Small correction:

This:

I'm not sure how ToLocalEmpty gets called but this is the code that eventually gets to call ApiCheck:

Should be:

I'm not sure how ToLocalEmpty gets called but this is the code that eventually gets to call it:


(on another note: the recaptcha issue seems to have been due to my chromium 'Block third-party cookies' being set to on  in chrome://settings/content/cookies (though I could swear recaptchas worked before with this set to on, even tho it doesn't really make sense now that I think about it - given that google.com and gmail.com are needed for recaptchas to work, and this is bugs.chromium.org here)

Unable to reproduce this issue on Ubuntu 14.04 with chrome version #58.0.3018.0

launched the chrome from terminal using following argument "--user-data-dir=/tmp"

and then navigated to  https://github.com.

Didn't observe any crash.

cazeaumerlini@ could you look into this and let us know your observations.

Attaching the screencast for reference.

Deleted: Issue 694090.mp4 1.3 MB

	Issue 694090.mp4 1.3 MB View Download

I also cannot reproduce if I'm using these scripts from https://github.com/scheib/chromium-latest-linux
to download latest current chromium build ( 451583/chrome-linux/ )
and run it with ./run.sh --user-data-dir=/tmp
(though I do note that it needs libgcrypt15 (1.5.6) and I was fine with my build with libgcrypt 1.7.6-1, if this even matters)

I can only conclude that I must be doing something wrong in my build - maybe not including some file(s) or using the wrong libraries(too recent ones) or who knows what?!

If I do find out, I'll update here. I guess, until then, you may close the issue - since I'm likely the only one experiencing this.

My apologies for the noise and thank you for taking the time to try to reproduce.

Oh, for completion, the above chromium version tries was, 451583:

Chromium	58.0.3019.0 (Developer Build) (64-bit)
Revision	29dbb9f56a2a5aee774146bffeb053b3b460ae02-refs/heads/master@{#451583}
OS	Linux
JavaScript	V8 5.8.244
Flash	(Disabled)
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3019.0 Safari/537.36
Command Line	./latest/chrome --user-data-dir=./user-data-dir --user-data-dir=/tmp --flag-switches-begin --flag-switches-end
Executable Path	/home/z/Downloads/chromium-latest-linux/451583/chrome-linux/chrome
Profile Path	/tmp/Default
Variations	16e0dd70-3f4a17df
6c18ba9d-f5103057
241fff6c-ca7d8d80
1e528f0f-15305a2
2a33b90e-3f4a17df
ba3f87da-92cc81ec
5ca89f9-3f4a17df
f3499283-2f3631ce
349d561b-3f4a17df
9e201a2b-3f4a17df
5274eb09-3f4a17df
57f575bb-3f4a17df
b791c1b8-3f4a17df
9773d3bd-3f4a17df
b22b3d54-b22b3d54
9ef7d150-3f4a17df
2e109477-4f8eb0c8
99144bc3-3f4a17df
64cbdfc2-3f4a17df
5139837c-3f4a17df
7f8176d9-3f4a17df
b7786474-d93a0620
23a898eb-e0e2610f
7382e39a-3f4a17df
868bda90-3f4a17df
4ea303a6-3f4a17df
ce152c12-3f4a17df
3a007b7-3f4a17df
64224f74-5087fa4a
ad6d27cc-3e870323
69bf80fa-3f4a17df
c5073fab-3f4a17df
ef25c1eb-3f4a17df
7fc902e8-3f4a17df
d747916f-d747916f
477f6800-72c07fe0
fe05be5f-4ad60575
828a5926-d8f52f32

tries=tried*

Also linux OS is Manjaro XFCE 64bit, branch unstable.
Worth mentioning that only on github.com pages I'm experiencing this issue.

Also tried 451537 (from comment #3 's video), still cannot reproduce.
I even added all the flags:

Chromium	58.0.3018.0 (Developer Build) (64-bit)
Revision	5e7216844858ad1d08a70ac7aeef88547db2be7f-refs/heads/master@{#451537}
OS	Linux
JavaScript	V8 5.8.244
Flash	(Disabled)
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3018.0 Safari/537.36
Command Line	./latest/chrome --disk-cache-dir=/tmp/chromiumcache --disable-sync-preferences --disable-plugins --cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83 --disable-component-extensions-with-background-pages --disable-background-networking --disable-internal-flash --disable-bundled-ppapi-flash --disable-default-apps --ssl-version-min=tls1 --disallow-autofill-sync-credential --disable-device-discovery-notifications --no-pings --disable-media-source --disable-ntp-other-sessions-menu --disable-prefixed-encrypted-media --disable-touch-adjustment --disable-views-rect-based-targeting --disable-webgl --disable-account-consistency --enable-async-dns --enable-deferred-image-decoding --enable-download-resumption --enable-drop-sync-credential --disable-material-design-ntp --disable-new-avatar-menu --disable-new-profile-management --enable-offline-auto-reload-visible-only --disable-offline-auto-reload --enable-offline-load-stale-cache --enable-one-copy --enable-panels --disable-password-generation --enable-permissions-bubbles --disable-extensions-on-chrome-urls --disable-pinch-virtual-viewport --disable-pinch --enable-quic --disable-save-password-bubble --enable-session-crashed-bubble --disable-settings-window --use-simple-cache-backend=off --disable-smooth-scrolling --disable-sync-app-list --disable-sync-synced-notifications --enable-tcp-fastopen --disable-touch-editing --enable-web-based-signin --disable-zero-copy --enable-harfbuzz-rendertext --enable-impl-side-painting --enable-lcd-text --num-raster-threads=4 --disable-origin-chip --disable-overlay-scrollbar --remember-cert-error-decisions=-1 --enable-search-button-in-omnibox-always --disable-spelling-auto-correct --tab-capture-downscale-quality=fast --tab-capture-upscale-quality=fast --touch-events=disabled --wallet-service-use-sandbox=0 --enable-gpu-vsync --show-component-extension-options --disable-gpu-rasterization --disable-hyperlink-auditing --enable-vertical-tabs --disable-audio-support-for-desktop-share --disable-gpu --disable-features=NoStatePrefetch --user-data-dir=./user-data-dir --user-data-dir=/tmp --flag-switches-begin --flag-switches-end
Executable Path	/home/z/Downloads/chromium-latest-linux/451537/chrome-linux/chrome
Profile Path	/tmp/Default
Variations	16e0dd70-3f4a17df
6c18ba9d-f5103057
241fff6c-ca7d8d80
1e528f0f-15305a2
2a33b90e-3f4a17df
ba3f87da-92cc81ec
5ca89f9-3f4a17df
f3499283-2f3631ce
349d561b-3f4a17df
9e201a2b-3f4a17df
5274eb09-3f4a17df
57f575bb-3f4a17df
b791c1b8-3f4a17df
9773d3bd-3f4a17df
b22b3d54-b22b3d54
9ef7d150-3f4a17df
2e109477-4f8eb0c8
64cbdfc2-3f4a17df
5139837c-3f4a17df
7f8176d9-3f4a17df
b7786474-d93a0620
23a898eb-e0e2610f
7382e39a-3f4a17df
868bda90-3f4a17df
4ea303a6-3f4a17df
ce152c12-3f4a17df
3a007b7-3f4a17df
64224f74-5087fa4a
ad6d27cc-3e870323
69bf80fa-3f4a17df
c5073fab-3f4a17df
ef25c1eb-3f4a17df
7fc902e8-3f4a17df
d747916f-d747916f
477f6800-72c07fe0
fe05be5f-4ad60575
828a5926-d8f52f32


Well, this blows :)

I've also tried the OP chromium version 451528 and still cannot reproduce.
So whatever I'm doing in my building of chromium seems to be the cause; eg. args.gn being different.

Any idea where I can get the args.gn used to compile those chromium versions available on https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F$REVISION%2Fchrome-linux.zip?alt=media
?

Well I managed to get a slightly better stacktrace (messing with v8 args in args.gn), with my chromium build(which let me remind you is the only one that has the issue):


Received signal 4 ILL_ILLOPN 555abdde6c22
#0 0x555abc056c97 base::debug::StackTrace::StackTrace()
#1 0x555abc05680f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f9696c5a080 <unknown>
#3 0x555abdde6c22 blink::reportFatalErrorInMainThread()
#4 0x555abb2262b1 v8::Utils::ReportApiFailure()
#5 0x555abb227a02 v8::Utils::ApiCheck()
#6 0x555abf50691f blink::ReadableStreamOperations::createCountQueuingStrategy()
#7 0x555abea0e614 blink::BodyStreamBuffer::BodyStreamBuffer()
#8 0x555abea1c0df blink::Request::createRequestWithRequestOrString()
#9 0x555abea1c51b blink::Request::create()
#10 0x555abea1824a blink::(anonymous namespace)::GlobalFetchImpl<>::fetch()
#11 0x555abea17e63 blink::GlobalFetch::fetch()
#12 0x555abe83ab7d blink::V8WindowPartial::fetchMethodCallback()
#13 0x555abb221dee v8::internal::FunctionCallbackArguments::Call()
#14 0x555abb2b73a9 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#15 0x555abb2b6a8b v8::internal::Builtin_Impl_HandleApiCall()
#16 0x555abb2b6807 v8::internal::Builtin_HandleApiCall()
#17 0x356165b843a2 <unknown>
  r8: 00000000001aad30  r9: 000000000046b770 r10: 0000000000000000 r11: 0000000000000018
 r12: 00002a3da10befb0 r13: 0000048e03f8e490 r14: 0000555abf61bf67 r15: 0000555abf61bf54
  di: 000039847394a0e8  si: 0000398473cbd040  bp: 00007ffe1b6eefe8  bx: 0000398473cbd020
  dx: 000000008037d000  ax: 0000000000000022  cx: 0000398473a4f460  sp: 00007ffe1b6eeaa0
  ip: 0000555abdde6c22 efl: 0000000000010217 cgf: 002b000000000033 erf: 0000000000000000
 trp: 0000000000000006 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Chromium	58.0.3019.0 (Developer Build) (64-bit)
Revision	c94b8d06ccb12a284dec1e337a3380ba4cda767f-refs/heads/master@{#451635}
OS	Linux
JavaScript	V8 5.8.246


I'm sure I'll get to the bottom of this, eventually ;-)
Hang tight

hmm, this kinda seems related: https://bugs.chromium.org/p/chromium/issues/detail?id=613936
especially when I look at the diff of the fixed
Thoughts?

Got a slightly crazier stacktrace by: setting symbol_level to 2 instead of 1 (in args.gn) then recompiling (needs 11.7GiB free RAM at link point; with is_debug=false) and passing it thru gdb like:

$ chromium --user-data-dir=/tmp --no-sandbox --disable-hang-monitor --allow-sandbox-debugging --renderer-cmd-prefix="xterm -title renderer -e gdb -x /home/z/gdb_cmds --args"

/home/z/gdb_cmds contents:
set pagination off
show pagination
run

(thanks to docs at: https://chromium.googlesource.com/chromium/src/+/master/docs/linux_debugging.md#Multiprocess-Tricks )

recompile(with ccache) took:
real	335m25.244s
user	1203m28.071s
sys	47m9.240s
Total Installed Size:  3532.20 MiB


then visit github.com and when it crashes just:
(gdb) thread apply all bt full

Showing only the relevant thread here though:

Thread 1 (Thread 0x7ffff7f06a80 (LWP 29956)):
#0  0x0000555559667392 in blink::reportFatalErrorInMainThread(char const*, char const*) (location=<optimized out>, message=<optimized out>) at ../../third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp:98
#1  0x0000555556a9c8a1 in v8::Utils::ReportApiFailure(char const*, char const*) (location=0x55555ae93da4 "v8::ToLocalChecked", message=0x55555ae93db7 "Empty MaybeLocal.") at ../../v8/src/api.cc:395
        isolate = 0x183a5b393020
        callback = 0x1b
#2  0x0000555556a9dff2 in v8::Utils::ApiCheck(bool, char const*, char const*) (condition=<error reading variable: access outside bounds of object referenced via synthetic pointer>, location=<optimized out>, message=0x80b00000 <error: Cannot access memory at address 0x80b00000>) at ../../v8/src/api.h:121
#3  0x000055555ad8709f in v8::MaybeLocal<v8::Value>::ToLocalChecked() (this=<optimized out>) at ../../v8/include/v8.h:8659
        args = {{val_ = 0x183a5b48a630}}
        scope = <optimized out>
#4  0x000055555ad8709f in blink::V8ScriptRunner::callExtraOrCrash<1ul>(blink::ScriptState*, char const*, v8::Local<v8::Value> (&) [1ul]) (scriptState=0x6ee66abe728, name=<optimized out>, args=...) at ../../third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
        args = {{val_ = 0x183a5b48a630}}
        scope = <optimized out>
#5  0x000055555ad8709f in blink::ReadableStreamOperations::createCountQueuingStrategy(blink::ScriptState*, unsigned long) (scriptState=0x6ee66abe728, highWaterMark=0) at ../../third_party/WebKit/Source/core/streams/ReadableStreamOperations.cpp:38
        args = {{val_ = 0x183a5b48a630}}
        scope = <optimized out>
#6  0x000055555a28e9b4 in blink::BodyStreamBuffer::BodyStreamBuffer(blink::ScriptState*, blink::BytesConsumer*) (this=0x278f50bf3f88, scriptState=0x6ee66abe728, consumer=<optimized out>) at ../../third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp:91
        readableStream = <optimized out>
        body = <optimized out>
#7  0x000055555a29c47f in blink::Request::createRequestWithRequestOrString(blink::ScriptState*, blink::Request*, WTF::String const&, blink::RequestInit&, blink::ExceptionState&) (scriptState=0x6ee66abe728, inputRequest=0x0, inputString=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:385
        request = <optimized out>
        r = 0x278f50bf3f40
        headers = <optimized out>
        temporaryBody = 0x278f50bf3f88
#8  0x000055555a29c8bb in blink::Request::create(blink::ScriptState*, WTF::String const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=<optimized out>, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:446
        requestInit = <optimized out>
#9  0x000055555a29c8bb in blink::Request::create(blink::ScriptState*, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=0x6ee66abe728, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:430
#10 0x000055555a2985ea in blink::(anonymous namespace)::GlobalFetchImpl<blink::LocalDOMWindow>::fetch(blink::ScriptState*, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (this=0x21a4c27a9bd0, scriptState=0x6ee66abe728, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:53
        executionContext = 0x32efffda2660
        r = <optimized out>
#11 0x000055555a298203 in blink::GlobalFetch::fetch(blink::ScriptState*, blink::DOMWindow&, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=0x80b00000, window=..., input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:101
#12 0x000055555a0baf4d in blink::DOMWindowPartialV8Internal::fetchMethod(v8::FunctionCallbackInfo<v8::Value> const&) (info=...) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:667
        uncheckedImpl = <optimized out>
        exceptionState = {_vptr$ExceptionState = 0x55555c9c4c70 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c0c39 "fetch", m_interfaceName = 0x55555b133e48 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9be188 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x183a5b393020}
        scriptState = <optimized out>
        input = {m_type = (unknown: 4294950864), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x1de4c0}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x444850}}}
        result = {m_scriptState = {m_ptr = 0x183a5b393020}, m_promise = {m_scriptState = {m_ptr = 0x7fff00000002}, m_value = {m_ptr = 0x7fffffffc2d0}}}
        init = {m_isolate = 0x183a5b393020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc2d0}}
#13 0x000055555a0baf4d in blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&) (info=...) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1060
#14 0x0000555556a983de in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (this=0x7fffffffc150, f=0x55555a0baca0 <blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&)>) at ../../v8/src/api-arguments.cc:25
        isolate = 0x183a5b393020
        timer = <optimized out>
        state = <optimized out>
        call_scope = <optimized out>
        info = {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffc090, values_ = 0x1de4c0, length_ = 4474960}
#15 0x0000555556b2d92b in v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) (isolate=0x183a5b393020, function=..., new_target=..., fun_data=..., receiver=..., args=...) at ../../v8/src/builtins/builtins-api.cc:111
        call_data = <optimized out>
        data_obj = <optimized out>
        callback_obj = <optimized out>
        callback = <optimized out>
        custom = <optimized out>
        raw_holder = 0x2c09e9637721
        raw_call_data = <optimized out>
#16 0x0000555556b2d04b in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) (args=..., isolate=0x183a5b393020) at ../../v8/src/builtins/builtins-api.cc:140
        __isolate__ = <optimized out>
        scope = <optimized out>
        receiver = <optimized out>
#17 0x0000555556b2cdc7 in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) (args_length=<optimized out>, args_object=<optimized out>, isolate=0x183a5b393020) at ../../v8/src/builtins/builtins-api.cc:128
        args = <optimized out>
#18 0x000017caa84043a2 in  ()
#19 0x000017caa84042e1 in  ()
#20 0x00007fffffffc290 in  ()
#21 0x0000000300000000 in  ()
#22 0x00007fffffffc310 in  ()
#23 0x000017caa86fba80 in  ()
#24 0x000008e375582311 in  ()
#25 0x00000de9a9a4aea9 in  ()
#26 0x0000000600000000 in  ()
#27 0x000031ec0b3894d9 in  ()
#28 0x000031ec0b389001 in  ()
#29 0x00002c09e9637721 in  ()
#30 0x00000de9a9a4aea9 in  ()
#31 0x000003e27ab87eb1 in  ()
#32 0x000031ec0b389001 in  ()
#33 0x000000255f947941 in  ()
#34 0x000000255f92d351 in  ()
#35 0x00007fffffffc340 in  ()
#36 0x000017caa84057e5 in  ()
#37 0x00002c09e9637721 in  ()
#38 0x0000000100000000 in  ()
#39 0x000000255f947941 in  ()
#40 0x0000000f00000000 in  ()
#41 0x00007fffffffc378 in  ()
#42 0x000017caa84affde in  ()
#43 0x000031ec0b388f49 in  ()
#44 0x00002c09e9637721 in  ()
#45 0x000000255f947941 in  ()
#46 0x000017caa84aff01 in  ()
#47 0x0000000d00000000 in  ()
#48 0x00007fffffffc3e0 in  ()
#49 0x000017caa84252d7 in  ()
#50 0x0000000000000000 in  ()
(gdb) 


I know this doesn't help, so I should probably look into how they fixed that similar issue here: 
https://chromium.googlesource.com/chromium/src/+/bef901ae9100f30e3ee2fb185c4197a2de55e4c1%5E%21/
but be forewarned, I have no idea what the hell I'm doing :)

...all I see is callExtraOrCrash became callExtra (+the context stuff around it) and that looks good to me xD in theory, and it is probably what I want here, unless I'm simply missing something else which is why it's crashing in the first place, like for example I have to set these two args.gn vars to empty, but they do seem irrelevant anyways(given their defaults):

v8_experimental_extra_library_files = [] #Default = ["//test/cctest/test-experimental-extra.js"]
v8_extra_library_files = [] #Default = ["//test/cctest/test-extra.js"]
(note the # being comments)

 or else compiling errors like so:

ninja: error: '../../../home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/test/cctest/test-experimental-extra.js', needed by 'obj/v8/js2c_experimental_extras.inputdeps.stamp', missing and no known rule to make it

hmm, now that I look, it's actually located in src/v8/test/cctest/test-experimental-extra.js
(i wonder if the default(S!) have changed)

ninja: error: '../../../home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/test/cctest/test-extra.js', needed by 'obj/v8/js2c_extras.inputdeps.stamp', missing and no known rule to make it

omg that was it, the issue is gone now with:
v8_experimental_extra_library_files
v8_extra_library_files
set correctly!
what the?! :))
I don't believe it!! This is kinda funny.

So, the defaults for those are "wrong", because I'm getting the ninja errors on compile but the fix is simple "v8" is needed in path, like so:
v8_experimental_extra_library_files = ["//v8/test/cctest/test-experimental-extra.js"]
v8_extra_library_files = ["//v8/test/cctest/test-extra.js"]

But then, how are the normal nightly chromium builds(see Comment 8 ) able to compile if they're using the default values for these which would make ninja error?


Wait, I gotta double check this! This can't be real (although, their descriptions makes sense that it was the cause for the issue; so, I guess it is real - I just have to accept it :D hooray btw)


v8_experimental_extra_library_files
    Current value = ["//v8/test/cctest/test-experimental-extra.js"]
      From /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/fetch_gclient_base/checkout_root/src/out/Default/args.gn:2003
    Overridden from the default = ["//test/cctest/test-experimental-extra.js"]
      From //v8/BUILD.gn:96

v8_extra_library_files
    Current value = ["//v8/test/cctest/test-extra.js"]
      From /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/fetch_gclient_base/checkout_root/src/out/Default/args.gn:2009
    Overridden from the default = ["//test/cctest/test-extra.js"]
      From //v8/BUILD.gn:90

    List of extra files to snapshot. They will be snapshotted in order so
    if files export symbols used by later files, they should go first.
   
    This default is used by cctests. Projects using V8 will want to override.

Nope, that was not it! I got tricked by half-ass-ing the test by looking at a github webpage that never crashes: https://developer.github.com/guides/basics-of-authentication/
But in fact the issue still remains even with those 2 args set right!

But that other problem exists though, the defaults for those two vars are "wrong" for chromium build. However ninja(compiling) only errors if the build dir is cleaned. If I just change the values then 'gn gen' and recompile, without cleaning the build dir, ninja won't err!
I'll retry with a clean build dir though! Because ninja not crashing regardless of the values of those 2 args kinda tells me they are ignored! And MAYBE just maybe, they can still fix the issue, if their values aren't ignored.

So, I'm still stuck hunting for the solution to this issue :)

perhaps I should've ran 'gclient runhooks' after 'gn gen' but I didn't, I only ran the 'ninja' command, and maybe that's why args.gn changes(those two vars) were completely ignored(md5sum checked all files of two subsequent builds(where one of those two vars changes) to be identical)

It seems to me that according to this
https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/quick_start.md#Running-GN
there was no need for me to insert a 'gclient runhooks' after 'gn gen', or do anything else after changing args.gn contents. Just 'gn gen' and then 'ninja'.
So, I was doing it right, and yet... the args.gn changes weren't propagating with an unclean build dir.

Now that I've cleaned(removed) the build dir and rebuilt from scratch(which also first updated everything from latest git which usually means lots of ccache misses, here are the results:

build time:
real	332m38.359s
user	1143m46.980s
sys	46m24.189s

files processed: 24020

The tab still crashes. Ok, now at least I know for sure that those two args.gn vars have no effect on the issue.

Thread 1 (Thread 0x7ffff7f06a80 (LWP 6464)):
#0  0x0000555559668172 in blink::reportFatalErrorInMainThread(char const*, char const*) (location=<optimized out>, message=<optimized out>) at ../../third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp:98
#1  0x0000555556a9e1d1 in v8::Utils::ReportApiFailure(char const*, char const*) (location=0x55555ae94e34 "v8::ToLocalChecked", message=0x55555ae94e47 "Empty MaybeLocal.") at ../../v8/src/api.cc:395
        isolate = 0x23cb032e2020
        callback = 0x1c
#2  0x0000555556a9f922 in v8::Utils::ApiCheck(bool, char const*, char const*) (condition=<error reading variable: access outside bounds of object referenced via synthetic pointer>, location=<optimized out>, message=0x80a00000 <error: Cannot access memory at address 0x80a00000>) at ../../v8/src/api.h:121
#3  0x000055555ad880ff in v8::MaybeLocal<v8::Value>::ToLocalChecked() (this=<optimized out>) at ../../v8/include/v8.h:8659
        args = {{val_ = 0x23cb0338c630}}
        scope = <optimized out>
#4  0x000055555ad880ff in blink::V8ScriptRunner::callExtraOrCrash<1ul>(blink::ScriptState*, char const*, v8::Local<v8::Value> (&) [1ul]) (scriptState=0x2734168be798, name=<optimized out>, args=...) at ../../third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
        args = {{val_ = 0x23cb0338c630}}
        scope = <optimized out>
#5  0x000055555ad880ff in blink::ReadableStreamOperations::createCountQueuingStrategy(blink::ScriptState*, unsigned long) (scriptState=0x2734168be798, highWaterMark=0) at ../../third_party/WebKit/Source/core/streams/ReadableStreamOperations.cpp:38
        args = {{val_ = 0x23cb0338c630}}
        scope = <optimized out>
#6  0x000055555a28f834 in blink::BodyStreamBuffer::BodyStreamBuffer(blink::ScriptState*, blink::BytesConsumer*) (this=0x50157f528d0, scriptState=0x2734168be798, consumer=<optimized out>) at ../../third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp:91
        readableStream = <optimized out>
        body = <optimized out>
#7  0x000055555a29d2ff in blink::Request::createRequestWithRequestOrString(blink::ScriptState*, blink::Request*, WTF::String const&, blink::RequestInit&, blink::ExceptionState&) (scriptState=0x2734168be798, inputRequest=0x0, inputString=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:385
        request = <optimized out>
        r = 0x50157f52888
        headers = <optimized out>
        temporaryBody = 0x50157f528d0
#8  0x000055555a29d73b in blink::Request::create(blink::ScriptState*, WTF::String const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=<optimized out>, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:446
        requestInit = <optimized out>
#9  0x000055555a29d73b in blink::Request::create(blink::ScriptState*, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=0x2734168be798, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:430
#10 0x000055555a29946a in blink::(anonymous namespace)::GlobalFetchImpl<blink::LocalDOMWindow>::fetch(blink::ScriptState*, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (this=0x261a7842a7f0, scriptState=0x2734168be798, input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:53
        executionContext = 0x212ebdee2660
        r = <optimized out>
#11 0x000055555a299083 in blink::GlobalFetch::fetch(blink::ScriptState*, blink::DOMWindow&, blink::RequestOrUSVString const&, blink::Dictionary const&, blink::ExceptionState&) (scriptState=0x80a00000, window=..., input=..., init=..., exceptionState=...) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:101
#12 0x000055555a0bbd8d in blink::DOMWindowPartialV8Internal::fetchMethod(v8::FunctionCallbackInfo<v8::Value> const&) (info=...) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:667
        uncheckedImpl = <optimized out>
        exceptionState = {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x23cb032e2020}
        scriptState = <optimized out>
        input = {m_type = (unknown: 4294950672), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x1cea80}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x450a50}}}
        result = {m_scriptState = {m_ptr = 0x23cb032e2020}, m_promise = {m_scriptState = {m_ptr = 0x7fff00000002}, m_value = {m_ptr = 0x7fffffffc210}}}
        init = {m_isolate = 0x23cb032e2020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc210}}
#13 0x000055555a0bbd8d in blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&) (info=...) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1060
#14 0x0000555556a99d0e in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (this=0x7fffffffc090, f=0x55555a0bbae0 <blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&)>) at ../../v8/src/api-arguments.cc:25
        isolate = 0x23cb032e2020
        timer = <optimized out>
        state = <optimized out>
        call_scope = <optimized out>
        info = {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffbfd0, values_ = 0x1cea80, length_ = 4524624}
#15 0x0000555556b2f3db in v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) (isolate=0x23cb032e2020, function=..., new_target=..., fun_data=..., receiver=..., args=...) at ../../v8/src/builtins/builtins-api.cc:111
        call_data = <optimized out>
        data_obj = <optimized out>
        callback_obj = <optimized out>
        callback = <optimized out>
        custom = <optimized out>
        raw_holder = 0xc66bd8b9319
        raw_call_data = <optimized out>
#16 0x0000555556b2eafb in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) (args=..., isolate=0x23cb032e2020) at ../../v8/src/builtins/builtins-api.cc:140
        __isolate__ = <optimized out>
        scope = <optimized out>
        receiver = <optimized out>
#17 0x0000555556b2e877 in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) (args_length=<optimized out>, args_object=<optimized out>, isolate=0x23cb032e2020) at ../../v8/src/builtins/builtins-api.cc:128
        args = <optimized out>
#18 0x00000b8b385043a2 in  ()
#19 0x00000b8b385042e1 in  ()
#20 0x00007fffffffc1d0 in  ()
#21 0x0000000300000000 in  ()
#22 0x00007fffffffc250 in  ()
#23 0x00000b8b3880ef80 in  ()
#24 0x00000c2c56882311 in  ()
#25 0x00001911053cbdf1 in  ()
#26 0x0000000600000000 in  ()
#27 0x0000157b5e113339 in  ()
#28 0x0000157b5e112e61 in  ()
#29 0x00000c66bd8b9319 in  ()
#30 0x00001911053cbdf1 in  ()
#31 0x00002da8858cda69 in  ()
#32 0x0000157b5e112e61 in  ()
#33 0x00001cc600fc7a49 in  ()
#34 0x00001cc600facca9 in  ()
#35 0x00007fffffffc280 in  ()
#36 0x00000b8b385057e5 in  ()
#37 0x00000c66bd8b9319 in  ()
#38 0x0000000100000000 in  ()
#39 0x00001cc600fc7a49 in  ()
#40 0x0000000f00000000 in  ()
#41 0x00007fffffffc2b8 in  ()
#42 0x00000b8b385afd9e in  ()
#43 0x0000157b5e112da9 in  ()
#44 0x00000c66bd8b9319 in  ()
#45 0x00001cc600fc7a49 in  ()
#46 0x00000b8b385afcc1 in  ()
#47 0x0000000d00000000 in  ()
#48 0x00007fffffffc320 in  ()
#49 0x00000b8b385253b7 in  ()
#50 0x0000000000000000 in  ()
(gdb) 

Chromium	58.0.3020.0 (Developer Build) (64-bit)
Revision	477f66a6c4025b980029a24f83ff808903d3659a-refs/heads/master@{#451701}
OS	Linux
JavaScript	V8 5.8.256
Flash	

Here's my current args.gn (what I used in my prev. comment) in case anyone's wondering :)

Deleted: args.gn 87.0 KB

args.gn 87.0 KB Download

Got an even better stacktrace(all the var values) :)) in the hopes someone could opine on what can be done next, presumably not this kind of fix:
https://chromium.googlesource.com/chromium/src/+/bef901ae9100f30e3ee2fb185c4197a2de55e4c1%5E%21/
(or maybe that, who knows - I haven't tried yet)

Showing only one thread:

Thread 1 (Thread 0x7ffff7f06a80 (LWP 7950)):
#0  blink::reportFatalErrorInMainThread (location=<optimized out>, message=<optimized out>) at ../../third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp:98
No locals.
#1  0x0000555556a9e1d1 in v8::Utils::ReportApiFailure (location=0x55555ae94e34 "v8::ToLocalChecked", message=0x55555ae94e47 "Empty MaybeLocal.") at ../../v8/src/api.cc:395
        isolate = 0x25d8f22c3020
        callback = 0x1b
#2  0x0000555556a9f922 in v8::Utils::ApiCheck (condition=<error reading variable: access outside bounds of object referenced via synthetic pointer>, location=<optimized out>, message=0x80b00000 <error: Cannot access memory at address 0x80b00000>) at ../../v8/src/api.h:121
No locals.
#3  0x000055555ad880ff in v8::MaybeLocal<v8::Value>::ToLocalChecked (this=<optimized out>) at ../../v8/include/v8.h:8659
No locals.
#4  blink::V8ScriptRunner::callExtraOrCrash<1ul> (scriptState=0x11705ebe798, name=<optimized out>, args=<optimized out>) at ../../third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
No locals.
#5  blink::ReadableStreamOperations::createCountQueuingStrategy (scriptState=0x11705ebe798, highWaterMark=0) at ../../third_party/WebKit/Source/core/streams/ReadableStreamOperations.cpp:38
        args = {{val_ = 0x25d8f236c630}}
        scope = <optimized out>
#6  0x000055555a28f834 in blink::BodyStreamBuffer::BodyStreamBuffer (this=0x178fd3092d40, scriptState=0x11705ebe798, consumer=<optimized out>) at ../../third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp:91
        readableStream = <optimized out>
        body = <optimized out>
#7  0x000055555a29d2ff in blink::Request::createRequestWithRequestOrString (scriptState=0x11705ebe798, inputRequest=0x0, inputString=<optimized out>, init=<optimized out>, exceptionState=<optimized out>) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:385
        request = <optimized out>
        r = 0x178fd3092cf8
        headers = <optimized out>
        temporaryBody = 0x178fd3092d40
#8  0x000055555a29d73b in blink::Request::create (scriptState=<optimized out>, input=@0x7fffffffbe10: {m_impl = {m_ptr = 0x38914b004900}}, init=@0x7fffffffc020: {m_isolate = 0x25d8f22c3020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc2b0}}, exceptionState=@0x7fffffffbfc8: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x25d8f22c3020}) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:446
        requestInit = <optimized out>
#9  blink::Request::create (scriptState=0x11705ebe798, input=<optimized out>, init=@0x7fffffffc020: {m_isolate = 0x25d8f22c3020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc2b0}}, exceptionState=@0x7fffffffbfc8: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x25d8f22c3020}) at ../../third_party/WebKit/Source/modules/fetch/Request.cpp:430
No locals.
#10 0x000055555a29946a in blink::(anonymous namespace)::GlobalFetchImpl<blink::LocalDOMWindow>::fetch (this=0x2378381aacb0, scriptState=0x11705ebe798, input=<optimized out>, init=<error reading variable>, exceptionState=@0x7fffffffbfc8: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x25d8f22c3020}) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:53
        executionContext = 0x839116e2660
        r = <optimized out>
#11 0x000055555a299083 in blink::GlobalFetch::fetch (scriptState=0x80b00000, window=<optimized out>, input=@0x25d8f20c44a0: {m_type = (unknown: 1553682016), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x25d8f1fab5c0}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x25d8f1f32700}}}, init=<error reading variable>, exceptionState=<error reading variable>) at ../../third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:101
No locals.
#12 0x000055555a0bbd8d in blink::DOMWindowPartialV8Internal::fetchMethod (info=<optimized out>) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:667
        uncheckedImpl = <optimized out>
        exceptionState = {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x25d8f22c3020}
        scriptState = <optimized out>
        input = {m_type = (unknown: 4294950832), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x17a5f0}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x3dc2b0}}}
        result = {m_scriptState = {m_ptr = 0x25d8f22c3020}, m_promise = {m_scriptState = {m_ptr = 0x7fff00000002}, m_value = {m_ptr = 0x7fffffffc2b0}}}
        init = {m_isolate = 0x25d8f22c3020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc2b0}}
#13 blink::V8WindowPartial::fetchMethodCallback (info=@0x7fffffffc070: {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffc148, values_ = 0x7fffffffc2b8, length_ = 2}) at gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1060
No locals.
#14 0x0000555556a99d0e in v8::internal::FunctionCallbackArguments::Call (this=0x7fffffffc130, f=0x55555a0bbae0 <blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&)>) at ../../v8/src/api-arguments.cc:25
        isolate = 0x25d8f22c3020
        timer = <optimized out>
        state = <optimized out>
        call_scope = <optimized out>
        info = {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffc070, values_ = 0x17a5f0, length_ = 4047536}
#15 0x0000555556b2f3db in v8::internal::(anonymous namespace)::HandleApiCallHelper<false> (isolate=0x25d8f22c3020, function=<optimized out>, new_target=<optimized out>, fun_data=<optimized out>, receiver=<optimized out>, args=<optimized out>) at ../../v8/src/builtins/builtins-api.cc:111
        call_data = <optimized out>
        data_obj = <optimized out>
        callback_obj = <optimized out>
        callback = <optimized out>
        custom = <optimized out>
        raw_holder = 0x1404e96b9319
        raw_call_data = <optimized out>
#16 0x0000555556b2eafb in v8::internal::Builtin_Impl_HandleApiCall (args=<optimized out>, isolate=0x25d8f22c3020) at ../../v8/src/builtins/builtins-api.cc:140
        __isolate__ = <optimized out>
        scope = <optimized out>
        receiver = <optimized out>
#17 0x0000555556b2e877 in v8::internal::Builtin_HandleApiCall (args_length=<optimized out>, args_object=<optimized out>, isolate=0x25d8f22c3020) at ../../v8/src/builtins/builtins-api.cc:128
        args = <optimized out>
#18 0x000028048da043a2 in ?? ()
No symbol table info available.
#19 0x000028048da042e1 in ?? ()
No symbol table info available.
#20 0x00007fffffffc270 in ?? ()
No symbol table info available.
#21 0x0000000300000000 in ?? ()
No symbol table info available.
#22 0x00007fffffffc2f0 in ?? ()
No symbol table info available.
#23 0x000028048dcfd940 in ?? ()
No symbol table info available.
#24 0x000011be94882311 in ?? ()
No symbol table info available.
#25 0x00003e8638c4bdf1 in ?? ()
No symbol table info available.
#26 0x0000000600000000 in ?? ()
No symbol table info available.
#27 0x000021b69d80a651 in ?? ()
No symbol table info available.
#28 0x000021b69d80a179 in ?? ()
No symbol table info available.
#29 0x00001404e96b9319 in ?? ()
No symbol table info available.
#30 0x00003e8638c4bdf1 in ?? ()
No symbol table info available.
#31 0x00003c9c8a5883c9 in ?? ()
No symbol table info available.
#32 0x000021b69d80a179 in ?? ()
No symbol table info available.
#33 0x0000361778ec7e69 in ?? ()
No symbol table info available.
#34 0x0000361778ead169 in ?? ()
No symbol table info available.
#35 0x00007fffffffc320 in ?? ()
No symbol table info available.
#36 0x000028048da057e5 in ?? ()
No symbol table info available.
#37 0x00001404e96b9319 in ?? ()
No symbol table info available.
#38 0x0000000100000000 in ?? ()
No symbol table info available.
#39 0x0000361778ec7e69 in ?? ()
No symbol table info available.
#40 0x0000000f00000000 in ?? ()
No symbol table info available.
#41 0x00007fffffffc358 in ?? ()
No symbol table info available.
#42 0x000028048daafd9e in ?? ()
No symbol table info available.
#43 0x000021b69d80a0c1 in ?? ()
No symbol table info available.
#44 0x00001404e96b9319 in ?? ()
No symbol table info available.
#45 0x0000361778ec7e69 in ?? ()
No symbol table info available.
#46 0x000028048daafcc1 in ?? ()
No symbol table info available.
#47 0x0000000d00000000 in ?? ()
No symbol table info available.
#48 0x00007fffffffc3c0 in ?? ()
No symbol table info available.
#49 0x000028048da253b7 in ?? ()
No symbol table info available.
#50 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) 


I used:
$ chro --user-data-dir=/tmp --no-sandbox --disable-hang-monitor --allow-sandbox-debugging --renderer-cmd-prefix="xterm -maximized -title renderer -e gdb -x /home/z/gdb_cmds --args"
where /home/z/gdb_cmds contains these lines:
set pagination off
show pagination
disable frame-filter all
set print raw frame-arguments off
set print frame-arguments all
run
thread apply all bt no-filters full -100

Stack traces aren't very helpful without a bisect [1] usually, try making one, shouldn't be too hard in case the bug is reliably reproducible.

  [1]: https://www.chromium.org/developers/bisect-builds-py

Alright, I'll try a bisect; was trying to avoid it since I imagine it will take ages to compile each ! even with ccache. Thanks for the link!

Meanwhile I got an even nicer stacktrace =)

Thread 1 (Thread 0x7ffff7f06a80 (LWP 11596)):
#0  blink::reportFatalErrorInMainThread (location=<optimized out>, message=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp:98
No locals.
#1  0x0000555556a9e1d1 in v8::Utils::ReportApiFailure (location=0x55555ae94e34 "v8::ToLocalChecked", message=0x55555ae94e47 "Empty MaybeLocal.") at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api.cc:395
        isolate = 0x20fa745db020
        callback = 0x1a
#2  0x0000555556a9f922 in v8::Utils::ApiCheck (condition=<error reading variable: access outside bounds of object referenced via synthetic pointer>, location=<optimized out>, message=0x80a80000 <error: Cannot access memory at address 0x80a80000>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api.h:121
No locals.
#3  0x000055555ad880ff in v8::MaybeLocal<v8::Value>::ToLocalChecked (this=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/include/v8.h:8659
No locals.
#4  blink::V8ScriptRunner::callExtraOrCrash<1ul> (scriptState=0x1b1fbb4be798, name=<optimized out>, args=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
No locals.
#5  blink::ReadableStreamOperations::createCountQueuingStrategy (scriptState=0x1b1fbb4be798, highWaterMark=0) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/core/streams/ReadableStreamOperations.cpp:38
        args =           {[0] = {
            val_ = 0x20fa74682e30
          }}
        scope = <optimized out>
#6  0x000055555a28f834 in blink::BodyStreamBuffer::BodyStreamBuffer (this=0x3241c1353b08, scriptState=0x1b1fbb4be798, consumer=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp:91
        readableStream = <optimized out>
        body = <optimized out>
#7  0x000055555a29d2ff in blink::Request::createRequestWithRequestOrString (scriptState=0x1b1fbb4be798, inputRequest=0x0, inputString=<optimized out>, init=<optimized out>, exceptionState=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:385
        request = <optimized out>
        r = 0x3241c1353ac0
        headers = <optimized out>
        temporaryBody = 0x3241c1353b08
#8  0x000055555a29d73b in blink::Request::create (scriptState=<optimized out>, input=@0x7fffffffbd70: {m_impl = {m_ptr = 0xa417f0048c0}}, init=@0x7fffffffbf80: {m_isolate = 0x20fa745db020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc210}}, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:446
        requestInit = <optimized out>
#9  blink::Request::create (scriptState=0x1b1fbb4be798, input=<optimized out>, init=@0x7fffffffbf80: {m_isolate = 0x20fa745db020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc210}}, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:430
No locals.
#10 0x000055555a29946a in blink::(anonymous namespace)::GlobalFetchImpl<blink::LocalDOMWindow>::fetch (this=0x1f5c743074e0, scriptState=0x1b1fbb4be798, input=<optimized out>, init=<error reading variable>, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:53
        executionContext = 0xc61eac82660
        r = <optimized out>
#11 0x000055555a299083 in blink::GlobalFetch::fetch (scriptState=0x80a80000, window=<optimized out>, input=@0x20fa743df6a0: {m_type = (unknown: 1553682016), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x20fa742ecde0}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x20fa74249700}}}, init=<error reading variable>, exceptionState=<error reading variable>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:101
No locals.
#12 0x000055555a0bbd8d in blink::DOMWindowPartialV8Internal::fetchMethod (info=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:667
        uncheckedImpl = <optimized out>
        exceptionState = {
          _vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, 
          static kRethrownException = 23, 
          m_code = 0, 
          m_context = blink::ExceptionState::ExecutionContext, 
          m_message = {
            m_impl = {
              m_ptr = 0x0
            }
          }, 
          m_propertyName = 0x55555b3c1a59 "fetch", 
          m_interfaceName = 0x55555b134c58 "Window", 
          m_exception = {
            _vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, 
            m_handle = {
              <v8::PersistentBase<v8::Value>> = {
                val_ = 0x0
              }, <No data fields>}
          }, 
          m_isolate = 0x20fa745db020
        }
        scriptState = <optimized out>
        input = {
          m_type = (unknown: 4294950672), 
          m_request = {
            <blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {
              m_raw = 0x16ed00
            }, <No data fields>}, 
          m_uSVString = {
            m_impl = {
              m_ptr = 0x39f270
            }
          }
        }
        result = {
          m_scriptState = {
            m_ptr = 0x20fa745db020
          }, 
          m_promise = {
            m_scriptState = {
              m_ptr = 0x7fff00000002
            }, 
            m_value = {
              m_ptr = 0x7fffffffc210
            }
          }
        }
        init = {
          m_isolate = 0x20fa745db020, 
          m_valueType = blink::Dictionary::ValueType::Object, 
          m_dictionaryObject = {
            val_ = 0x7fffffffc210
          }
        }
#13 blink::V8WindowPartial::fetchMethodCallback (info=@0x7fffffffbfd0: {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffc0a8, values_ = 0x7fffffffc218, length_ = 2}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1060
No locals.
#14 0x0000555556a99d0e in v8::internal::FunctionCallbackArguments::Call (this=0x7fffffffc090, f=0x55555a0bbae0 <blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1059>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api-arguments.cc:25
        isolate = 0x20fa745db020
        timer = <optimized out>
        state = <optimized out>
        call_scope = <optimized out>
        info = {
          static kArgsLength = 8, 
          static kHolderIndex = 0, 
          static kIsolateIndex = 1, 
          static kReturnValueDefaultValueIndex = 2, 
          static kReturnValueIndex = 3, 
          static kDataIndex = 4, 
          static kCalleeIndex = 5, 
          static kContextSaveIndex = 6, 
          static kNewTargetIndex = 7, 
          implicit_args_ = 0x7fffffffbfd0, 
          values_ = 0x16ed00, 
          length_ = 3797616
        }
#15 0x0000555556b2f3db in v8::internal::(anonymous namespace)::HandleApiCallHelper<false> (isolate=0x20fa745db020, function=<optimized out>, new_target=<optimized out>, fun_data=<optimized out>, receiver=<optimized out>, args=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:111
        call_data = <optimized out>
        data_obj = <optimized out>
        callback_obj = <optimized out>
        callback = <optimized out>
        custom = <optimized out>
        raw_holder = 0x3ccaaeeb9319
        raw_call_data = <optimized out>
#16 0x0000555556b2eafb in v8::internal::Builtin_Impl_HandleApiCall (args=<optimized out>, isolate=0x20fa745db020) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:140
        __isolate__ = <optimized out>
        scope = <optimized out>
        receiver = <optimized out>
#17 0x0000555556b2e877 in v8::internal::Builtin_HandleApiCall (args_length=<optimized out>, args_object=<optimized out>, isolate=0x20fa745db020) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:128
        args = <optimized out>
#18 0x000006dc4e5043a2 in ?? ()
No symbol table info available.
#19 0x000006dc4e5042e1 in ?? ()
No symbol table info available.
#20 0x00007fffffffc1d0 in ?? ()
No symbol table info available.
#21 0x0000000300000000 in ?? ()
No symbol table info available.
#22 0x00007fffffffc250 in ?? ()
No symbol table info available.
#23 0x000006dc4e7f5ce0 in ?? ()
No symbol table info available.
#24 0x000032c62d282311 in ?? ()
No symbol table info available.
#25 0x000034ef88acbdf1 in ?? ()
No symbol table info available.
#26 0x0000000600000000 in ?? ()
No symbol table info available.
#27 0x000006af9f80e689 in ?? ()
No symbol table info available.
#28 0x000006af9f80e189 in ?? ()
No symbol table info available.
#29 0x00003ccaaeeb9319 in ?? ()
No symbol table info available.
#30 0x000034ef88acbdf1 in ?? ()
No symbol table info available.
#31 0x0000055ea9316949 in ?? ()
No symbol table info available.
#32 0x000006af9f80e189 in ?? ()
No symbol table info available.
#33 0x00001dc7dc5a44b9 in ?? ()
No symbol table info available.
#34 0x00001dc7dc5829a9 in ?? ()
No symbol table info available.
#35 0x00007fffffffc280 in ?? ()
No symbol table info available.
#36 0x000006dc4e5057e5 in ?? ()
No symbol table info available.
#37 0x00003ccaaeeb9319 in ?? ()
No symbol table info available.
#38 0x0000000100000000 in ?? ()
No symbol table info available.
#39 0x00001dc7dc5a44b9 in ?? ()
No symbol table info available.
#40 0x0000000f00000000 in ?? ()
No symbol table info available.
#41 0x00007fffffffc2b8 in ?? ()
No symbol table info available.
#42 0x000006dc4e5afd9e in ?? ()
No symbol table info available.
#43 0x000006af9f80e0d1 in ?? ()
No symbol table info available.
#44 0x00003ccaaeeb9319 in ?? ()
No symbol table info available.
#45 0x00001dc7dc5a44b9 in ?? ()
No symbol table info available.
#46 0x000006dc4e5afcc1 in ?? ()
No symbol table info available.
#47 0x0000000d00000000 in ?? ()
No symbol table info available.
#48 0x00007fffffffc320 in ?? ()
No symbol table info available.
#49 0x000006dc4e5253b7 in ?? ()
No symbol table info available.
#50 0x0000000000000000 in ?? ()
No symbol table info available.
#1  0x0000555556a9e1d1 in v8::Utils::ReportApiFailure (location=0x55555ae94e34 "v8::ToLocalChecked", message=0x55555ae94e47 "Empty MaybeLocal.") at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api.cc:395
395         callback(location, message);
#2  0x0000555556a9f922 in v8::Utils::ApiCheck (condition=<error reading variable: access outside bounds of object referenced via synthetic pointer>, location=<optimized out>, message=0x80a80000 <error: Cannot access memory at address 0x80a80000>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api.h:121
121         if (!condition) Utils::ReportApiFailure(location, message);
#3  0x000055555ad880ff in v8::MaybeLocal<v8::Value>::ToLocalChecked (this=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/include/v8.h:8659
8659      if (V8_UNLIKELY(val_ == nullptr)) V8::ToLocalEmpty();
#4  blink::V8ScriptRunner::callExtraOrCrash<1ul> (scriptState=0x1b1fbb4be798, name=<optimized out>, args=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
152         return callExtraHelper(scriptState, name, N, args).ToLocalChecked();
#5  blink::ReadableStreamOperations::createCountQueuingStrategy (scriptState=0x1b1fbb4be798, highWaterMark=0) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/core/streams/ReadableStreamOperations.cpp:38
38            scriptState, V8ScriptRunner::callExtraOrCrash(
#6  0x000055555a28f834 in blink::BodyStreamBuffer::BodyStreamBuffer (this=0x3241c1353b08, scriptState=0x1b1fbb4be798, consumer=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/BodyStreamBuffer.cpp:91
91            ReadableStreamOperations::createCountQueuingStrategy(scriptState, 0));
#7  0x000055555a29d2ff in blink::Request::createRequestWithRequestOrString (scriptState=0x1b1fbb4be798, inputRequest=0x0, inputString=<optimized out>, init=<optimized out>, exceptionState=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:385
385         temporaryBody = new BodyStreamBuffer(scriptState, std::move(init.body));
#8  0x000055555a29d73b in blink::Request::create (scriptState=<optimized out>, input=@0x7fffffffbd70: {m_impl = {m_ptr = 0xa417f0048c0}}, init=@0x7fffffffbf80: {m_isolate = 0x20fa745db020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc210}}, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:446
446       return createRequestWithRequestOrString(scriptState, nullptr, input,
#9  blink::Request::create (scriptState=0x1b1fbb4be798, input=<optimized out>, init=@0x7fffffffbf80: {m_isolate = 0x20fa745db020, m_valueType = blink::Dictionary::ValueType::Object, m_dictionaryObject = {val_ = 0x7fffffffc210}}, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/Request.cpp:430
430         return create(scriptState, input.getAsUSVString(), init, exceptionState);
#10 0x000055555a29946a in blink::(anonymous namespace)::GlobalFetchImpl<blink::LocalDOMWindow>::fetch (this=0x1f5c743074e0, scriptState=0x1b1fbb4be798, input=<optimized out>, init=<error reading variable>, exceptionState=@0x7fffffffbf28: {_vptr$ExceptionState = 0x55555c9c6af0 <vtable for blink::ExceptionState+16>, static kRethrownException = 23, m_code = 0, m_context = blink::ExceptionState::ExecutionContext, m_message = {m_impl = {m_ptr = 0x0}}, m_propertyName = 0x55555b3c1a59 "fetch", m_interfaceName = 0x55555b134c58 "Window", m_exception = {_vptr$ScopedPersistent = 0x55555c9c0008 <vtable for blink::ScopedPersistent<v8::Value>+16>, m_handle = {<v8::PersistentBase<v8::Value>> = {val_ = 0x0}, <No data fields>}}, m_isolate = 0x20fa745db020}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:53
53          Request* r = Request::create(scriptState, input, init, exceptionState);
#11 0x000055555a299083 in blink::GlobalFetch::fetch (scriptState=0x80a80000, window=<optimized out>, input=@0x20fa743df6a0: {m_type = (unknown: 1553682016), m_request = {<blink::MemberBase<blink::Request, blink::TracenessMemberConfiguration::Traced>> = {m_raw = 0x20fa742ecde0}, <No data fields>}, m_uSVString = {m_impl = {m_ptr = 0x20fa74249700}}}, init=<error reading variable>, exceptionState=<error reading variable>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/modules/fetch/GlobalFetch.cpp:101
101       return ScopedFetcher::from(window)->fetch(scriptState, input, init,
#12 0x000055555a0bbd8d in blink::DOMWindowPartialV8Internal::fetchMethod (info=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:667
667       ScriptPromise result = GlobalFetch::fetch(scriptState, *impl, input, init, exceptionState);
#13 blink::V8WindowPartial::fetchMethodCallback (info=@0x7fffffffbfd0: {static kArgsLength = 8, static kHolderIndex = 0, static kIsolateIndex = 1, static kReturnValueDefaultValueIndex = 2, static kReturnValueIndex = 3, static kDataIndex = 4, static kCalleeIndex = 5, static kContextSaveIndex = 6, static kNewTargetIndex = 7, implicit_args_ = 0x7fffffffc0a8, values_ = 0x7fffffffc218, length_ = 2}) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1060
1060      DOMWindowPartialV8Internal::fetchMethod(info);
#14 0x0000555556a99d0e in v8::internal::FunctionCallbackArguments::Call (this=0x7fffffffc090, f=0x55555a0bbae0 <blink::V8WindowPartial::fetchMethodCallback(v8::FunctionCallbackInfo<v8::Value> const&) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/gen/blink/bindings/modules/v8/V8WindowPartial.cpp:1059>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/api-arguments.cc:25
25        f(info);
#15 0x0000555556b2f3db in v8::internal::(anonymous namespace)::HandleApiCallHelper<false> (isolate=0x20fa745db020, function=<optimized out>, new_target=<optimized out>, fun_data=<optimized out>, receiver=<optimized out>, args=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:111
111         Handle<Object> result = custom.Call(callback);
#16 0x0000555556b2eafb in v8::internal::Builtin_Impl_HandleApiCall (args=<optimized out>, isolate=0x20fa745db020) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:140
140         RETURN_RESULT_OR_FAILURE(
#17 0x0000555556b2e877 in v8::internal::Builtin_HandleApiCall (args_length=<optimized out>, args_object=<optimized out>, isolate=0x20fa745db020) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/v8/src/builtins/builtins-api.cc:128
128     BUILTIN(HandleApiCall) {
#18 0x000006dc4e5043a2 in ?? ()
(gdb) 


via:
chro --user-data-dir=/tmp --no-sandbox --disable-hang-monitor --allow-sandbox-debugging --renderer-cmd-prefix="xterm -maximized -title renderer -e gdb -directory=/home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/out/Default/ -directory=/home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/ -x /home/z/gdb_cmds --args"

with /home/z/gdb_cmds contents as:

set pagination off
show pagination
disable frame-filter all
set print raw frame-arguments off
set print frame-arguments all
set print symbol-filename on
set print symbol on
set print array on
set print array-indexes on
set print pretty on
set print union on
set print demangle on

set print object on
set print static-members on
set print vtbl on

set filename-display absolute

run
thread apply all bt no-filters full -100
frame 1
frame 2
frame 3
frame 4
frame 5
frame 6
frame 7
frame 8
frame 9
frame 10
frame 11
frame 12
frame 13
frame 14
frame 15
frame 16
frame 17
frame 18

Well uhm, looks like:
"Want to bisect your local checkout rather than prebuilt binaries? Use run-bisect-manual-test.py."
However that link: https://www.chromium.org/developers/bisecting-bugs
says: "This script may not be working as of Mar 10, 2016. See https://bugs.chromium.org/p/chromium/issues/detail?id=532684."
Doesn't seem fixed, but haven't tried it yet.

Well this blows, I give up

Just figured out that the 'gn gen' side-issue I was experiencing In Comment 13 14 and 15 when build dir wasn't cleaned, was in fact my bad for specifying the wrong out dir(script-computed wrongly) and creating an empty one - that's why ninja wasn't seeing any changes! So that part is not an issue, don't look into it.

So what I know is, that in frame #4 name is "createBuiltInCountQueuingStrategy", which in retrospect should've been obvious from my OP.

This frame #4:
#4  blink::V8ScriptRunner::callExtraOrCrash<1ul> (scriptState=0x1b1fbb4be798, name=<optimized out>, args=<optimized out>) at /home/z/build/1packages/chromium-dev-git/fetch_gclient_base/checkout_root/src/third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.h:152
No locals.

In context:
  static v8::MaybeLocal<v8::Value> callExtraHelper(ScriptState* scriptState,
                                                   const char* name,
                                                   size_t numArgs,
                                                   v8::Local<v8::Value>* args) {
    v8::Isolate* isolate = scriptState->isolate();
    v8::Local<v8::Value> undefined = v8::Undefined(isolate);
    LOG(ERROR) << "!!!!!!!!!! !" << name << "!\n";                              
    v8::Local<v8::Value> functionValue =
        scriptState->getFromExtrasExports(name).v8Value();
    if (functionValue.IsEmpty())
      return v8::MaybeLocal<v8::Value>();
    v8::Local<v8::Function> function = functionValue.As<v8::Function>();
    return V8ScriptRunner::callInternalFunction(function, undefined, numArgs,
                                                args, isolate);
  }


So for whatever reason createBuiltInCountQueuingStrategy cannot be found (because functionValue.IsEmpty() above) and my grepping in out dir finds:
$ grep -nr createBuiltInCountQueuingStrategy
Binary file Default/obj/third_party/WebKit/Source/core/streams/streams/ReadableStreamOperations.o matches
Binary file Default/obj/third_party/WebKit/Source/core/streams/libstreams.a matches
Binary file Default/chrome matches

So this kinda makes me think that maybe that scriptState->getFromExtrasExports call is referring to those args.gn vars:
v8_experimental_extra_library_files
v8_extra_library_files
as if I would need to specify some more extra files to include there.
Grepping in ./v8/ finds nothing:
$ grep -nr createBuiltInCountQueuingStrategy
Grepping in . finds:
$ find . -type f -iname \*.js -exec grep -Hn createBuiltInCountQueuingStrategy {} +
./third_party/WebKit/Source/core/streams/CountQueuingStrategy.js:40:  binding.createBuiltInCountQueuingStrategy = highWaterMark =>

So, maybe I could try add that file to v8_experimental_extra_library_files & v8_extra_library_files ? will try.


I'm recompiling without optimizations (is_debug still false tho) and without linker's -Wl,-O1  and -Wl,--gc-sections  to see if I can get a nicer stacktrace with all the variable values not optimized out.

oh my, it's fast without optimization (no -O flag, specifically no -O2)
I'm at 7762/24032 in like 10 minutes.
I guess is_debug=true does this too(currently false for me). I'm kinda avoiding it because I think it also turns on dcheck and makes for a noisy console output.
My my, you will never catch me compiling with optimizations again :)) (perhaps until I realize how slow chromium runs without them? but at least not when trying to hunt down bugs)

Oh what do you know?! I already had edited out(for some "good" reason, no doubt!!) the files that were included in the root source dir ".gn" file and this must be why this issue is happening!!! Because those are needed in order for createBuiltInCountQueuingStrategy to be found!
(SEE attached patch file of what I've done wrong)
Oh yeah, I remember why I removed them, because 'gn gen' was complaining they weren't defined! Yep.

I'll confirm this is so in next comment(compiling and stuff until then).

I apologize in advance for wasting anyone's time due to this! I'm sure this is the culprit.

Deleted: dratts.patch 2.1 KB

dratts.patch 2.1 KB Download

tl;dr: the issue is fixed, and it was my bad; as per my prev. comment.

I need more RAM to be able to finish the linking now, due to no optimizations(files are larger)... I added swap. I guess you WILL catch me doing optimizations again :D #istandcorrected
Ok, over 22mins and linking is still going, had to kill it, it was just writing the disk like crazy :)
'ld' (seen with 'top') 16.6g VIRT(probably needs at least 20GiB RAM +-1, if not more!).

Recompiling with -O2
As for the speed I was noticing earlier without -O, it's chromium: compilation is always faster in the beginning(first 10k files or more), really slow towards the end(like last 6k files), it seems.


real	339m21.130s
user	1148m6.174s
sys	44m6.685s

Done.
Confirmed the issue is gone!

So without that patch(see prev. comment's attachment), this is what the actual "defaults" are if I don't set them in args.gn at all:

v8_experimental_extra_library_files
#    Current value = ["//third_party/WebKit/Source/core/streams/ReadableStreamExperimentalPipeTo.js", "//third_party/WebKit/Source/core/streams/WritableStream.js"]
#      From //.gn:41
#    Overridden from the default = ["//test/cctest/test-experimental-extra.js"]
#      From //v8/BUILD.gn:96

v8_extra_library_files
#    Current value = ["//third_party/WebKit/Source/core/streams/CommonStrings.js", "//third_party/WebKit/Source/core/streams/ByteLengthQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/CountQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/ReadableStream.js"]
#      From //.gn:31
#    Overridden from the default = ["//test/cctest/test-extra.js"]
#      From //v8/BUILD.gn:90

#    List of extra files to snapshot. They will be snapshotted in order so
#    if files export symbols used by later files, they should go first.
#   
#    This default is used by cctests. Projects using V8 will want to override.

AND the issue(of tab crash) doesn't happen anymore - someone please feel free to close this issue.

And look at all these APIs used:
[1:1:0222/103336.226627:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createBuiltInCountQueuingStrategy!

[1:1:0222/103336.227750:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createReadableStreamWithExternalController!

[1:1:0222/103336.231852:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createBuiltInCountQueuingStrategy!

[1:1:0222/103336.232195:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createReadableStreamWithExternalController!

[1:1:0222/103336.232709:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !ReadableStreamDefaultControllerClose!

[1:1:0222/103336.233838:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !IsReadableStreamReadable!

[1:1:0222/103336.234276:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !AcquireReadableStreamDefaultReader!

[1:1:0222/103336.235599:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !ReadableStreamDefaultReaderRead!

[1:1:0222/103336.236469:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !IsReadableStreamClosed!

[1:1:0222/103336.236754:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !IsReadableStreamErrored!

[1:1:0222/103336.237084:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !IsReadableStreamReadable!

[1:1:0222/103336.237160:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !ReadableStreamDefaultControllerClose!

[1:1:0222/103336.237388:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !AcquireReadableStreamDefaultReader!

[1:1:0222/103336.237995:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !ReadableStreamDefaultReaderRead!

[1:1:0222/103336.753602:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createBuiltInCountQueuingStrategy!

[1:1:0222/103336.754232:ERROR:V8ScriptRunner.h(167)] !!!!!!!!!! !createReadableStreamWithExternalController!




So why did I have to apply that patch?(which a script would automatically apply after every update) I remember 'gn gen' was complaining at some point in the past that those vars(which were set in the 'default_args' in file ".gn") were not declared anywhere, so I had to patch them out(removed them) to avoid the error. Then of course as time went by I forgot about the patch being applied everytime + I wasn't visiting github at the time to encounter the tab crash issue (or, I was, but without scripts - can't remember). This is not an excuse, just the facts.

I guess sometimes giving up is a good way to reset and thus take a different route towards solving the problem.

Right then, cheers everyone! Thanks for playing :)

Chromium	58.0.3020.0 (Developer Build) (64-bit)
Revision	2a8688557c5a91fd3984454215523f2eea58bcd1-refs/heads/master@{#451881}
OS	Linux
JavaScript	V8 5.8.261

(including updated args.gn)

Deleted: args.gn 88.9 KB

args.gn 88.9 KB Download

As per comment #25, changing the status to won't fix

Hey, tis me again(new account) :) <3

tl;dr: hit this issue again(crash on github pages), but there's no stacktrace on console this time! the 2 vars got changed in the root dir .gn file and I was using the old values in args.gn - fixed(i think, still compiling) by never setting them in args.gn ever again.

-----

This issue just happened again, but this time I am sure to be not using that patch(in c#24) that caused the issue for me. 

I've updated from
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3046.0 Safari/537.36

where the issue wasn't existent, to the current
Chromium	59.0.3063.0 (Developer Build) (64-bit)
Revision	e272b699ad6aeb171ed6d4433d8caf1212fb424d-refs/heads/master@{#461666}
OS	Linux
JavaScript	V8 5.9.160
Flash	
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3063.0 Safari/537.36

where the issue exists, FURTHERMORE there is no stacktrace on console now! In OP, I had one, but now, none. Github tab crashes(verb) and there are no messages added on console! None.

Rechecked my two vars and they have these values:
v8_experimental_extra_library_files
    Current value = ["//third_party/WebKit/Source/core/streams/ReadableStreamExperimentalPipeTo.js", "//third_party/WebKit/Source/core/streams/WritableStream.js"]
      From /tmp/out/Default/args.gn:2018
    Overridden from the default = ["//test/cctest/test-experimental-extra.js"]
      From //v8/BUILD.gn:102

v8_extra_library_files
    Current value = ["//third_party/WebKit/Source/core/streams/CommonStrings.js", "//third_party/WebKit/Source/core/streams/ByteLengthQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/CountQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/ReadableStream.js"]
      From /tmp/out/Default/args.gn:2024
    Overridden from the default = ["//test/cctest/test-extra.js"]
      From //v8/BUILD.gn:96

    List of extra files to snapshot. They will be snapshotted in order so
    if files export symbols used by later files, they should go first.
   
    This default is used by cctests. Projects using V8 will want to override.

And if I don't set the two vars at all in args.gn, then I see them as:
v8_experimental_extra_library_files
    Current value = ["//third_party/WebKit/Source/core/streams/ReadableStreamExperimentalPipeTo.js"]
      From //.gn:43
    Overridden from the default = ["//test/cctest/test-experimental-extra.js"]
      From //v8/BUILD.gn:102

v8_extra_library_files
    Current value = ["//third_party/WebKit/Source/core/streams/CommonStrings.js", "//third_party/WebKit/Source/core/streams/SimpleQueue.js", "//third_party/WebKit/Source/core/streams/ByteLengthQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/CountQueuingStrategy.js", "//third_party/WebKit/Source/core/streams/ReadableStream.js", "//third_party/WebKit/Source/core/streams/WritableStream.js"]
      From //.gn:31
    Overridden from the default = ["//test/cctest/test-extra.js"]
      From //v8/BUILD.gn:96

    List of extra files to snapshot. They will be snapshotted in order so
    if files export symbols used by later files, they should go first.
   
    This default is used by cctests. Projects using V8 will want to override.

Ah I see the difference, the following moved from one var to the other: "//third_party/WebKit/Source/core/streams/WritableStream.js"
and "//third_party/WebKit/Source/core/streams/SimpleQueue.js" got removed.

To futureproof against this ever happening again, I guess I should NEVER set these two vars in args.gn! Recompiling now... [1923/14331], if this doesn't fix it I'll add more comments.
But that stacktrace though, I wonder why is it gone... tab crash and no stacktrace, must be something else I did and forgot...

Cheers!