fix: destroy message port backend when JS env exits #39335

deepak1556 · 2023-08-02T12:13:37Z

Description of Change

Fixes the following two crashes we have seen in our releases with utility process

Crash 1

Thread 0:
0   electron::JavascriptEnvironment::GetIsolate() [0x9a5f8c8] in javascript_environment.cc:380
       x0 = 0x0000000000000000   x1 = 0x0000000000000000
       x2 = 0x0000000000000000   x3 = 0x000000012a000000
       x4 = 0x000000012a00b330   x5 = 0x0000000000000009
       x6 = 0x0000000000000002   x7 = 0x0000000000000000
       x8 = 0x0000000110747000   x9 = 0x23649dadec0d0055
      x10 = 0x0000000000000000  x11 = 0x0000000000000000
      x12 = 0x0000000000000735  x13 = 0x0000000000000073
      x14 = 0x0000000000000808  x15 = 0x0000000000000808
      x16 = 0x0000000185700e9c  x17 = 0x0000000185564d74
      x18 = 0x0000000000000000  x19 = 0x0000000000000001
      x20 = 0x000000012f71ea10  x21 = 0xaaaaaaaaaaaaaaaa
      x22 = 0x000000016d996268  x23 = 0x0000000128809800
      x24 = 0xaaaaaaaaaaaaaaaa  x25 = 0x000000016d996280
      x26 = 0x0000000000000019  x27 = 0x00000001106c1000
      x28 = 0x0000000000000001   fp = 0x000000016d996130
       lr = 0x0000000109a3ac04   sp = 0x000000016d995e90
       pc = 0x0000000109a5f8c8
1   electron::MessagePort::Accept(mojo::Message*) [0x9a3ac00] in message_port.cc:235
       fp = 0x000000016d9962f0   lr = 0x000000010c127ba4
       sp = 0x000000016d996140   pc = 0x0000000109a3ac04
2   mojo::Connector::ReadAllAvailableMessages() [0xc127ba0] in connector.cc:561
       fp = 0x000000016d996380   lr = 0x000000010be5aa60
       sp = 0x000000016d996300   pc = 0x000000010c127ba4
3   base::TaskAnnotator::RunTaskImpl(base::PendingTask&) [0xbe5aa5c] in callback.h:143
       fp = 0x000000016d996550   lr = 0x000000010be75484
       sp = 0x000000016d996390   pc = 0x000000010be5aa60
4   non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() [0xbe75480] in task_annotator.h:74
       fp = 0x000000016d9965d0   lr = 0x000000010be27e90
       sp = 0x000000016d996560   pc = 0x000000010be75484
5   base::MessagePumpDefault::Run(base::MessagePump::Delegate*) [0xbe27e8c] in message_pump_default.cc:39
       fp = 0x000000016d996610   lr = 0x000000010be75ee4
       sp = 0x000000016d9965e0   pc = 0x000000010be27e90
6   base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) [0xbe75ee0] in thread_controller_with_message_pump_impl.cc:498
       fp = 0x000000016d9966b0   lr = 0x000000010be45424
       sp = 0x000000016d996620   pc = 0x000000010be75ee4
7   base::RunLoop::Run(base::Location const&) [0xbe45420] in run_loop.cc:141
       fp = 0x000000016d996830   lr = 0x000000010bbe55d4
       sp = 0x000000016d9966c0   pc = 0x000000010be45424
8   content::UtilityMain(content::MainFunctionParams) [0xbbe55d0] in utility_main.cc:275
       fp = 0x000000016d996940   lr = 0x0000000109c0d92c
       sp = 0x000000016d996840   pc = 0x000000010bbe55d4
9   content::RunOtherNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams, content::ContentMainDelegate*) [0x9c0d928] in content_main_runner_impl.cc:680
       fp = 0x000000016d996a00   lr = 0x0000000109c0e210
       sp = 0x000000016d996950   pc = 0x0000000109c0d92c
10  content::ContentMainRunnerImpl::Run() [0x9c0e20c] in content_main_runner_impl.cc:1019
       fp = 0x000000016d996c90   lr = 0x0000000109c0cdfc
       sp = 0x000000016d996a10   pc = 0x0000000109c0e210
11  content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) [0x9c0cdf8] in content_main.cc:411
       fp = 0x000000016d996d00   lr = 0x0000000109c0d2c8
       sp = 0x000000016d996ca0   pc = 0x0000000109c0cdfc
12  content::ContentMain(content::ContentMainParams) [0x9c0d2c4] in content_main.cc:439
       fp = 0x000000016d996df0   lr = 0x000000010998b18c
       sp = 0x000000016d996d10   pc = 0x0000000109c0d2c8
13  ElectronMain [0x998b188] in electron_library_main.mm:34
       fp = 0x000000016d996e40   lr = 0x000000010246899c
       sp = 0x000000016d996e00   pc = 0x000000010998b18c
14  main [0x2468998] in electron_main_mac.cc:68
       fp = 0x000000016d997130   lr = 0x00000001853dbe50
       sp = 0x000000016d996e50   pc = 0x000000010246899c
15  0x853dbe4c + 24140
       fp = 0x0000000000000000   lr = 0xe05b800000000000
       sp = 0x000000016d997140   pc = 0x00000001853dbe50

Crash 2

Thread 0:
0   v8::internal::GlobalHandles::Destroy(unsigned __int64 *) [0x89217292] in global-handles.cc:1132
      rax = 0xd0152800ce600000  rdx = 0xffffffffffffe0a0
      rcx = 0x000060ce003ac760  rbx = 0x000060ce0026c080
      rsi = 0x000060ce002814e0  rdi = 0x000060ce0026c0b8
      rbp = 0x000000b8a0dfef00  rsp = 0x000000b8a0dfec00
       r8 = 0x0000000000000000   r9 = 0x00007ffcc70fc730
      r10 = 0x00000ffef12fafcc  r11 = 0x0000000000001004
      r12 = 0xaaaaaaaaaaaaaaaa  r13 = 0x0000000000000009
      r14 = 0x000000b8a0dfed00  r15 = 0x000060ce0028e400
      rip = 0x00007ff789217292
1   class blink::MessagePortChannel electron::MessagePort::Disentangle() [0x8623ed83] in message_port.cc:149
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dfec30  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78623ed83
2   void electron::MessagePort::Close() [0x8623f93d] in message_port.cc:107
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dfecb0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78623f93d
3   static void base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int),base::internal::UnretainedWrapper<mojo::Connector> >,void (unsigned int)>::Run(class base::internal::BindStateBase *, unsigned int) [0x8771f27a] in bind_internal.h:764
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dfed90  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78771f27a
4   void mojo::SimpleWatcher::OnHandleReady(int, unsigned int, const struct mojo::HandleSignalsState & const) [0x8980373b] in simple_watcher.cc:278
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dfee50  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78980373b
5   base::TaskAnnotator::RunTaskImpl(base::PendingTask &) [0x897c0b48] in task_annotator.cc:135
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dfef90  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff7897c0b48
6   base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() [0x89897c57] in thread_controller_with_message_pump_impl.cc:291
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff040  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff789897c57
7   base::MessagePumpDefault::Run(base::MessagePump::Delegate *) [0x87c1db6c] in message_pump_default.cc:39
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff260  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff787c1db6c
8   base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) [0x87c27cfa] in thread_controller_with_message_pump_impl.cc:498
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff310  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff787c27cfa
9   base::RunLoop::Run(base::Location const &) [0x8766459f] in run_loop.cc:141
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff380  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78766459f
10  content::UtilityMain(content::MainFunctionParams) [0x87446600] in utility_main.cc:275
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff470  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff787446600
11  static int content::RunOtherNamedProcessTypeMain(const class std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > & const, struct content::MainFunctionParams, class content::ContentMainDelegate *) [0x863e165c] in content_main_runner_impl.cc:680
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff6b0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff7863e165c
12  content::ContentMainRunnerImpl::Run() [0x863e213d] in content_main_runner_impl.cc:1019
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff7c0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff7863e213d
13  static int content::RunContentProcess(struct content::ContentMainParams, class content::ContentMainRunner *) [0x863de6bc] in content_main.cc:411
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dff8e0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff7863de6bc
14  content::ContentMain(content::ContentMainParams) [0x863dea30] in content_main.cc:439
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dffb50  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff7863dea30
15  wWinMain [0x8616ee7d] in electron_main_win.cc:247
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dffbe0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff78616ee7d
16  static int __scrt_common_main_seh() [0x89c11992] in exe_common.inl:288
      rbx = 0x000060ce0026c080  rbp = 0x000000b8a0dfef00
      rsp = 0x000000b8a0dffdf0  r12 = 0xaaaaaaaaaaaaaaaa
      r13 = 0x0000000000000009  r14 = 0x000000b8a0dfed00
      r15 = 0x000060ce0028e400  rip = 0x00007ff789c11992

Currently MessagePort class in the utility process will outlive the Javascript environment and if there are pending messages while the process is being destroyed, when the chromium event loop flushes the messages it will cause UAF if the MessagePort class tries to call into JS. The change ensures
that the MessagePort class gets destroyed when the Javascript environment is destroyed.

Release Notes

Notes: fix crash in message ports when utility process exits.

codebytere · 2023-08-02T12:42:08Z

@deepak1556 is there a consistent repro for this? if yes it'd be nice to add a test, but definitely not blocking!

deepak1556 · 2023-08-02T23:56:46Z

@codebytere I don't have a repro for this, validated the fix based on the crash reports in our reporting server.

release-clerk · 2023-08-03T12:30:23Z

Release Notes Persisted

fix crash in message ports when utility process exits.

trop · 2023-08-03T12:30:47Z

I have automatically backported this PR to "25-x-y", please check out #39345

trop · 2023-08-03T12:30:54Z

I have automatically backported this PR to "26-x-y", please check out #39346

helloforrestworld · 2024-05-20T10:13:21Z

v27.2.1 This version still has the same problem, and it doesn't seem to be fixed.

`Operating system: Windows NT
10.0.19045 2788
CPU: amd64
family 6 model 63 stepping 2
20 CPUs

GPU: UNKNOWN

Crash reason: EXCEPTION_BREAKPOINT
Crash address: 0x7ff79f505aed
Process uptime: 26127 seconds

Thread 0 (crashed)
0 开播助手.exe!electron::JavascriptEnvironment::GetIsolate() [javascript_environment.cc : 325 + 0x1]
rax = 0x0000000000000000 rdx = 0x00007ff7a9157901
rcx = 0xbbe6f4fec97e0000 rbx = 0x0000008bddffe178
rsi = 0x00007ff7a9151730 rdi = 0x0000008bddffe3d0
rbp = 0x000002ec000e4868 rsp = 0x0000008bddffe028
r8 = 0x0000000000000000 r9 = 0x00007ffab821c730
r10 = 0x00000ffef4581570 r11 = 0x0001000000000000
r12 = 0x0000008bddffe3d0 r13 = 0x000002ec000e4818
r14 = 0x0000008bddffe100 r15 = 0x0000008bddffe4c8
rip = 0x00007ff79f505aed
Found by: given as instruction pointer in context
1 开播助手.exe!electron::ParentPort::Accept(mojo::Message *) [parent_port.cc : 83 + 0x9]
rax = 0x0000000000000000 rdx = 0x00007ff7a9157901
rcx = 0xbbe6f4fec97e0000 rbx = 0x0000008bddffe178
rsi = 0x00007ff7a9151730 rdi = 0x0000008bddffe3d0
rbp = 0x000002ec000e4868 rsp = 0x0000008bddffe030
r8 = 0x0000000000000000 r9 = 0x00007ffab821c730
r10 = 0x00000ffef4581570 r11 = 0x0001000000000000
r12 = 0x0000008bddffe3d0 r13 = 0x000002ec000e4818
r14 = 0x0000008bddffe100 r15 = 0x0000008bddffe4c8
rip = 0x00007ff79f5bfa7d
Found by: simulating a return from leaf function
2 开播助手.exe!static void mojo::Connector::ReadAllAvailableMessages() [connector.cc : 618 + 0x221]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffe330 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a345939a
Found by: call frame info
3 开播助手.exe!base::TaskAnnotator::RunTaskImpl(base::PendingTask &) [task_annotator.cc : 201 + 0x19]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffe570 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a3417e12
Found by: call frame info
4 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() [thread_controller_with_message_pump_impl.cc : 345 + 0x340]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffe6b0 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a34daf30
Found by: call frame info
5 开播助手.exe!base::MessagePumpDefault::Run(base::MessagePump::Delegate *) [message_pump_default.cc : 40 + 0x1d]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffea00 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a34e2c5f
Found by: call frame info
6 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) [thread_controller_with_message_pump_impl.cc : 645 + 0x11]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffea90 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a1436af6
Found by: call frame info
7 开播助手.exe!base::RunLoop::Run(base::Location const &) [run_loop.cc : 134 + 0x17]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffeb20 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a0d69508
Found by: call frame info
8 开播助手.exe!content::UtilityMain(content::MainFunctionParams) [utility_main.cc : 407 + 0x2e]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddffec30 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a0a8143c
Found by: call frame info
9 开播助手.exe!static int content::RunOtherNamedProcessTypeMain(const class std::__Cr::basic_string<char,std::__Cr::char_traits,std::__Cr::allocator > & const, struct content::MainFunctionParams, class content::ContentMainDelegate *) [content_main_runner_impl.cc : 771 + 0x34]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff000 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff79f6a7bc4
Found by: call frame info
10 开播助手.exe!content::ContentMainRunnerImpl::Run() [content_main_runner_impl.cc : 1144 + 0x18]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff190 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff79f6a897c
Found by: call frame info
11 开播助手.exe!static int content::RunContentProcess(struct content::ContentMainParams, class content::ContentMainRunner *) [content_main.cc : 330 + 0x8]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff340 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff79f6a4d94
Found by: call frame info
12 开播助手.exe!content::ContentMain(content::ContentMainParams) [content_main.cc : 347 + 0x5]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff5a0 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff79f6a4f0d
Found by: call frame info
13 开播助手.exe!wWinMain [electron_main_win.cc : 239 + 0x13]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff630 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff79f3eaef7
Found by: call frame info
14 开播助手.exe!static int __scrt_common_main_seh() [exe_common.inl : 288 + 0x21]
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff840 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ff7a3892be2
Found by: call frame info
15 KERNEL32.DLL + 0x17604
rbx = 0x0000008bddffe178 rbp = 0x000002ec000e4868
rsp = 0x0000008bddfff880 r12 = 0x0000008bddffe3d0
r13 = 0x000002ec000e4818 r14 = 0x0000008bddffe100
r15 = 0x0000008bddffe4c8 rip = 0x00007ffab8077604
Found by: call frame info
16 ntdll.dll + 0x526a1
rbp = 0x000002ec000e4868 rsp = 0x0000008bddfff8b0
rip = 0x00007ffab81e26a1
Found by: stack scanning
17 KERNELBASE.dll + 0x117fe0
rbp = 0x000002ec000e4868 rsp = 0x0000008bddfff900
rip = 0x00007ffab5ee7fe0
Found by: stack scanning

Thread 1
0 ntdll.dll + 0x9d0e4
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x0000000000000244 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x0000000000000244
rbp = 0x0000000000000001 rsp = 0x0000008bdffff338
r8 = 0x00004534002b0190 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x0000000000000244 r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d0e4
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x22d1e
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x0000000000000244 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x0000000000000244
rbp = 0x0000000000000001 rsp = 0x0000008bdffff340
r8 = 0x00004534002b0190 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x0000000000000244 r15 = 0x7fffffffffffffff
rip = 0x00007ffab5df2d1e
Found by: simulating a return from leaf function
2 开播助手.exe!base::SampleMetadata::Remove() [sample_metadata.cc : 40 + 0x21]
rsp = 0x0000008bdffff360 rip = 0x00007ff7a0d6b1a6
Found by: stack scanning
3 开播助手.exe!base::sequence_manager::internal::ThreadController::RunLevelTracker::OnIdle(base::LazyNow &) [thread_controller.cc : 218 + 0x10]
rsp = 0x0000008bdffff3c0 rip = 0x00007ff7a34dd325
Found by: call frame info
4 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoIdleWork() [thread_controller_with_message_pump_impl.cc : 609 + 0x10]
rsp = 0x0000008bdffff4b0 rip = 0x00007ff7a34db8df
Found by: call frame info
5 开播助手.exe!base::MessagePumpDefault::Run(base::MessagePump::Delegate *) [message_pump_default.cc : 56 + 0x8]
rsp = 0x0000008bdffff5b0 rip = 0x00007ff7a34e2ca5
Found by: call frame info
6 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) [thread_controller_with_message_pump_impl.cc : 645 + 0x11]
rsp = 0x0000008bdffff640 rip = 0x00007ff7a1436af6
Found by: call frame info
7 开播助手.exe!base::RunLoop::Run(base::Location const &) [run_loop.cc : 134 + 0x17]
rsp = 0x0000008bdffff6d0 rip = 0x00007ff7a0d69508
Found by: call frame info
8 开播助手.exe!base::Thread::Run(base::RunLoop *) [thread.cc : 337 + 0x2c]
rsp = 0x0000008bdffff7e0 rip = 0x00007ff7a0d531e4
Found by: call frame info
9 开播助手.exe!base::Thread::ThreadMain() [thread.cc : 409 + 0x13]
rsp = 0x0000008bdffff840 rip = 0x00007ff7a0d5336c
Found by: call frame info
10 开播助手.exe!static unsigned long base::`anonymous namespace'::ThreadFunc(void *) [platform_thread_win.cc : 133 + 0xf]
rsp = 0x0000008bdffff8d0 rip = 0x00007ff7a0d36e43
Found by: call frame info
11 KERNEL32.DLL + 0x17604
rsp = 0x0000008bdffff960 rip = 0x00007ffab8077604
Found by: call frame info
12 ntdll.dll + 0x526a1
rsp = 0x0000008bdffff990 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 2
0 ntdll.dll + 0x9d184
rax = 0x0000000000000009 rdx = 0x0000008be07ffdb0
rcx = 0x0000000000000278 rbx = 0x0000008be07ffda8
rsi = 0x00004534002e0700 rdi = 0x0000008be07ffdbc
rbp = 0x0000000000000000 rsp = 0x0000008be07ffcf8
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x0000000000000000 r13 = 0x0000008be07ffdc8
r14 = 0x0000000000000000 r15 = 0x0000000000000000
rip = 0x00007ffab822d184
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x53f9f
rax = 0x0000000000000009 rdx = 0x0000008be07ffdb0
rcx = 0x0000000000000278 rbx = 0x0000008be07ffda8
rsi = 0x00004534002e0700 rdi = 0x0000008be07ffdbc
rbp = 0x0000000000000000 rsp = 0x0000008be07ffd00
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x0000000000000000 r13 = 0x0000008be07ffdc8
r14 = 0x0000000000000000 r15 = 0x0000000000000000
rip = 0x00007ffab5e23f9f
Found by: simulating a return from leaf function
2 开播助手.exe!static unsigned long `anonymous namespace'::TargetEventsThread(void *) [broker_services.cc : 132 + 0x20]
rsp = 0x0000008be07ffd60 rip = 0x00007ff7a149aefe
Found by: stack scanning
3 KERNEL32.DLL + 0x17604
rsp = 0x0000008be07ffe40 rip = 0x00007ffab8077604
Found by: call frame info
4 ntdll.dll + 0x526a1
rsp = 0x0000008be07ffe70 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 3
0 ntdll.dll + 0x9d0e4
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002c8 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002c8
rbp = 0x0000000000000001 rsp = 0x0000008be0fff118
r8 = 0x0000000000000fe0 r9 = 0xffffffffffffffe0
r10 = 0x00007ff79f1f0000 r11 = 0x0000000000000200
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002c8 r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d0e4
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x22d1e
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002c8 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002c8
rbp = 0x0000000000000001 rsp = 0x0000008be0fff120
r8 = 0x0000000000000fe0 r9 = 0xffffffffffffffe0
r10 = 0x00007ff79f1f0000 r11 = 0x0000000000000200
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002c8 r15 = 0x7fffffffffffffff
rip = 0x00007ffab5df2d1e
Found by: simulating a return from leaf function
2 开播助手.exe!base::SampleMetadata::Remove() [sample_metadata.cc : 40 + 0x21]
rsp = 0x0000008be0fff140 rip = 0x00007ff7a0d6b1a6
Found by: stack scanning
3 开播助手.exe!base::sequence_manager::internal::ThreadController::RunLevelTracker::OnIdle(base::LazyNow &) [thread_controller.cc : 218 + 0x10]
rsp = 0x0000008be0fff1a0 rip = 0x00007ff7a34dd325
Found by: call frame info
4 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoIdleWork() [thread_controller_with_message_pump_impl.cc : 609 + 0x10]
rsp = 0x0000008be0fff290 rip = 0x00007ff7a34db8df
Found by: call frame info
5 开播助手.exe!base::MessagePumpDefault::Run(base::MessagePump::Delegate *) [message_pump_default.cc : 56 + 0x8]
rsp = 0x0000008be0fff390 rip = 0x00007ff7a34e2ca5
Found by: call frame info
6 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) [thread_controller_with_message_pump_impl.cc : 645 + 0x11]
rsp = 0x0000008be0fff420 rip = 0x00007ff7a1436af6
Found by: call frame info
7 开播助手.exe!base::RunLoop::Run(base::Location const &) [run_loop.cc : 134 + 0x17]
rsp = 0x0000008be0fff4b0 rip = 0x00007ff7a0d69508
Found by: call frame info
8 开播助手.exe!base::Thread::Run(base::RunLoop *) [thread.cc : 337 + 0x2c]
rsp = 0x0000008be0fff5c0 rip = 0x00007ff7a0d531e4
Found by: call frame info
9 开播助手.exe!base::internal::ServiceThread::Run(base::RunLoop *) [service_thread.cc : 15 + 0x5]
rsp = 0x0000008be0fff620 rip = 0x00007ff7a1bab718
Found by: call frame info
10 开播助手.exe!base::Thread::ThreadMain() [thread.cc : 409 + 0x13]
rsp = 0x0000008be0fff660 rip = 0x00007ff7a0d5336c
Found by: call frame info
11 开播助手.exe!static unsigned long base::`anonymous namespace'::ThreadFunc(void *) [platform_thread_win.cc : 133 + 0xf]
rsp = 0x0000008be0fff6f0 rip = 0x00007ff7a0d36e43
Found by: call frame info
12 KERNEL32.DLL + 0x17604
rsp = 0x0000008be0fff780 rip = 0x00007ffab8077604
Found by: call frame info
13 ntdll.dll + 0x526a1
rsp = 0x0000008be0fff7b0 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 4
0 ntdll.dll + 0x9d0e4
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002b4 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002b4
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff378
r8 = 0x0000000000027000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002b4 r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d0e4
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x22d1e
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002b4 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002b4
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff380
r8 = 0x0000000000027000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002b4 r15 = 0x7fffffffffffffff
rip = 0x00007ffab5df2d1e
Found by: simulating a return from leaf function
2 开播助手.exe!_tailMerge_winusb.dll + 0xa70add
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff3a0
rip = 0x00007ff7a8351c7f
Found by: stack scanning
3 开播助手.exe!base::WaitableEvent::TimedWaitImpl(base::TimeDelta) [waitable_event_win.cc : 74 + 0x3]
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff420
rip = 0x00007ff7a3408380
Found by: stack scanning
4 开播助手.exe!base::WaitableEvent::TimedWait(base::TimeDelta) [waitable_event.cc : 39 + 0xb]
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff4a0
rip = 0x00007ff7a3419c68
Found by: call frame info
5 开播助手.exe!static void base::internal::WorkerThread::RunWorker() [worker_thread.cc : 469 + 0xde]
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff5f0
rip = 0x00007ff7a3782617
Found by: call frame info
6 开播助手.exe!static void base::internal::WorkerThread::RunPooledWorker() [worker_thread.cc : 359 + 0x5]
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff7a0
rip = 0x00007ff7a2291af8
Found by: call frame info
7 开播助手.exe!static unsigned long base::`anonymous namespace'::ThreadFunc(void *) [platform_thread_win.cc : 133 + 0xf]
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff7e0
rip = 0x00007ff7a0d36e43
Found by: call frame info
8 KERNEL32.DLL + 0x17604
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff870
rip = 0x00007ffab8077604
Found by: call frame info
9 ntdll.dll + 0x526a1
rbp = 0x80000000000f4241 rsp = 0x0000008be17ff8a0
rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 5
0 ntdll.dll + 0x9d0e4
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002bc rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002bc
rbp = 0x0000000000000001 rsp = 0x0000008be1fff8e8
r8 = 0x000000000001a000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002bc r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d0e4
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x22d1e
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002bc rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002bc
rbp = 0x0000000000000001 rsp = 0x0000008be1fff8f0
r8 = 0x000000000001a000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002bc r15 = 0x7fffffffffffffff
rip = 0x00007ffab5df2d1e
Found by: simulating a return from leaf function
2 开播助手.exe!malloc [allocator_shim_override_ucrt_symbols_win.h : 73 + 0x19]
rsp = 0x0000008be1fff970 rip = 0x00007ff7a2c07a63
Found by: stack scanning

Thread 6
0 ntdll.dll + 0x9d184
rax = 0x0000000000000009 rdx = 0x0000008be27ff3d0
rcx = 0x00000000000002f0 rbx = 0x0000008be27ff388
rsi = 0x000002ec00011260 rdi = 0x0000008be27ff380
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff0f8
r8 = 0x0000008be27ff408 r9 = 0xaaaaaaaaaaaaaaaa
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x000002ec00000000 r13 = 0xfffffffc00000000
r14 = 0x7fffffffffffffff r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d184
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x53f9f
rax = 0x0000000000000009 rdx = 0x0000008be27ff3d0
rcx = 0x00000000000002f0 rbx = 0x0000008be27ff388
rsi = 0x000002ec00011260 rdi = 0x0000008be27ff380
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff100
r8 = 0x0000008be27ff408 r9 = 0xaaaaaaaaaaaaaaaa
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x000002ec00000000 r13 = 0xfffffffc00000000
r14 = 0x7fffffffffffffff r15 = 0x7fffffffffffffff
rip = 0x00007ffab5e23f9f
Found by: simulating a return from leaf function
2 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() [thread_controller_with_message_pump_impl.cc : 399 + 0x10]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff120
rip = 0x00007ff7a34db29b
Found by: stack scanning
3 开播助手.exe!base::MessagePumpForIO::DoRunLoop() [message_pump_win.cc : 733 + 0x30]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff470
rip = 0x00007ff7a340abe7
Found by: call frame info
4 开播助手.exe!base::MessagePumpWin::Run(base::MessagePump::Delegate *) [message_pump_win.cc : 77 + 0x10]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff820
rip = 0x00007ff7a0d3d8ed
Found by: call frame info
5 开播助手.exe!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) [thread_controller_with_message_pump_impl.cc : 645 + 0x11]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff880
rip = 0x00007ff7a1436af6
Found by: call frame info
6 开播助手.exe!base::RunLoop::Run(base::Location const &) [run_loop.cc : 134 + 0x17]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ff910
rip = 0x00007ff7a0d69508
Found by: call frame info
7 开播助手.exe!base::Thread::Run(base::RunLoop *) [thread.cc : 337 + 0x2c]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffa20
rip = 0x00007ff7a0d531e4
Found by: call frame info
8 开播助手.exe!content::anonymous namespace'::ChildIOThread::Run(base::RunLoop *) [child_process.cc : 60 + 0xb] rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffa80 rip = 0x00007ff7a1171b4b Found by: call frame info 9 开播助手.exe!base::Thread::ThreadMain() [thread.cc : 409 + 0x13] rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffae0 rip = 0x00007ff7a0d5336c Found by: call frame info 10 开播助手.exe!static unsigned long base::anonymous namespace'::ThreadFunc(void *) [platform_thread_win.cc : 133 + 0xf]
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffb70
rip = 0x00007ff7a0d36e43
Found by: call frame info
11 KERNEL32.DLL + 0x17604
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffc00
rip = 0x00007ffab8077604
Found by: call frame info
12 ntdll.dll + 0x526a1
rbp = 0xaaaaaaaaaaaaaaaa rsp = 0x0000008be27ffc30
rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 7
0 ntdll.dll + 0x9d0e4
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002d8 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002d8
rbp = 0x0000000000000001 rsp = 0x0000008be2fff388
r8 = 0x000000000002c000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002d8 r15 = 0x7fffffffffffffff
rip = 0x00007ffab822d0e4
Found by: given as instruction pointer in context
1 KERNELBASE.dll + 0x22d1e
rax = 0x0000000000000004 rdx = 0x0000000000000000
rcx = 0x00000000000002d8 rbx = 0x0000000000000000
rsi = 0x0000000000000000 rdi = 0x00000000000002d8
rbp = 0x0000000000000001 rsp = 0x0000008be2fff390
r8 = 0x000000000002c000 r9 = 0x0000000000000000
r10 = 0x0000000000000000 r11 = 0x0000000000000246
r12 = 0x00007ffab8085230 r13 = 0x20c49ba5e353f7cf
r14 = 0x00000000000002d8 r15 = 0x7fffffffffffffff
rip = 0x00007ffab5df2d1e
Found by: simulating a return from leaf function
2 开播助手.exe!base::WaitableEvent::TimedWaitImpl(base::TimeDelta) [waitable_event_win.cc : 74 + 0x3]
rsp = 0x0000008be2fff430 rip = 0x00007ff7a3408380
Found by: stack scanning
3 开播助手.exe!base::WaitableEvent::TimedWait(base::TimeDelta) [waitable_event.cc : 39 + 0xb]
rsp = 0x0000008be2fff4b0 rip = 0x00007ff7a3419c68
Found by: call frame info
4 开播助手.exe!base::internal::WorkerThread::Delegate::WaitForWork(base::WaitableEvent *) [worker_thread.cc : 130 + 0xc]
rsp = 0x0000008be2fff600 rip = 0x00007ff7a22914ca
Found by: call frame info
5 开播助手.exe!static void base::internal::WorkerThread::RunWorker() [worker_thread.cc : 438 + 0x14]
rsp = 0x0000008be2fff680 rip = 0x00007ff7a3781df3
Found by: call frame info
6 开播助手.exe!static void base::internal::WorkerThread::RunPooledWorker() [worker_thread.cc : 359 + 0x5]
rsp = 0x0000008be2fff830 rip = 0x00007ff7a2291af8
Found by: call frame info
7 开播助手.exe!static unsigned long base::`anonymous namespace'::ThreadFunc(void *) [platform_thread_win.cc : 133 + 0xf]
rsp = 0x0000008be2fff870 rip = 0x00007ff7a0d36e43
Found by: call frame info
8 KERNEL32.DLL + 0x17604
rsp = 0x0000008be2fff900 rip = 0x00007ffab8077604
Found by: call frame info
9 ntdll.dll + 0x526a1
rsp = 0x0000008be2fff930 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 8
0 ntdll.dll + 0xa0a74
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be5fffb98 rdi = 0x0000000000000000
rbp = 0x0000008be5fffbc0 rsp = 0x0000008be5fffb68
r8 = 0x0000000000000060 r9 = 0x0000000000000001
r10 = 0x00000fff56999fb8 r11 = 0x0100000100000000
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab8230a74
Found by: given as instruction pointer in context
1 ntdll.dll + 0x643a5
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be5fffb98 rdi = 0x0000000000000000
rbp = 0x0000008be5fffbc0 rsp = 0x0000008be5fffb70
r8 = 0x0000000000000060 r9 = 0x0000000000000001
r10 = 0x00000fff56999fb8 r11 = 0x0100000100000000
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab81f43a5
Found by: simulating a return from leaf function
2 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be5fffbc8 rip = 0x00007ff7a94eacf0
Found by: stack scanning
3 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b3e
rsp = 0x0000008be5fffbd0 rip = 0x00007ff7a94eace0
Found by: stack scanning
4 KERNELBASE.dll + 0x73039
rsp = 0x0000008be5fffbe0 rip = 0x00007ffab5e43039
Found by: stack scanning
5 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be5fffbe8 rip = 0x00007ff7a94eacf0
Found by: stack scanning
6 开播助手.exe!_tailMerge_winusb.dll + 0x1c09aae
rsp = 0x0000008be5fffbf0 rip = 0x00007ff7a94eac50
Found by: stack scanning
7 开播助手.exe!_tailMerge_winusb.dll + 0x1c09ad6
rsp = 0x0000008be5fffbf8 rip = 0x00007ff7a94eac78
Found by: stack scanning
8 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be5fffc08 rip = 0x00007ff7a94eacf0
Found by: stack scanning
9 开播助手.exe!uv_cond_wait [thread.c : 373 + 0xc]
rsp = 0x0000008be5fffc10 rip = 0x00007ff7a13f70a0
Found by: stack scanning
10 开播助手.exe!static void worker(void *) [threadpool.c : 76 + 0xb]
rsp = 0x0000008be5fffc40 rip = 0x00007ff7a1b9bbf4
Found by: call frame info
11 开播助手.exe!static unsigned int uv__thread_start(void ) [thread.c : 108 + 0xc]
rsp = 0x0000008be5fffcb0 rip = 0x00007ff7a13f6b87
Found by: call frame info
12 开播助手.exe!static unsigned long thread_start<unsigned int (__cdecl)(void *),1>(void *) [thread.cpp : 97 + 0x17]
rsp = 0x0000008be5fffd00 rip = 0x00007ff7a38a80ca
Found by: call frame info
13 KERNEL32.DLL + 0x17604
rsp = 0x0000008be5fffd30 rip = 0x00007ffab8077604
Found by: call frame info
14 ntdll.dll + 0x526a1
rsp = 0x0000008be5fffd60 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 9
0 ntdll.dll + 0xa0a74
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be67ffd18 rdi = 0x0000000000000000
rbp = 0x0000008be67ffd40 rsp = 0x0000008be67ffce8
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x0000000000000080 r11 = 0x0000008be67ffbe0
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab8230a74
Found by: given as instruction pointer in context
1 ntdll.dll + 0x643a5
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be67ffd18 rdi = 0x0000000000000000
rbp = 0x0000008be67ffd40 rsp = 0x0000008be67ffcf0
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x0000000000000080 r11 = 0x0000008be67ffbe0
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab81f43a5
Found by: simulating a return from leaf function
2 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be67ffd48 rip = 0x00007ff7a94eacf0
Found by: stack scanning
3 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b3e
rsp = 0x0000008be67ffd50 rip = 0x00007ff7a94eace0
Found by: stack scanning
4 KERNELBASE.dll + 0x73039
rsp = 0x0000008be67ffd60 rip = 0x00007ffab5e43039
Found by: stack scanning
5 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be67ffd68 rip = 0x00007ff7a94eacf0
Found by: stack scanning
6 开播助手.exe!_tailMerge_winusb.dll + 0x1c09aae
rsp = 0x0000008be67ffd70 rip = 0x00007ff7a94eac50
Found by: stack scanning
7 开播助手.exe!_tailMerge_winusb.dll + 0x1c09ad6
rsp = 0x0000008be67ffd78 rip = 0x00007ff7a94eac78
Found by: stack scanning
8 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be67ffd88 rip = 0x00007ff7a94eacf0
Found by: stack scanning
9 开播助手.exe!uv_cond_wait [thread.c : 373 + 0xc]
rsp = 0x0000008be67ffd90 rip = 0x00007ff7a13f70a0
Found by: stack scanning
10 开播助手.exe!static void worker(void *) [threadpool.c : 76 + 0xb]
rsp = 0x0000008be67ffdc0 rip = 0x00007ff7a1b9bbf4
Found by: call frame info
11 开播助手.exe!static unsigned int uv__thread_start(void ) [thread.c : 108 + 0xc]
rsp = 0x0000008be67ffe30 rip = 0x00007ff7a13f6b87
Found by: call frame info
12 开播助手.exe!static unsigned long thread_start<unsigned int (__cdecl)(void *),1>(void *) [thread.cpp : 97 + 0x17]
rsp = 0x0000008be67ffe80 rip = 0x00007ff7a38a80ca
Found by: call frame info
13 KERNEL32.DLL + 0x17604
rsp = 0x0000008be67ffeb0 rip = 0x00007ffab8077604
Found by: call frame info
14 ntdll.dll + 0x526a1
rsp = 0x0000008be67ffee0 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 10
0 ntdll.dll + 0xa0a74
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be6fffb38 rdi = 0x0000000000000000
rbp = 0x0000008be6fffb60 rsp = 0x0000008be6fffb08
r8 = 0x0000000000000000 r9 = 0x0000000000000009
r10 = 0x0000000000000000 r11 = 0x0000000000000017
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab8230a74
Found by: given as instruction pointer in context
1 ntdll.dll + 0x643a5
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be6fffb38 rdi = 0x0000000000000000
rbp = 0x0000008be6fffb60 rsp = 0x0000008be6fffb10
r8 = 0x0000000000000000 r9 = 0x0000000000000009
r10 = 0x0000000000000000 r11 = 0x0000000000000017
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab81f43a5
Found by: simulating a return from leaf function
2 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be6fffb68 rip = 0x00007ff7a94eacf0
Found by: stack scanning
3 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b3e
rsp = 0x0000008be6fffb70 rip = 0x00007ff7a94eace0
Found by: stack scanning
4 KERNELBASE.dll + 0x73039
rsp = 0x0000008be6fffb80 rip = 0x00007ffab5e43039
Found by: stack scanning
5 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be6fffb88 rip = 0x00007ff7a94eacf0
Found by: stack scanning
6 开播助手.exe!_tailMerge_winusb.dll + 0x1c09aae
rsp = 0x0000008be6fffb90 rip = 0x00007ff7a94eac50
Found by: stack scanning
7 开播助手.exe!_tailMerge_winusb.dll + 0x1c09ad6
rsp = 0x0000008be6fffb98 rip = 0x00007ff7a94eac78
Found by: stack scanning
8 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be6fffba8 rip = 0x00007ff7a94eacf0
Found by: stack scanning
9 开播助手.exe!uv_cond_wait [thread.c : 373 + 0xc]
rsp = 0x0000008be6fffbb0 rip = 0x00007ff7a13f70a0
Found by: stack scanning
10 开播助手.exe!static void worker(void *) [threadpool.c : 76 + 0xb]
rsp = 0x0000008be6fffbe0 rip = 0x00007ff7a1b9bbf4
Found by: call frame info
11 开播助手.exe!static unsigned int uv__thread_start(void ) [thread.c : 108 + 0xc]
rsp = 0x0000008be6fffc50 rip = 0x00007ff7a13f6b87
Found by: call frame info
12 开播助手.exe!static unsigned long thread_start<unsigned int (__cdecl)(void *),1>(void *) [thread.cpp : 97 + 0x17]
rsp = 0x0000008be6fffca0 rip = 0x00007ff7a38a80ca
Found by: call frame info
13 KERNEL32.DLL + 0x17604
rsp = 0x0000008be6fffcd0 rip = 0x00007ffab8077604
Found by: call frame info
14 ntdll.dll + 0x526a1
rsp = 0x0000008be6fffd00 rip = 0x00007ffab81e26a1
Found by: stack scanning

Thread 11
0 ntdll.dll + 0xa0a74
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be77ff768 rdi = 0x0000000000000000
rbp = 0x0000008be77ff790 rsp = 0x0000008be77ff738
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x000000000000006d r11 = 0x0000008be77fd8d0
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab8230a74
Found by: given as instruction pointer in context
1 ntdll.dll + 0x643a5
rax = 0x00000000000001d1 rdx = 0x0000000000000000
rcx = 0x00007ff7a94eac50 rbx = 0x0000000000000000
rsi = 0x0000008be77ff768 rdi = 0x0000000000000000
rbp = 0x0000008be77ff790 rsp = 0x0000008be77ff740
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x000000000000006d r11 = 0x0000008be77fd8d0
r12 = 0x0000000000000000 r13 = 0x00000000000000f0
r14 = 0x00007ff7a94eac50 r15 = 0x00007ff7a94eac78
rip = 0x00007ffab81f43a5
Found by: simulating a return from leaf function
2 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be77ff798 rip = 0x00007ff7a94eacf0
Found by: stack scanning
3 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b3e
rsp = 0x0000008be77ff7a0 rip = 0x00007ff7a94eace0
Found by: stack scanning
4 KERNELBASE.dll + 0x73039
rsp = 0x0000008be77ff7b0 rip = 0x00007ffab5e43039
Found by: stack scanning
5 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be77ff7b8 rip = 0x00007ff7a94eacf0
Found by: stack scanning
6 开播助手.exe!_tailMerge_winusb.dll + 0x1c09aae
rsp = 0x0000008be77ff7c0 rip = 0x00007ff7a94eac50
Found by: stack scanning
7 开播助手.exe!_tailMerge_winusb.dll + 0x1c09ad6
rsp = 0x0000008be77ff7c8 rip = 0x00007ff7a94eac78
Found by: stack scanning
8 开播助手.exe!_tailMerge_winusb.dll + 0x1c09b4e
rsp = 0x0000008be77ff7d8 rip = 0x00007ff7a94eacf0
Found by: stack scanning
9 开播助手.exe!uv_cond_wait [thread.c : 373 + 0xc]
rsp = 0x0000008be77ff7e0 rip = 0x00007ff7a13f70a0
Found by: stack scanning
10 开播助手.exe!static void worker(void *) [threadpool.c : 76 + 0xb]
rsp = 0x0000008be77ff810 rip = 0x00007ff7a1b9bbf4
Found by: call frame info
11 开播助手.exe!static unsigned int uv__thread_start(void ) [thread.c : 108 + 0xc]
rsp = 0x0000008be77ff880 rip = 0x00007ff7a13f6b87
Found by: call frame info
12 开播助手.exe!static unsigned long thread_start<unsigned int (__cdecl)(void *),1>(void *) [thread.cpp : 97 + 0x17]
rsp = 0x0000008be77ff8d0 rip = 0x00007ff7a38a80ca
Found by: call frame info
13 KERNEL32.DLL + 0x17604
rsp = 0x0000008be77ff900 rip = 0x00007ffab8077604
Found by: call frame info
14 ntdll.dll + 0x526a1
rsp = 0x0000008be77ff930 rip = 0x00007ffab81e26a1
Found by: stack scanning

Loaded modules:
0x7ff79f1f0000 - 0x7ff7a9a68fff 开播助手.exe 1.4.600.0 (main)
0x7ffa83f80000 - 0x7ffa843a4fff ffmpeg.dll 0.0.0.0
0x7ffa9d980000 - 0x7ffa9d991fff winrnr.dll 10.0.19041.546
0x7ffa9d9a0000 - 0x7ffa9d9b4fff wshbth.dll 10.0.19041.546
0x7ffa9d9c0000 - 0x7ffa9d9dafff pnrpnsp.dll 10.0.19041.546
0x7ffa9db90000 - 0x7ffa9dba6fff napinsp.dll 10.0.19041.546
0x7ffaa28c0000 - 0x7ffaa28cbfff Secur32.dll 10.0.19041.546
0x7ffaa28d0000 - 0x7ffaa2967fff WINSPOOL.DRV 10.0.19041.2788
0x7ffaa4400000 - 0x7ffaa4409fff rasadhlp.dll 10.0.19041.546
0x7ffaabdc0000 - 0x7ffaabe3ffff fwpuclnt.dll 10.0.19041.2486
0x7ffaac790000 - 0x7ffaac7b6fff WINMM.dll 10.0.19041.546
0x7ffaaf400000 - 0x7ffaaf409fff VERSION.dll 10.0.19041.546
0x7ffaafa70000 - 0x7ffaafb79fff WINHTTP.dll 10.0.19041.2673
0x7ffaafd50000 - 0x7ffaafd66fff dhcpcsvc6.DLL 10.0.19041.2673
0x7ffaaff70000 - 0x7ffaaff8cfff dhcpcsvc.DLL 10.0.19041.2673
0x7ffab0da0000 - 0x7ffab0dbcfff NLAapi.dll 10.0.19041.2193
0x7ffab24b0000 - 0x7ffab254dfff uxtheme.dll 10.0.19041.2193
0x7ffab2fd0000 - 0x7ffab324efff DWrite.dll 10.0.19041.1566
0x7ffab34c0000 - 0x7ffab36a3fff dbghelp.dll 10.0.19041.867
0x7ffab4360000 - 0x7ffab4371fff kernel.appcore.dll 10.0.19041.546
0x7ffab49c0000 - 0x7ffab49f2fff ntmarta.dll 10.0.19041.546
0x7ffab4c70000 - 0x7ffab4cabfff IPHLPAPI.DLL 10.0.19041.2788
0x7ffab4cb0000 - 0x7ffab4d7afff DNSAPI.dll 10.0.19041.2546
0x7ffab4f80000 - 0x7ffab4fe9fff mswsock.dll 10.0.19041.546
0x7ffab5190000 - 0x7ffab519bfff CRYPTBASE.DLL 10.0.19041.546
0x7ffab56f0000 - 0x7ffab5701fff UMPDC.dll 0.0.0.0
0x7ffab5710000 - 0x7ffab575afff powrprof.dll 10.0.19041.546
0x7ffab5760000 - 0x7ffab5791fff SSPICLI.DLL 10.0.19041.2130
0x7ffab57a0000 - 0x7ffab57cdfff USERENV.dll 10.0.19041.572
0x7ffab58a0000 - 0x7ffab59affff gdi32full.dll 10.0.19041.2788
0x7ffab5a60000 - 0x7ffab5ae1fff bcryptPrimitives.dll 10.0.19041.2486
0x7ffab5b40000 - 0x7ffab5b61fff win32u.dll 10.0.19041.2788
0x7ffab5b70000 - 0x7ffab5cc5fff CRYPT32.dll 10.0.19041.2486
0x7ffab5cd0000 - 0x7ffab5dcffff ucrtbase.dll 10.0.19041.789
0x7ffab5dd0000 - 0x7ffab60a9fff KERNELBASE.dll 10.0.19041.2788 (WARNING: No symbols, kernelbase.pdb, 2C446BDD83FED14F819F479BF3DC0B221)
0x7ffab6120000 - 0x7ffab6146fff bcrypt.dll 10.0.19041.2486
0x7ffab6150000 - 0x7ffab61ecfff msvcp_win.dll 10.0.19041.789
0x7ffab6250000 - 0x7ffab65a3fff combase.dll 10.0.19041.2788
0x7ffab65b0000 - 0x7ffab661afff WS2_32.dll 10.0.19041.546
0x7ffab6620000 - 0x7ffab6743fff RPCRT4.dll 10.0.19041.2788
0x7ffab6a10000 - 0x7ffab6bacfff USER32.dll 10.0.19041.2788
0x7ffab6bb0000 - 0x7ffab6c7cfff OLEAUT32.dll 10.0.19041.985
0x7ffab6d70000 - 0x7ffab6d9afff GDI32.dll 10.0.19041.2130
0x7ffab6e30000 - 0x7ffab6ecbfff sechost.dll 10.0.19041.1865
0x7ffab6ed0000 - 0x7ffab7613fff SHELL32.dll 10.0.19041.2788
0x7ffab7630000 - 0x7ffab76dcfff shcore.dll 10.0.19041.1865
0x7ffab76e0000 - 0x7ffab777dfff msvcrt.dll 7.0.19041.546
0x7ffab7900000 - 0x7ffab79adfff ADVAPI32.dll 10.0.19041.2130
0x7ffab7ea0000 - 0x7ffab7ea7fff NSI.dll 10.0.19041.610
0x7ffab8060000 - 0x7ffab811efff KERNEL32.DLL 10.0.19041.2788 (WARNING: No symbols, kernel32.pdb, 2398AFDFA1973111E0F9C583A87474F01)
0x7ffab8120000 - 0x7ffab814ffff IMM32.DLL 10.0.19041.2673
0x7ffab8190000 - 0x7ffab8387fff ntdll.dll 10.0.19041.2788 (WARNING: No symbols, ntdll.pdb, 76C7BBFD419865CA30108FE0023CF0401)
`

@deepak1556

fix: destroy message port backend when JS env exits

db64dad

electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Aug 2, 2023

deepak1556 added semver/patch backwards-compatible bug fixes target/25-x-y PR should also be added to the "25-x-y" branch. target/26-x-y PR should also be added to the "26-x-y" branch. and removed new-pr 🌱 PR opened in the last 24 hours labels Aug 2, 2023

electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Aug 2, 2023

miniak approved these changes Aug 2, 2023

View reviewed changes

codebytere approved these changes Aug 2, 2023

View reviewed changes

electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Aug 3, 2023

codebytere merged commit e96b161 into main Aug 3, 2023
17 checks passed

codebytere deleted the robo/fix_message_port_crash branch August 3, 2023 12:30

This was referenced Aug 3, 2023

fix: destroy message port backend when JS env exits #39345

Merged

fix: destroy message port backend when JS env exits #39346

Merged

trop bot added in-flight/25-x-y and removed target/25-x-y PR should also be added to the "25-x-y" branch. labels Aug 3, 2023

trop bot added in-flight/26-x-y merged/25-x-y PR was merged to the "25-x-y" branch. merged/26-x-y PR was merged to the "26-x-y" branch. and removed target/26-x-y PR should also be added to the "26-x-y" branch. in-flight/25-x-y in-flight/26-x-y labels Aug 3, 2023

deepak1556 mentioned this pull request Aug 7, 2023

Native Crashes when running Smoke Tests microsoft/vscode#186175

Closed

win32ss pushed a commit to win32ss/supermium-electron that referenced this pull request Sep 24, 2023

fix: destroy message port backend when JS env exits (electron#39335)

f1068a5

commit-lint bot mentioned this pull request Oct 10, 2023

[pull] main from electron:main Blaquez-home/electron#3

Open

MrHuangJser pushed a commit to MrHuangJser/electron that referenced this pull request Dec 11, 2023

fix: destroy message port backend when JS env exits (electron#39335)

924040f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: destroy message port backend when JS env exits #39335

fix: destroy message port backend when JS env exits #39335

deepak1556 commented Aug 2, 2023

codebytere commented Aug 2, 2023

deepak1556 commented Aug 2, 2023

release-clerk bot commented Aug 3, 2023

trop bot commented Aug 3, 2023

trop bot commented Aug 3, 2023

helloforrestworld commented May 20, 2024

fix: destroy message port backend when JS env exits #39335

fix: destroy message port backend when JS env exits #39335

Conversation

deepak1556 commented Aug 2, 2023

Description of Change

Release Notes

codebytere commented Aug 2, 2023

deepak1556 commented Aug 2, 2023

release-clerk bot commented Aug 3, 2023

trop bot commented Aug 3, 2023

trop bot commented Aug 3, 2023

helloforrestworld commented May 20, 2024