Bug 121193 - Web Inspector: crash inspecting a cube at tridiv.com
Summary: Web Inspector: crash inspecting a cube at tridiv.com
Status: RESOLVED DUPLICATE of bug 121330
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.8
: P2 Major
Assignee: Nobody
URL: http://tridiv.com
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2013-09-11 17:25 PDT by Vicki
Modified: 2013-09-19 12:25 PDT (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vicki 2013-09-11 17:25:33 PDT 
SUMMARY
Crash inspecting a cube at tridiv.com

STEPS TO REPRODUCE
1. Go to tridiv.com, click "Start Using The App" if you haven't used this site before, then add a cuboid shape to the scene by clicking on the cube in the controls
2. Inspect the cube by ctrl-clicking on the cube shape that you've added to the scene.

I immediately see this crash, with Nightly on 10.8.4, on a 13" MBP:


Process:         WebProcess [43037]
Path:            /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier:      com.apple.WebProcess
Version:         538+ (538.1+)
Code Type:       X86-64 (Native)
Parent Process:  SafariForWebKitDevelopment [43032]
User ID:         501

Date/Time:       2013-09-11 17:21:12.527 -0700
OS Version:      Mac OS X 10.8.4 (12E55)
Report Version:  10

Interval Since Last Report:          594815 sec
Crashes Since Last Report:           15
Per-App Interval Since Last Report:  388205 sec
Per-App Crashes Since Last Report:   12
Anonymous UUID:                      8E329367-0742-4E56-D288-DC6E7A93BF04

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x000000000000000a

VM Regions Near 0xa:
--> 
    __TEXT                 00000001049a7000-00000001049a8000 [    4K] r-x/rwx SM=COW  /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess

Application Specific Information:
Bundle controller class:
BrowserBundleController
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   ???                           	0x000025ddfc830c1b 0 + 41635354446875
1   com.apple.JavaScriptCore      	0x0000000104f99e61 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
2   com.apple.JavaScriptCore      	0x0000000104f8016d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 573
3   com.apple.JavaScriptCore      	0x0000000104e54da5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
4   com.apple.JavaScriptCore      	0x0000000104fcff62 JSC::boundFunctionCall(JSC::ExecState*) + 498
5   ???                           	0x000025ddfc601045 0 + 41635352154181
6   com.apple.JavaScriptCore      	0x0000000104f99e61 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
7   com.apple.JavaScriptCore      	0x0000000104f8016d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 573
8   com.apple.JavaScriptCore      	0x0000000104e54da5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
9   com.apple.JavaScriptCore      	0x0000000104f752c0 JSC::callSetter(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::ECMAMode) + 256
10  com.apple.JavaScriptCore      	0x0000000104ff8e3c JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 764
11  com.apple.JavaScriptCore      	0x000000010504793e llint_slow_path_put_by_id + 558
12  com.apple.JavaScriptCore      	0x000000010504f98b llint_op_put_by_id + 133
13  com.apple.JavaScriptCore      	0x0000000104f99e61 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
14  com.apple.JavaScriptCore      	0x0000000104f8016d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 573
15  com.apple.JavaScriptCore      	0x0000000104e54da5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
16  com.apple.JavaScriptCore      	0x0000000104fcff62 JSC::boundFunctionCall(JSC::ExecState*) + 498
17  ???                           	0x000025ddfc601045 0 + 41635352154181
18  com.apple.JavaScriptCore      	0x0000000104f99e61 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
19  com.apple.JavaScriptCore      	0x0000000104f8016d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 573
20  com.apple.JavaScriptCore      	0x0000000104e54da5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
21  com.apple.JavaScriptCore      	0x0000000104fcff62 JSC::boundFunctionCall(JSC::ExecState*) + 498
22  com.apple.JavaScriptCore      	0x0000000104f8019e JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 622
23  com.apple.JavaScriptCore      	0x0000000104e54da5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
24  com.apple.WebCore             	0x0000000105d2caa9 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 441
25  com.apple.WebCore             	0x0000000105d2c70a WebCore::ScheduledAction::execute(WebCore::Document*) + 154
26  com.apple.WebCore             	0x0000000105586434 WebCore::DOMTimer::fired() + 276
27  com.apple.WebCore             	0x0000000105ebca4f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
28  com.apple.WebCore             	0x0000000105d7d553 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51
29  com.apple.CoreFoundation      	0x00007fff96ecf804 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
30  com.apple.CoreFoundation      	0x00007fff96ecf31d __CFRunLoopDoTimer + 557
31  com.apple.CoreFoundation      	0x00007fff96eb4ad9 __CFRunLoopRun + 1529
32  com.apple.CoreFoundation      	0x00007fff96eb40e2 CFRunLoopRunSpecific + 290
33  com.apple.HIToolbox           	0x00007fff96b0aeb4 RunCurrentEventLoopInMode + 209
34  com.apple.HIToolbox           	0x00007fff96b0ac52 ReceiveNextEventCommon + 356
35  com.apple.HIToolbox           	0x00007fff96b0aae3 BlockUntilNextEventMatchingListInMode + 62
36  com.apple.AppKit              	0x00007fff8f613533 _DPSNextEvent + 685
37  com.apple.AppKit              	0x00007fff8f612df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
38  com.apple.AppKit              	0x00007fff8f60a1a3 -[NSApplication run] + 517
39  com.apple.WebCore             	0x0000000105d28782 WebCore::RunLoop::run() + 82
40  com.apple.WebKit2             	0x0000000104a8ef5a int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 422
41  com.apple.WebProcess          	0x00000001049a7e23 main + 337
42  libdyld.dylib                 	0x00007fff93a277e1 start + 1

Thread 1:: Dispatch queue: com.apple.libdispatch-manager
0   libsystem_kernel.dylib        	0x00007fff8eb5dd16 kevent + 10
1   libdispatch.dylib             	0x00007fff9a0a6dea _dispatch_mgr_invoke + 883
2   libdispatch.dylib             	0x00007fff9a0a69ee _dispatch_mgr_thread + 54

Thread 2:: JavaScriptCore::BlockFree
0   libsystem_kernel.dylib        	0x00007fff8eb5d0fa __psynch_cvwait + 10
1   libsystem_c.dylib             	0x00007fff904f3fe9 _pthread_cond_wait + 869
2   com.apple.JavaScriptCore      	0x0000000105166976 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 118
3   com.apple.JavaScriptCore      	0x0000000104e3b4fb JSC::BlockAllocator::blockFreeingThreadMain() + 123
4   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
5   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
6   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 3:: JavaScriptCore::Marking
0   libsystem_kernel.dylib        	0x00007fff8eb5d0fa __psynch_cvwait + 10
1   libsystem_c.dylib             	0x00007fff904f3fe9 _pthread_cond_wait + 869
2   com.apple.JavaScriptCore      	0x0000000104f72f8b JSC::GCThread::waitForNextPhase() + 123
3   com.apple.JavaScriptCore      	0x0000000104f7304f JSC::GCThread::gcThreadMain() + 143
4   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
5   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
6   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 4:: JavaScriptCore::Marking
0   libsystem_kernel.dylib        	0x00007fff8eb5d0fa __psynch_cvwait + 10
1   libsystem_c.dylib             	0x00007fff904f3fe9 _pthread_cond_wait + 869
2   com.apple.JavaScriptCore      	0x0000000104f72f8b JSC::GCThread::waitForNextPhase() + 123
3   com.apple.JavaScriptCore      	0x0000000104f7304f JSC::GCThread::gcThreadMain() + 143
4   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
5   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
6   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 5:: JavaScriptCore::Marking
0   libsystem_kernel.dylib        	0x00007fff8eb5d0fa __psynch_cvwait + 10
1   libsystem_c.dylib             	0x00007fff904f3fe9 _pthread_cond_wait + 869
2   com.apple.JavaScriptCore      	0x0000000104f72f8b JSC::GCThread::waitForNextPhase() + 123
3   com.apple.JavaScriptCore      	0x0000000104f7304f JSC::GCThread::gcThreadMain() + 143
4   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
5   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
6   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 6:: WebCore: Scrolling
0   libsystem_kernel.dylib        	0x00007fff8eb5b686 mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff8eb5ac42 mach_msg + 70
2   com.apple.CoreFoundation      	0x00007fff96eaf233 __CFRunLoopServiceMachPort + 195
3   com.apple.CoreFoundation      	0x00007fff96eb4916 __CFRunLoopRun + 1078
4   com.apple.CoreFoundation      	0x00007fff96eb40e2 CFRunLoopRunSpecific + 290
5   com.apple.CoreFoundation      	0x00007fff96ec2dd1 CFRunLoopRun + 97
6   com.apple.WebCore             	0x0000000105d537ce WebCore::ScrollingThread::initializeRunLoop() + 254
7   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
8   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
9   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 7:: com.apple.NSURLConnectionLoader
0   libsystem_kernel.dylib        	0x00007fff8eb5b686 mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff8eb5ac42 mach_msg + 70
2   com.apple.CoreFoundation      	0x00007fff96eaf233 __CFRunLoopServiceMachPort + 195
3   com.apple.CoreFoundation      	0x00007fff96eb4916 __CFRunLoopRun + 1078
4   com.apple.CoreFoundation      	0x00007fff96eb40e2 CFRunLoopRunSpecific + 290
5   com.apple.Foundation          	0x00007fff95edd546 +[NSURLConnection(Loader) _resourceLoadLoop:] + 356
6   com.apple.Foundation          	0x00007fff95f3b562 __NSThread__main__ + 1345
7   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
8   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 8:: com.apple.CFSocket.private
0   libsystem_kernel.dylib        	0x00007fff8eb5d322 __select + 10
1   com.apple.CoreFoundation      	0x00007fff96ef3f46 __CFSocketManager + 1302
2   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
3   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 9:: JSC Compilation Thread
0   libsystem_kernel.dylib        	0x00007fff8eb5d0fa __psynch_cvwait + 10
1   libsystem_c.dylib             	0x00007fff904f3fe9 _pthread_cond_wait + 869
2   com.apple.JavaScriptCore      	0x0000000104f66c6b JSC::DFG::Worklist::runThread() + 763
3   com.apple.JavaScriptCore      	0x0000000105165c8f WTF::wtfThreadEntryPoint(void*) + 15
4   libsystem_c.dylib             	0x00007fff904ef7a2 _pthread_start + 327
5   libsystem_c.dylib             	0x00007fff904dc1e1 thread_start + 13

Thread 10:
0   libsystem_kernel.dylib        	0x00007fff8eb5d6d6 __workq_kernreturn + 10
1   libsystem_c.dylib             	0x00007fff904f1f4c _pthread_workq_return + 25
2   libsystem_c.dylib             	0x00007fff904f1d13 _pthread_wqthread + 412
3   libsystem_c.dylib             	0x00007fff904dc1d1 start_wqthread + 13

Thread 11:
0   libsystem_kernel.dylib        	0x00007fff8eb5d6d6 __workq_kernreturn + 10
1   libsystem_c.dylib             	0x00007fff904f1f4c _pthread_workq_return + 25
2   libsystem_c.dylib             	0x00007fff904f1d13 _pthread_wqthread + 412
3   libsystem_c.dylib             	0x00007fff904dc1d1 start_wqthread + 13

Thread 12:
0   libsystem_kernel.dylib        	0x00007fff8eb5d6d6 __workq_kernreturn + 10
1   libsystem_c.dylib             	0x00007fff904f1f4c _pthread_workq_return + 25
2   libsystem_c.dylib             	0x00007fff904f1d13 _pthread_wqthread + 412
3   libsystem_c.dylib             	0x00007fff904dc1d1 start_wqthread + 13

Thread 13:
0   libsystem_kernel.dylib        	0x00007fff8eb5d6d6 __workq_kernreturn + 10
1   libsystem_c.dylib             	0x00007fff904f1f4c _pthread_workq_return + 25
2   libsystem_c.dylib             	0x00007fff904f1d13 _pthread_wqthread + 412
3   libsystem_c.dylib             	0x00007fff904dc1d1 start_wqthread + 13

Thread 14:
0   libsystem_kernel.dylib        	0x00007fff8eb5d6d6 __workq_kernreturn + 10
1   libsystem_c.dylib             	0x00007fff904f1f4c _pthread_workq_return + 25
2   libsystem_c.dylib             	0x00007fff904f1d13 _pthread_wqthread + 412
3   libsystem_c.dylib             	0x00007fff904dc1d1 start_wqthread + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x000000000000000a  rbx: 0x000000010fb49dd0  rcx: 0x000000000000000a  rdx: 0x000000010fa2ab70
  rdi: 0x0000000106e2f470  rsi: 0x0000000000000006  rbp: 0x00007fff5b256620  rsp: 0x00007fff5b256580
   r8: 0x0000000106e2f470   r9: 0x000000000000001f  r10: 0x0000000084b8af87  r11: 0x0000000117aa37a0
  r12: 0x0000000000000200  r13: 0x0000000108bcdaa0  r14: 0xffff000000000000  r15: 0xffff000000000002
  rip: 0x000025ddfc830c1b  rfl: 0x0000000000010202  cr2: 0x000000000000000a
Logical CPU: 0
Comment 1 Radar WebKit Bug Importer 2013-09-11 17:26:18 PDT 
<rdar://problem/14971143>
Comment 2 Vicki 2013-09-11 17:29:05 PDT 
Whoops, I committed before pasting in my Nightly revision number - it's today's build, WebKit r155573 .
Comment 3 Vicki 2013-09-11 17:32:35 PDT 
Also FWIW, with a Nightly from at least a week ago, I could get a little further and be able to edit the transform style on the cube... then crash.  I updated to today's Nightly to see if the crash was still present, and now I see this new behavior where I crash immediately upon inspecting the cube.
Comment 4 Sindre Aa 2013-09-19 00:17:23 PDT 
I am experiencing the exact same crash in the latest nightlies in an internal project (also an ide). Had to go back to 1542** to get rid of the constant crashes.
Comment 5 Mark Lam 2013-09-19 12:25:04 PDT 
Resolved in r155730: <http://trac.webkit.org/r155730> for https://bugs.webkit.org/show_bug.cgi?id=121330.  Closing as duplicate.

*** This bug has been marked as a duplicate of bug 121330 ***