crash in ipc_channel_proxy.cc
Reported by
cdsrc2...@gmail.com,
Aug 12
|
||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Steps to reproduce the problem:
chrome version:
70.0.3515.0 (Developer Build) (64-bit)(ubuntu)
68.0.3440.106(official release)(32bit)(windows)
chrome ./crash.html
What is the expected behavior?
What went wrong?
[15824:15824:0812/101041.065958:FATAL:ipc_channel_proxy.cc(540)] Check failed: message->size() <= Channel::kMaximumMessageSize (369099004 vs. 134217728)
#0 0x5579c697b741 in __interceptor_backtrace /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4024:13
#1 0x5579ce8f918e in base::debug::StackTrace::StackTrace(unsigned long) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/stack_trace_posix.cc:808:41
#2 0x5579ce71432b in logging::LogMessage::~LogMessage() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/logging.cc:599:29
#3 0x5579cfe06f96 in IPC::ChannelProxy::SendInternal(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../ipc/ipc_channel_proxy.cc:540:3
#4 0x5579d2bc1a64 in IPC::SyncChannel::Send(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../ipc/ipc_sync_channel.cc:601:19
#5 0x5579dc670598 in content::RenderThreadImpl::Send(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/render_thread_impl.cc:1112:30
#6 0x5579db9c8361 in content::RenderFrameImpl::DidAddMessageToConsole(blink::WebConsoleMessage const&, blink::WebString const&, unsigned int, blink::WebString const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/render_frame_impl.cc:3967:3
#7 0x5579da7dfcaa in blink::ChromeClientImpl::AddMessageToConsole(blink::LocalFrame*, blink::MessageSource, blink::MessageLevel, WTF::String const&, unsigned int, WTF::String const&, WTF::String const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/page/chrome_client_impl.cc:324:22
#8 0x5579d9439dcf in blink::FrameConsole::ReportMessageToClient(blink::MessageSource, blink::MessageLevel, WTF::String const&, blink::SourceLocation*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/frame_console.cc:107:29
#9 0x5579d9f9a058 in blink::MainThreadDebugger::ExceptionThrown(blink::ExecutionContext*, blink::ErrorEvent*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/inspector/main_thread_debugger.cc:187:20
#10 0x5579d91fc8fd in blink::ExecutionContext::DispatchErrorEvent(blink::ErrorEvent*, blink::AccessControlStatus) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/execution_context/execution_context.cc:134:5
#11 0x5579d78b2947 in blink::V8Initializer::MessageHandlerInMainThread(v8::Local<v8::Message>, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_initializer.cc:282:12
#12 0x5579cc7826d0 in v8::internal::MessageHandler::ReportMessageNoExceptions(v8::internal::Isolate*, v8::internal::MessageLocation const*, v8::internal::Handle<v8::internal::Object>, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/messages.cc:162:9
#13 0x5579cc781fc5 in v8::internal::MessageHandler::ReportMessage(v8::internal::Isolate*, v8::internal::MessageLocation const*, v8::internal::Handle<v8::internal::JSMessageObject>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/messages.cc:125:5
#14 0x5579cc6dfe94 in v8::internal::Isolate::ReportPendingMessagesImpl(bool) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/isolate.cc:1891:5
#15 0x5579cc38f99e in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:169:16
#16 0x5579cc38f037 in CallInternal /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:191:10
#17 0x5579cc38f037 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:202:0
#18 0x5579cb9acf2f in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/api.cc:5289:7
#19 0x5579d78ab5e5 in blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_script_runner.cc:401:17
#20 0x5579d8d9d904 in blink::V8LazyEventListener::CallListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_lazy_event_listener.cc:114:8
#21 0x5579d78f8f46 in blink::V8AbstractEventListener::InvokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:175:20
#22 0x5579d78f8933 in blink::V8AbstractEventListener::HandleEvent(blink::ScriptState*, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:127:3
#23 0x5579d78f85e0 in blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:112:3
#24 0x5579d8d97120 in blink::EventTarget::FireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1u>&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/events/event_target.cc:842:15
#25 0x5579d8d952ae in blink::EventTarget::FireEventListeners(blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/events/event_target.cc:682:29
#26 0x5579d94520b5 in blink::LocalDOMWindow::DispatchEvent(blink::Event*, blink::EventTarget*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:1503:10
#27 0x5579d9451472 in blink::LocalDOMWindow::DispatchLoadEvent() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:1457:5
#28 0x5579d9450f0b in blink::LocalDOMWindow::DispatchWindowLoadEvent() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:363:3
#29 0x5579d945192b in blink::LocalDOMWindow::DocumentWasClosed() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:367:3
#30 0x5579d7937176 in blink::Document::ImplicitClose() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3322:18
#31 0x5579d793818b in blink::Document::CheckCompletedInternal() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3424:5
#32 0x5579d793700d in blink::Document::CheckCompleted() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3400:7
#33 0x5579da6f8adb in blink::FrameLoader::FinishedParsing() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/loader/frame_loader.cc:417:26
#34 0x5579d795a636 in blink::Document::FinishedParsing() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:5906:21
#35 0x5579d9aecd74 in end /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:890:18
#36 0x5579d9aecd74 in blink::HTMLDocumentParser::AttemptToRunDeferredScriptsAndEnd() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:905:0
#37 0x5579d9af2d32 in blink::HTMLDocumentParser::ProcessTokenizedChunkFromBackgroundParser(std::__1::unique_ptr<blink::HTMLDocumentParser::TokenizedChunk, std::__1::default_delete<blink::HTMLDocumentParser::TokenizedChunk> >) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:543:7
#38 0x5579d9aee4d9 in blink::HTMLDocumentParser::PumpPendingSpeculations() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:591:9
#39 0x5579d78109f4 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#40 0x5579d78109f4 in blink::TaskHandle::Runner::Run(blink::TaskHandle const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/platform/web_task_runner.cc:55:0
#41 0x5579ce7315c1 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#42 0x5579ce7315c1 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/task_annotator.cc:101:0
#43 0x5579ce815bb6 in base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/task/sequence_manager/thread_controller_impl.cc:169:21
#44 0x5579ce7315c1 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#45 0x5579ce7315c1 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/task_annotator.cc:101:0
#46 0x5579ce72c8ee in base::MessageLoop::RunTask(base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:431:46
#47 0x5579ce72db79 in DeferOrRunPendingTask /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:442:5
#48 0x5579ce72db79 in base::MessageLoop::DoWork() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:514:0
#49 0x5579ce735430 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_pump_default.cc:37:31
#50 0x5579ce7a6c71 in base::RunLoop::Run() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/run_loop.cc:102:14
#51 0x5579ddbd9c55 in content::RendererMain(content::MainFunctionParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/renderer_main.cc:200:23
#52 0x5579cdac69a7 in content::ContentMainRunnerImpl::Run(bool) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/app/content_main_runner_impl.cc:891:10
#53 0x5579cdbf4d25 in service_manager::Main(service_manager::MainParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../services/service_manager/embedder/main.cc:472:29
#54 0x5579cdac1e7f in content::ContentMain(content::ContentMainParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/app/content_main.cc:19:10
#55 0x5579c6a05e60 in ChromeMain /home/cowboy/chromium/src/out/chrome_asan_shared/../../chrome/app/chrome_main.cc:101:12
#56 0x7f818c842b97 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310:0
#57 0x5579c692e02a in _start ??:0:0
Received signal 6
#0 0x5579c697b741 in __interceptor_backtrace /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4024:13
#1 0x5579ce8f918e in base::debug::StackTrace::StackTrace(unsigned long) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/stack_trace_posix.cc:808:41
#2 0x5579ce8f80dd in base::debug::(anonymous namespace)::StackDumpSignalHandler(int, siginfo_t*, void*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/stack_trace_posix.cc:334:3
#3 0x7f81938e5890 in __funlockfile ??:?
#4 0x7f81938e5890 in ?? ??:0
#5 0x7f818c85fe97 in __libc_signal_restore_set /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80:0
#6 0x7f818c85fe97 in gsignal /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48:0
#7 0x7f818c861801 in abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:79:0
#8 0x5579ce8f590a in base::debug::BreakDebugger() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/debugger_posix.cc:258:3
#9 0x5579ce714b18 in logging::LogMessage::~LogMessage() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/logging.cc:865:7
#10 0x5579cfe06f96 in IPC::ChannelProxy::SendInternal(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../ipc/ipc_channel_proxy.cc:540:3
#11 0x5579d2bc1a64 in IPC::SyncChannel::Send(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../ipc/ipc_sync_channel.cc:601:19
#12 0x5579dc670598 in content::RenderThreadImpl::Send(IPC::Message*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/render_thread_impl.cc:1112:30
#13 0x5579db9c8361 in content::RenderFrameImpl::DidAddMessageToConsole(blink::WebConsoleMessage const&, blink::WebString const&, unsigned int, blink::WebString const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/render_frame_impl.cc:3967:3
#14 0x5579da7dfcaa in blink::ChromeClientImpl::AddMessageToConsole(blink::LocalFrame*, blink::MessageSource, blink::MessageLevel, WTF::String const&, unsigned int, WTF::String const&, WTF::String const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/page/chrome_client_impl.cc:324:22
#15 0x5579d9439dcf in blink::FrameConsole::ReportMessageToClient(blink::MessageSource, blink::MessageLevel, WTF::String const&, blink::SourceLocation*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/frame_console.cc:107:29
#16 0x5579d9f9a058 in blink::MainThreadDebugger::ExceptionThrown(blink::ExecutionContext*, blink::ErrorEvent*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/inspector/main_thread_debugger.cc:187:20
#17 0x5579d91fc8fd in blink::ExecutionContext::DispatchErrorEvent(blink::ErrorEvent*, blink::AccessControlStatus) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/execution_context/execution_context.cc:134:5
#18 0x5579d78b2947 in blink::V8Initializer::MessageHandlerInMainThread(v8::Local<v8::Message>, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_initializer.cc:282:12
#19 0x5579cc7826d0 in v8::internal::MessageHandler::ReportMessageNoExceptions(v8::internal::Isolate*, v8::internal::MessageLocation const*, v8::internal::Handle<v8::internal::Object>, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/messages.cc:162:9
#20 0x5579cc781fc5 in v8::internal::MessageHandler::ReportMessage(v8::internal::Isolate*, v8::internal::MessageLocation const*, v8::internal::Handle<v8::internal::JSMessageObject>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/messages.cc:125:5
#21 0x5579cc6dfe94 in v8::internal::Isolate::ReportPendingMessagesImpl(bool) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/isolate.cc:1891:5
#22 0x5579cc38f99e in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:169:16
#23 0x5579cc38f037 in CallInternal /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:191:10
#24 0x5579cc38f037 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/execution.cc:202:0
#25 0x5579cb9acf2f in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../v8/src/api.cc:5289:7
#26 0x5579d78ab5e5 in blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_script_runner.cc:401:17
#27 0x5579d8d9d904 in blink::V8LazyEventListener::CallListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_lazy_event_listener.cc:114:8
#28 0x5579d78f8f46 in blink::V8AbstractEventListener::InvokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:175:20
#29 0x5579d78f8933 in blink::V8AbstractEventListener::HandleEvent(blink::ScriptState*, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:127:3
#30 0x5579d78f85e0 in blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:112:3
#31 0x5579d8d97120 in blink::EventTarget::FireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1u>&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/events/event_target.cc:842:15
#32 0x5579d8d952ae in blink::EventTarget::FireEventListeners(blink::Event*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/events/event_target.cc:682:29
#33 0x5579d94520b5 in blink::LocalDOMWindow::DispatchEvent(blink::Event*, blink::EventTarget*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:1503:10
#34 0x5579d9451472 in blink::LocalDOMWindow::DispatchLoadEvent() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:1457:5
#35 0x5579d9450f0b in blink::LocalDOMWindow::DispatchWindowLoadEvent() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:363:3
#36 0x5579d945192b in blink::LocalDOMWindow::DocumentWasClosed() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/frame/local_dom_window.cc:367:3
#37 0x5579d7937176 in blink::Document::ImplicitClose() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3322:18
#38 0x5579d793818b in blink::Document::CheckCompletedInternal() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3424:5
#39 0x5579d793700d in blink::Document::CheckCompleted() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:3400:7
#40 0x5579da6f8adb in blink::FrameLoader::FinishedParsing() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/loader/frame_loader.cc:417:26
#41 0x5579d795a636 in blink::Document::FinishedParsing() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/dom/document.cc:5906:21
#42 0x5579d9aecd74 in end /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:890:18
#43 0x5579d9aecd74 in blink::HTMLDocumentParser::AttemptToRunDeferredScriptsAndEnd() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:905:0
#44 0x5579d9af2d32 in blink::HTMLDocumentParser::ProcessTokenizedChunkFromBackgroundParser(std::__1::unique_ptr<blink::HTMLDocumentParser::TokenizedChunk, std::__1::default_delete<blink::HTMLDocumentParser::TokenizedChunk> >) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:543:7
#45 0x5579d9aee4d9 in blink::HTMLDocumentParser::PumpPendingSpeculations() /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/core/html/parser/html_document_parser.cc:591:9
#46 0x5579d78109f4 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#47 0x5579d78109f4 in blink::TaskHandle::Runner::Run(blink::TaskHandle const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../third_party/blink/renderer/platform/web_task_runner.cc:55:0
#48 0x5579ce7315c1 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#49 0x5579ce7315c1 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/task_annotator.cc:101:0
#50 0x5579ce815bb6 in base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/task/sequence_manager/thread_controller_impl.cc:169:21
#51 0x5579ce7315c1 in Run /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/callback.h:99:12
#52 0x5579ce7315c1 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/debug/task_annotator.cc:101:0
#53 0x5579ce72c8ee in base::MessageLoop::RunTask(base::PendingTask*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:431:46
#54 0x5579ce72db79 in DeferOrRunPendingTask /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:442:5
#55 0x5579ce72db79 in base::MessageLoop::DoWork() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_loop.cc:514:0
#56 0x5579ce735430 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/message_loop/message_pump_default.cc:37:31
#57 0x5579ce7a6c71 in base::RunLoop::Run() /home/cowboy/chromium/src/out/chrome_asan_shared/../../base/run_loop.cc:102:14
#58 0x5579ddbd9c55 in content::RendererMain(content::MainFunctionParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/renderer/renderer_main.cc:200:23
#59 0x5579cdac69a7 in content::ContentMainRunnerImpl::Run(bool) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/app/content_main_runner_impl.cc:891:10
#60 0x5579cdbf4d25 in service_manager::Main(service_manager::MainParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../services/service_manager/embedder/main.cc:472:29
#61 0x5579cdac1e7f in content::ContentMain(content::ContentMainParams const&) /home/cowboy/chromium/src/out/chrome_asan_shared/../../content/app/content_main.cc:19:10
#62 0x5579c6a05e60 in ChromeMain /home/cowboy/chromium/src/out/chrome_asan_shared/../../chrome/app/chrome_main.cc:101:12
#63 0x7f818c842b97 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310:0
#64 0x5579c692e02a in _start ??:0:0
r8: 0000000000000000 r9: 00007ffcd77628c0 r10: 0000000000000008 r11: 0000000000000246
r12: 00000ff0b0511600 r13: 00007f8182721840 r14: 00007f81828cb2e0 r15: 00007f8182721850
di: 0000000000000002 si: 00007ffcd77628c0 bp: 00007ffcd7762b10 bx: 00007ffcd7762b20
dx: 0000000000000000 ax: 0000000000000000 cx: 00007f818c85fe97 sp: 00007ffcd77628c0
ip: 00007f818c85fe97 efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.
Did this work before? N/A
Chrome version: Version 70.0.3515.0 (Developer Build) (64-bit) Channel: dev
OS Version: Ubuntu 18.04
Flash Version:
,
Aug 12
Not every crash is a security issue. Denial of Service (DoS) issues are treated as abuse or stability issues rather than security vulnerabilities. Your crash happended ina DCHEK by intentionally exceeding the maximum message size in an IPC . Check failed: message->size() <= Channel::kMaximumMessageSize (369099004 vs. 134217728) Remove security label.
,
Aug 13
,
Aug 13
,
Aug 13
The issue seems to be related to crash. Hence, forwarding the issue to inhouse team for further triaging of the issue. Thanks...!!
,
Aug 14
Able to reproduce this issue on Windows 10, Debian Rodete and Mac 10.13.6 with Chrome Stable #68.0.3440.106, Beta #69.0.3497.32, Dev #70.0.3514.0, Canary #70.0.3522.0. Issue broken in M63 Bisect Info: ------------ Good Build : 63.0.3219.0, revision #502728 Bad Build : 63.0.3220.0, revision #502992 After executing the per-revision bisect script, got the following CL: https://chromium.googlesource.com/chromium/src/+log/897b028076ce36caf579d72ffa7f8524262688a2..33d858c3cd36e5d3bd059ed34ac337353d60a842 Assigning it to current week V8 Stability sheriff(cbruni@) for further triage. Note: Adding RB-Stable label for tracking purpose, please remove if it doesn't need. -----
,
Aug 14
,
Aug 14
This crashes due to logging an extremely large error message to the console: Uncaught RangeError: Invalid language tag: __ca__ca__ca__ca__ca__ca__ca__ca__ca__ca..... Reducing the repetition count makes the repro pass just fine. Given that this is a hard release check failure there is no security implications. Maybe this could be fixed on dev-tools side by either truncating the error string or sending it in several chunks.
,
Aug 16
,
Sep 14
Testcase 6383031829659648 failed to reproduce the crash. Please inspect the program output at https://clusterfuzz.com/testcase?key=6383031829659648.
,
Nov 16
,
Dec 11
Not reproducible in the original form.
Opening DevTools console against page:
data:text/html,<script> new Intl.PluralRules('__ca'.repeat(0x1000000)); </script>
works just fine because it truncates the message by default.
When I click the "Show more" button it crashes with OOM in layout which is probably expected.
Erik, should we disable the button when we know it will cause OOM?
tcmalloc: large alloc 1241145344 bytes == 0x1f1318596000 @ 0x7f67329eb300 0x7f67329c2675 0x7f6726ad4db7 0x7f6726ad7d27 0x7f672800e59f 0x7f6728013676 0x7f6728015b0d 0x7f67280162f0 0x7f6728009dbb 0x7f672800cff6 0x7f672800d144 0x7f672800cd99 0x7f672800bb8d 0x7f6727fde9af 0x7f6729ff3650 0x7f6729ff2858 0x7f6729ff1e84 0x7f6729f1b5b8 0x7f6729ef4864 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981
tcmalloc: large alloc 1241145344 bytes == (nil) @ 0x7f67329eb300 0x7f67329c2675 0x7f6726ad4dc7 0x7f6726ad7d27 0x7f672800e59f 0x7f6728013676 0x7f6728015b0d 0x7f67280162f0 0x7f6728009dbb 0x7f672800cff6 0x7f672800d144 0x7f672800cd99 0x7f672800bb8d 0x7f6727fde9af 0x7f6729ff3650 0x7f6729ff2858 0x7f6729ff1e84 0x7f6729f1b5b8 0x7f6729ef4864 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981 0x7f6729ef5acd 0x7f6729f286cf 0x7f6729ef62a0 0x7f6729f5a981
[1:1:1211/154825.332439:FATAL:memory_linux.cc(42)] Out of memory.
#0 0x7f67329aa31f base::debug::StackTrace::StackTrace()
#1 0x7f67328cd1cb logging::LogMessage::~LogMessage()
#2 0x7f6732907165 base::(anonymous namespace)::OnNoMemory()
#3 0x7f67329c2682 GlibcReallocHook
#4 0x7f6726ad4dc7 hb_buffer_t::enlarge()
#5 0x7f6726ad7d27 hb_buffer_add_utf16
#6 0x7f672800e59f blink::CaseMappingHarfBuzzBufferFiller::CaseMappingHarfBuzzBufferFiller()
#7 0x7f6728013676 blink::HarfBuzzShaper::ShapeSegment()
#8 0x7f6728015b0d blink::HarfBuzzShaper::Shape()
#9 0x7f67280162f0 blink::HarfBuzzShaper::Shape()
#10 0x7f6728009dbb blink::CachingWordShapeIterator::ShapeWordWithoutSpacing()
#11 0x7f672800cff6 blink::CachingWordShapeIterator::ShapeWord()
#12 0x7f672800d144 blink::CachingWordShapeIterator::ShapeToEndIndex()
#13 0x7f672800cd99 blink::CachingWordShapeIterator::NextForAllowTabs()
#14 0x7f672800bb8d blink::CachingWordShaper::Width()
#15 0x7f6727fde9af blink::Font::Width()
#16 0x7f6729ff3650 blink::LayoutText::ComputePreferredLogicalWidths()
#17 0x7f6729ff2858 blink::LayoutText::ComputePreferredLogicalWidths()
#18 0x7f6729ff1e84 blink::LayoutText::TrimmedPrefWidths()
#19 0x7f6729f1b5b8 blink::LayoutBlockFlow::ComputeInlinePreferredLogicalWidths()
#20 0x7f6729ef4864 blink::LayoutBlock::ComputeIntrinsicLogicalWidths()
#21 0x7f6729ef5acd blink::LayoutBlock::ComputePreferredLogicalWidths()
#22 0x7f6729f286cf blink::LayoutBox::MinPreferredLogicalWidth()
#23 0x7f6729ef62a0 blink::LayoutBlock::ComputeChildPreferredLogicalWidths()
#24 0x7f6729f5a981 blink::LayoutFlexibleBox::ComputeIntrinsicLogicalWidths()
,
Dec 12
Thanks for checking! Disabling the button sounds good to me.
,
Dec 20
Screenshot of disabled state proposal: https://imgur.com/a/vsirDwa When disabled, hovering does not change the button color, and a tooltip explains that the remaining text is too long.
,
Dec 21
,
Jan 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5fc9184a72502a893f164a20241888f81906441c commit 5fc9184a72502a893f164a20241888f81906441c Author: Erik Luo <luoe@chromium.org> Date: Wed Jan 02 20:00:52 2019 DevTools: disable 'Show more' button if text cannot be displayed Blink can OOM crash when trying to display text that is too long. This CL disables the 'Show more' button, and shows memory size instead of remaining character count. Screenshot: https://imgur.com/a/1ET0ui3 Bug: 873498 Change-Id: I0f2a9a06c5f7710260f1795d0f9446b68b7f4498 Reviewed-on: https://chromium-review.googlesource.com/c/1377710 Commit-Queue: Erik Luo <luoe@chromium.org> Reviewed-by: Joel Einbinder <einbinder@chromium.org> Cr-Commit-Position: refs/heads/master@{#619466} [modify] https://crrev.com/5fc9184a72502a893f164a20241888f81906441c/third_party/blink/renderer/devtools/front_end/ui/UIUtils.js [modify] https://crrev.com/5fc9184a72502a893f164a20241888f81906441c/third_party/blink/renderer/devtools/front_end/ui/inspectorCommon.css
,
Jan 2
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by ClusterFuzz
, Aug 12