we are testing w10 support and we found some crash in Edge in MCH function CreateMetroSd.
Code: Select all
MicrosoftEdgeCP.exe(5).408.dmp
---------------------------------------------
FAULTING_IP:
iertutil!IEConfiguration_GetBool+318
00007fff`cec35bc8 488b04c8 mov rax,qword ptr [rax+rcx*8]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007fffcec35bc8 (iertutil!IEConfiguration_GetBool+0x0000000000000318)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008
PROCESS_NAME: microsoftedgecp.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukce na adrese 0x%08lx odkazovala na adresu pam
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukce na adrese 0x%08lx odkazovala na adresu pam
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000008
READ_ADDRESS: 0000000000000008
FOLLOWUP_IP:
iertutil!IEConfiguration_GetBool+318
00007fff`cec35bc8 488b04c8 mov rax,qword ptr [rax+rcx*8]
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 00000000000016a0
BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_INVALID_POINTER_READ
PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT
LAST_CONTROL_TRANSFER: from 00007fffd11076c9 to 00007fffcec35bc8
STACK_TEXT:
0000000a`85efd050 00007fff`d11076c9 : 0000000a`8601b780 00000000`00000001 00000000`00000090 00007fff`d76a341b : iertutil!IEConfiguration_GetBool+0x318
0000000a`85efd0b0 00007fff`d1107487 : 0000000a`8601b780 0000000a`8601b8e0 00000000`0000000e 0000000a`8600d690 : eshims!CShimBindings::_GetNeededShims+0x69
0000000a`85efd0e0 00007fff`d1107337 : 0000000a`8601b780 00000000`00000001 0000000a`85efd130 00007fff`00000000 : eshims!CShimBindings::_InitializeLoadedModules+0xbf
0000000a`85efd110 00007fff`d1106ee4 : 0000000a`00000004 0000000a`8601b780 00000000`00000090 00000000`00000001 : eshims!CShimBindings::ApplyShims+0x3b
0000000a`85efd140 00007fff`d1107043 : 0000000a`8601b780 00000000`00000001 00000000`00000000 00000000`00000001 : eshims!CShimBindings::DllMainHook+0x80
0000000a`85efd1b0 00007fff`da183d70 : 00000000`00000001 0000000a`85efd4d0 00000000`00000000 0000000a`8601b780 : eshims!CShimBindings::s_DllMainHook+0x73
0000000a`85efd200 00007fff`da1a6be6 : 0000000a`8602e7e0 00007fff`d5e60000 0000000a`00000001 0000000a`8601b780 : ntdll!LdrpCallInitRoutine+0x4c
0000000a`85efd260 00007fff`da1a6a0b : 0000000a`86050dc0 00007fff`da1a1200 0000000a`86050dc0 00007fff`d1106fd0 : ntdll!LdrpInitializeNode+0x182
0000000a`85efd390 00007fff`da1a009d : 00000000`00000000 00000000`00000000 0000000a`85efd420 0000000a`85efd4d0 : ntdll!LdrpInitializeGraphRecurse+0x73
0000000a`85efd3d0 00007fff`da18096c : 0000000a`85efd4d0 00000000`00000000 00000000`00000000 0000000a`85efd640 : ntdll!LdrpPrepareModuleForExecution+0xc5
0000000a`85efd410 00007fff`da1c5b9e : 0000000a`85efd640 0000000a`85efd7e0 0000000a`86008e40 0000000a`86008e40 : ntdll!LdrpLoadDllInternal+0x1a8
0000000a`85efd490 00007fff`da1c5a0d : 00007fff`d7d58bc0 0000000a`86008e40 00007fff`d7d8adf8 00000000`00000000 : ntdll!LdrpLoadForwardedDll+0x132
0000000a`85efd7a0 00007fff`da176b69 : 00007fff`001a0018 00007fff`d7d7a344 0000000a`00000000 00000000`00000000 : ntdll!LdrpGetDelayloadExportDll+0x85
0000000a`85efd890 00007fff`da176e58 : 00000000`00000000 0000000a`8604a6b0 00007fff`d7d7a344 00007fff`d7cf0000 : ntdll!LdrpHandleProtectedDelayload+0x65
0000000a`85efdd80 00007fff`d7d0868c : 0000000a`85efdf78 00000000`00000002 0000000a`85efe018 0000000a`8604aaa0 : ntdll!LdrResolveDelayLoadedAPI+0x88
0000000a`85efdde0 00007fff`d7d0f4ff : 0000000a`86034e00 00007fff`da18a963 0000000a`86052770 00007fff`c5466ce6 : advapi32!_delayLoadHelper2+0x2c
0000000a`85efde20 00007fff`d7d0d8a9 : 00000000`00000002 0000000a`85efdf90 00000000`00000000 0000000a`85efdf78 : advapi32!_tailMerge_api_ms_win_security_provider_l1_1_0_dll+0x3f
0000000a`85efde90 00007fff`c544365d : 00007fff`c54decc8 00007fff`d7d0d7f0 00000000`00000000 0000000a`85efdf78 : advapi32!SetEntriesInAclA+0xb9
0000000a`85efdf00 00007fff`c5443301 : 0000000a`85efe270 00000000`00000000 00000000`00000000 00000000`00000000 : Guard!CreateMetroSd+0x24d [common\libraries\madcodehook\sources\c++\objecttools.cpp @ 357]
0000000a`85efe040 00007fff`c54427ff : 0000000a`85efe238 0000000a`85efe270 00000000`00000001 0000000a`8604aaa0 : Guard!InitSecurityAttributes+0x4b1 [common\libraries\madcodehook\sources\c++\objecttools.cpp @ 440]
0000000a`85efe1f0 00007fff`c54429de : 0000000a`86054590 00007fff`00000008 00000000`00000000 0000000a`86054590 : Guard!InternalCreateFileMapping+0x3f [common\libraries\madcodehook\sources\c++\objecttools.cpp @ 118]
0000000a`85efe2d0 00007fff`c54529b6 : 0000000a`86054590 0000000a`00000008 ffffe001`00000001 00007fff`c5466ce6 : Guard!CreateLocalFileMapping+0x1e [common\libraries\madcodehook\sources\c++\objecttools.cpp @ 233]
0000000a`85efe300 00007fff`c5445e2a : 0000000a`86050be0 0000000a`85efe590 00007fff`d7d21a10 00007fff`d7d21a10 : Guard!CHookQueue::Initialize+0x46 [common\libraries\madcodehook\sources\c++\chookqueue.cpp @ 37]
0000000a`85efe360 00007fff`c54443ba : 0000000a`86046af0 0000000a`85efe540 0000000a`85efe590 00007fff`d7d21a10 : Guard!CCodeHook::InitializeQueue+0x48a [common\libraries\madcodehook\sources\c++\ccodehook.cpp @ 528]
0000000a`85efe4e0 00007fff`c5439d7b : 0000000a`86046af0 00007fff`d7cf0000 0000000a`85efede0 00007fff`d7d21a10 : Guard!CCodeHook::CCodeHook+0x3da [common\libraries\madcodehook\sources\c++\ccodehook.cpp @ 118]
0000000a`85efe7d0 00007fff`c54396f7 : 00007fff`c5290000 00007fff`d7cf0000 00007fff`c547a490 0000000a`85efede0 : Guard!HookCodeInternal+0x17b [common\libraries\madcodehook\sources\c++\hooking.cpp @ 336]
0000000a`85efed70 00007fff`c534c029 : 00007fff`c547a490 0000000a`85efede0 00007fff`c536eec0 00007fff`c54decc8 : Guard!HookAPI+0x127 [common\libraries\madcodehook\sources\c++\hooking.cpp @ 153]
0000000a`85efef00 00007fff`c534c162 : 0000000a`8604a620 0000000a`860504b0 0000000a`8604de90 00007fff`c54d7ae0 : Guard!CHooker::HookFunction+0x139 [client service\modules\hooking\hooker.cpp @ 278]
0000000a`85efef40 00007fff`c539382e : 00007fff`c54d7ae0 0000000a`8604aac4 00000000`00000009 0000000a`86034d58 : Guard!CHooker::HookAllToBeHookedFunctions+0x52 [client service\modules\hooking\hooker.cpp @ 359]
0000000a`85efef70 00007fff`c53930e3 : 00007fff`c54e7ee0 00000000`000016a0 0000000a`86038100 0000000a`86038100 : Guard!DCCInjectionDll::InitHookingEngine+0x72e [client service\modules\injectiondll\injectiondll.cpp @ 605]
0000000a`85eff0b0 00007fff`c5391a08 : 00007fff`c54e7ee0 0000000a`8603bc10 0000000a`8603ba00 0000000a`8608bbf0 : Guard!DCCInjectionDll::Init+0x11a3 [client service\modules\injectiondll\injectiondll.cpp @ 489]
0000000a`85eff190 00007fff`c5453afd : 00000000`00000001 00000000`00000001 0000000a`85eff534 00000000`00000601 : Guard!DllMain+0x208 [client service\modules\injectiondll\injectiondll.cpp @ 80]
0000000a`85eff220 00007fff`da183d70 : 00000000`00000001 00007fff`c5453a30 00007fff`c5290000 00007fff`da1a6cc8 : Guard!__DllMainCRTStartup+0x8d [f:\dd\vctools\crt\crtw32\dllstuff\crtdll.c @ 508]
0000000a`85eff260 00007fff`da1a6be6 : 0000000a`8602dca0 00007fff`c5290000 0000000a`00000001 0000000a`8602ea20 : ntdll!LdrpCallInitRoutine+0x4c
0000000a`85eff2c0 00007fff`da1a6a0b : 0000000a`86014e60 0000000a`86014e00 0000000a`85eff430 00007fff`c5453a30 : ntdll!LdrpInitializeNode+0x182
0000000a`85eff3f0 00007fff`da1a009d : 00000000`00000000 00000000`00000000 0000000a`85eff480 0000000a`85eff534 : ntdll!LdrpInitializeGraphRecurse+0x73
0000000a`85eff430 00007fff`da18096c : 0000000a`85eff534 00000000`00000000 00000000`00000000 0000000a`85eff540 : ntdll!LdrpPrepareModuleForExecution+0xc5
0000000a`85eff470 00007fff`da1805ca : 0000000a`85eff540 0000000a`85eff6d0 00000000`00000000 00000000`00000001 : ntdll!LdrpLoadDllInternal+0x1a8
0000000a`85eff4f0 00007fff`da17af86 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrpLoadDll+0xf2
0000000a`85eff690 00007fff`fffd0322 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrLoadDll+0x96
0000000a`85eff790 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 0000000a`85eff7d0 : 0x7fff`fffd0322
STACK_COMMAND: ~1s; .ecxr ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: iertutil!IEConfiguration_GetBool+318
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: iertutil
IMAGE_NAME: iertutil.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 55a72874
FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_c0000005_iertutil.dll!IEConfiguration_GetBool
BUCKET_ID: X64_APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_INVALID_POINTER_READ_iertutil!IEConfiguration_GetBool+318
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/microsoftedgecp_exe/11_0_10240_16384/559f3853/iertutil_dll/11_0_10240_16391/55a72874/c0000005/00045bc8.htm?Retriage=1
Followup: MachineOwner
---------
Sincerely
PP