Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in v8::internal::MaybeHandle loading pages/new tabs #29114

Closed
stephendonner opened this issue Mar 16, 2023 · 3 comments
Closed

Crash in v8::internal::MaybeHandle loading pages/new tabs #29114

stephendonner opened this issue Mar 16, 2023 · 3 comments
Labels
closed/works-for-me crash/webview Only tab webview crash. Browser doesn't crash OS/Desktop QA/No QA/Test-Plan-Specified regression release/blocking
Milestone
1.50.x - Release

Comments

@stephendonner
Copy link

stephendonner commented Mar 16, 2023
edited
Loading

Description

Crash in v8::internal::MaybeHandle loading pages/new tabs

Steps to Reproduce

  1. install 1.50.93
  2. launch Brave
  3. load brave.com

Actual result:

Crashes, in:

[ 00 ] v8::internal::MaybeHandle<v8::internal::Object> v8::internal::JsonParser<unsigned char>::ParseJsonValue<false>(v8::internal::Handle<v8::internal::Object>) ( atomic:957 )
[ 01 ] v8::internal::Builtin_Impl_JsonParse(v8::internal::BuiltinArguments, v8::internal::Isolate*) ( json-parser.cc:489 )
[ 02 ] v8::internal::Builtin_JsonParse(int, unsigned long*, v8::internal::Isolate*) ( builtins-json.cc:17 )
[ 03 ] 0x11bdfedba38
[ 04 ] 0x11bdfe4c32c
[ 05 ] 0x11bdfe4c32c
[ 06 ] 0x11bdfe4a71c
[ 07 ] 0x11bdfe4a447
[ 08 ] v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) ( simulator.h:154 )
[ 09 ] v8::internal::Execution::CallScript(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>) ( execution.cc:538 )
[ 10 ] v8::Script::Run(v8::Local<v8::Context>, v8::Local<v8::Data>) ( api.cc:2271 )
[ 11 ] blink::V8ScriptRunner::CompileAndRunScript(blink::ScriptState*, blink::ClassicScript*, blink::ExecuteScriptPolicy, blink::V8ScriptRunner::RethrowErrorsOption) ( v8_script_runner.cc:414 )
[ 12 ] blink::ClassicScript::RunScriptOnScriptStateAndReturnValue(blink::ScriptState*, blink::ExecuteScriptPolicy, blink::V8ScriptRunner::RethrowErrorsOption) ( classic_script.cc:220 )
[ 13 ] blink::Script::RunScriptOnScriptState(blink::ScriptState*, blink::ExecuteScriptPolicy, blink::V8ScriptRunner::RethrowErrorsOption) ( script.cc:31 )
[ 14 ] blink::Script::RunScript(blink::LocalDOMWindow*, blink::ExecuteScriptPolicy, blink::V8ScriptRunner::RethrowErrorsOption) ( script.cc:38 )
[ 15 ] blink::PendingScript::ExecuteScriptBlockInternal(blink::Script*, blink::ScriptElementBase*, bool, bool, bool, base::TimeTicks, bool) ( pending_script.cc:291 )
[ 16 ] blink::PendingScript::ExecuteScriptBlock() ( pending_script.cc:188 )
[ 17 ] blink::HTMLParserScriptRunner::ExecuteScriptsWaitingForParsing() ( html_parser_script_runner.cc:254 )
[ 18 ] blink::HTMLDocumentParser::AttemptToRunDeferredScriptsAndEnd() ( html_document_parser.cc:1000 )
[ 19 ] blink::HTMLDocumentParser::PrepareToStopParsing() ( html_document_parser.cc:522 )
[ 20 ] blink::HTMLDocumentParser::EndIfDelayed() ( html_document_parser.cc:1040 )
[ 21 ] blink::HTMLDocumentParser::DeferredPumpTokenizerIfPossible(bool, base::TimeTicks) ( html_document_parser.cc:569 )
[ 22 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ( callback.h:152 )
[ 23 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:335 )
[ 24 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:0 )
[ 25 ] base::MessagePumpCFRunLoopBase::RunWork() ( message_pump_mac.mm:475 )
[ 26 ] base::mac::CallWithEHFrame(void () block_pointer)
[ 27 ] base::MessagePumpCFRunLoopBase::RunWorkSource(void*) ( message_pump_mac.mm:447 )
[ 28 ] 0x7fff208e2d2c
[ 29 ] 0x7fff208e2c94
[ 30 ] 0x7fff208e2a14
[ 31 ] 0x7fff208e143c
[ 32 ] 0x7fff208e09fc
[ 33 ] 0x7fff21672657
[ 34 ] base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) ( message_pump_mac.mm:768 )
[ 35 ] base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) ( message_pump_mac.mm:172 )
[ 36 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( thread_controller_with_message_pump_impl.cc:644 )
[ 37 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( thread_controller_with_message_pump_impl.cc:0 )
[ 38 ] base::RunLoop::Run(base::Location const&) ( run_loop.cc:140 )
[ 39 ] content::RendererMain(content::MainFunctionParams) ( renderer_main.cc:339 )
[ 40 ] content::RunOtherNamedProcessTypeMain(std::Cr::basic_string<char, std::Cr::char_traits<char>, std::Cr::allocator<char>> const&, content::MainFunctionParams, content::ContentMainDelegate*) ( content_main_runner_impl.cc:760 )
[ 41 ] content::ContentMainRunnerImpl::Run() ( content_main_runner_impl.cc:1119 )
[ 42 ] content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) ( content_main.cc:321 )
[ 43 ] content::ContentMain(content::ContentMainParams) ( content_main.cc:349 )
[ 44 ] ChromeMain ( chrome_main.cc:180 )
[ 45 ] main ( chrome_exe_main_mac.cc:216 )
[ 46 ] 0x7fff20805f3d
[ 47 ] 0x7fff20805f3d

Expected result:

No crash; pages load

Reproduces how often:

100%

Brave version (brave://version info)

Brave 1.50.93 Chromium: 111.0.5563.64 (Official Build) beta (x86_64)
Revision c710e93d5b63b7095afe8c2c17df34408078439d-refs/branch-heads/5563@{#995}
OS macOS Version 11.7.4 (Build 20G1120)

Version/Channel Information:

  • Can you reproduce this issue with the current release? NO
  • Can you reproduce this issue with the beta channel? Yes
  • Can you reproduce this issue with the nightly channel? NO

/cc @LaurenWags @mkarolin @rebron @brave/qa-team
@kjozwiak kjozwiak added this to the 1.50.x - Beta milestone Mar 16, 2023
@kjozwiak
Copy link
Member

Added release/blocking and moved it into 1.50.x as this seems pretty bad and should be fixed in 1.50.x. If this ends up being a minor issue once we know more, can remove the release/blocking label and decide if it should ride the trains or get uplifted.

@LaurenWags
Copy link
Member

@stephendonner I'm not seeing this crash with the 1.50.114 RC version, mind taking a look as well?

Brave | 1.50.114 Chromium: 112.0.5615.49 (Official Build) (x86_64)
-- | --
Revision | bd2a7bcb881c11e8cfe3078709382934e3916914-refs/branch-heads/5615@{#936}
OS | macOS Version 12.6.4 (Build 21G526)

@stephendonner
Copy link
Author

@stephendonner I'm not seeing this crash with the 1.50.114 RC version, mind taking a look as well?

Am also not seeing the crash using

Brave 1.50.114 Chromium: 112.0.5615.49 (Official Build) (x86_64)
Revision bd2a7bcb881c11e8cfe3078709382934e3916914-refs/branch-heads/5615@{#936}
OS macOS Version 11.7.5 (Build 20G1225)

I think this might've been fixed by some Chromium rebase...?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed/works-for-me crash/webview Only tab webview crash. Browser doesn't crash OS/Desktop QA/No QA/Test-Plan-Specified regression release/blocking
Projects
None yet
Milestone
1.50.x - Release
Development

No branches or pull requests
3 participants
@stephendonner @kjozwiak @LaurenWags