Issue 668927 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Nov 2016
Components:	Platform>Extensions
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	1
Type:	Bug

Canary: New "Aw Snap" on Reddit w/ Reddit Enhancement Suite.

Project Member Reported by d...@chromium.org, Nov 28 2016

Issue description

Chrome Version       : 57.0.2934.0 (Official Build) canary (64-bit)
URL : https://www.reddit.com/
Since you're following links, I recommend picking an "a-roo" thread and following it: https://www.reddit.com/r/switcharoo/
Behavior in Safari 4.x/5.x: Doesn't "Aw Snap"
Behavior in Firefox 3.x/4.x: Same
Experienced on: Mac OSX: 10.12.1 (16B2555)

What steps will reproduce the problem?
(1) Install Reddit Enhancement Suite (5.0.3): kbmfpngjjgdllneeigpgjifpgocmfgmb
(2) Click through a bunch of Reddit links, maybe open some tabs.
(3) All Reddit tabs die with "Aw Snap" within ~10 clicks.

Not sure if this is a Chromium bug, or if "Aw Snap" can solely be the extension's fault. However, this *does not* crash on stable, so it seems worth reporting. Putting under "Extensions" b/c I can't reproduce when Reddit Enhancement Suite is disabled, and marking P1 b/c this doesn't crash on stable. Feel free to adjust :)

Comment 1 by ajha@chromium.org, Nov 28 2016

Mergedinto: 668060
Status: Duplicate (was: Unconfirmed)

I was able to reproduce the crash twice on the latest canary(57.0.2935.0) on Mac OS 10.11.6. 

Crash id : b1fbf10f00000000.

Stack trace:
============
Thread 0 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x605020c8 ] MAGIC SIGNATURE THREAD
Stack Quality65%Show frame trust levels
0x000000010eb796f1	(Google Chrome Framework -marking.h:39 )	v8::internal::Heap::RegisterExternallyReferencedObject(v8::internal::Object**)
0x0000000112bb9366	(Google Chrome Framework -TraceTraits.h:52 )	blink::TraceTrait<blink::DOMWindow>::markWrapper(blink::WrapperVisitor const*, void const*)
0x000000011298e344	(Google Chrome Framework -ScriptWrappableVisitor.h:43 )	blink::ScriptWrappableVisitor::AdvanceTracing(double, v8::EmbedderHeapTracer::AdvanceTracingActions)
0x000000010eb8e7c6	(Google Chrome Framework -mark-compact.cc:2155 )	v8::internal::MarkCompactCollector::ProcessEphemeralMarking(v8::internal::ObjectVisitor*, bool)
0x000000010eb89a66	(Google Chrome Framework -mark-compact.cc:2504 )	v8::internal::MarkCompactCollector::MarkLiveObjects()
0x000000010eb88dbd	(Google Chrome Framework -mark-compact.cc:304 )	v8::internal::MarkCompactCollector::CollectGarbage()
0x000000010eb67fd2	(Google Chrome Framework -heap.cc:1443 )	v8::internal::Heap::MarkCompact()
0x000000010eb668be	(Google Chrome Framework -heap.cc:1315 )	v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags)
0x000000010eb65ca2	(Google Chrome Framework -heap.cc:997 )	v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, v8::internal::GarbageCollectionReason, char const*, v8::GCCallbackFlags)
0x000000010eb67e74	(Google Chrome Framework -counters.h:160 )	v8::internal::Heap::ReserveSpace(v8::internal::List<v8::internal::Heap::Chunk, v8::internal::FreeStoreAllocationPolicy>*, v8::internal::List<unsigned char*, v8::internal::FreeStoreAllocationPolicy>*)
0x000000010eea736e	(Google Chrome Framework -deserializer.cc:59 )	v8::internal::Deserializer::DeserializePartial(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSGlobalProxy>)
0x000000010eeae795	(Google Chrome Framework -snapshot-common.cc:66 )	v8::internal::Snapshot::NewContextFromSnapshot(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSGlobalProxy>, unsigned long)
0x000000010e7ecd69	(Google Chrome Framework -bootstrapper.cc:4391 )	v8::internal::Genesis::Genesis(v8::internal::Isolate*, v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>, v8::Local<v8::ObjectTemplate>, v8::ExtensionConfiguration*, unsigned long, v8::internal::GlobalContextType)
0x000000010e7d14a7	(Google Chrome Framework -bootstrapper.cc:4356 )	v8::internal::Bootstrapper::CreateEnvironment(v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>, v8::Local<v8::ObjectTemplate>, v8::ExtensionConfiguration*, unsigned long, v8::internal::GlobalContextType)
0x000000010e784688	(Google Chrome Framework -api.cc:6081 )	v8::NewContext(v8::Isolate*, v8::ExtensionConfiguration*, v8::MaybeLocal<v8::ObjectTemplate>, v8::MaybeLocal<v8::Value>, unsigned long)
0x00000001129b7a92	(Google Chrome Framework -WindowProxy.cpp:344 )	blink::WindowProxy::createContext()
0x00000001129b74de	(Google Chrome Framework -WindowProxy.cpp:245 )	blink::WindowProxy::initialize()
0x0000000112975082	(Google Chrome Framework -ScriptController.cpp:182 )	blink::ScriptController::windowProxy(blink::DOMWrapperWorld&)
0x00000001129974f3	(Google Chrome Framework -ToV8.cpp:30 )	blink::toV8(blink::DOMWindow*, v8::Local<v8::Object>, v8::Isolate*)
0x0000000112bb84b8	(Google Chrome Framework -V8Binding.h:345 )	blink::DOMWindowV8Internal::indexedPropertyGetterCallback(unsigned int, v8::PropertyCallbackInfo<v8::Value> const&)
0x000000010ebf0d02	(Google Chrome Framework -api-arguments-inl.h:56 )	v8::internal::PropertyCallbackArguments::Call(void (*)(unsigned int, v8::PropertyCallbackInfo<v8::Value> const&), unsigned int)
0x000000010ec7457b	(Google Chrome Framework -objects.cc:1597 )	v8::internal::(anonymous namespace)::GetPropertyWithInterceptorInternal(v8::internal::LookupIterator*, v8::internal::Handle<v8::internal::InterceptorInfo>, bool*)
0x000000010ec718d8	(Google Chrome Framework -objects.cc:16228 )	v8::internal::JSObject::GetPropertyWithInterceptor(v8::internal::LookupIterator*, bool*)
0x000000010ec71339	(Google Chrome Framework -objects.cc:1010 )	v8::internal::Object::GetProperty(v8::internal::LookupIterator*)
0x000000010edeae97	(Google Chrome Framework -runtime-object.cc:34 )	<name omitted>
0x000000010ebe319e	(Google Chrome Framework -ic.cc:1697 )	v8::internal::KeyedLoadIC::Load(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)
0x000000010ebe9016	(Google Chrome Framework -ic.cc:2702 )	v8::internal::Runtime_KeyedLoadIC_Miss(int, v8::internal::Object**, v8::internal::Isolate*)
0x000003928bc843a6		
0x000003928bcfd7cf		
0x000003928bcf2697		
0x000003928bc85cd4		
0x000003928bd07c79		
0x000003928bcf2697		
0x000003928bd07c79		
0x000003928bcf2697		
0x000003928bd07c79		
0x000003928bcf2697		
0x000003928bd07619		
0x000003928bcf2697		
0x000003928bcf1d62		
0x000003928bcb82a0		
0x000000010eb25e5f	(Google Chrome Framework -execution.cc:139 )	v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>)
0x000000010eb25bb8	(Google Chrome Framework -execution.cc:176 )	<name omitted>
0x000000010e773806	(Google Chrome Framework -api.cc:1946 )	v8::Script::Run(v8::Local<v8::Context>)
0x00000001129aff94	(Google Chrome Framework -V8ScriptRunner.cpp:524 )	blink::V8ScriptRunner::runCompiledScript(v8::Isolate*, v8::Local<v8::Script>, blink::ExecutionContext*)
0x0000000112974d16	(Google Chrome Framework -ScriptController.cpp:156 )	blink::ScriptController::executeScriptAndReturnValue(v8::Local<v8::Context>, blink::ScriptSourceCode const&, blink::AccessControlStatus)
0x0000000112975f17	(Google Chrome Framework -ScriptController.cpp:429 )	blink::ScriptController::evaluateScriptInMainWorld(blink::ScriptSourceCode const&, blink::AccessControlStatus, blink::ScriptController::ExecuteScriptPolicy)
0x000000011297603d	(Google Chrome Framework -ScriptController.cpp:402 )	blink::ScriptController::executeScriptInMainWorld(blink::ScriptSourceCode const&, blink::AccessControlStatus)
0x0000000112e3e626	(Google Chrome Framework -ScriptLoader.cpp:548 )	blink::ScriptLoader::doExecuteScript(blink::ScriptSourceCode const&)
0x0000000112e3e7f1	(Google Chrome Framework -ScriptLoader.cpp:433 )	blink::ScriptLoader::execute()
0x0000000112e3ef93	(Google Chrome Framework -Deque.h:516 )	blink::ScriptRunner::executeTask()
0x000000010fda53a0	(Google Chrome Framework -callback.h:68 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x00000001127e3861	(Google Chrome Framework -task_queue_manager.cc:358 )	blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*)
0x00000001127e219c	(Google Chrome Framework -task_queue_manager.cc:250 )	blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)
0x000000010fda53a0	(Google Chrome Framework -callback.h:68 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000000010fdc934a	(Google Chrome Framework -message_loop.cc:413 )	base::MessageLoop::RunTask(base::PendingTask*)
0x000000010fdc969b	(Google Chrome Framework -message_loop.cc:422 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x000000010fdc9a52	(Google Chrome Framework -message_loop.cc:515 )	base::MessageLoop::DoWork()
0x000000010fdcc04c	(Google Chrome Framework -message_pump_mac.mm:302 )	base::MessagePumpCFRunLoopBase::RunWork()
0x000000010fdbe2a9	(Google Chrome Framework + 0x019482a9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x000000010fdcbac3	(Google Chrome Framework -message_pump_mac.mm:278 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8141d4b0	(CoreFoundation + 0x000a74b0 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff813fe61c	(CoreFoundation + 0x0008861c )	__CFRunLoopDoSources0
0x00007fff813fdb15	(CoreFoundation + 0x00087b15 )	__CFRunLoopRun
0x00007fff813fd513	(CoreFoundation + 0x00087513 )	CFRunLoopRunSpecific
0x00007fff82dfacb1	(Foundation + 0x00022cb1 )	-[NSRunLoop(NSRunLoop) runMode:beforeDate:]
0x000000010fdcc70d	(Google Chrome Framework -message_pump_mac.mm:580 )	base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*)
0x000000010fdcbf0b	(Google Chrome Framework -message_pump_mac.mm:210 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x000000010fde9882	(Google Chrome Framework -run_loop.cc:35 )	base::RunLoop::Run()
0x0000000113b76ad2	(Google Chrome Framework -renderer_main.cc:200 )	content::RendererMain(content::MainFunctionParams const&)
0x000000010f933bf0	(Google Chrome Framework -content_main_runner.cc:775 )	content::ContentMainRunnerImpl::Run()
0x000000010f932e65	(Google Chrome Framework -content_main.cc:20 )	content::ContentMain(content::ContentMainParams const&)
0x000000010e47904b	(Google Chrome Framework -chrome_main.cc:108 )	ChromeMain
0x000000010e43eda9	(Google Chrome Helper -chrome_exe_main_mac.c:85 )	main
0x00007fff964c8254	(libdyld.dylib + 0x00005254 )	start

Based on the stack track comparison this looks similar to Issue 668060, hence merging into that.

►

Issue 668927 link

Issue metadata

Canary: New "Aw Snap" on Reddit w/ Reddit Enhancement Suite.

Issue description

Comment 1 by ajha@chromium.org, Nov 28 2016

Comment 1 Deleted

Sign in to add a comment