EXC_BAD_INSTRUCTION In V8 / blink::WindowProxy::updateDocumentProperty() |
||||
Issue descriptionChrome Version : 54.0.2840.98 OS Version: OS X 10.11.6 From: crash/1ed8777f00000000 0x000000010878dcac (Google Chrome Framework -v8.h:8435 ) blink::WindowProxy::updateDocumentProperty() 0x000000010878cd44 (Google Chrome Framework -WindowProxy.cpp:514 ) blink::WindowProxy::initialize() 0x000000010874a7a2 (Google Chrome Framework -ScriptController.cpp:182 ) blink::ScriptController::windowProxy(blink::DOMWrapperWorld&) 0x000000010876cc13 (Google Chrome Framework -ToV8.cpp:30 ) blink::toV8(blink::DOMWindow*, v8::Local<v8::Object>, v8::Isolate*) 0x0000000108995749 (Google Chrome Framework -V8Binding.h:345 ) blink::HTMLIFrameElementV8Internal::contentWindowAttributeGetterCallback(v8::FunctionCallbackInfo<v8::Value> const&) 0x000000010457a5cf (Google Chrome Framework -api-arguments.cc:19 ) v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) 0x00000001045f3f87 (Google Chrome Framework -builtins-api.cc:106 ) v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) 0x00000001045f3831 (Google Chrome Framework -builtins-api.cc:211 ) v8::internal::Builtins::InvokeApiFunction(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::HeapObject>) 0x0000000104a6286d (Google Chrome Framework -objects.cc:1395 ) v8::internal::Object::GetPropertyWithAccessor(v8::internal::LookupIterator*) 0x0000000104a62011 (Google Chrome Framework -objects.cc:1020 ) v8::internal::Object::GetProperty(v8::internal::LookupIterator*) 0x00000001049d4bfe (Google Chrome Framework -ic.cc:644 ) v8::internal::LoadIC::Load(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Name>) 0x00000001049dc895 (Google Chrome Framework -ic.cc:2610 ) v8::internal::Runtime_LoadIC_Miss(int, v8::internal::Object**, v8::internal::Isolate*) Not sure if this is a v8 or blink issue. It looks like an illegal instruction, but is not in JIT-ted code. It did repro constantly by just: 1. Open https://www.namecheap.com/domains/registration.aspx 2. type fsdfsdfsdfssfdf.net and press enter Unfortunately, I then restarted the browser and stopped repro-ing. I tried to look into the minidump but it seems to be missing memory around the IP :/ yukishiino@ this seems somewhat similar to Issue 670175 ?
,
Dec 12 2016
,
Dec 12 2016
I don't think this issue is a dup of Issue 670175, which was caused with https://crrev.com/2525313004 , which was landed on 2016 Nov 30. M54 was branched on Aug 25, so it's impossible.
,
Dec 13 2016
Somehow I was unable to reproduce the issue on the latest canary(57.0.2950.0) and the reported version(54.0.2840.98) as per the manual repro steps on Mac OS 10.11.6. primiano@: If the repro is consistent, could you also check the same on the latest stable(55.0.2883.87). Putting this into Needs-Milestone bucket for further triaging once we get confirmation of the latest milestone behavior.
,
Dec 13 2016
Nope unfortunately it happened reliably only within the context of a chrome execution. After having restarted the process it went away.
,
Dec 15 2016
Not really actionable. |
||||
►
Sign in to add a comment |
||||
Comment 1 by primiano@chromium.org
, Dec 12 2016