New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 813459 link

Starred by 1 user
Status: Assigned
Owner:
hpayer@chromium.org
Last visit > 30 days ago
Cc:
hpayer@chromium.org
haraken@chromium.org
erikc...@chromium.org
petermarshall@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Memory leak leading to OOM crash with paused stream.nbcolympics.com

Project Member Reported by pkasting@chromium.org, Feb 19 2018 
Chrome Version       : 66.0.3343.4
OS Version: 10.0

Crash IDs that are probably related to this:
52512f512f1d5a10
ccfebbebce8edaa9
d7b9f17ee6e41c29
ae616ebfecd1801f

(many more, I've crashed a couple dozen times due to this)

Steps to repro: visit stream.nbcolympics.com and watch any olympics stream.  Leave the stream paused for a couple of hours.  Renderer will crash every time.

Comment 1 by pkasting@chromium.org, Feb 23 2018

Components: Blink>JavaScript Blink>MemoryAllocator
Summary: Memory leak leading to OOM crash with paused stream.nbcolympics.com (was: Renderer crash with paused stream.nbcolympics.com)
Looking at the crash stack, this is some kind of OOM:

0x00007fff0ab3b998	(chrome_child.dll -v8initializer.cpp:92 )	blink::ReportOOMErrorInMainThread
0x00007fff09553761	(chrome_child.dll -api.cc:437 )	v8::Utils::ReportOOMFailure(char const *,bool)
0x00007fff0954cb40	(chrome_child.dll -api.cc:397 )	v8::internal::V8::FatalProcessOutOfMemory(char const *,bool)
0x00007fff08f428e1	(chrome_child.dll -partial-deserializer.cc:34 )	v8::internal::PartialDeserializer::Deserialize(v8::internal::Isolate *,v8::internal::Handle<v8::internal::JSGlobalProxy>,v8::DeserializeInternalFieldsCallback)
0x00007fff08586658	(chrome_child.dll -partial-deserializer.cc:22 )	v8::internal::PartialDeserializer::DeserializeContext(v8::internal::Isolate *,v8::internal::SnapshotData const *,bool,v8::internal::Handle<v8::internal::JSGlobalProxy>,v8::DeserializeInternalFieldsCallback)
0x00007fff0858658a	(chrome_child.dll -snapshot-common.cc:74 )	v8::internal::Snapshot::NewContextFromSnapshot(v8::internal::Isolate *,v8::internal::Handle<v8::internal::JSGlobalProxy>,unsigned __int64,v8::DeserializeInternalFieldsCallback)
0x00007fff0858621f	(chrome_child.dll -bootstrapper.cc:5468 )	v8::internal::Genesis::Genesis(v8::internal::Isolate *,v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>,v8::Local<v8::ObjectTemplate>,unsigned __int64,v8::DeserializeInternalFieldsCallback,v8::internal::GlobalContextType)
0x00007fff085860d1	(chrome_child.dll -bootstrapper.cc:314 )	v8::internal::Bootstrapper::CreateEnvironment(v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>,v8::Local<v8::ObjectTemplate>,v8::ExtensionConfiguration *,unsigned __int64,v8::DeserializeInternalFieldsCallback,v8::internal::GlobalContextType)
0x00007fff08585eea	(chrome_child.dll -api.cc:6358 )	v8::CreateEnvironment<v8::internal::Context>
0x00007fff08585da3	(chrome_child.dll -api.cc:6395 )	v8::NewContext(v8::Isolate *,v8::ExtensionConfiguration *,v8::MaybeLocal<v8::ObjectTemplate>,v8::MaybeLocal<v8::Value>,unsigned __int64,v8::DeserializeInternalFieldsCallback)
0x00007fff087546f4	(chrome_child.dll -api.cc:6424 )	v8::Context::FromSnapshot(v8::Isolate *,unsigned __int64,v8::DeserializeInternalFieldsCallback,v8::ExtensionConfiguration *,v8::MaybeLocal<v8::Value>)
0x00007fff087551fd	(chrome_child.dll -v8contextsnapshot.cpp:139 )	blink::V8ContextSnapshot::CreateContextFromSnapshot(v8::Isolate *,blink::DOMWrapperWorld const &,v8::ExtensionConfiguration *,v8::Local<v8::Object>,blink::Document *)
0x00007fff08754f73	(chrome_child.dll -localwindowproxy.cpp:217 )	blink::LocalWindowProxy::CreateContext()
0x00007fff08754ae8	(chrome_child.dll -localwindowproxy.cpp:137 )	blink::LocalWindowProxy::Initialize()
0x00007fff086ff893	(chrome_child.dll -windowproxy.cpp:155 )	blink::WindowProxy::InitializeIfNeeded()
0x00007fff086ff82e	(chrome_child.dll -tov8forcore.cpp:37 )	blink::ToV8(blink::DOMWindow *,v8::Local<v8::Object>,v8::Isolate *)
0x00007fff0882309b	(chrome_child.dll -v8htmliframeelement.cpp:287 )	blink::HTMLIFrameElementV8Internal::contentDocumentAttributeGetter

Not sure which group triages this, tagging with a couple relevant-seeming components.

And indeed, looking at he Chrome task manager, I see steady growth of tabs from stream.nbcolympics.com -- one I'm looking at is growing at about 50KB/min.

Comment 2 by hablich@chromium.org, Feb 26 2018

Cc: haraken@chromium.org hpayer@chromium.org petermarshall@chromium.org
The videos are not accessible in Germany, so it will be difficult to get any feedback from V8.

Can you attach a trace?

Comment 3 by hablich@chromium.org, Feb 26 2018

Cc: erikc...@chromium.org

Comment 4 by pkasting@chromium.org, Feb 26 2018 

I tried to capture a trace of a few seconds while a tab was playing one of these videos (and allocating memory all the time).

I wasn't sure which categories to capture, so I'm not sure if this is sufficient info.  I also had many other tabs open, but the rest should have generally been quiescent.
trace_Mon_Feb_26_2018_8.02.30_AM.json.gz
8.7 MB Download

Comment 5 by hablich@chromium.org, Feb 27 2018

Owner: hpayer@chromium.org
Status: Assigned (was: Untriaged)
thanks, assigning to mem sheriff for further investigation.

Sign in to add a comment