Bug 94503 - Constant crashes from Safari::JSWrapper::disconnectAllWrappers
Summary: Constant crashes from Safari::JSWrapper::disconnectAllWrappers
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.6
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-20 10:50 PDT by Elliott Sprehn
Modified: 2012-09-21 10:56 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Elliott Sprehn 2012-08-20 10:50:20 PDT
I've been getting pretty constant crashes in the WebKit nightlies. This might need to be a Radar bug instead since it comes from Safari's code, but it only happens in the WebKit nightlies not in Safari itself.

Process:         WebProcess [16671]
Path:            /Applications/WebKit.app/Contents/Frameworks/10.6/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier:      com.apple.WebProcess
Version:         537+ (537.3+)
Code Type:       X86-64 (Native)
Parent Process:  Safari [16668]

Date/Time:       2012-08-20 10:45:55.581 -0700
OS Version:      Mac OS X 10.6.8 (10K549)
Report Version:  6

Interval Since Last Report:          79364 sec
Crashes Since Last Report:           1
Per-App Interval Since Last Report:  75671 sec
Per-App Crashes Since Last Report:   1
Anonymous UUID:                      ACBC7F66-38E8-4DED-AF6F-3F742A121163

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000001110
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000001011522c6 JSWeakObjectMapGet + 38
1   com.apple.Safari.framework    	0x00007fff80245ded Safari::JSWrapper::disconnectAllWrappers(Safari::JSWrappable const*) + 159
2   com.apple.Safari.framework    	0x00007fff8017c796 Safari::ContentExtension::invalidateContentWebPage(Safari::WK::BundlePage const&) + 48
3   com.apple.Safari.framework    	0x00007fff80180b0c Safari::ContentExtensionsController::invalidateContentWebPages(Safari::WK::BundlePage const&) + 74
4   com.apple.Safari.framework    	0x00007fff80164e0d Safari::BundleController::willDestroyPage(Safari::WK::Bundle&, Safari::WK::BundlePage&) + 87
5   com.apple.Safari.framework    	0x00007fff801649f7 Safari::WK::willDestroyPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, void const*) + 66
6   com.apple.WebKit2             	0x000000010029edf3 WebKit::WebPage::close() + 69
7   com.apple.WebKit2             	0x0000000100268d13 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 179
8   com.apple.WebKit2             	0x000000010020d897 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175
9   com.apple.WebKit2             	0x000000010020edb1 CoreIPC::Connection::dispatchOneMessage() + 139
10  com.apple.WebCore             	0x0000000101da60a8 WebCore::RunLoop::performWork() + 312
11  com.apple.WebCore             	0x0000000101da6705 WebCore::RunLoop::performWork(void*) + 53
12  com.apple.CoreFoundation      	0x00007fff8201a3d1 __CFRunLoopDoSources0 + 1361
13  com.apple.CoreFoundation      	0x00007fff820185c9 __CFRunLoopRun + 873
14  com.apple.CoreFoundation      	0x00007fff82017d8f CFRunLoopRunSpecific + 575
15  com.apple.HIToolbox           	0x00007fff808ec7ee RunCurrentEventLoopInMode + 333
16  com.apple.HIToolbox           	0x00007fff808ec5f3 ReceiveNextEventCommon + 310
17  com.apple.HIToolbox           	0x00007fff808ec4ac BlockUntilNextEventMatchingListInMode + 59
18  com.apple.AppKit              	0x00007fff89d14eb2 _DPSNextEvent + 708
19  com.apple.AppKit              	0x00007fff89d14801 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
20  com.apple.AppKit              	0x00007fff89cda68f -[NSApplication run] + 395
21  com.apple.WebCore             	0x0000000101da6ce3 WebCore::RunLoop::run() + 67
22  com.apple.WebKit2             	0x00000001002e16dd WebKit::WebProcessMain(WebKit::CommandLine const&) + 761
23  com.apple.WebKit2             	0x000000010029770b WebKitMain + 305
24  com.apple.WebProcess          	0x0000000100000e5e main + 214
25  com.apple.WebProcess          	0x0000000100000d80 start + 52

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff80c66c0a kevent + 10
1   libSystem.B.dylib             	0x00007fff80c68add _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff80c687b4 _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff80c682de _dispatch_worker_thread2 + 252
4   libSystem.B.dylib             	0x00007fff80c67c08 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff80c67aa5 start_wqthread + 13

Thread 2:  JavaScriptCore::BlockFree
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x00000001012757b6 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 118
3   com.apple.JavaScriptCore      	0x0000000101241574 JSC::BlockAllocator::blockFreeingThreadMain() + 100
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 3:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 4:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 5:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 6:
0   com.apple.security            	0x00007fff88600cf5 mulg + 296
1   com.apple.security            	0x00007fff885f9fb6 numer_times + 420
2   com.apple.security            	0x00007fff885faaba ell_odd + 866
3   com.apple.security            	0x00007fff885faef5 elliptic + 211
4   com.apple.security            	0x00007fff885fb257 elliptic_simple + 89
5   com.apple.security            	0x00007fff885fb2e6 make_pad + 73
6   com.apple.security            	0x00007fff885ff90b feePubKeyECDH + 161
7   com.apple.security            	0x00007fff8858dd7d CryptKit::DeriveKey_ECDH(Security::Context const&, unsigned int, Security::CssmData const&, cssm_data*, AppleCSPSession&) + 260
8   com.apple.security            	0x00007fff8858be24 AppleCSPSession::DeriveKey(unsigned long long, Security::Context const&, Security::CssmData&, unsigned int, unsigned int, Security::CssmData const*, cssm_resource_control_context const*, Security::CssmKey&) + 566
9   com.apple.security            	0x00007fff885b43ec cssm_DeriveKey(long, unsigned long long, cssm_context const*, cssm_data*, unsigned int, unsigned int, cssm_data const*, cssm_resource_control_context const*, cssm_key*) + 156
10  com.apple.security            	0x00007fff88571da2 CSSM_DeriveKey + 130
11  com.apple.security            	0x00007fff88517ef4 sslEcdhKeyExchange + 635
12  com.apple.security            	0x00007fff884dd8aa SSLEncodeKeyExchange + 1013
13  com.apple.security            	0x00007fff884dd412 SSLPrepareAndQueueMessage + 66
14  com.apple.security            	0x00007fff884afec6 SSLAdvanceHandshake + 1949
15  com.apple.security            	0x00007fff884af470 SSLProcessHandshakeRecord + 1154
16  com.apple.security            	0x00007fff884aef9c SSLProcessProtocolMessage + 71
17  com.apple.security            	0x00007fff884ad96b SSLHandshakeProceed + 401
18  com.apple.security            	0x00007fff884ad635 SSLHandshake + 69
19  com.apple.CFNetwork           	0x00007fff816c461c SocketStream::_PerformSecurityHandshake_NoLock() + 378
20  com.apple.CFNetwork           	0x00007fff816c210e SocketStream::socketCallback(__CFSocket*, unsigned long, __CFData const*, void const*) + 194
21  com.apple.CFNetwork           	0x00007fff816c2016 SocketStream::_SocketCallBack_stream(__CFSocket*, unsigned long, __CFData const*, void const*, void*) + 96
22  com.apple.CoreFoundation      	0x00007fff82042a7e __CFSocketDoCallback + 318
23  com.apple.CoreFoundation      	0x00007fff820425bb __CFSocketPerformV0 + 315
24  com.apple.CoreFoundation      	0x00007fff8201a3d1 __CFRunLoopDoSources0 + 1361
25  com.apple.CoreFoundation      	0x00007fff820185c9 __CFRunLoopRun + 873
26  com.apple.CoreFoundation      	0x00007fff82017d8f CFRunLoopRunSpecific + 575
27  com.apple.Foundation          	0x00007fff812e414f +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 297
28  com.apple.Foundation          	0x00007fff81265114 __NSThread__main__ + 1429
29  libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
30  libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 7:  com.apple.CFSocket.private
0   libSystem.B.dylib             	0x00007fff80c91932 select$DARWIN_EXTSN + 10
1   com.apple.CoreFoundation      	0x00007fff8203a468 __CFSocketManager + 824
2   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
3   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 8:  JavaScriptCore::BlockFree
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x00000001012757b6 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 118
3   com.apple.JavaScriptCore      	0x0000000101241574 JSC::BlockAllocator::blockFreeingThreadMain() + 100
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 9:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 10:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 11:  JavaScriptCore::Marking
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x0000000101176851 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 433
3   com.apple.JavaScriptCore      	0x0000000101176612 JSC::MarkStackThreadSharedData::markingThreadMain(JSC::SlotVisitor*) + 34
4   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
5   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
6   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 12:  WebCore: LocalStorage
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x000000010127577d WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 61
3   com.apple.WebCore             	0x0000000101e0bd31 WTF::PassOwnPtr<WebCore::StorageTask> WTF::MessageQueue<WebCore::StorageTask>::waitForMessageFilteredWithTimeout<bool ()(WebCore::StorageTask*)>(WTF::MessageQueueWaitResult&, bool (&)(WebCore::StorageTask*), double) + 81
4   com.apple.WebCore             	0x0000000101e0b9da WebCore::StorageThread::threadEntryPoint() + 154
5   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
6   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 13:  WebCore: LocalStorage
0   libSystem.B.dylib             	0x00007fff80c88a6a __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff80c8c881 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x000000010127577d WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 61
3   com.apple.WebCore             	0x0000000101e0bd31 WTF::PassOwnPtr<WebCore::StorageTask> WTF::MessageQueue<WebCore::StorageTask>::waitForMessageFilteredWithTimeout<bool ()(WebCore::StorageTask*)>(WTF::MessageQueueWaitResult&, bool (&)(WebCore::StorageTask*), double) + 81
4   com.apple.WebCore             	0x0000000101e0b9da WebCore::StorageThread::threadEntryPoint() + 154
5   com.apple.JavaScriptCore      	0x00000001012751af WTF::wtfThreadEntryPoint(void*) + 15
6   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 14:  QTKit: listenOnDelegatePort
0   libSystem.B.dylib             	0x00007fff80c4dd7a mach_msg_trap + 10
1   libSystem.B.dylib             	0x00007fff80c4e3ed mach_msg + 59
2   com.apple.CoreFoundation      	0x00007fff82018902 __CFRunLoopRun + 1698
3   com.apple.CoreFoundation      	0x00007fff82017d8f CFRunLoopRunSpecific + 575
4   com.apple.CoreFoundation      	0x00007fff82017b16 CFRunLoopRun + 70
5   com.apple.QTKit               	0x00007fff86bf8d20 listenOnDelegatePort + 425
6   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 15:  QTKit: listenOnNotificationPort
0   libSystem.B.dylib             	0x00007fff80c4dd7a mach_msg_trap + 10
1   libSystem.B.dylib             	0x00007fff80c4e3ed mach_msg + 59
2   com.apple.CoreFoundation      	0x00007fff82018902 __CFRunLoopRun + 1698
3   com.apple.CoreFoundation      	0x00007fff82017d8f CFRunLoopRunSpecific + 575
4   com.apple.CoreFoundation      	0x00007fff82017b16 CFRunLoopRun + 70
5   com.apple.QTKit               	0x00007fff86bf7f38 listenOnNotificationPort + 383
6   libSystem.B.dylib             	0x00007fff80c86fd6 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff80c86e89 thread_start + 13

Thread 16:
0   libSystem.B.dylib             	0x00007fff80c67a2a __workq_kernreturn + 10
1   libSystem.B.dylib             	0x00007fff80c67e3c _pthread_wqthread + 917
2   libSystem.B.dylib             	0x00007fff80c67aa5 start_wqthread + 13

Thread 17:
0   libSystem.B.dylib             	0x00007fff80c67a2a __workq_kernreturn + 10
1   libSystem.B.dylib             	0x00007fff80c67e3c _pthread_wqthread + 917
2   libSystem.B.dylib             	0x00007fff80c67aa5 start_wqthread + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x00000001007045a0  rbx: 0x0000000000000000  rcx: 0x00007fffffe001a0  rdx: 0x00000001060b35a0
  rdi: 0x0000000000000108  rsi: 0x0000000140b24000  rbp: 0x00007fff5fbfdee0  rsp: 0x00007fff5fbfdeb0
   r8: 0x00000001007b3018   r9: 0x000000000000003f  r10: 0x00000001060b35a0  r11: 0x00000000630f72df
  r12: 0x0000000100704570  r13: 0x0000000000000000  r14: 0x0000000140b24000  r15: 0x0000000135170000
  rip: 0x00000001011522c6  rfl: 0x0000000000010206  cr2: 0x0000000000001110

...

Model: MacBookPro6,2, BootROM MBP61.0057.B0C, 2 processors, Intel Core i5, 2.53 GHz, 4 GB, SMC 1.58f16
Graphics: NVIDIA GeForce GT 330M, NVIDIA GeForce GT 330M, PCIe, 256 MB
Graphics: Intel HD Graphics, Intel HD Graphics, Built-In, 288 MB
Memory Module: global_name
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x93), Broadcom BCM43xx 1.0 (5.10.131.42.4)
Bluetooth: Version 2.4.5f3, 2 service, 12 devices, 1 incoming serial ports
Network Service: AirPort, AirPort, en1
Serial ATA Device: APPLE SSD TS128B, 113 GB
Serial ATA Device: MATSHITADVD-R   UJ-898
USB Device: Hub, 0x0424  (SMSC), 0x2514, 0xfa100000 / 2
USB Device: BRCM2070 Hub, 0x0a5c  (Broadcom Corp.), 0x4500, 0xfa110000 / 5
USB Device: Bluetooth USB Host Controller, 0x05ac  (Apple Inc.), 0x8218, 0xfa113000 / 8
USB Device: Internal Memory Card Reader, 0x05ac  (Apple Inc.), 0x8403, 0xfa130000 / 4
USB Device: Apple Internal Keyboard / Trackpad, 0x05ac  (Apple Inc.), 0x0236, 0xfa120000 / 3
USB Device: Hub, 0x0424  (SMSC), 0x2514, 0xfd100000 / 2
USB Device: Built-in iSight, 0x05ac  (Apple Inc.), 0x8507, 0xfd110000 / 4
USB Device: IR Receiver, 0x05ac  (Apple Inc.), 0x8242, 0xfd120000 / 3
Comment 1 Alexey Proskuryakov 2012-08-21 12:03:58 PDT

*** This bug has been marked as a duplicate of bug 92397 ***
Comment 2 Elliott Sprehn 2012-08-21 13:39:39 PDT
This is not a duplicate, it happens in Safari 5.1, not Safari 6.
Comment 3 Alexey Proskuryakov 2012-09-21 10:56:59 PDT
This has been determined to be an issue outside WebKit that has become more prominent due to recent WebKit changes. Please upgrade to Safari 6.0.1, where it is resolved.