Chromium on Ubuntu 14.04LTS VM "aw snap" on support.office.com
Reported by
larry.be...@menlosecurity.com,
Mar 13 2018
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/64.0.3282.167 Chrome/64.0.3282.167 Safari/537.36 Example URL: https://support.office.com/en-us/article/What-s-new-in-Office-365-95c8d81d-08ba-42c1-914f-bca4603e1426 Steps to reproduce the problem: 1. Go to the URL and wait for the page to load. 2. You will get "Aw Snap". 3. Watch memory use for renderer process with e.g. htop. Toward end of page load it rockets up toward 16GB then crashes out of memory. What is the expected behavior? Page loads. This works in Chrome on Mac, Firefox on Mac and Safari on Mac. What went wrong? The renderer requires around 35GB for this page but sandbox limits prevent this and cause it to crash out of memory. If you run Chromium with the --no-sandbox option then the page loads and you can see the renderer using around 35GB. Does it occur on multiple sites: N/A Is it a problem with a plugin? No Did this work before? N/A Does this work in other browsers? Yes Chrome version: 64.0.3282.167 Channel: stable OS Version: 14.04.5 LTS (GNU/Linux 3.13.0-143-generic x86_64) Flash Version: Testing with Chrome on Mac, the memory use there is dramatically lower on same page -- about 1/2 GB. The problem occurs running under Ubuntu 14.04 on a VirtualBox VM.
,
Mar 14 2018
FWIW I was able to reproduce this on 65.0.3325.124 (Official Build) beta (64-bit) on Fedora 27 (crash ID e4a9b23282976a1b).
,
Mar 22 2018
,
Mar 26 2018
Tested the issue using #65.0.3325.167 and #67.0.3379.0 on Linux Debian rodete and could reproduce the issue as per the steps mentioned below. Steps: 1. Launched Browser 2. Navigated to https://support.office.com/en-us/article/What-s-new-in-Office-365-95c8d81d-08ba-42c1-914f-bca4603e1426 3. Observed the Aw, Snap! This seems to be a Non-Regression issue as same behavior is seen since M60: 60.0.3072.0. Crash I'd: e4a9b23282976a1b Stack trace =========== Thread 63 (id: 14479) CRASHED [SIGILL @ 0x00005569d6f7cc62 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x00005569d6f7cc62 (chrome -platform-posix.cc:372 ) v8::base::OS::Abort() 0x00005569d3f1d1a8 (chrome -api.cc:397 ) v8::internal::V8::FatalProcessOutOfMemory(char const*, bool) 0x00005569d42a3028 (chrome -isolate.cc ) v8::internal::Isolate::Init(v8::internal::StartupDeserializer*) 0x00005569d4493d7c (chrome -snapshot-common.cc:52 ) v8::internal::Snapshot::Initialize(v8::internal::Isolate*) 0x00005569d3f3dc46 (chrome -api.cc:8393 ) v8::Isolate::New(v8::Isolate::CreateParams const&) 0x00005569d705b8d1 (chrome -isolate_holder.cc:71 ) gin::IsolateHolder::IsolateHolder(scoped_refptr<base::SingleThreadTaskRunner>, gin::IsolateHolder::AccessMode, gin::IsolateHolder::AllowAtomicsWaitMode, v8::StartupData*) 0x00005569d6f8c89b (chrome -V8PerIsolateData.cpp:64 ) blink::V8PerIsolateData::V8PerIsolateData(scoped_refptr<base::SingleThreadTaskRunner>, blink::V8PerIsolateData::V8ContextSnapshotMode) 0x00005569d6f8d567 (chrome -V8PerIsolateData.cpp:130 ) blink::V8PerIsolateData::Initialize(scoped_refptr<base::SingleThreadTaskRunner>, blink::V8PerIsolateData::V8ContextSnapshotMode) 0x00005569d7cbd012 (chrome -WorkerBackingThread.cpp:79 ) blink::WorkerBackingThread::InitializeOnBackingThread(blink::WorkerBackingThreadStartupData const&) 0x00005569d7cc97e1 (chrome -WorkerThread.cpp:420 ) blink::WorkerThread::InitializeOnWorkerThread(std::__1::unique_ptr<blink::GlobalScopeCreationParams, std::__1::default_delete<blink::GlobalScopeCreationParams> >, base::Optional<blink::WorkerBackingThreadStartupData> const&, blink::WorkerInspectorProxy::PauseOnWorkerStart) 0x00005569d7ccbe01 (chrome -bind_internal.h:211 ) base::internal::Invoker<base::internal::BindState<void (blink::WorkerThread::*)(std::__1::unique_ptr<blink::GlobalScopeCreationParams, std::__1::default_delete<blink::GlobalScopeCreationParams> >, base::Optional<blink::WorkerBackingThreadStartupData> const&, blink::WorkerInspectorProxy::PauseOnWorkerStart), WTF::CrossThreadUnretainedWrapper<blink::WorkerThread>, WTF::PassedWrapper<std::__1::unique_ptr<blink::GlobalScopeCreationParams, std::__1::default_delete<blink::GlobalScopeCreationParams> > >, base::Optional<blink::WorkerBackingThreadStartupData>, blink::WorkerInspectorProxy::PauseOnWorkerStart>, void ()>::Run(base::internal::BindStateBase*) 0x00005569d382907e (chrome -callback.h:65 ) (anonymous namespace)::DiscardDeviceInfosAndCallContinuation(base::OnceCallback<void ()>, std::__1::vector<media::VideoCaptureDeviceInfo, std::__1::allocator<media::VideoCaptureDeviceInfo> > const&) 0x00005569d33200a4 (chrome -bind_internal.h:166 ) base::internal::Invoker<base::internal::BindState<void (*)(WTF::CrossThreadFunction<void ()>), WTF::CrossThreadFunction<void ()> >, void ()>::RunOnce(base::internal::BindStateBase*) 0x00005569d4a5b3be (chrome -callback.h:65 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00005569d4673848 (chrome -task_queue_manager.cc:543 ) blink::scheduler::TaskQueueManager::DoWork(blink::scheduler::internal::Sequence::WorkType) 0x00005569d4a5b3be (chrome -callback.h:65 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00005569d4677295 (chrome -thread_controller_impl.cc:99 ) blink::scheduler::internal::ThreadControllerImpl::DoWork(blink::scheduler::internal::Sequence::WorkType) 0x00005569d4a5b3be (chrome -callback.h:65 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00005569d4a74a3a (chrome -message_loop.cc:399 ) base::MessageLoop::RunTask(base::PendingTask*) 0x00005569d4a75094 (chrome -message_loop.cc:411 ) base::MessageLoop::DoWork() 0x00005569d4a774c4 (chrome -message_pump_default.cc:37 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate*) 0x00005569d4a98663 (chrome -run_loop.cc:130 ) <name omitted> 0x00005569d4ac147e (chrome -thread.cc:338 ) base::Thread::ThreadMain() 0x00005569d4abce62 (chrome -platform_thread_posix.cc:75 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007fa93a8b461a (libpthread-2.26.so + 0x0000761a ) 0x00007fa9349dbc2e (libc-2.26.so + 0x00117c2e ) As per the above stack trace this looks to be an OOM issue. Requesting dev team to take a look at this issue Thanks!!
,
Nov 8
Mass UI Triage, archiving old bugs. |
||||
►
Sign in to add a comment |
||||
Comment 1 by viswa.karala@chromium.org
, Mar 13 2018