New issue
Advanced search Search tips

Issue 749159 link

Starred by 1 user
Status: WontFix
Owner:
siggi@chromium.org
Closed: Sep 2017
Cc:
wfh@chromium.org
mark@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

No crash dump captured on chrome://memory-exhaust on 64 bit builds

Project Member Reported by siggi@chromium.org, Jul 26 2017 
Chrome Version: 59.0.3071.115 (Official Build) (64-bit) (cohort: Stable)
OS: Win10

What steps will reproduce the problem?
(1) Open a tab to chrome://memory-exhaust, witness OOM sad tab.
(2) Open a tab to chrome://crashes, witness no new crash.
(3) Open a tab to chrome://histograms/Crashpad, witness no exception processed in the Crashpad handler.

It looks like we're getting OOM crashes still, so I don't understand what's up - maybe some wonkyness in the debug URL handler?

Comment 1 by siggi@chromium.org, Jul 26 2017 

Ugh, I'm guessing that the new_handler dispatcher has an internal SEH, which presumably terminates the process. This means we don't dispatch to the unhandled exception filter here, and so presumably no crashes on OOM from new/malloc/realloc et al.

Comment 2 by siggi@chromium.org, Jul 26 2017 

This doesn't seem to be the case - I'm going to check in the test I wrote, though.

Comment 3 by siggi@chromium.org, Jul 26 2017 

This may be working as intended. With --no-sandbox, I get a renderer to chew up a bunch of commit, then crash. I'm guessing there's a policy on the renderer job that blows it out of the sky before it's able to hit a nullptr return.

Interestingly I saw this WER dialog at least once, which seems to suggest that we leak, or can leak exceptions:

---------------------------
chrome.exe - Application Error
---------------------------
The exception unknown software exception (0xe0000008) occurred in the application at location 0x00007FFE241C3C58.


---------------------------
OK   Cancel   
---------------------------

Comment 4 by grt@chromium.org, Jul 26 2017 

I've seen WER from time to time. Bruce says to use this so that WER generates local dumps:

>type EnableCrashReporting.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpType"=dword:00000002

Comment 5 by siggi@chromium.org, Jul 27 2017

Owner: siggi@chromium.org

Comment 6 by siggi@chromium.org, Jul 27 2017 

Yups, this does seem to be the sandbox killing the processes when they exceed the job limits. This is about 2% of renderer deaths on stable, whereas the explicit out of memory code is ~28%.
The sandbox limits hit only on 64 bit builds, where they account for ~4.5% of renderer deaths.

Comment 7 by siggi@chromium.org, Jul 27 2017 

Yups, we set a 4G limit on renderers in 64 bit builds: https://cs.chromium.org/chromium/src/content/common/sandbox_win.cc?type=cs&q=SetJobMemoryLimit&l=576.

Comment 8 by siggi@chromium.org, Jul 27 2017

Summary: No crash dump captured on chrome://memory-exhaust on 64 bit builds (was: No crash dump captured on chrome://memory-exhaust)
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 27 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eef087dfaee3262c8378b97dfeabc8fafc7ae2bb

commit eef087dfaee3262c8378b97dfeabc8fafc7ae2bb
Author: Sigurdur Asgeirsson <siggi@chromium.org>
Date: Thu Jul 27 15:52:13 2017

Verify that the OOM new handler causes an unhandled exception.

Bug:  749159 
Change-Id: Ia677c3f22a22e4cfb1e30c8c3bcdef8c7203fa10
Reviewed-on: https://chromium-review.googlesource.com/587371
Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#489945}
[modify] https://crrev.com/eef087dfaee3262c8378b97dfeabc8fafc7ae2bb/base/process/memory_unittest.cc

Comment 10 by siggi@chromium.org, Sep 6 2017

Status: WontFix (was: Untriaged)
This is working as intended.

Sign in to add a comment