...@googlecode.com]

Comment #35 on issue 89252 by sco...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

From the #34 dump, looks font related too.

1: kd> .symfix; .reload
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
....

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad
or it
is pointing at freed memory.
Arguments:
Arg1: fe57cc1c, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 9a4ffcce, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: fe57cc1c

FAULTING_IP:
win32k!vCleanupPrivateFonts+35
9a4ffcce 8b5e04 mov ebx,dword ptr [esi+4]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

TRAP_FRAME: b8745b94 -- (.trap 0xffffffffb8745b94)
ErrCode = 00000000
eax=00000000 ebx=fe57cc18 ecx=87790700 edx=00000000 esi=fe57cc18
edi=fe6a69f8
eip=9a4ffcce esp=b8745c08 ebp=b8745c1c iopl=0 nv up ei ng nz na pe

nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000

efl=00010286
win32k!vCleanupPrivateFonts+0x35:
9a4ffcce 8b5e04 mov ebx,dword ptr [esi+4]
ds:0023:fe57cc1c=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 82494de4 to 824df292

STACK_TEXT:
b8745b7c 82494de4 00000000 fe57cc1c 00000000 nt!MmAccessFault+0x10b
b8745b7c 9a4ffcce 00000000 fe57cc1c 00000000 nt!KiTrap0E+0xdc
b8745c1c 9a4ff8e8 fe6148a8 00000000 00000000
win32k!vCleanupPrivateFonts+0x35
b8745c34 9a4fc07d fe6148a8 00000000 00000000 win32k!NtGdiCloseProcess+0x16c
b8745c54 9a4fbbbc fe6148a8 00000000 87883d70 win32k!GdiProcessCallout+0x145
b8745c70 8265fa48 85568348 00000000 066c721f win32k!W32pProcessCallout+0x5d
b8745cdc 8263c47f 00000000 857d0030 857d0001 nt!PspExitThread+0x4a0
b8745cf4 824fae8e 85a0d1f8 b8745d20 b8745d2c nt!PsExitSpecialApc+0x22
b8745d4c 82491d42 00000001 00000000 b8745d64 nt!KiDeliverApc+0x1dc
b8745d4c 77995d14 00000001 00000000 b8745d64 nt!KiServiceExit+0x56

WARNING: Frame IP not in any known module. Following frames may be wrong.

03e2f91c 00000000 00000000 00000000 00000000 0x77995d14


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!vCleanupPrivateFonts+35
9a4ffcce 8b5e04 mov ebx,dword ptr [esi+4]

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: win32k!vCleanupPrivateFonts+35

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5270543c

FAILURE_BUCKET_ID: 0x50_win32k!vCleanupPrivateFonts+35

BUCKET_ID: 0x50_win32k!vCleanupPrivateFonts+35

Followup: MachineOwner
---------

[chro...@googlecode.com]

Comment #36 on issue 89252 by cas...@dingit.dk: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Im seeing this problem too on a windows 2008 sp 1 64 bit terminal server.

58 users are using chrome...

I only have the memory file and not the minidump but here is the output
from windbg

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

WARNING: Whitespace at end of path element
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP
(24 procs) Free x64
Product: LanManNt, suite: TerminalServer
Built by: 6001.18000.amd64fre.longhorn_rtm.080118-1840
Machine Name:
Kernel base = 0xfffff800`01a11000 PsLoadedModuleList = 0xfffff800`01bd6db0
Debug session time: Wed May 14 09:16:12.588 2014 (UTC + 2:00)
System Uptime: 5 days 22:53:42.059
Loading Kernel Symbols
...............................................................
............................................................Missing image
name, possible paged-out or corrupt data.
.*** WARNING: Unable to verify timestamp for
Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
Unable to read KLDR_DATA_TABLE_ENTRY at 00000000`00000000 - NTSTATUS
0xC0000147

Loading unloaded module list
.....
WARNING: .reload failed, module list may be incomplete

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960002ac402, fffffa602af4fe90, 0}

Probably caused by : win32k.sys ( win32k!PFFOBJ::vPFFC_Delete+7a )

Followup: MachineOwner
---------

4: kd> !analyze -v

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff960002ac402, Address of the instruction which caused the bugcheck
Arg3: fffffa602af4fe90, Address of the context record for the exception

that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx
refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.

FAULTING_IP:
win32k!PFFOBJ::vPFFC_Delete+7a
fffff960`002ac402 ?? ???

CONTEXT: fffffa602af4fe90 -- (.cxr 0xfffffa602af4fe90)
Unable to read context, NTSTATUS 0xC0000147

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80001a66390

STACK_TEXT:
fffffa60`2af4f4d8 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KeBugCheckEx


FOLLOWUP_IP:
win32k!PFFOBJ::vPFFC_Delete+7a
fffff960`002ac402 ?? ???

SYMBOL_NAME: win32k!PFFOBJ::vPFFC_Delete+7a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47919441

STACK_COMMAND: .cxr 0xfffffa602af4fe90 ; kb

FAILURE_BUCKET_ID: X64_0x3B_win32k!PFFOBJ::vPFFC_Delete+7a

BUCKET_ID: X64_0x3B_win32k!PFFOBJ::vPFFC_Delete+7a

Followup: MachineOwner
---------

4: kd> .cxr 0xfffffa602af4fe90
Unable to read context, NTSTATUS 0xC0000147
4: kd> lmvm win32k
start end module name
fffff960`00090000 fffff960`00340000 win32k (pdb symbols)
c:\symbols\win32k.pdb\ECBBACF6FC76475BAFABC5427025CD6F2\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file:
c:\symbols\win32k.sys\479194412b0000\win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Sat Jan 19 07:10:09 2008 (47919441)
CheckSum: 002A5C10
ImageSize: 002B0000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4


Can anyone help? installed chrom on this system like 1½ weeks ago.. I used
the one for multi user enviroments..

Im gonna test the fonts tomorrow and update video drivers if i can, not
sure since is a some what fresh installed server with latest driver from
super micro. this is a live environment Monday and Wednesday

[chro...@googlecode.com]

Comment #39 on issue 89252 by cas...@dingit.dk: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

I can't seem to find the solution for the font code issue? or am i just
blind?

No the 58 users were using it.. when it suddenly BSOD. a user further up
said something about the mashine BSOD if you have to many taps open in
chrom and then close the browser. Or maybe that was another site but i feel
that was what happend here. Though I was not present when it happend sadly..

I told my client to turn off the server and start it back up and then it
worked nicely the rest of the day. Because of this i have made a script
that restarts the server at 23:00 every night.. but if its chrome thats the
issue im not sure this would fix it..

[chro...@googlecode.com]

Comment #40 on issue 89252 by cas...@dingit.dk: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

guys i tested the webfonts on my system..

opend them all in one chrome browser in different taps..

there were not that many in the link provided above? like 8 or 10?? is this
true or did I do something wrong..

when i had open them all and went through all the taps to make sure
everything look nicely i closed the browser...

as fare as i know this should provoke the BSOD which it didn't in my case..

does this mean im home free or from this issue or?

I have also contacted my supplier who has contacted super micro for further
assistance since im using the newst driver from matrox a 200ew one

[chro...@googlecode.com]

Comment #41 on issue 89252 by c...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

casper,

maybe. It was not very reproducible to begin with. technically speaking a
BSOD is always the fault of the OS or a Driver (or both).

[chro...@googlecode.com]

Comment #42 on issue 89252 by steven.h...@multiplay.co.uk: BSOD when chrome
closes
http://code.google.com/p/chromium/issues/detail?id=89252

Getting this here every time I update chrome now :(

[chro...@googlecode.com]

Comment #43 on issue 89252 by offer...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

I have only seen this error once from when I posted and untill now.. os i
think maybe it was a one time thing?..

[chro...@googlecode.com]

Comment #48 on issue 89252 by Nak...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

If this helps someone, here is my WinDBG report. When it was dumped I had
gdipp, but I already disabled it and it didn't help. BSOD happens to me on
Win 7 everyday for weeks abd probably more and more often -- I'm really
tired. And when I run out of RAM, and because of that Chrome crashes, it
also causes BSOD.


PAGE_FAULT_IN_NONPAGED_AREA (50)
Arg1: fe02c0cc, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: 98be2deb, If non-zero, the instruction address which referenced the
bad memory
address.

READ_ADDRESS: GetPointerFromAddress: unable to read from 825be71c
Unable to read MiSystemVaType memory at 8259e160
fe02c0cc

FAULTING_IP:
win32k!vCleanupPrivateFonts+50
98be2deb 8b5f04 mov ebx,dword ptr [edi+4]

PROCESS_NAME: chrome.exe

STACK_TEXT:
b61fbb40 8249b8c8 00000000 fe02c0cc 00000000 nt!MmAccessFault+0x106
b61fbb40 98be2deb 00000000 fe02c0cc 00000000 nt!KiTrap0E+0xdc
b61fbbe4 98be24e3 00001014 fda388f0 00000000
win32k!vCleanupPrivateFonts+0x50
b61fbbfc 98bde0df fda388f0 00000000 00000000 win32k!NtGdiCloseProcess+0x143
b61fbc1c 98be09c4 fda388f0 00000000 86cdd1d0 win32k!GdiProcessCallout+0x151
b61fbc38 8269f211 871b8488 00000000 9ccb8d3b win32k!W32pProcessCallout+0x5d
b61fbcb4 826d3939 00000000 85772878 00000001 nt!PspExitThread+0x46d
b61fbccc 824ff7e9 85772878 b61fbcf8 b61fbd04 nt!PsExitSpecialApc+0x22
b61fbd1c 8249912b 00000001 00000000 b61fbd34 nt!KiDeliverApc+0x28b
b61fbd1c 77ad9158 00000001 00000000 b61fbd34 nt!Kei386EoiHelper+0x43

WARNING: Frame IP not in any known module. Following frames may be wrong.

0301fcf0 00000000 00000000 00000000 00000000 0x77ad9158

FOLLOWUP_IP:
win32k!vCleanupPrivateFonts+50
98be2deb 8b5f04 mov ebx,dword ptr [edi+4]

SYMBOL_NAME: win32k!vCleanupPrivateFonts+50

IMAGE_NAME: win32k.sys

FAILURE_BUCKET_ID: 0x50_win32k!vCleanupPrivateFonts+50
BUCKET_ID: 0x50_win32k!vCleanupPrivateFonts+50

[chro...@googlecode.com]

Comment #49 on issue 89252 by Nak...@gmail.com: BSOD when chrome closes

http://code.google.com/p/chromium/issues/detail?id=89252

If this helps someone, here is my WinDBG report. When it was dumped I had
gdipp, but I already disabled it and it didn't help. BSOD happens to me on

Win 7 + GeForce 460some everyday for weeks abd probably more and more often

[chro...@googlecode.com]

Comment #50 on issue 89252 by dvans...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Update: I tried using the --disable-gpu. Seemed to work. (I couldn't get
it to break.) However, I was no longer to play any video from within the
browser. Not a compromise I'm willing to make so I am currently "flying"
without it and making sure that I close each tab one at a time.

[chro...@googlecode.com]

Updates:
Cc: c...@chromium.org

Comment #51 on issue 89252 by rva...@chromium.org: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

Issue 374456 has been merged into this issue.

[chro...@googlecode.com]

Comment #52 on issue 89252 by it.cg...@gmail.com: BSOD when chrome closes
http://code.google.com/p/chromium/issues/detail?id=89252

To me --disable-gpu had no effect except it sometimes cleares a bug
introduced around 38.0.2107.2 (issue #398879)
I have a MEMORY.DMP generated when chrome was launched with --disable-gpu,
if anyone wants to have a look.
!analyze -v for that dump is in comment #8 on this duplicate:
http://code.google.com/p/chromium/issues/detail?id=374456#c8

[chro...@googlecode.com]

Comment #53 on issue 89252 by it.cg...@gmail.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

I've never had a stop 50 until now. says something about vXlatGlyphArray.
font-related?
indeed --disable-gpu is a workaround. i was mislead in last comment by the
fact that I knew I have had replaced the chrome shortcut to include
--disable-gpu but every update it overwrites it's shortcut to the default
state (with no parameters)

Use !analyze -v to get detailed debugging information.

BugCheck 50, {e2ed001c, 0, bf84ca7c, 1}

PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )

Followup: MachineOwner
---------

0: kd> !analyze -v

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad
or it
is pointing at freed memory.
Arguments:

Arg1: e2ed001c, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: bf84ca7c, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details

READ_ADDRESS: e2ed001c Paged pool

FAULTING_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf84ca7c 8b470c mov eax,dword ptr [edi+0Ch]

MM_INTERNAL_CODE: 1

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 52f43e77

MODULE_NAME: win32k

FAULTING_MODULE: bf800000 win32k

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: chrome.exe

TRAP_FRAME: a6601a5c -- (.trap 0xffffffffa6601a5c)
ErrCode = 00000000
eax=e3b49008 ebx=a6601cd4 ecx=00000001 edx=00000002 esi=a6601cd4
edi=e2ed0010
eip=bf84ca7c esp=a6601ad0 ebp=a6601af0 iopl=0 nv up ei pl zr na pe

nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000

efl=00010246
win32k!RFONTOBJ::vXlatGlyphArray+0x5a:
bf84ca7c 8b470c mov eax,dword ptr [edi+0Ch]
ds:0023:e2ed001c=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 80529148 to 80537672

STACK_TEXT:
a66019f4 80529148 00000050 e2ed001c 00000000 nt!KeBugCheckEx+0x1b
a6601a44 804e0966 00000000 e2ed001c 00000000 nt!MmAccessFault+0x77e
a6601a44 bf84ca7c 00000000 e2ed001c 00000000 nt!KiTrap0E+0xd0
a6601af0 bf84de60 a6601b18 00000001 a6601b0c
win32k!RFONTOBJ::vXlatGlyphArray+0x5a
a6601b10 bf85d047 00000020 00000001 00000000 win32k!RFONTOBJ::hgXlat+0x19
a6601b6c bf85e3a0 00000002 00000000 a6601ce0
win32k!RFONTOBJ::bInitCache+0x9f
a6601c14 bf807a75 a6601ce0 a6601c9c 00000003
win32k!RFONTOBJ::bRealizeFont+0x51c
a6601ca4 bf807add e4aaa008 00000000 00000002 win32k!RFONTOBJ::bInit+0x29a
a6601cbc bf82eda5 a6601ce0 00000000 00000002 win32k!RFONTOBJ::vInit+0x16
a6601cd8 bf82ee15 e2df57e8 a6601cf4 a6601d64 win32k!GreGetTextMetricsW+0x28
a6601d50 804dd9ab 60013088 061ef860 00000044
win32k!NtGdiGetTextMetricsW+0x20
a6601d50 7c90e514 60013088 061ef860 00000044 nt!KiSystemServicePostCall

WARNING: Frame IP not in any known module. Following frames may be wrong.

061ef8a4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf84ca7c 8b470c mov eax,dword ptr [edi+0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

Followup: MachineOwner
---------

[chro...@googlecode.com]

Comment #54 on issue 89252 by yuhongba...@hotmail.com: BSOD when chrome
closes
https://code.google.com/p/chromium/issues/detail?id=89252

@it.cg...@gmail.com: Do you know what site you was visiting when this crash
happened?

[chro...@googlecode.com]

Comment #55 on issue 89252 by it.cg...@gmail.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

I'm sorry, I did not. In the meantime I had to also --disble-remote-fonts
because of unpatched windows xp vulnerability (Microsoft Security Bulletin
MS14-058, Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code
Execution (3000061)) so this is unlikely to reproduce or happen again until
I will eventually give up xp.

[chro...@googlecode.com]

Updates:
Status: Available
Owner: ---

Comment #56 on issue 89252 by jba...@chromium.org: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #62 on issue 89252 by thal...@google.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

I gave up my windows workstation a while ago. Goodbye old friend.

[chro...@googlecode.com]

Comment #64 on issue 89252 by mmalasin...@gmail.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

The issue still occurs. Using Vista, newly installed. Works fine until you
close the browser with more than x tabs open. Happens everytime. No matter
what the sites are - text, images or videos.

Attachments:
Mini111615-01.dmp 140 KB

[chro...@googlecode.com]

Comment #65 on issue 89252 by e.yako...@gmail.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

Hi!

I get frequent crashes in win32k.sys when closing multiple Chrome tabs
since August '15

Chrome 47.0.2526.106 m
Windows XP Pro Service Pack 3

Several dump files attached. If I am wrong about this being the same or
similar issue, please tell me where to address this report.

BR,
Eugene

Attachments:
Mini011116-01.dmp 104 KB
Mini011316-01.dmp 104 KB
Mini120115-01.dmp 104 KB

[chro...@googlecode.com]

Comment #66 on issue 89252 by it.cg...@gmail.com: BSOD when chrome closes
https://code.google.com/p/chromium/issues/detail?id=89252

I am afraid you will have to simply ditch chrome if you need xp beyond
april 2016:
http://chrome.blogspot.ro/2015/11/updates-to-chrome-platform-support.html?m=1

I can't find relevant info about Mozilla policy regarding xp, but at the
moment firefox/seamonkey still receive updates