"Aw, snap" OOM in heap setup |
|||||||||||||||||
Issue descriptionChrome Version : 62.0.3202.75 OS Version: goobuntu Trusty URLs (if applicable) : http://downdetector.com/status/level3/map/ Other browsers tested: chromium master (4c400da) What steps will reproduce the problem? 1. Open the provided link 2. Wait a few seconds 3. What is the expected result? The page loads What happens instead of that? I get an "Aw, Snap!" coming from v8::internal::Heap::SetUp (https://cs.chromium.org/chromium/src/v8/src/heap/heap.cc?l=5393&rcl=42e0a23fb3b83936c8a2fde9a9dc0484189f3bd3) Please provide any additional information below. Attach a screenshot if possible. UserAgentString: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36 This reproduces with --user-data-dir pointing to an empty directory. I built chromium with the following gn args: use_goma=true is_official_build=true is_component_build=false is_debug=false
,
Nov 7 2017
Unable to reproduce the issue on Ubuntu 14.04, Win-10 and mac 10.12.6 using chrome stable #62.0.3202.75 and latest dev #64.0.3253.3 Attached a screen cast for reference. Following are the steps followed to reproduce the issue. ------------ 1. Opened the URL: http://downdetector.com/status/level3/map/ 2. Waited for a minute. 3. Observed that the page loaded without any issues. nharper@ - Could you please check the issue on latest dev #64.0.3253.3 by creating a new profile without any apps and extensions and please let us know if the issue still persist or not. Thanks...!!
,
Nov 7 2017
Attached is a video of it reproducing on 64.0.3253.3 in a fresh profile.
,
Nov 7 2017
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 8 2017
Unable to reproduce the issue on Ubuntu 14.04 trusty using chrome latest dev #64.0.3260.2 and latest beta #63.0.3239.30. Following are the steps followed to reproduce the issue. ------------ 1. Created an empty folder and launched chrome browser using the command google-chrome-unstable --user-data-dir=/home/krajshree/Desktop/var http://downdetector.com/status/level3/map/ 2. Observed that the page loaded without any issues. Could anyone from Blink>JavaScript team please help us in triaging the issue as the issue is not reproducible from TE-end. Hence, removing the Needs-Bisect label. Please feel free to add the same if required. Thanks...!!
,
Nov 14 2017
Could some one from Blink>JavaScript team please look in to this issue. Thank you!
,
Nov 14 2017
Adding this week's memory sheriffs for investigation.
,
Nov 14 2017
I got the Oh Snap right on visiting the page, wow. Building chrome to investigate.
,
Nov 14 2017
I see the call to sysconf(pages_name) in AmountOfMemory() (sys_info_linux.cc:27) returns -1, which isn't expected. There is an old bug and CL where it's pointed out that some versions of linux can't correctly return information in this function. Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=472701 "sys_info_linux.cc:AmountOfMemory uses non-standard sysconf values" CL: https://codereview.chromium.org/1050233002/ (to fix it).
,
Nov 14 2017
Hi Stephen, This bug is an instance of crbug.com/472701, for which you made a fix CL in the past. Maybe you should land that. I'll send it over to you as it's not in the V8 code. Thanks!
,
Nov 14 2017
Sorry about that, the *main issue* here is likely an interaction between the sandbox and a large allocation on the web page. I will keep the investigation assigned to me for now while diagnosing.
,
Nov 14 2017
Hi Eric, we found an interaction between the sandbox and starting chrome with this webpage. If you have the feature WebAssemblyTrapHandler on, then you'll get the crash described (ignore the side issue in the comments above about AmountOfMemory()). In sandbox_linux.cc, there is special code to limit address_space_limit_max to 4 terabytes if the wasm trap handler is enabled. Unfortunately it is not enough. Can you address?
,
Nov 14 2017
,
Nov 14 2017
I don't think this is related to trap handlers. I just built master and got a crash both with and without trap handlers. I added logging in the routine the allocates Wasm buffers and this logging did not run, so it seems the page is not using Wasm. Bill, is there any chance your memory allocation changes are related? It looks like this started in 62, which is probably too early for your changes.
,
Nov 14 2017
Yes, M62 branched on 8/31 which is well before my changes to base/platform. I had made some changes in allocation.cc, as well as adding a OnCriticalMemoryPressure handler to the v8::Platform API. This was to make it possible to reserve address space on Win32 systems. That wouldn't be happening on Linux of course.
,
Dec 15 2017
I'm getting what looks like the same behavior (I haven't dug into it, but I see v8::internal::V8::FatalProcessOutOfMemory in the stacktrace) when visiting http://sftransitriders.org/lrv4/. (I just tested on a debug build of tip of tree at 80a699904010b720a7065c18e43b5552e5719de5 (near 65.0.3296.0).) I noticed that both of the pages where this happens have some sort of custom google map embedded in them - I don't know if that's useful information for this bug.
,
Dec 15 2017
I didn't look closely enough at that last link - it has an openstreetmap map, not google maps.
,
Dec 12
|
|||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||
Comment 1 by manoranj...@chromium.org
, Nov 6 2017Labels: Needs-Bisect Needs-Triage-M62 Hotlist-Google