New issue
Advanced search Search tips

Issue 913909 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
jmukthavaram@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Not enough memory exception during startup when "Local State" larger than 2Gb

Reported by dronk...@gmail.com, Dec 11 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36

Steps to reproduce the problem:
1. Download and install Chrome
2. Have file "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Local State" bigger than 2Gb
3. Start Chrome using icon in start menu

What is the expected behavior?
Chrome starts normally and displays new tab.

What went wrong?
Chrome window do not appear. 
In task manager I can see 1-3 chrome.exe processes.
For small period of time CPU usage can be up to 25% (one core out of four).
After a while chrome.exe processes disappear.

Crashed report ID: d2d1d0c3-871c-4c4c-b8ac-7ff61aedfd8e

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? Yes 

Chrome version: 71.0.3578.80  Channel: stable
OS Version: 10.0
Flash Version: 

Have no idea why file grow so big, but saved them if they'll be needed for further investigation.
-a----       08.12.2018     14:38     2161254444 Local State
-a----       10.12.2018     12:10     2161254444 Local State Backup

I've created a second chance exception dump using DebugDiag (see report in attach).
Some manual findings are below.

This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(28fc.dac): Unknown exception - code e0000008 (first/second chance not available)
For analysis of this file, run !analyze -v

0:000> .exr -1
ExceptionAddress: 00007ffb6fb15299 (KERNELBASE!RaiseException+0x0000000000000069)
   ExceptionCode: e0000008
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000080d22057

0:000> !error 0000008
Error code: (Win32) 0x8 (8) - Not enough memory resources are available to process this command.

0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr           Call Site
00 0000003b`e97fe8c0 00007ffa`e5882214 KERNELBASE!RaiseException+0x69
01 0000003b`e97fe9a0 00007ffa`e5dd7cd7 chrome!base::`anonymous namespace'::OnNoMemory+0x24 [C:\b\c\b\win64_clang\src\base\process\memory_win.cc @ 55] 
02 0000003b`e97fe9d0 00007ffa`e45e1166 chrome!base::allocator::WinCallNewHandler+0x17 [C:\b\c\b\win64_clang\src\base\allocator\winheap_stubs_win.cc @ 90] 
03 0000003b`e97fea00 00007ffa`e72b089b chrome!malloc+0x46 [C:\b\c\b\win64_clang\src\base\allocator\allocator_shim_override_ucrt_symbols_win.h @ 53] 
04 0000003b`e97fea40 00007ffa`e4627f26 chrome!operator new+0x1f [f:\dd\vctools\crt\vcstartup\src\heap\new_scalar.cpp @ 35] 
05 0000003b`e97fea70 00007ffa`e462794c chrome!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Reallocate_grow_by<`lambda at ..\..\third_party\depot_tools\win_toolchain\vs_files\3bc0ec615cf20ee342f3bc29bc991b5ad66d8d2c\VC\Tools\MSVC\14.14.26428\include\xstring:2591:4',unsigned long long,char>+0x64 [C:\b\c\b\win64_clang\src\third_party\depot_tools\win_toolchain\vs_files\3bc0ec615cf20ee342f3bc29bc991b5ad66d8d2c\VC\Tools\MSVC\14.14.26428\include\xstring @ 3906] 
06 0000003b`e97feae0 00007ffa`e46276d6 chrome!base::ReadFileToStringWithMaxSize+0xfc [C:\b\c\b\win64_clang\src\base\files\file_util.cc @ 158] 
07 0000003b`e97febd0 00007ffa`e5a89681 chrome!JSONFileValueDeserializer::Deserialize+0x56 [C:\b\c\b\win64_clang\src\base\json\json_file_value_serializer.cc @ 102] 
08 0000003b`e97fec80 00007ffa`e462757b chrome!`anonymous namespace'::ReadPrefsFromDisk+0xa1 [C:\b\c\b\win64_clang\src\components\prefs\json_pref_store.cc @ 122] 
09 0000003b`e97fee00 00007ffa`e4627527 chrome!JsonPrefStore::ReadPrefs+0x29 [C:\b\c\b\win64_clang\src\components\prefs\json_pref_store.cc @ 260] 
0a 0000003b`e97fee50 00007ffa`e4627347 chrome!PrefService::InitFromStorage+0x153 [C:\b\c\b\win64_clang\src\components\prefs\pref_service.cc @ 0] 
0b 0000003b`e97feee0 00007ffa`e4626c41 chrome!PrefService::PrefService+0xb1 [C:\b\c\b\win64_clang\src\components\prefs\pref_service.cc @ 103] 
0c 0000003b`e97fef60 00007ffa`e5da1346 chrome!PrefServiceFactory::Create+0x185 [C:\b\c\b\win64_clang\src\components\prefs\pref_service_factory.cc @ 39] 
0d 0000003b`e97ff060 00007ffa`e58435d8 chrome!chrome_prefs::CreateLocalState+0x11a [C:\b\c\b\win64_clang\src\chrome\browser\prefs\chrome_pref_service_factory.cc @ 420] 
0e 0000003b`e97ff180 00007ffa`e5843485 chrome!ChromeFeatureListCreator::CreatePrefService+0x12e [C:\b\c\b\win64_clang\src\chrome\browser\metrics\chrome_feature_list_creator.cc @ 148] 
0f 0000003b`e97ff2a0 00007ffa`e4d31ad8 chrome!ChromeFeatureListCreator::CreateFeatureList+0xd [C:\b\c\b\win64_clang\src\chrome\browser\metrics\chrome_feature_list_creator.cc @ 82] 
10 0000003b`e97ff2d0 00007ffa`e45f83c2 chrome!ChromeMainDelegate::PostEarlyInitialization+0x24 [C:\b\c\b\win64_clang\src\chrome\app\chrome_main_delegate.cc @ 514] 
11 0000003b`e97ff340 00007ffa`e45e4ffc chrome!content::ContentMainRunnerImpl::Run+0x2c2 [C:\b\c\b\win64_clang\src\content\app\content_main_runner_impl.cc @ 891] 
12 0000003b`e97ff500 00007ffa`e45e4bf5 chrome!service_manager::Main+0x333 [C:\b\c\b\win64_clang\src\services\service_manager\embedder\main.cc @ 472] 
13 0000003b`e97ff880 00007ffa`e45e19ca chrome!content::ContentMain+0x3e [C:\b\c\b\win64_clang\src\content\app\content_main.cc @ 19] 
14 0000003b`e97ff910 00007ff6`cc73374c chrome!ChromeMain+0x118 [C:\b\c\b\win64_clang\src\chrome\app\chrome_main.cc @ 0] 
15 0000003b`e97ffa00 00007ff6`cc7315f0 chrome_exe!MainDllLoader::Launch+0x26c [C:\b\c\b\win64_clang\src\chrome\app\main_dll_loader_win.cc @ 201] 
16 0000003b`e97ffaf0 00007ff6`cc805a62 chrome_exe!wWinMain+0x5f0 [C:\b\c\b\win64_clang\src\chrome\app\chrome_exe_main_win.cc @ 229] 
17 0000003b`e97ffec0 00007ffb`71c67e94 chrome_exe!__scrt_common_main_seh+0x106 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 283] 
18 0000003b`e97fff00 00007ffb`73977ad1 kernel32!BaseThreadInitThunk+0x14
19 0000003b`e97fff30 00000000`00000000 ntdll!RtlUserThreadStart+0x21

In frame 8 there is reference to file path.

0:000> .frame 0n8;dv /t /v
08 0000003b`e97fec80 00007ffa`e462757b chrome!`anonymous namespace'::ReadPrefsFromDisk+0xa1 [C:\b\c\b\win64_clang\src\components\prefs\json_pref_store.cc @ 122] 
@r15              class base::FilePath * path = 0x00000172`45931180
0000003b`e97fecac int error_code = 0n0
0000003b`e97fecf8 class std::basic_string<char,std::char_traits<char>,std::allocator<char> > error_msg = ""
0000003b`e97fecc0 class JSONFileValueDeserializer deserializer = class JSONFileValueDeserializer
0000003b`e97fee28 class std::unique_ptr<JsonPrefStore::ReadResult,std::default_delete<JsonPrefStore::ReadResult> > read_result = unique_ptr {...}
0:000> dx -r1 ((chrome!base::FilePath *)0x17245931180)
((chrome!base::FilePath *)0x17245931180)                 : 0x17245931180 [Type: base::FilePath *]
    [=0x7ffae745f844] kSeparators      : "\/" [Type: wchar_t [0]]
    [=0x7ffae745f850] kSeparatorsLength : 0x3 [Type: unsigned __int64]
    [=0x7ffae745f858] kCurrentDirectory : "." [Type: wchar_t [0]]
    [=0x7ffae745f85c] kParentDirectory : ".." [Type: wchar_t [0]]
    [=0x7ffae731b810] kExtensionSeparator : 46 '.' [Type: wchar_t]
    [+0x000] path_            : "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Local State" [Type: std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >]

In frame 3 there is a size value which is, I guess, leads to an exception.

0:000> .frame 0n3;dv /t /v
03 0000003b`e97fea00 00007ffa`e72b089b chrome!malloc+0x46 [C:\b\c\b\win64_clang\src\base\allocator\allocator_shim_override_ucrt_symbols_win.h @ 53] 
@rsi              unsigned int64 size = 0x80d22057
chrome_CrashHangAnalysis.zip
240 KB Download

Comment 1 by dronk...@gmail.com, Dec 11 

In problem file property profile.info_cache.Default.name has a huge value in it.
Like
"name":"Р В Р†....[2 Gb of such data goes here]... ЋРІР‚Сњ @ gmail"

Comment 2 by woxxom@gmail.com, Dec 11 

Ideally Chrome should display an error, offer to fix it, and eventually start anyway in some kind of safe mode.

TE@, here's a quick way to repro if needed:
1. create an empty folder e.g. d:\123
2. open command prompt and run the following line after editing the correct path:
   fsutil file createnew "d:\123\Local State" 2500000000
3. run chrome with the following command line after editing the correct path:
   chrome --user-data-dir="d:\123"
Expected: Chrome displays an error, offers to fix it, and eventually starts
Observed: nothing happens visually, the crash report is generated in Crashpad directory inside the profile

Comment 3 by dtapu...@chromium.org, Dec 11

Components: Internals>Preferences

Comment 4 by jmukthavaram@google.com, Jan 8

Cc: jmukthavaram@chromium.org
Labels: -Type-Bug-Regression Target-71 Target-72 Target-73 M-73 FoundIn-71 Type-Bug
Status: Untriaged (was: Unconfirmed)
Thanks for the clear steps woxxom@.

Able to reproduce the issue on windows using chrome latest stable-71.0.3578.98 as per C#2.Nothing happend after steps 3. Same observed from M60 to latest chrome versions.Hence marking it as untriaged to get it addressed from dev team.

Thanks..!

Comment 5 by juliangr...@gmail.com, Jan 13 

I have reported similar issue as part of bug: 921356 https://bugs.chromium.org/p/chromium/issues/detail?id=921356 

Thanks

Sign in to add a comment