Created attachment 188909 [details] Crash report I'm not sure what the exact steps for triggering this are, but I'm seeing it fairly often. This last time, it was just as I hit "enter" to go to a new URL. The crash report indicates it may be related to the inspector, which I had open at the time, so I'm reporting this with that component. Crash report attached.
Crash is in WebCore::InspectorCSSAgent::unbindStyleSheet, changing title to reflect that.
Looks related to new code introduced in r142975 via: <http://webkit.org/b/105828> Web Inspector: Implement tracking of active stylesheets in the frontend
<rdar://problem/13236411>
Thanks for the report. It would be great to see the exact steps, primarily the URL inspected at the moment of crash.
I'll see if I can get it to happen deterministically, and update when I have more information.
Looks like an internal dup suggested this could happen by inspecting a page and navigating via the console: js> window.location = 'http://apple.com' I haven't updated + built yet to confirm that.
I've hit this a couple of times too. Should we revert r142975 ?
Reverted in http://trac.webkit.org/changeset/143333. Just to confirm, does "KERN_INVALID_ADDRESS at 0x0000000000000018" mean access to a freed memory location? (Not quite familiar with the MacOS X crash reporting)
(In reply to comment #8) > Reverted in http://trac.webkit.org/changeset/143333. > > Just to confirm, does "KERN_INVALID_ADDRESS at 0x0000000000000018" mean access to a freed memory location? (Not quite familiar with the MacOS X crash reporting) It probably means a null dereference. The address is very close to 0x0, so it probably tried to access a member, or call a function on a null ptr. Despite the assert (which wouldn't show up in nighties), maybe the inspectorStyleSheet passed into unbind was null?