Could you post crash id (available in chrome://crashes) if possible?

Please refer to the attachment file, thanks.

Deleted: Crashes.JPG 4.5 MB

	Crashes.JPG 4.5 MB View Download

Thank you for providing more feedback. Adding requester "kochi@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Thanks for the picture - it seems none of them was uploaded - could you
try clicking any of "Send now" link?  Once it is uploaded, the list should
show "Server ID", with which we can start taking a look.
Please provide "Server ID" if you could successfully upload the crash dumps.

I click the "send now", it cannot upload successfully.

Deleted: crash2.JPG 4.6 MB

	crash2.JPG 4.6 MB View Download

Hmm, it may just taking a time to upload or waiting something.
Please take a look at it again tomorrow or so if anything was uploaded.

In the meantime, adding "Needs-Bisect" label - I am not sure our test
team has a machine with the latest Ryzen chip to reproduce this, but as
the range is narrowed down between 61.0.3117.0 and 61.0.3143.0 - it would
be nice if we could find any regression point.

Also trying to shot in the dark - assigning Blink>JavaScript component so
if any V8 people have insight on this issue.

Tested on Chrome Stable #59.0.30171.115 and Canary #61.0.3147.0 on Windows 10 and issue is not reproducible. Tested on Dell, with following configuration:
 
Processor - Intel(R) Core(TM) i7-4712HQ CPU@2.30GHZ
Memory - 16.0 GB
Graphic Card - Intel(R) HD Graphics 4600
 
Could someone from MTV look into this issue as we don’t have the reported configuration. Adding "TE-NeedsTriageFromMTV" label for further triage.

Thanks.

There might be the possibility that the upload is blocked by a firewall. 

Re #7: This only seems to occur on specific AMD CPUs.

Given that it might crash anywhere, I am removing the V8 component again for now.

Having the crash report would be super helpful.  Is there any way to get the crash info uploaded?

I still couldn't upload the crash report, maybe because of internal proxy limitation. I found the crash reports under "%AppData%\Local\Google\Chrome SxS\User Data\Crashpad\reports", and zipped them here. 
Hope this helpful!

Deleted: crash-report.zip 1.6 MB

crash-report.zip 1.6 MB Download

Thank you for providing more feedback. Adding requester "rtoy@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

As this is a regression, we bisected it today and already had the suspects within several commits. I will come back tomorrow after some further investigation. 

Marking the bug as M61 blocker to keep this bug under the radar of test and release teams and changing the status to Available. 

yang.gu@intel.com please help us to find a owner.

The commit that caused the problem is r478259, and I cc'ed the author. 
commit fec0e7c106a1b36f0e2989a116b820a70c1d56bb
Author: tasak <tasak@google.com>
Decommit unused system pages when invoking WTF::DecommitSystemPages().
Review-Url: https://codereview.chromium.org/2935443002

I don't think this is anything to do with GPUs...
Putting it back to Blink territory.  tasak@-san, do you have any idea?

A friendly reminder that M61 branching and Beta promotion is coming soon! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP to trunk. This way we branch M61 from a high quality trunk. Thank you.

-tasak@chromium +tasak@google

Looking at minidumps, crashes occurred at partition_alloc.h:L669-670:

    PartitionFreelistEntry* new_head =
        PartitionFreelistMask(static_cast<PartitionFreelistEntry*>(ret)->next);

"ret"(=rbx) was broken. I think, this is the same issue I tried to fix by https://chromium.googlesource.com/chromium/src/+/cf04f3b07490cf52305ce648737701a5a79e2da6

Would you try the newest canary? The commit was applied to chrome >=61.0.3158.0.

The fix was landed in r486700. I manually built r486699 and r486700, and verified r486700 did fix the issue. Thanks!
I wonder why this issue was only triggered with AMD CPU (It looks to me the fix is general on Windows). We have several Intel CPU machines to run exactly same test suite, but didn't see any issues so far. 
This issue can be closed as fixed. 

I retest it with the latest canary(61.0.3159.0), glad to see this issue has been fixed.
Thanks!

Removing the Beta blocker for M-61 based on C#20 and C#21.

The issue seems to happen for some specific memory configuration or memory
pressure situation, not related to CPU microarchitecture.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

c#20 and c#21 says this is fixed.

Closing as fixed.  Please re-open or file a new issue if this isn't really fixed.