I've crashed 9 times so far today with general web usage. Hard to discover the exact repeatable steps, but it happens often enough. Process: SafariForWebKitDevelopment [4662] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131735 (131735) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-18 16:35:16.645 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0xffff8030d91cf06f VM Regions Near 0xffff8030d91cf06f: --> shared memory 00007ffffff60000-00007ffffff61000 [ 4K] r-x/r-x SM=SHM Application Specific Information: objc_msgSend() selector name: window Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fac256 objc_msgSend + 22 1 com.apple.AppKit 0x00007fff8bdb56c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1 Slightly different version: Process: SafariForWebKitDevelopment [4981] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131735 (131735) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-18 16:53:46.542 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000085 VM Regions Near 0x85: --> __TEXT 00000001085c7000-00000001085c8000 [ 4K] r-x/rwx SM=COW /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Application Specific Information: Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fad718 objc_msgSend_vtable13 + 24 1 com.apple.AppKit 0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1
<rdar://problem/12527528>
Even though this is not 100% reproducible, I'm reasonably sure that this started with <http://trac.webkit.org/changeset/131686>.
*** Bug 99743 has been marked as a duplicate of this bug. ***
Darin came up with a 1-line patch, and I tested and reviewed it. Landed in http://trac.webkit.org/changeset/131916
Fully Fixed? Crash with r131972 Process: SafariForWebKitDevelopment [16422] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131972 (131972) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-20 00:55:24.099 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000017 VM Regions Near 0x17: --> __TEXT 000000010645f000-0000000106460000 [ 4K] r-x/rwx SM=COW /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Application Specific Information: objc_msgSend() selector name: retain Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fad710 objc_msgSend_vtable13 + 16 1 com.apple.AppKit 0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1
*** Bug 99900 has been marked as a duplicate of this bug. ***
Re-opening due to comment 5.
*** Bug 99988 has been marked as a duplicate of this bug. ***
*** Bug 99995 has been marked as a duplicate of this bug. ***
Per the new duplicates, opening a page from Top Sites is likely to trigger this.
This should be gone now after <http://trac.webkit.org/changeset/132080>.
r132111, crash again. Process: SafariForWebKitDevelopment [10431] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r132111 (132111) Code Type: X86-64 (Native) Parent Process: launchd [154] User ID: 501 Date/Time: 2012-10-22 18:39:34.971 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Application Specific Information: objc_msgSend() selector name: window Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff8f37124c objc_msgSend + 12 1 com.apple.AppKit 0x00007fff8a17a6c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115 2 com.apple.AppKit 0x00007fff8a04ac81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff910d9fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff90ecab3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8a046744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff90e67e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff89f5c2fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff89f00cb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff9103bd54 SafariMain + 166 10 libdyld.dylib 0x00007fff926b07e1 start + 1
Created attachment 170160 [details] crash log for r132174
r132174 is still crashing, see attached crash log
Created attachment 170597 [details] crash log for r132317 r132317 is still affected
r132317 too
Rolled out the initial fix, too, since it was the only remaining tooltip-related part: <http://trac.webkit.org/changeset/132491>. I was never hitting this crash, so I can't test if this helps or not. Please comment if you are seeing this after r132491.
Nightlies always seem to be a "watched pot" situation where the more I'm waiting for a new release to be posted, the more likely there'll be nothing new. So, in other words... we need a new nightly. 8)
I'm told that the rollout didn't help anyway.
Re-opening for a new fix.
Created attachment 171082 [details] proposed fix
Sam reverted the rest of r131686 in <http://trac.webkit.org/changeset/132738>, so even though we have this fix for crashes posted for review, it's not necessary any more.