| Issue 42971: | Extension process crash in WebCore::V8SQLTransactionCallback::handleEvent() | |
| 6 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
This one comes to us from 5.0.375.23 Mac. I don’t see this on Windows at the same version. Here’s a sample. http://crash/reportdetail?reportid=18b9a3a03e93db0d Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000000 ) 0x14fc516a 0x14fb0c61 0x00aa7db1 [Google Chrome Framework - execution.cc:97] Invoke 0x00aa8356 [Google Chrome Framework + 0x00aa1356] 0x00a6cae8 [Google Chrome Framework - api.cc:2515] v8::Function::Call(v8::Handle<v8::Object>, int, v8::Handle<v8::Value>*) 0x00e1a6e2 [Google Chrome Framework - V8Proxy.cpp:492] WebCore::V8Proxy::callFunction(v8::Handle<v8::Function>, v8::Handle<v8::Object>, int, v8::Handle<v8::Value>*) 0x00de6097 [Google Chrome Framework - V8CustomVoidCallback.cpp:89] WebCore::invokeCallback(v8::Persistent<v8::Object>, int, v8::Handle<v8::Value>*, bool&) 0x00de5ac8 [Google Chrome Framework - V8CustomSQLTransactionCallback.cpp:76] WebCore::V8CustomSQLTransactionCallback::handleEvent(WebCore::SQLTransaction*, bool&) 0x0131c43c [Google Chrome Framework - SQLTransaction.cpp:293] WebCore::SQLTransaction::deliverTransactionCallback() 0x00ec3ea8 [Google Chrome Framework - Document.cpp:4688] performTask 0x0156726b [Google Chrome Framework - MainThread.cpp:96] WTF::dispatchFunctionsFromMainThread() 0x006b245a [Google Chrome Framework - message_loop.cc:329] MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) 0x006b2e2a [Google Chrome Framework - message_loop.cc:444] MessageLoop::DoWork() 0x00690e43 [Google Chrome Framework - message_pump_mac.mm:291] base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x96d3aff0 [CoreFoundation + 0x0003eff0] __CFRunLoopDoSources0 0x96d38c1e [CoreFoundation + 0x0003cc1e] __CFRunLoopRun 0x96d380f3 [CoreFoundation + 0x0003c0f3] CFRunLoopRunSpecific 0x96d37f20 [CoreFoundation + 0x0003bf20] CFRunLoopRunInMode 0x97b670fb [HIToolbox + 0x000350fb] RunCurrentEventLoopInMode 0x97b66eb0 [HIToolbox + 0x00034eb0] ReceiveNextEventCommon 0x97b66d35 [HIToolbox + 0x00034d35] BlockUntilNextEventMatchingListInMode 0x93237134 [AppKit + 0x00048134] _DPSNextEvent 0x93236975 [AppKit + 0x00047975] -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 0x931f8bee [AppKit + 0x00009bee] -[NSApplication run] 0x006908ec [Google Chrome Framework - message_pump_mac.mm:677] base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x00690075 [Google Chrome Framework - message_pump_mac.mm:213] base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x006b23a3 [Google Chrome Framework - message_loop.cc:205] MessageLoop::Run() 0x00646b7d [Google Chrome Framework - renderer_main.cc:289] RendererMain(MainFunctionParams const&) 0x0000a27d [Google Chrome Framework - chrome_dll_main.cc:720] ChromeMain 0x00001ff7 [Google Chrome Helper - chrome_exe_main.mm:16] main Many of these implicate a specific url-chunk-1: chrome-extension://loljledaigphbcpfhfmgopdkppkifgno/background.html
May 1, 2010
Dumi, can you look into this? I am not sure what the cause is, but maybe you can smell something?
Status:
Assigned
Owner: d...@chromium.org
May 10, 2010
i am putting this in mstone5 since it's a top crasher for 5. Dumi, any update on this?
Labels:
Mstone-5
May 11, 2010
(No comment was entered for this change.)
Labels:
Crash-TopCrash
May 11, 2010
(No comment was entered for this change.)
Labels:
-Crash-TopCrash Crash-TopCrasher
May 21, 2010
Top non-plugin crash in 5.0.375.53 Mac.
May 25, 2010
(No comment was entered for this change.)
Status:
Duplicate
Mergedinto: 38857
May 25, 2010
(No comment was entered for this change.)
Status:
Started
Mergedinto: -38857
Jun 13, 2010
This is pretty tough to debug: I can't reproduce the crash and we don't have a core dump or the first few lines in the stack trace. I recently submitted a WebKit patch that will help us test a theory suggested by v8 engineers. The patch should be in Chromium starting with branch 428, so I'll keep monitoring the crashes for the next couple of weeks and see if we can get some more information.
Jul 12, 2010
Dumi, I see: http://crash/reportdetail?reportid=2c184f2d2a391978 Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0xffffffffbbadbeef ) 0x048824fa [Google Chrome Framework - V8SQLTransactionCallback.cpp:60] WebCore::V8SQLTransactionCallback::handleEvent(WebCore::ScriptExecutionContext*, WebCore::SQLTransaction*) 0x0471c2e1 [Google Chrome Framework - SQLTransaction.cpp:294] WebCore::SQLTransaction::deliverTransactionCallback() 0x04237fd8 [Google Chrome Framework - Document.cpp:4907] performTask That invalid address looks pretty intentionally invalid :-).
Jul 12, 2010
Yes, I've added some CRASH() instructions in this code to see if we're crashing because of empty v8 handles. Thanks for noticing this version of the crash!
Jul 20, 2010
Make subject easier to correlate with crash dumps.
Summary:
Extension process crash in WebCore::V8SQLTransactionCallback::handleEvent()
Labels: -Mstone-5 Mstone-6
Jul 20, 2010
For triage purposes: This crashes the extension process, so things could be worse. Unfortunately, on Mac we don't get the breakpad tag for which extension it is, and I don't see anything obvious in the mini-dump.
Jul 20, 2010
It's https://chrome.google.com/extensions/detail/loljledaigphbcpfhfmgopdkppkifgno (in most cases, at least).
Aug 18, 2010
(No comment was entered for this change.)
Labels:
-Mstone-6 Mstone-7
Sep 12, 2010
I am taking off the mstone to reflect the reality that we don't know when this will be fixed.
Labels:
-Mstone-7
Sep 12, 2010
(No comment was entered for this change.)
Labels:
-Pri-1 Pri-2
Sep 12, 2010
(No comment was entered for this change.)
Labels:
Mstone-X
Sep 14, 2010
Removing top-crasher label, per aa's comments. It's still crashing in 6.0.472.55 and 7.0.517.5, but it's not highly placed (overall, might be highly-placed for extensions).
Labels:
-Crash-TopCrasher
Dec 16, 2010
I believe dumi is no longer working on Chromium, so these may need to be re-assigned.
Status:
Available
Cc: i...@chromium.org micha...@chromium.org
Dec 16, 2010
(No comment was entered for this change.)
Owner:
---
Dec 16, 2010
Drive-by: the stack trace here looks like what would happen if either function or argument to v8::Function::Call is an empty handle. This might be as simple as guarding against that.
May 13, 2011
(No comment was entered for this change.)
Labels:
-mstone-x
Jun 15, 2011
(No comment was entered for this change.)
Cc:
-ian.chromium@gmail.com ian@chromium.org
May 7, 2012
I see very very few of these on the Mac and but more on Windows. I'm lowering priority for now and we can keep an eye on it and raise it back.
Cc:
-ager@chromium.org danno@chromium.org
Labels: -Pri-2 Pri-3
May 7, 2012
I see very very few of these on the Mac and but more on Windows. I'm lowering priority for now and we can keep an eye on it and raise it back.
Mar 10, 2013
(No comment was entered for this change.)
Labels:
-Feature-Extensions -Area-WebKit -WebKit-JavaScript -Area-Internals Cr-Content Cr-Platform-Extensions Cr-Content-JavaScript Cr-Internals
Apr 5, 2013
(No comment was entered for this change.)
Labels:
-Cr-Content Cr-Blink
Apr 5, 2013
(No comment was entered for this change.)
Labels:
-Cr-Content-JavaScript Cr-Blink-JavaScript
Mar 20, 2015
[Automated message] This open bug has seen not seen activity for over half a year and is not assigned to an owner. It seems it is not valid anymore. This issue will be set to Archived (Closed) next week. If you think this issue is still valid and should stay open, please contact hablich@.
Mar 26, 2015
(No comment was entered for this change.)
Status:
Archived
|
||||||||||
| ► Sign in to add a comment | |||||||||||
Labels: -Pri-2 Pri-1