If you are running storm in a secure multi-tenant configuration, it would have the storm.cluster.user having a worker.launcher.group that is disjoint from all users' groups running processes in the cluster.
If a topology is submitted with JVM arguments having it do a heap dump on OOM, that dump will be created with the headless user having read permissions, and the group ownership will be correctly assigned to the worker.launcher.group, but all group read / write permissions will be off.
This will prevent the logviewer daemon from being able to serve the generated heap dump through the logviewer web interface. The heap dump will be in the drop down list to swich to, which would in turn trigger the download, but a 500 is returned because the logviewer does not have permission to read it.
For heap files generated through the UI, this is not a problem as permissions are set when the user triggers the heap dump.