serenity
serenity copied to clipboard
SerenityOS
Mysteriously spawns LoginServer after memory exhaustion in Ladybird
Not sure if it's related to Ladybird or only memory exhaustion.
Minimum reproducible html (in fact, every html page that uses a lot of memory can reproduce):
<html>
<script>
var test = [];
while(true) {test[test.length] = Math.random() * Math.random() * 123;}
</script>
</html>
Reproduce steps:
- Open html above in Ladybird and wait
- Warnings from MM in WebContent:
37.908 [#0 WebContent(56:56)]: MM: Unable to commit 76416 pages, have only 76103
- WebContent crashes with the following, among with other crashes of OOM:
38.116 WebContent(56): VERIFICATION FAILED: !_temporary_result.is_error() at ././AK/Vector.h:728
38.123 [WebContent(56:56)]: CRASH: CPU #0 Illegal instruction in userspace
38.123 [#0 WebContent(56:56)]: Exception code: 0000 (isr: 0000)
38.123 [#0 WebContent(56:56)]: pc=0x0023:0x0000000fcf437e38 rflags=0x0000000000010202
38.123 [#0 WebContent(56:56)]: stack=0x000000124d2517a0 fs=0x00000007d252f000 gs=0x0000002027435120
38.123 [#0 WebContent(56:56)]: rax=0x0000000000000000 rbx=0x000000000254f401 rcx=0x00000011d527e02b rdx=0x000000124d251648
38.123 [#0 WebContent(56:56)]: rbp=0x000000124d2517e0 rsp=0x0000002011fbfed0 rsi=0x000000124d251648 rdi=0x0000000000000077
38.123 [#0 WebContent(56:56)]: r8=0x0000000000000076 r9=0x0000000000000000 r10=0x0000000144aac1e8 r11=0x0000000000000202
38.123 [#0 WebContent(56:56)]: r12=0x00000012644667d8 r13=0x000000000254f600 r14=0x0000000012a7a008 r15=0x0000000000000000
38.123 [#0 WebContent(56:56)]: cr0=0x0000000080010013 cr2=0x000000200eadc000 cr3=0x000000001312e000 cr4=0x0000000000340ee0
38.123 [#0 WebContent(56:56)]: 0x0000000fcf437e38 (?)
38.123 [#0 WebContent(56:56)]: Kernel backtrace:
38.123 [#0 WebContent(56:56)]: Kernel + 0x0000000001358ee5 Kernel::Process::crash(int, AK::Optional<Kernel::RegisterState const&>, bool) +0x2c5
38.123 [#0 WebContent(56:56)]: Kernel + 0x00000000012ddce6 Kernel::handle_crash(Kernel::RegisterState const&, char const*, int, bool) +0x7e6
38.123 [#0 WebContent(56:56)]: Kernel + 0x000000000150ecc0 illegal_instruction_asm_entry +0x30
38.183 [#0 Finalizer Task(5:5)]: Generating coredump for pid: 56
38.188 CrashDaemon(33): New coredump file: /tmp/coredump/WebContent_56_1708093346
38.446 Browser(54): WebContent process crashed!
- Reload the page, WebContent and SystemServer should crash with:
64.361 WebContent(62): VERIFICATION FAILED: parent_policy_container.has_value() at ./Userland/Libraries/LibWeb/HTML/Navigable.cpp:522
64.366 [WebContent(62:62)]: CRASH: CPU #0 Illegal instruction in userspace
64.366 [#0 WebContent(62:62)]: Exception code: 0000 (isr: 0000)
64.366 [#0 WebContent(62:62)]: pc=0x0023:0x0000000641bebe38 rflags=0x0000000000010202
64.366 [#0 WebContent(62:62)]: stack=0x0000001460568dd0 fs=0x000000114c623000 gs=0x0000002027435120
64.366 [#0 WebContent(62:62)]: rax=0x0000000000000000 rbx=0x0000000ca6c0c040 rcx=0x0000000618a0602b rdx=0x0000001460568c78
64.366 [#0 WebContent(62:62)]: rbp=0x0000001460568e10 rsp=0x0000002011f9fea0 rsi=0x0000001460568c78 rdi=0x000000000000009c
64.366 [#0 WebContent(62:62)]: r8=0x000000000000009b r9=0x0000000000000000 r10=0x0000000c35db11c8 r11=0x0000000000000216
64.366 [#0 WebContent(62:62)]: r12=0x0000001460569450 r13=0x00000005aa1b0130 r14=0x0000001460569a10 r15=0x0000001460568e30
64.366 [#0 WebContent(62:62)]: cr0=0x0000000080010013 cr2=0x0000000c35db11c8 cr3=0x000000003d9c5000 cr4=0x0000000000340ee0
64.366 [#0 WebContent(62:62)]: 0x0000000641bebe38 (?)
64.366 [#0 WebContent(62:62)]: Kernel backtrace:
64.366 [#0 WebContent(62:62)]: Kernel + 0x0000000001358ee5 Kernel::Process::crash(int, AK::Optional<Kernel::RegisterState const&>, bool) +0x2c5
64.366 [#0 WebContent(62:62)]: Kernel + 0x00000000012ddce6 Kernel::handle_crash(Kernel::RegisterState const&, char const*, int, bool) +0x7e6
64.366 [#0 WebContent(62:62)]: Kernel + 0x000000000150ecc0 illegal_instruction_asm_entry +0x30
64.409 [#0 Finalizer Task(5:5)]: Generating coredump for pid: 62
64.554 Browser(54): WebContent process crashed!
64.563 [SystemServer(23:23)]: Ext2FSInode[1:60297]::read_bytes(): Failed to read block 197127 (index 0)
64.563 [#0 SystemServer(23:23)]: Unrecoverable page fault, read from address V0x0000000000000000
64.568 [#0 SystemServer(23:23)]: Note: Address V0x0000000000000000 looks like a possible nullptr dereference
64.571 [SystemServer(23:23)]: CRASH: CPU #0 Page Fault in userspace
64.571 [#0 SystemServer(23:23)]: Exception code: 0004 (isr: 0000)
64.576 [#0 SystemServer(23:23)]: pc=0x0023:0x0000001015b9d732 rflags=0x0000000000010246
64.576 [#0 SystemServer(23:23)]: stack=0x0000001cab8acf78 fs=0x00000004d5db8000 gs=0x0000002027435120
64.584 [#0 SystemServer(23:23)]: rax=0x0000000000000000 rbx=0x0000000000000000 rcx=0x0000001b275f0130 rdx=0x0000000000000001
64.588 [#0 SystemServer(23:23)]: rbp=0x0000001cab8ad000 rsp=0x0000002000ad8e70 rsi=0x0000000000000017 rdi=0x0000000000000000
64.593 [#0 SystemServer(23:23)]: r8=0x000000041bd80830 r9=0x0000000000000010 r10=0x0000000000000007 r11=0x0000000000000246
64.593 [#0 SystemServer(23:23)]: r12=0x0000000000000400 r13=0x0000001015c937a0 r14=0x0000001015c93ba0 r15=0x0000000000000000
64.602 [#0 SystemServer(23:23)]: cr0=0x0000000080010013 cr2=0x0000000000000000 cr3=0x000000000a3c0000 cr4=0x0000000000340ee0
64.605 [#0 SystemServer(23:23)]: 0x0000001015b9d732 (?)
64.605 [#0 SystemServer(23:23)]: Kernel backtrace:
64.609 [#0 SystemServer(23:23)]: Kernel + 0x0000000001358ee5 Kernel::Process::crash(int, AK::Optional<Kernel::RegisterState const&>, bool) +0x2c5
64.613 [#0 SystemServer(23:23)]: Kernel + 0x00000000012ddce6 Kernel::handle_crash(Kernel::RegisterState const&, char const*, int, bool) +0x7e6
64.619 [#0 SystemServer(23:23)]: Kernel + 0x0000000000019883 Kernel::PageFault::handle(Kernel::RegisterState&) +0xbb3
64.622 [#0 SystemServer(23:23)]: Kernel + 0x0000000001510fc0 page_fault_handler +0x110
64.622 [#0 SystemServer(23:23)]: Kernel + 0x000000000150edd6 page_fault_asm_entry +0x36
64.630 [#0 Finalizer Task(5:5)]: Generating coredump for pid: 23
64.638 Browser(54): WebContent process crashed!
- Browser crashes with the following and LoginServer spawns:
64.638 Browser(54): WebContent process crashed!
64.643 Browser(54): VERIFICATION FAILED: !is_error() at ././AK/Error.h:202
64.643 [Browser(54:54)]: CRASH: CPU #0 Illegal instruction in userspace
64.643 [#0 Browser(54:54)]: Exception code: 0000 (isr: 0000)
64.643 [#0 Browser(54:54)]: pc=0x0023:0x0000001b238c6e38 rflags=0x0000000000010202
64.643 [#0 Browser(54:54)]: stack=0x0000001e98876230 fs=0x00000018a734f000 gs=0x0000002027435120
64.643 [#0 Browser(54:54)]: rax=0x0000000000000000 rbx=0x00000007adf2ceb0 rcx=0x0000001be315a02b rdx=0x0000001e988760d8
64.643 [#0 Browser(54:54)]: rbp=0x0000001e98876270 rsp=0x0000002011d6ff00 rsi=0x0000001e988760d8 rdi=0x0000000000000061
64.643 [#0 Browser(54:54)]: r8=0x0000000000000060 r9=0x0000000000000000 r10=0x0000000bbb4aa6f0 r11=0x0000000000000206
64.643 [#0 Browser(54:54)]: r12=0x0000001e98876340 r13=0x0000001e98876388 r14=0x0000000000000001 r15=0x00000007adf2bfe0
64.643 [#0 Browser(54:54)]: cr0=0x0000000080010013 cr2=0x0000002000adc000 cr3=0x0000000011c10000 cr4=0x0000000000340ee0
64.643 [#0 Browser(54:54)]: 0x0000001b238c6e38 (?)
64.643 [#0 Browser(54:54)]: Kernel backtrace:
64.643 [#0 Browser(54:54)]: Kernel + 0x0000000001358ee5 Kernel::Process::crash(int, AK::Optional<Kernel::RegisterState const&>, bool) +0x2c5
64.643 [#0 Browser(54:54)]: Kernel + 0x00000000012ddce6 Kernel::handle_crash(Kernel::RegisterState const&, char const*, int, bool) +0x7e6
64.643 [#0 Browser(54:54)]: Kernel + 0x000000000150ecc0 illegal_instruction_asm_entry +0x30
64.686 [#0 Finalizer Task(5:5)]: Generating coredump for pid: 54
If the WindowServer crashes, and the LoginServer for your user session crashes, we'll just restart a new login session (and new LoginServer). So, I wouldn't call the cascading OOM failure 'mysterious'. Simply... unfortunate that so many things end up crashing before we kill the OOM-ing Ladybird process.
Not sure if keeping this issue is useful; feel free to reopen.
