New issue
Advanced search Search tips

Issue 826697 link

Starred by 2 users
Status: Assigned
Owner:
u...@chromium.org
Cc:
bmeu...@chromium.org
alph@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Heap snapshot generation crashes for large heaps

Project Member Reported by u...@chromium.org, Mar 28 2018 
Steps to reproduce:
1) Make the JS heap large >1.5GB. (I duplicated gmail tab 10x times)
2) Take snapshot.
3) Crash.

Looks like we are hitting the malloc limit while expanding the hash table of heap snapshot entries:

#0 0x7fda72f20abc base::debug::StackTrace::StackTrace()
#1 0x7fda72f20621 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fda730340c0 <unknown>
#3 0x7fda6855dfcf gsignal
#4 0x7fda6855f3fa abort
#5 0x7fda72f1d285 base::debug::BreakDebugger()
#6 0x7fda72f41462 logging::LogMessage::~LogMessage()
#7 0x7fda72f6b165 base::(anonymous namespace)::OnNoMemory()
#8 0x7fda72fda022 GlibcMallocHook
#9 0x7fda6da7951e v8::base::TemplateHashMapImpl<>::Resize()
#10 0x7fda6df21546 v8::internal::HeapObjectsMap::FindOrAddEntry()
#11 0x7fda6df22fe2 v8::internal::V8HeapExplorer::AddEntry()
#12 0x7fda6df227ae v8::internal::V8HeapExplorer::AddEntry()
#13 0x7fda6df22659 v8::internal::V8HeapExplorer::AllocateEntry()
#14 0x7fda6df2884d v8::internal::SnapshotFiller::FindOrAddEntry()
#15 0x7fda6df294ba v8::internal::V8HeapExplorer::IterateAndExtractSinglePass<>()
#16 0x7fda6df2909f v8::internal::V8HeapExplorer::IterateAndExtractReferences()
#17 0x7fda6df2fb1b v8::internal::HeapSnapshotGenerator::GenerateSnapshot()
#18 0x7fda6df1f800 v8::internal::HeapProfiler::TakeSnapshot()
#19 0x7fda6e16a928 v8_inspector::V8HeapProfilerAgentImpl::takeHeapSnapshot()
#20 0x7fda6e130137 v8_inspector::protocol::HeapProfiler::DispatcherImpl::takeHeapSnapshot()
#21 0x7fda6e122a14 v8_inspector::protocol::Console::DispatcherImpl::dispatch()
#22 0x7fda6e11cc12 v8_inspector::protocol::UberDispatcher::dispatch()
#23 0x7fda6e17494d v8_inspector::V8InspectorSessionImpl::dispatchProtocolMessage()
#24 0x7fda6ceb66ff blink::InspectorSession::DispatchProtocolMessage()
#25 0x7fda6bc70280 blink::mojom::blink::DevToolsSessionStubDispatch::Accept()
#26 0x7fda72267de5 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnProxyThread()
#27 0x7fda72266419 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEJ13scoped_refptrIS5_ENS0_13PassedWrapperIS7_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#28 0x7fda72f2137d base::debug::TaskAnnotator::RunTask()
#29 0x7fda6bb98b82 blink::scheduler::internal::ThreadControllerImpl::DoWork()
#30 0x7fda72f2137d base::debug::TaskAnnotator::RunTask()
#31 0x7fda72f486b7 base::MessageLoop::RunTask()
#32 0x7fda72f48c27 base::MessageLoop::DoWork()
#33 0x7fda72f4978a base::MessagePumpDefault::Run()
#34 0x7fda72f72775 base::RunLoop::Run()
#35 0x7fda711cd230 content::RendererMain()
#36 0x7fda712e64c9 content::RunZygote()
#37 0x7fda712e7638 content::ContentMainRunnerImpl::Run()
#38 0x7fda733fe4a4 service_manager::Main()
#39 0x7fda712e6224 content::ContentMain()
#40 0x5620aa1f81b3 ChromeMain
#41 0x7fda6854b2b1 __libc_start_main
#42 0x5620aa1f802a _start
  r8: 0000000000000000  r9: 00007ffd20666aa0 r10: 0000000000000008 r11: 0000000000000246
 r12: 00007ffd20667198 r13: 0000000000000041 r14: 00007ffd206671a0 r15: 00007ffd20666d39
  di: 0000000000000002  si: 00007ffd20666aa0  bp: 00007ffd20666ce0  bx: 0000000000000006
  dx: 0000000000000000  ax: 0000000000000000  cx: 00007fda6855dfcf  sp: 00007ffd20666b18
  ip: 00007fda6855dfcf efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Comment 1 by pfeldman@chromium.org, Dec 3

Components: -Platform>DevTools>Memory Blink>JavaScript

Sign in to add a comment