There is another crash which is similar but a little different:

1, Open a website like www.tower.im (This is a issue manage groupware our team used) which has a dynamic generated <div contenteditable="true"> element;
2, Copy from other page html content, and paste it into this <div>
3, Press `delete` to try to delete some content
4, Chrome for Mac M55 always crashed at once, if i use only `space` to replace the selected sub-content, will not crash

This crash seems not occuring any more on M56 now, but i'm not sure if it really is.

Thanks for the bug report.
Do you think the crash in the original report and the comment #1 are different?
As in comment#1 you find the bug is gone in the latest M56, do you still see
the crash on www.weibo.com with chinese IME on Mac?

****Bulk Edit****

Setting as P1 for test team to prioritize in triaging.

These crashes happen frequently, since i'm a heavy user sharing info on weibo.com, and recording my work log on tower.im.

I re-checked the 2 triggering situation, they are different, but should be related to Mac's serra update and ime component.

1) weibo.com: comment input is a <textarea>, and i don't need to press `delete` key, any key will trigger a crash, not always, but random alike

2) tower.im: input element is <div contenteditable=true>, it still crashes, also not always, but random alike, after paste a rich content in, and the select part of sub range, and press `delete`

I notice that <textarea> or <div contenteditable=true> are both dynamically inserted by js, they are not initially in the html document, but this may be not related?

I can't upload the crash log, also i cannot view the crash stack trace from chrome://crashes ui, there are no entries.

1, www.tower.im: crash occurred again, it's not fixed
2, weibo.com: seems chines IME is not needed to open, and i just pressed a char key into the newly opened <textarea>, and then chrome crashed! (in browser main process, since all tab pages lost)

Thanks for the detailed report.

Sounds like an IME issue with Mac Sierra + chinese IME.
Adding Blink>Editing>IME component label.

As crashes are not sent to the server somehow, we need reproduction locally.
Can someone in IME team work on making reproduction case?

Since google sites blocked by GFW, but apple's not. I have sent the crash
reeport via Mac's uploading mechanism.
I thought if you can contact Apple's tech support, maybe they will give the
detailed chrome crash reports?

Or someone tells me how to dump these crash log files out, so i can upload
them here!

2017-02-09 13:38 GMT+08:00 ko… via monorail <
monorail+v2.2033506407@chromium.org>:

ctengctsh@ - Thanks for filing the issue...!!

Tried testing this issue on Mac 10.12.2 using latest canary #58.0.3006.0.
After navigating to www.weibo.com and clicking on an article to comment, it asked for login credentials to enter or to register if a new user(as in the attached screenshot).

Tried registering, but nothing happened.

Could you please provide sample test login credentials to test this issue.

This will help us in triaging the issue further.

Thanks...!!

Deleted: weibo_signin.png 561 KB

	weibo_signin.png 561 KB View Download

Sorry, there is no test login credentials. The weibo.com user account is
bounded to mobile phone number, i thought any country's mobile phone number
will do pass registration, as soon as they can receive the confirm message.

I'll try the lastest cannray 58, but i'm afraid this problem might be still
there.

But can you tell me how to manually upload the crash log?

2017-02-09 19:31 GMT+08:00 krajsh… via monorail <
monorail+v2.208823224@chromium.org>:

Use canary 58, but crashed again on weibo.com

When i try to upload crash report in chrome://crashes, it displays:

崩溃 ID：9254475e-f2cc-4af5-b9b8-f2082ae6e9c5

崩溃报告获取时间：2017年2月10日星期五 下午6:46:41（用户已请求上传，但尚未上传）

2017-02-10 12:40 GMT+08:00 小鱼儿 <ctengctsh@gmail.com>:

Wait, it seems 2 of crashes on stable M56 have been successfully uploaded:

崩溃 ID：0048dc3c-d182-41c2-bd34-d16f8729edb5（服务器 ID：07e8894280000000）

自动报告时间：2017年2月10日星期五 下午6:51:03

提供其他详细信息
<https://code.google.com/p/chromium/issues/entry?template=Crash%20Report&comment=IMPORTANT%3A%20Your%20crash%20has%20already%20been%20automatically%20reported%20to%20our%20crash%20system.%20Please%20file%20this%20bug%20only%20if%20you%20can%20provide%20more%20information%20about%20it.%0A%0A%0AChrome%20Version%3A%2056.0.2924.87%0AOperating%20System%3A%20Mac%20OS%20X%2010.12.3%0A%0AURL%20(if%20applicable)%20where%20crash%20occurred%3A%0A%0ACan%20you%20reproduce%20this%20crash%3F%0A%0AWhat%20steps%20will%20reproduce%20this%20crash%3F%20(If%20it%27s%20not%20reproducible%2C%20what%20were%20you%20doing%20just%20before%20the%20crash%3F)%0A1.%0A2.%0A3.%0A%0A****DO%20NOT%20CHANGE%20BELOW%20THIS%20LINE****%0ACrash%20ID%3A%20crash%2F07e8894280000000&labels=Restrict-View-EditIssue%2CStability-Crash%2CUser-Submitted>
崩溃 ID：a6a2a446-b56c-4c53-874c-bba579cb2241（服务器 ID：b75d494280000000）

自动报告时间：2017年2月10日星期五 下午6:51:11

提供其他详细信息
<https://code.google.com/p/chromium/issues/entry?template=Crash%20Report&comment=IMPORTANT%3A%20Your%20crash%20has%20already%20been%20automatically%20reported%20to%20our%20crash%20system.%20Please%20file%20this%20bug%20only%20if%20you%20can%20provide%20more%20information%20about%20it.%0A%0A%0AChrome%20Version%3A%2056.0.2924.87%0AOperating%20System%3A%20Mac%20OS%20X%2010.12.3%0A%0AURL%20(if%20applicable)%20where%20crash%20occurred%3A%0A%0ACan%20you%20reproduce%20this%20crash%3F%0A%0AWhat%20steps%20will%20reproduce%20this%20crash%3F%20(If%20it%27s%20not%20reproducible%2C%20what%20were%20you%20doing%20just%20before%20the%20crash%3F)%0A1.%0A2.%0A3.%0A%0A****DO%20NOT%20CHANGE%20BELOW%20THIS%20LINE****%0ACrash%20ID%3A%20crash%2Fb75d494280000000&labels=Restrict-View-EditIssue%2CStability-Crash%2CUser-Submitted>

2017-02-10 18:49 GMT+08:00 小鱼儿 <ctengctsh@gmail.com>:

Mark "WontFix" because the issues are caused by Out-Of-Memory.

Stack trace of 07e8894280000000 and b75d494280000000 stop at oom_killer_malloc().
Please try to all tabs then try to step #c1.

I think this is not a Out-Of-Memory problem, but a Mac serra OS adpat problem.

I'm not sure if the crash happened at location oom_killer_malloc(), but if it is, then i remember there is previously already a similar bug report, which crash stack seems to say, code passed in a -1 value to memory alloc function(I cannot find the crbug number now).

Please fix this problem, whether it's due to Mac OS or Chrome.

I found it: https://bugs.chromium.org/p/chromium/issues/detail?id=654695

The wierd is that memory alloc function received a negative value, which then caused oom crash.

Chromium claims it's due to Apple, but i just want this fixed, because it really bothers me a lot.

ctengctsh@, thanks for your further update.
It looks like the same problem is happening to you as  issue 654695 .
According to the discussion there, the issue is Apple's and Chromium people cannot
fix at this moment.

Let me merge to the issue and you can follow the updates there.