Multiple extensions suddenly crashing repeatedly/frequently
Reported by
collin.c...@blueprairie.com,
Nov 1
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3595.2 Safari/537.36 Steps to reproduce the problem: 1. Only since DEV update to build Version 72.0.3595.2 (Official Build) dev (64-bit), multiple extensions that have been installed and no prior crashes all crashing with "EXTENSIONID has crashed, click this balloon to reload" as shown here: https://imgur.com/cuLs7Ep 2. 3. What is the expected behavior? No crashes What went wrong? https://imgur.com/cuLs7Ep This happens with MANY extension on random sites (even when only on google.com main page sitting idle) Crashed report ID: No How much crashed? Just one plugin Is it a problem with a plugin? No Did this work before? N/A Chrome version: 72.0.3595.2 Channel: dev OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: This is a significant issue making the browser totally unusable as I like many rely on extensions for my workflow(s). I searched and did not see an open issue which I find hard to believe since multiple major extension authors are also aware of this issue and somehow this issue has already survived through CANARY into DEV branch. Please merge if I missed an existing issue on this. TIA! P.S. Just since typing this issue, ublock origin has crashed twice after clicking the balloon to reload each time.
,
Nov 1
Might be of interest, someone on my issue tracker[1] reported these details:
> Here's the output from the command line:
#
# Fatal error in , line 0
# Check failed: size <= kMaxRegularHeapObjectSize.
#
#
#
#FailureMessage Object: 0x7ffeee43cca00 Google Chrome Framework 0x00000001049d99bf ChromeMain + 41792447
1 Google Chrome Framework 0x00000001079c891b ChromeMain + 92054299
2 Google Chrome Framework 0x00000001079b8ef5 ChromeMain + 91990261
3 Google Chrome Framework 0x0000000103e04258 ChromeMain + 29383768
4 Google Chrome Framework 0x0000000104089eeb ChromeMain + 32028907
5 Google Chrome Framework 0x000000010405de7c ChromeMain + 31848572
[1] https://github.com/uBlockOrigin/uBlock-issues/issues/294#issuecomment-435046627
,
Nov 2
Some things to try: * open chrome://crashes and copypaste the relevant crash IDs here. The id is a 16-letter token that follows "Crash Report ID" text. * create a log file, and copypaste the relevant parts if any: https://www.chromium.org/for-testers/enable-logging
,
Nov 2
Those IDs are local and thus cannot be investigated by @chromium.org developers. I guess one of them might ask you later to upload the dump file privately.
,
Nov 2
Chromium only reports local ones, I don't have any other ids.
,
Nov 2
Fri Nov 2 06:46:01 GMT 2018 Uploaded Crash Report ID 6c8e22e528b01a59 (Local Crash ID: 04bee9f7-29be-4ef5-b666-7d89a040a1b4) Uploaded Crash Report ID ed356c3d6033928f (Local Crash ID: 00e43fb0-8b7d-4604-8071-481f153c0613) Uploaded Crash Report ID e58584138d1c26a8 (Local Crash ID: 8c968556-254a-47b9-bd86-3903c4b11a38)
,
Nov 2
Fri Nov 2 07:23:15 GMT 2018
chrome_debug.log attached
Crashing extension: Ublock Origin
cgbcahbpdhpcegmbfconppldiemgcoii/1.17.3.4_0/about.html:
```
"https://github.com/gorhill/uBlock/releases" data-i18n="aboutChangelog">
"https://github.com/gorhill/uBlock/wiki" data-i18n="aboutWiki"
"https://old.reddit.com/r/uBlockOrigin/" data-i18n="aboutSupport">
"https://github.com/uBlockOrigin/uBlock-issues/issues" data-i18n="aboutIssues">
"https://github.com/gorhill/uBlock" data-i18n="aboutCode">
```
In terminal (at crash):
#
# Fatal error in , line 0
# Check failed: size <= kMaxRegularHeapObjectSize.
#
#
#
#FailureMessage Object: 0x7ffee3808c800 Google Chrome Framework 0x000000010ed249bf ChromeMain + 41792447
1 Google Chrome Framework 0x0000000111d1391b ChromeMain + 92054299
2 Google Chrome Framework 0x0000000111d03ef5 ChromeMain + 91990261
3 Google Chrome Framework 0x000000010e14f258 ChromeMain + 29383768
4 Google Chrome Framework 0x000000010e3d4eeb ChromeMain + 32028907
5 Google Chrome Framework 0x000000010e3a8e7c ChromeMain + 31848572
[38156:166923:1102/071321.762121:ERROR:mach_port_broker.mm(175)] Unknown process 39292 is sending Mach IPC messages!
[38156:166923:1102/071321.833297:ERROR:mach_port_broker.mm(175)] Unknown process 39293 is sending Mach IPC messages!
[38156:166923:1102/071321.853652:ERROR:mach_port_broker.mm(175)] Unknown process 39294 is sending Mach IPC messages!
[38156:775:1102/071322.307779:ERROR:media_internals.cc(112)] Cannot get RenderProcessHost
[38156:775:1102/071322.521601:ERROR:http_bridge.cc(126)] Not implemented reached in virtual void syncer::HttpBridgeFactory::OnSignalReceived()
,
Nov 2
Thanks for the update! Checked with provided crash id in crash server and please find the stack trace for the crash id. Stack Trace: ------------ Thread 0 (id: 0xfde02) CRASHED [EXC_BAD_INSTRUCTION / EXC_I386_INVOP @ 0x0000000112d9bb42 ] MAGIC SIGNATURE THREAD Stack Quality67%Show frame trust levels 0x0000000112d9bb42 (Google Chrome Framework -platform-posix.cc:397 ) v8::base::OS::Abort() 0x000000010f1e4257 (Google Chrome Framework -runtime-internal.cc ) v8::internal::Runtime_AllocateInNewSpace(int, v8::internal::Object**, v8::internal::Isolate*) 0x000000010f469eea (Google Chrome Framework + 0x01e8eeea ) v8_Default_embedded_blob_ 0x000000010f43de7b (Google Chrome Framework + 0x01e62e7b ) v8_Default_embedded_blob_ 0x000000010f3e9839 (Google Chrome Framework + 0x01e0e839 ) v8_Default_embedded_blob_ 0x00000024ec80616d 0x00000024ec80616d 0x00000024ec80616d 0x00000024ec80616d 0x000000010f3d9562 (Google Chrome Framework + 0x01dfe562 ) v8_Default_embedded_blob_ 0x00000024ec8020d6 0x000000010ef33cf7 (Google Chrome Framework -simulator.h:113 ) v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) 0x000000010ef339e9 (Google Chrome Framework -execution.cc:194 ) v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) 0x000000010ebf5288 (Google Chrome Framework -api.cc:5019 ) v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) 0x00000001129958f5 (Google Chrome Framework -v8_script_runner.cc:404 ) blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) 0x0000000112977c60 (Google Chrome Framework -scheduled_action.cc:168 ) blink::ScheduledAction::Execute(blink::LocalFrame*) 0x000000011297795e (Google Chrome Framework -scheduled_action.cc:123 ) blink::ScheduledAction::Execute(blink::ExecutionContext*) 0x00000001131fba95 (Google Chrome Framework -dom_timer.cc:175 ) blink::DOMTimer::Fired() 0x0000000112d4a154 (Google Chrome Framework -timer.cc:156 ) blink::TimerBase::RunInternal() 0x000000010fd0d2b9 (Google Chrome Framework -callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010fd73599 (Google Chrome Framework -thread_controller_impl.cc:196 ) base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) 0x000000010fd0d2b9 (Google Chrome Framework -callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010fd2781e (Google Chrome Framework -message_loop.cc:550 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010fd27cd0 (Google Chrome Framework -message_loop.cc:561 ) base::MessageLoop::DoDelayedWork(base::TimeTicks*) 0x000000010fd29df2 (Google Chrome Framework -message_pump_mac.mm:459 ) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010fd1cf49 (Google Chrome Framework + 0x02741f49 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010fd2973e (Google Chrome Framework -message_pump_mac.mm:431 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff37fd7154 (CoreFoundation + 0x00058154 ) 0x00007fff37fd70fa (CoreFoundation + 0x000580fa ) 0x00007fff37fbab94 (CoreFoundation + 0x0003bb94 ) 0x00007fff37fba13d (CoreFoundation + 0x0003b13d ) 0x00007fff37fb9a27 (CoreFoundation + 0x0003aa27 ) 0x00007fff3a3203b9 (Foundation + 0x0001c3b9 ) 0x000000010fd2a43c (Google Chrome Framework -message_pump_mac.mm:729 ) base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 0x000000010fd2921d (Google Chrome Framework -message_pump_mac.mm:184 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010fd4d144 (Google Chrome Framework -run_loop.cc:102 ) <name omitted> 0x00000001141da80d (Google Chrome Framework -renderer_main.cc:202 ) content::RendererMain(content::MainFunctionParams const&) 0x000000010f8c0870 (Google Chrome Framework -content_main_runner_impl.cc:906 ) content::ContentMainRunnerImpl::Run(bool) 0x0000000111e8d53c (Google Chrome Framework -main.cc:472 ) service_manager::Main(service_manager::MainParams const&) 0x000000010f8bfcb3 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x000000010d5de6ae (Google Chrome Framework -chrome_main.cc:102 ) ChromeMain 0x000000010d4894cd (Google Chrome Helper -chrome_exe_main_mac.cc:101 ) main 0x00007fff6519b08c (libdyld.dylib + 0x0001708c ) 0x00007fff6519b08c (libdyld.dylib + 0x0001708c ) ccing v8 sheriff, @adamk-Could you please help us in finding the appropriate owner for this issue. Seems this stack trace is similar to issue 899731. Thanks!
,
Nov 2
Issue 899731 has been merged into this issue.
,
Nov 2
This is indeed the same as issue 899731, duping that one here since this one has more details. I'm looking into this today.
,
Nov 2
,
Nov 2
I am WIN7x64 not MacOS, I will attempt to get the info yuo requested however the entire browser does not crash - but the extension framework is defunct and basically cannot maintain extension stability so will that be caught on the chrome:// crash url if it is simply one extension (different ones, random/frequent times) crashing due to this sudden total extension instability? Again, this is already being widely reported in my discussions in opening an issue originally before becoming clear this was the entire browser stability with one specific extension vendor, they not only already knew of this issue of total instability but exactly which version to roll back to to regain extension stability. That extension author was ublock and as stable as ublock always is, even it cannot maintain with this instability issue. Hopefully even being Macos the above trace is enough to begin to reproduce but please confirm exactly what I should be gathering when different (single) extensions are continually crashing. Thanks!
,
Nov 2
I'm trying to repro this, with uBlock Origin, but I haven't had a crash yet. Are there specific repro steps I can try?
,
Nov 2
Browse for few hours, extensions get disabled randomly.
,
Nov 2
Fri Nov 2 19:08:26 GMT 2018 @adamk - Nothing special needs to be done. For https://bugs.chromium.org/p/chromium/issues/detail?id=901010#c8 above - uBlock crashed after 18 mins. Chrome was not (actively) being used at the time. [I can undelete the fil
,
Nov 2
While I haven't been able to repro in Chrome, I did look into the uBlock source, and saw that it uses Array.from a lot. This lead me to https://crrev.com/7bd9eb7e1edb839ca03e186a44448dcd296afb57, which added a fast path for Array.from. With those two bits of information in mind, I have a local crash: let s = new Set(); for (let i = 0; i < 1000000; ++i) s.add(i); let a = Array.from(s); This crashes with the same CHECK failure as above, as it's trying to allocate an elements backing store that's too large. A revert (https://chromium-review.googlesource.com/c/v8/v8/+/1315935) is currently in the CQ; I suspect this will be fixed once that change makes it to canary.
,
Nov 2
Note that this bug only tracks the Array.from case. I've opened issue v8:8410 to track the other places where this happens in V8.
,
Nov 2
Fri Nov 2 21:42:37 GMT 2018 @adamk: Thanks for the quick find and the update!
,
Nov 2
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f88a1d87d681adfb80be22c2f2af54852df7f92c commit f88a1d87d681adfb80be22c2f2af54852df7f92c Author: Adam Klein <adamk@chromium.org> Date: Fri Nov 02 21:52:07 2018 Revert "Add fast paths to Array.from." This reverts commit 7bd9eb7e1edb839ca03e186a44448dcd296afb57. Reason for revert: crashes on canary, see https://crbug.com/901010 Original change's description: > Add fast paths to Array.from. > > This reuses the fast path from IterableToList for Array.from. The fast > paths are taken when .from is called with the receiver Array and the only > argument is the iterable (no mapping function or thisArg). > > Bug: v8:7980 > Change-Id: I975b0c5e3f838262d7b71ad4dec5111fb031d746 > Reviewed-on: https://chromium-review.googlesource.com/c/1297322 > Commit-Queue: Hai Dang <dhai@google.com> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56993} TBR=neis@chromium.org,dhai@google.com Bug: v8:7980 , chromium:901010 , v8:8410 Change-Id: I5e73267f0b3a905582c57a6fad1459c031600a73 Reviewed-on: https://chromium-review.googlesource.com/c/1315935 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#57221} [modify] https://crrev.com/f88a1d87d681adfb80be22c2f2af54852df7f92c/src/builtins/builtins-array-gen.cc [modify] https://crrev.com/f88a1d87d681adfb80be22c2f2af54852df7f92c/src/builtins/builtins-iterator-gen.cc [modify] https://crrev.com/f88a1d87d681adfb80be22c2f2af54852df7f92c/src/builtins/builtins-iterator-gen.h
,
Nov 2
,
Nov 3
Thanks so much for hunting this down so quickly! Can't wait for it to make it's way back into DEV branch!
,
Nov 4
Well so what's the fixed version where the fix landed ?
,
Nov 4
The fix landed in 72.0.3601.0 via r605133.
,
Nov 7
I can confirm as of my update to 72.0.3602 the issue does seem to be resolved! |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by rpri...@gmail.com
, Nov 1