New issue
Advanced search Search tips

Issue 657425 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Deadlock(?) during image rendering for a jQuery gallery

Reported by chrisrw...@gmail.com, Oct 19 2016

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36

Steps to reproduce the problem:
1. Have a page that dynamically creates and deletes <img> and <video> tags.
2. Leave it running for a few hundred (or thousand?) images.

(I am yet to reproduce this in a simpler web page, but can consistently reproduce it on the internal app in a few minutes. The page really doesn't do much else; just uses jQuery to fetch lists of images, then cycle through them, showing them at different scales.)

What is the expected behavior?
No tab hang, or a tab crash in response to the tab hang.

What went wrong?
The renderer stops responding half way through an image load. The page refuses to close. Page Unresponsive dialogs start appearing. Pressing "kill" does not provide a crash id. A gdb backtrace from the following command is attached.

$ chromium-browser --no-sandbox --renderer-cmd-prefix='xterm -title renderer -e gdb --args'

The thread dump shows:
 * 574 threads trying to get a lock in libffmpeg.so.
 * 587 threads trying to get a lock in base::MessagePumpDefault::Run -> WaitableEvent::Wait
 * 5 threads trying to get a lock in content::CategorizedWorkerPool::Run

... and a few other threads.

Tested with Ubuntu 16.10's chromium-browser 53.0.2785.143-0ubuntu1.1307, and Google Chrome Version 54.0.2840.59 (64-bit), and various previous versions.

Should I have symbols for libffmpeg.so somewhere?

Could someone give me a hint as to what the page is doing wrong, so I can try and reproduce it? Maybe latency on the images? Cross-origin?

Did this work before? N/A 

Chrome version: 54.0.2840.59  Channel: stable
OS Version: Ubuntu 16.10
Flash Version: Shockwave Flash 23.0 r0

I tried to report this as a crash, but the bug report wizard doesn't let you submit a report off the back of that, it just errors. I raised a separate monorail issue for this.
 
gdb.txt
691 KB View Download
I made a reproducer:

https://chrome-imglock.goeswhere.com/

Open this, and hammer the left and right arrow keys a bit (or just hold one down). Eventually, Chrome/Chromium will stop responding. This one, unlike the internal one, actually crashes occasionally, too! I couldn't convince it to crash in the debugger, nor to write a crash id, however.

Some random chatter from crashing or hanging Chromes:

[164969.239612] mmap: Media (32140): VmData 2147655680 exceed data ulimit 2147483647. Update limits or use boot option ignore_rlimit_data.
[164969.507941] do_general_protection: 69 callbacks suppressed
[164969.507943] traps: chrome[31042] general protection ip:7f0fbdae8512 sp:7ffc713254f0 error:0 in libc-2.24.so[7f0fbdab1000+1bd000]
[165028.847377] traps: chrome[32321] general protection ip:7f0fbdae8512 sp:7ffc713254f0 error:0 in libc-2.24.so[7f0fbdab1000+1bd000]
[165191.653278] traps: Media[341] general protection ip:7f0fbdae8512 sp:7f0fad6b72f0 error:0 in libc-2.24.so[7f0fbdab1000+1bd000]
[165467.593394] traps: chrome[2801] trap invalid opcode ip:562bc98a3c53 sp:7ffc713250c8 error:0 in chrome[562bc6826000+6433000]

[3356:3356:1019/224017:ERROR:gles2_cmd_decoder.cc(15385)] [.RenderWorker-0x559e6098c880]GL ERROR :GL_INVALID_OPERATION : glBindTexImage2DCHROMIUM: no image found with the given ID
[3356:3356:1019/224017:ERROR:gles2_cmd_decoder.cc(15385)] [.RenderWorker-0x559e6098c880]GL ERROR :GL_INVALID_OPERATION : glBindTexImage2DCHROMIUM: no image found with the given ID
[3356:3356:1019/224017:ERROR:gles2_cmd_decoder.cc(15385)] [.RenderWorker-0x559e6098c880]GL ERROR :GL_INVALID_OPERATION : glBindTexImage2DCHROMIUM: no image found with the given ID

On Win10, it just runs out of memory (before it manages to crash?). The crashes won't upload. Too big? I tried multiple times.

Crash ID f7e39fd9-b1b9-4703-897e-6168a649d311
Crash report captured on Wednesday, 19 October 2016 at 22:57:49 was not uploaded

Crash ID bca19f11-39d5-4b8b-a390-95ac888c80c3
Crash report captured on Wednesday, 19 October 2016 at 22:57:47 was not uploaded

Crash ID 8d7e6c0a-107e-429b-9ea2-7ac048baf08c
Crash report captured on Wednesday, 19 October 2016 at 22:57:23 (upload requested by user, not yet uploaded)

This has started crashing on Linux, sometimes!

Crash ID: crash/207aa39640000000

Crash ID: crash/0a55070790000000

Yay!
After a bit more poking around in a debugger, I made an even simpler reproducer:

https://chrome-imglock.goeswhere.com/two.html

All this does is create and delete the same video tag over and over again. The process lasts about 3 seconds on Linux, and about a minute (with multiple GPU thread crashes) on Windows. Still pretty sure the Windows case is a memory leak, not a thread/deadlock leak.

Can't reproduce on Mac, another good sign that it's a specific issue.
Cc: mmanchala@chromium.org
Labels: Needs-Milestone Needs-Feedback
Unable to reproduce the issue on Ubuntu 14.04 using latest chrome Stable #62.0.3202.89 &  on latest  #64.0.3261.0.

Followed below steps:
1)Opened https://chrome-imglock.goeswhere.com/ as per comment #1 -> Pressed the left and right arrow keys (and tried by holding key).
2)Observed No crash or Chrome is working fine. 

And also tried on opening 'https://chrome-imglock.goeswhere.com/two.html' as per comment # 5.
No stack trace is seen for the mentioned Crash Ids(As per comment #3 and Comment #4)

chrisrwest@ Could you please confirm are you able to reproduce this issue consistently?Please recheck this issue by creating a new profile under chrome://settings with no apps or extensions by upgrading to latest Stable #62.0.3202.89 and attach Crash Id from chrome://crashes

Thanks..!!
Status: WontFix (was: Unconfirmed)
Closing issue as Wontfix due to lack of feedback requested but not provided. If the issue still exists please open a new issue with the details requested.

Thanks..!

Sign in to add a comment