Hello, I have tried but failed to reproduce the crash.  To get more information, could you please try these steps:

- Open DevTools, open the Settings menu from the small 3-dot menu in the top right, and click "Restore defaults and reload".  Does it still occur?

- Open an incognito tab (ctrl+shift+N), then perform the steps here.  Does it still occur?

- If you are the owner of the site, could you try to isolate any part of the Javascript that may be the cause?  Perhaps try to reproduce the bug after removing "then(() => animate(element, newCoordinate))", then try to reproduce after removing ".finished.then(() => animate(element, newCoordinate))" then try to reproduce after removing the entire line.

- Are you able to make a screen cast video of the steps before the tab crashes?

If all those fail to solve the problem, we will need more information provided to dig deeper:
http://www.chromium.org/for-testers/bug-reporting-guidelines/reporting-crash-bug#TOC-Mac

Thanks!

@luoe: It's caused by "Capture async stack traces" checkbox.

and see also: https://bugs.chromium.org/p/chromium/issues/detail?id=617539

Deleted: out.mp4 1.1 MB

out.mp4 1.1 MB Download

I could reproduce this crash on the latest canary(53.0.2761.2) on Mac OS 10.11.5 but couldn't repro on signed or unsigned build for the same chrome version.

Crash id: 64742adc00000000

Stack trace:
=============
Thread 0 CRASHED [EXC_BAD_INSTRUCTION / 0x00000001 @ 0x0000000108109f3f ] MAGIC SIGNATURE THREAD
0x0000000108109f3f	(Google Chrome Framework -V8PerIsolateData.cpp:48 )	blink::beforeCallEnteredCallback(v8::Isolate*)
0x00000001070e882c	(Google Chrome Framework -isolate.cc:2763 )	v8::internal::Isolate::FireBeforeCallEnteredCallback()
0x0000000106d117f1	(Google Chrome Framework -api.cc:184 )	v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*)
0x0000000106c1574f	(Google Chrome Framework -V8DebuggerImpl.cpp:528 )	blink::V8DebuggerImpl::callInternalGetterFunction(v8::Local<v8::Object>, char const*)
0x0000000106c157ab	(Google Chrome Framework -V8DebuggerImpl.cpp:572 )	blink::V8DebuggerImpl::handleV8AsyncTaskEvent(blink::V8DebuggerAgentImpl*, v8::Local<v8::Context>, v8::Local<v8::Object>, v8::Local<v8::Object>)
0x0000000106c1566f	(Google Chrome Framework -V8DebuggerImpl.cpp:565 )	blink::V8DebuggerImpl::handleV8DebugEvent(v8::Debug::EventDetails const&)
0x0000000106fca872	(Google Chrome Framework -debug.cc:1912 )	v8::internal::Debug::CallEventCallback(v8::DebugEvent, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::Debug::ClientData*)
0x0000000106fc9d1a	(Google Chrome Framework -debug.cc:1888 )	v8::internal::Debug::ProcessDebugEvent(v8::DebugEvent, v8::internal::Handle<v8::internal::JSObject>, bool)
0x0000000106fca0ab	(Google Chrome Framework -debug.cc:1861 )	v8::internal::Debug::OnAsyncTaskEvent(v8::internal::Handle<v8::internal::JSObject>)
0x0000000107243c96	(Google Chrome Framework -runtime-debug.cc:1735 )	v8::internal::Runtime_DebugAsyncTaskEvent(int, v8::internal::Object**, v8::internal::Isolate*)
0x00000824ec4063a6		
0x00000824ec56dffb		
0x00000824ec56dc51		
0x00000824ec56da97		
0x00000824ec442762		
0x00000824ec4267ce		
0x00000001070031aa	(Google Chrome Framework -execution.cc:98 )	v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>)
0x0000000107002faa	(Google Chrome Framework -execution.cc:154 )	v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)
0x0000000106d17884	(Google Chrome Framework -api.cc:6496 )	v8::Promise::Resolver::Resolve(v8::Local<v8::Context>, v8::Local<v8::Value>)
0x00000001080df05c	(Google Chrome Framework -ScriptPromisePropertyBase.cpp:99 )	blink::ScriptPromisePropertyBase::resolveOrReject(blink::ScriptPromisePropertyBase::State)
0x0000000107ab68da	(Google Chrome Framework -ScriptPromiseProperty.h:102 )	blink::Animation::PlayStateUpdateScope::~PlayStateUpdateScope()
0x0000000107ab6193	(Google Chrome Framework -Animation.cpp:978 )	blink::Animation::update(blink::TimingUpdateReason)
0x0000000107ab8ebd	(Google Chrome Framework -AnimationTimeline.cpp:159 )	blink::AnimationTimeline::serviceAnimations(blink::TimingUpdateReason)
0x000000010786fad4	(Google Chrome Framework -Document.cpp:1713 )	blink::Document::updateStyleAndLayoutTree()
0x00000001078730a8	(Google Chrome Framework -Document.cpp:1882 )	blink::Document::updateStyleAndLayout()
0x0000000107943e65	(Google Chrome Framework -EventHandler.cpp:607 )	blink::EventHandler::updateCursor()
0x0000000106ae8861	(Google Chrome Framework -Timer.cpp:136 )	blink::TimerBase::runInternal()
0x0000000106ae8952	(Google Chrome Framework -Timer.h:113 )	blink::TimerBase::CancellableTimerTask::run()
0x0000000108ef2251	(Google Chrome Framework -bind_internal.h:160 )	base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void (*)(std::__1::unique_ptr<blink::WebTaskRunner::Task, std::__1::default_delete<blink::WebTaskRunner::Task> >)>, void (std::__1::unique_ptr<blink::WebTaskRunner::Task, std::__1::default_delete<blink::WebTaskRunner::Task> >), base::internal::PassedWrapper<std::__1::unique_ptr<blink::WebTaskRunner::Task, std::__1::default_delete<blink::WebTaskRunner::Task> > > >, false, void ()>::Run(base::internal::BindStateBase*)
0x00000001055f735a	(Google Chrome Framework -callback.h:397 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
0x0000000108eea7a8	(Google Chrome Framework -task_queue_manager.cc:289 )	scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*)
0x0000000108ee9758	(Google Chrome Framework -task_queue_manager.cc:201 )	scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)
0x0000000108eeb978	(Google Chrome Framework -bind_internal.h:187 )	base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, void (scheduler::TaskQueueManager*, base::TimeTicks, bool), base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks&, bool>, true, void ()>::Run(base::internal::BindStateBase*)
0x00000001055f735a	(Google Chrome Framework -callback.h:397 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
0x0000000105619a9b	(Google Chrome Framework -message_loop.cc:475 )	base::MessageLoop::RunTask(base::PendingTask const&)
0x0000000105619dab	(Google Chrome Framework -message_loop.cc:484 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)
0x000000010561a38a	(Google Chrome Framework -message_loop.cc:639 )	base::MessageLoop::DoDelayedWork(base::TimeTicks*)
0x00000001055ec668	(Google Chrome Framework -message_pump_mac.mm:334 )	base::MessagePumpCFRunLoopBase::RunWork()
0x000000010560fbb9	(Google Chrome Framework + 0x0059dbb9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x00000001055ec053	(Google Chrome Framework -message_pump_mac.mm:306 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff90013880	(CoreFoundation + 0x000aa880 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff8fff2fbb	(CoreFoundation + 0x00089fbb )	__CFRunLoopDoSources0
0x00007fff8fff24de	(CoreFoundation + 0x000894de )	__CFRunLoopRun
0x00007fff8fff1ed7	(CoreFoundation + 0x00088ed7 )	CFRunLoopRunSpecific
0x00007fff8b9c7ed8	(Foundation + 0x00024ed8 )	-[NSRunLoop(NSRunLoop) runMode:beforeDate:]
0x00000001055ecccd	(Google Chrome Framework -message_pump_mac.mm:608 )	base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*)
0x00000001055ec4a3	(Google Chrome Framework -message_pump_mac.mm:238 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000105631990	(Google Chrome Framework -run_loop.cc:35 )	base::RunLoop::Run()
0x000000010561921c	(Google Chrome Framework -message_loop.cc:294 )	base::MessageLoop::Run()
0x0000000109a5051e	(Google Chrome Framework -renderer_main.cc:199 )	content::RendererMain(content::MainFunctionParams const&)
0x00000001055a810f	(Google Chrome Framework -content_main_runner.cc:787 )	content::ContentMainRunnerImpl::Run()
0x00000001055a7355	(Google Chrome Framework -content_main.cc:20 )	content::ContentMain(content::ContentMainParams const&)
0x0000000105074c69	(Google Chrome Framework -chrome_main.cc:84 )	ChromeMain
0x0000000104e0bd51	(Google Chrome Helper -chrome_exe_main_mac.c:87 )	main
0x0000000104e0bb33	(Google Chrome Helper + 0x00000b33 )	start

Cc'ing 	dcheng@ from Issue 590634 for more inputs on this.

Thank you!

Note: Issue seems to repro only when experimental web platform features flag is enabled.

Thanks l446240525@ and ajha@ for the awesome repro conditions!  I'm able to repro on Mac now.

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I amn't able to reproduce it in Chromium Canary 54.0.2837.0 on mac with "experimental web platform" flag and enabled async stacks.
I think it was fixed with last V8 changes related to async/await because it changed a code related to Runtime_DebugAsyncTaskEvent.

Feel free to reopen if you still able to reproduce it.