RESOLVED FIXED 110135
Crash in Safari nightly (WebCore::InspectorCSSAgent::unbindStyleSheet) 
https://bugs.webkit.org/show_bug.cgi?id=110135
Summary Crash in Safari nightly (WebCore::InspectorCSSAgent::unbindStyleSheet)
BJ Homer
Reported 2013-02-18 09:43:25 PST
Created attachment 188909 [details] Crash report I'm not sure what the exact steps for triggering this are, but I'm seeing it fairly often. This last time, it was just as I hit "enter" to go to a new URL. The crash report indicates it may be related to the inspector, which I had open at the time, so I'm reporting this with that component. Crash report attached.
Attachments
Crash report (67.16 KB, text/plain)
2013-02-18 09:43 PST, BJ Homer 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Antoine Quint
Comment 1 2013-02-18 09:54:16 PST
Crash is in WebCore::InspectorCSSAgent::unbindStyleSheet, changing title to reflect that.
Joseph Pecoraro
Comment 2 2013-02-18 11:05:58 PST
Looks related to new code introduced in r142975 via: <http://webkit.org/b/105828> Web Inspector: Implement tracking of active stylesheets in the frontend
Radar WebKit Bug Importer
Comment 3 2013-02-18 11:06:25 PST
<rdar://problem/13236411>
Alexander Pavlov (apavlov)
Comment 4 2013-02-18 11:38:37 PST
Thanks for the report. It would be great to see the exact steps, primarily the URL inspected at the moment of crash.
BJ Homer
Comment 5 2013-02-18 11:45:54 PST
I'll see if I can get it to happen deterministically, and update when I have more information.
Joseph Pecoraro
Comment 6 2013-02-18 15:46:19 PST
Looks like an internal dup suggested this could happen by inspecting a page and navigating via the console: js> window.location = 'http://apple.com' I haven't updated + built yet to confirm that.
Simon Fraser (smfr)
Comment 7 2013-02-18 15:46:43 PST
I've hit this a couple of times too. Should we revert r142975 ?
Alexander Pavlov (apavlov)
Comment 8 2013-02-19 22:30:33 PST
Reverted in http://trac.webkit.org/changeset/143333. Just to confirm, does "KERN_INVALID_ADDRESS at 0x0000000000000018" mean access to a freed memory location? (Not quite familiar with the MacOS X crash reporting)
Joseph Pecoraro
Comment 9 2013-02-20 00:04:31 PST
(In reply to comment #8) > Reverted in http://trac.webkit.org/changeset/143333. > > Just to confirm, does "KERN_INVALID_ADDRESS at 0x0000000000000018" mean access to a freed memory location? (Not quite familiar with the MacOS X crash reporting) It probably means a null dereference. The address is very close to 0x0, so it probably tried to access a member, or call a function on a null ptr. Despite the assert (which wouldn't show up in nighties), maybe the inspectorStyleSheet passed into unbind was null?
Note You need to log in before you can comment on or make changes to this bug.