On r150926: 1) Visit http://musictheory.net/exercises/ear-interval (or another one of my ear trainers) 2) Wait for audio files to load 3) Crash! Happened sometime after r150525.
Created attachment 203293 [details] crash log
Changing title, it's not just in JSC::CodeBlock::visitAggregate() - it's different each time. Let me know if you need me to turn on any flags. (Is there a WebKit version of MallocScribble)? Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010b9b8af6 WTF::TCMalloc_Central_FreeList::FetchFromSpans() + 70 1 com.apple.JavaScriptCore 0x000000010b9b6c68 WTF::fastMalloc(unsigned long) + 1720 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010666ebb5 WebCore::ElementRuleCollector::ruleMatches(WebCore::RuleData const&, WebCore::ContainerNode const*, WebCore::PseudoId&) + 309 1 com.apple.WebCore 0x000000010666e145 void WebCore::ElementRuleCollector::doCollectMatchingRulesForList<false>(WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow> const*, WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) + 293 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000107c487a2 JSC::StructureStubInfo::visitWeakReferences() + 274 1 com.apple.JavaScriptCore 0x0000000107a063b4 JSC::CodeBlock::finalizeUnconditionally() + 2980 2 com.apple.JavaScriptCore 0x0000000107c35899 JSC::SlotVisitor::finalizeUnconditionalFinalizers() + 57 3 com.apple.JavaScriptCore 0x0000000107add527 JSC::Heap::collect(JSC::Heap::SweepToggle) + 343
I cannot reproduce this. Could you please try running the nightly with GuardMalloc? Paste the below in Terminal as one string: DYLD_FRAMEWORK_PATH=/Applications/WebKit.app/Contents/Frameworks/10.8 DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelment
Rather, DYLD_FRAMEWORK_PATH=/Applications/WebKit.app/Contents/Frameworks/10.8 DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment (for some reason, copy/paste corrupted "Development")
Created attachment 203378 [details] Crash when running with libgmalloc.dylib
Created attachment 203379 [details] Another one with libgmalloc Slightly different stack in this one
Hmm, I wish I could reproduce locally - GuardMalloc is more useful with debug builds. But this is a lead. 0 com.apple.JavaScriptCore 0x0000000108b5c15c WTFCrash + 76 1 com.apple.JavaScriptCore 0x0000000108b6dd6c WTF::fastMalloc(unsigned long) + 1980 2 com.apple.WebCore 0x00000001097a236d WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow>::reserveCapacity(unsigned long) + 77 3 com.apple.WebCore 0x00000001097a22d7 WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow>::expandCapacity(unsigned long, WebCore::RuleData const*) + 87 4 com.apple.WebCore 0x00000001097a0f79 WebCore::RuleSet::addToRuleSet(WTF::AtomicStringImpl*, WTF::HashMap<WTF::AtomicStringImpl*, WTF::OwnPtr<WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow> >, WTF::PtrHash<WTF::AtomicStringImpl*>, WTF::HashTraits<WTF::AtomicStringImpl*>, WTF::HashTraits<WTF::OwnPtr<WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow> > > >&, WebCore::RuleData const&) + 297 5 com.apple.WebCore 0x00000001097a1374 WebCore::RuleSet::findBestRuleSetAndAdd(WebCore::CSSSelector const*, WebCore::RuleData&) + 948 6 com.apple.WebCore 0x00000001097a1646 WebCore::RuleSet::addRule(WebCore::StyleRule*, unsigned int, WebCore::AddRuleFlags) + 710 7 com.apple.WebCore 0x00000001097a1a74 WebCore::RuleSet::addChildRules(WTF::Vector<WTF::RefPtr<WebCore::StyleRuleBase>, 0ul, WTF::CrashOnOverflow> const&, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*, WebCore::ContainerNode const*, bool, WebCore::AddRuleFlags) + 260 8 com.apple.WebCore 0x00000001097a1cb7 WebCore::RuleSet::addRulesFromSheet(WebCore::StyleSheetContents*, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*, WebCore::ContainerNode const*) + 215 9 com.apple.WebCore 0x0000000108ee59f1 WebCore::DocumentRuleSets::appendAuthorStyleSheets(unsigned int, WTF::Vector<WTF::RefPtr<WebCore::CSSStyleSheet>, 0ul, WTF::CrashOnOverflow> const&, WebCore::MediaQueryEvaluator*, WebCore::InspectorCSSOMWrappers&, bool, WebCore::StyleResolver*) + 113 10 com.apple.WebCore 0x00000001098589d9 WebCore::StyleResolver::appendAuthorStyleSheets(unsigned int, WTF::Vector<WTF::RefPtr<WebCore::CSSStyleSheet>, 0ul, WTF::CrashOnOverflow> const&) + 57 11 com.apple.WebCore 0x0000000109858076 WebCore::StyleResolver::StyleResolver(WebCore::Document*, bool) + 1302 12 com.apple.WebCore 0x0000000108ec69db WebCore::Document::createStyleResolver() + 75 13 com.apple.WebCore 0x0000000108f9637c WebCore::Element::styleForRenderer() + 92 14 com.apple.WebCore 0x0000000108f96544 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 404 15 com.apple.WebCore 0x0000000108ec5b4f WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 607 16 com.apple.WebCore 0x0000000108ec2a9c WebCore::Document::updateStyleIfNeeded() + 76 17 com.apple.WebCore 0x0000000108ec60cf WebCore::Document::updateStyleForAllDocuments() + 95 18 com.apple.WebCore 0x000000010923048c WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 620 19 com.apple.WebCore 0x000000010921b736 WebCore::JSAudioBufferCallback::handleEvent(WebCore::AudioBuffer*) + 278
Hmm. Do you have any Safari extensions installed?
I do in normal Safari, but not in WebKit.
The latest nightlies no longer crash, which is a definitely improvement. They also no longer play audio though ;) I hear a faint audio pop once the exercise loads, then nothing. Works in Safari 6.1 and Chrome 29.
s/6.1/6.0.5
> I do in normal Safari, but not in WebKit. I'm not sure what you mean by this. WebKit uses the same Safari with the same user preferences, so it has all the same extensions. Are you saying that you test WebKit on a different account? Would this issue still happen in WebKit if you disable all extensions?
I was under the assumption that WebKit and Safari use different preference files and had Safari running with extensions=On in the prefs while WebKit was running with extensions=Off in the prefs. Upon relaunching Safari, extensions were Off. Looks like I have been running with extensions=Off for a week now. In any case, this issue still happens regardless of the extension setting. (In reply to comment #12) > > I do in normal Safari, but not in WebKit. > > I'm not sure what you mean by this. WebKit uses the same Safari with the same user preferences, so it has all the same extensions. Are you saying that you test WebKit on a different account? > > Would this issue still happen in WebKit if you disable all extensions?
issue needs deep memory profile,this may be OOM issue,please attach Coredump tar