99792 – REGRESSION (r131686): Crashes in NSToolTipManager

Bug 99792 - REGRESSION (r131686): Crashes in NSToolTipManager

Summary: REGRESSION (r131686): Crashes in NSToolTipManager

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac (Intel) OS X 10.8

Importance:	P1 Critical
Assignee:	Nobody

URL:
Keywords:	InRadar, Regression

Duplicates (4):	99743 99900 99988 99995 (view as bug list)
Depends on:
Blocks:

Reported:	2012-10-18 18:27 PDT by Kevin M. Dean
Modified:	2012-10-27 17:12 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
crash log for r132174 (60.85 KB, text/plain) 2012-10-23 07:18 PDT, lars.sonchocky-helldorf	no flags	Details
crash log for r132317 (57.89 KB, text/plain) 2012-10-25 02:50 PDT, lars.sonchocky-helldorf	no flags	Details
proposed fix (5.46 KB, patch) 2012-10-27 00:15 PDT, Alexey Proskuryakov	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin M. Dean 2012-10-18 18:27:55 PDT

I've crashed 9 times so far today with general web usage. Hard to discover the exact repeatable steps, but it happens often enough.


Process:         SafariForWebKitDevelopment [4662]
Path:            /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment
Identifier:      org.webkit.nightly.WebKit
Version:         r131735 (131735)
Code Type:       X86-64 (Native)
Parent Process:  launchd [153]
User ID:         501

Date/Time:       2012-10-18 16:35:16.645 -0400
OS Version:      Mac OS X 10.8.2 (12C60)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0xffff8030d91cf06f

VM Regions Near 0xffff8030d91cf06f:
--> shared memory          00007ffffff60000-00007ffffff61000 [    4K] r-x/r-x SM=SHM  
    

Application Specific Information:
objc_msgSend() selector name: window
Enabled Extensions:
firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links
com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource
org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker
com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith
com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS
com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash
de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren
com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links
com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer
net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit
com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide
com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor
com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari
de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes
com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete
com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks
com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information
com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery
com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib               	0x00007fff90fac256 objc_msgSend + 22
1   com.apple.AppKit              	0x00007fff8bdb56c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115
2   com.apple.AppKit              	0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504
3   com.apple.Safari.framework    	0x00007fff92d14fdc -[Window sendEvent:] + 116
4   com.apple.Safari.framework    	0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450
5   com.apple.AppKit              	0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761
6   com.apple.Safari.framework    	0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415
7   com.apple.AppKit              	0x00007fff8bb972fa -[NSApplication run] + 636
8   com.apple.AppKit              	0x00007fff8bb3bcb6 NSApplicationMain + 869
9   com.apple.Safari.framework    	0x00007fff92c76d54 SafariMain + 166
10  libdyld.dylib                 	0x00007fff942eb7e1 start + 1





Slightly different version:

Process:         SafariForWebKitDevelopment [4981]
Path:            /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment
Identifier:      org.webkit.nightly.WebKit
Version:         r131735 (131735)
Code Type:       X86-64 (Native)
Parent Process:  launchd [153]
User ID:         501

Date/Time:       2012-10-18 16:53:46.542 -0400
OS Version:      Mac OS X 10.8.2 (12C60)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000085

VM Regions Near 0x85:
--> 
    __TEXT                 00000001085c7000-00000001085c8000 [    4K] r-x/rwx SM=COW  /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment

Application Specific Information:
Enabled Extensions:
firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links
com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource
org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker
com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith
com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS
com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash
de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren
com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links
com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer
net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit
com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide
com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor
com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari
de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes
com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete
com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks
com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information
com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery
com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib               	0x00007fff90fad718 objc_msgSend_vtable13 + 24
1   com.apple.AppKit              	0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128
2   com.apple.AppKit              	0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504
3   com.apple.Safari.framework    	0x00007fff92d14fdc -[Window sendEvent:] + 116
4   com.apple.Safari.framework    	0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450
5   com.apple.AppKit              	0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761
6   com.apple.Safari.framework    	0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415
7   com.apple.AppKit              	0x00007fff8bb972fa -[NSApplication run] + 636
8   com.apple.AppKit              	0x00007fff8bb3bcb6 NSApplicationMain + 869
9   com.apple.Safari.framework    	0x00007fff92c76d54 SafariMain + 166
10  libdyld.dylib                 	0x00007fff942eb7e1 start + 1

Comment 1 Alexey Proskuryakov 2012-10-18 21:11:56 PDT

<rdar://problem/12527528>

Comment 2 Alexey Proskuryakov 2012-10-18 21:27:00 PDT

Even though this is not 100% reproducible, I'm reasonably sure that this started with <http://trac.webkit.org/changeset/131686>.

Comment 3 Alexey Proskuryakov 2012-10-18 22:42:03 PDT

*** Bug 99743 has been marked as a duplicate of this bug. ***

Comment 4 Brady Eidson 2012-10-19 10:26:15 PDT

Darin came up with a 1-line patch, and I tested and reviewed it.

Landed in http://trac.webkit.org/changeset/131916

Comment 5 Kevin M. Dean 2012-10-19 21:59:16 PDT

Fully Fixed? Crash with r131972

Process:         SafariForWebKitDevelopment [16422]
Path:            /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment
Identifier:      org.webkit.nightly.WebKit
Version:         r131972 (131972)
Code Type:       X86-64 (Native)
Parent Process:  launchd [153]
User ID:         501

Date/Time:       2012-10-20 00:55:24.099 -0400
OS Version:      Mac OS X 10.8.2 (12C60)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000017

VM Regions Near 0x17:
--> 
    __TEXT                 000000010645f000-0000000106460000 [    4K] r-x/rwx SM=COW  /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment

Application Specific Information:
objc_msgSend() selector name: retain
Enabled Extensions:
firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links
com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource
org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker
com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith
com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS
com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash
de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren
com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links
com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer
net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit
com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide
com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor
com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari
de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes
com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete
com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks
com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information
com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery
com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib               	0x00007fff90fad710 objc_msgSend_vtable13 + 16
1   com.apple.AppKit              	0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128
2   com.apple.AppKit              	0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504
3   com.apple.Safari.framework    	0x00007fff92d14fdc -[Window sendEvent:] + 116
4   com.apple.Safari.framework    	0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450
5   com.apple.AppKit              	0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761
6   com.apple.Safari.framework    	0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415
7   com.apple.AppKit              	0x00007fff8bb972fa -[NSApplication run] + 636
8   com.apple.AppKit              	0x00007fff8bb3bcb6 NSApplicationMain + 869
9   com.apple.Safari.framework    	0x00007fff92c76d54 SafariMain + 166
10  libdyld.dylib                 	0x00007fff942eb7e1 start + 1

Comment 6 Alexey Proskuryakov 2012-10-19 22:06:33 PDT

*** Bug 99900 has been marked as a duplicate of this bug. ***

Comment 7 Alexey Proskuryakov 2012-10-19 22:08:25 PDT

Re-opening due to comment 5.

Comment 8 Alexey Proskuryakov 2012-10-22 09:29:20 PDT

*** Bug 99988 has been marked as a duplicate of this bug. ***

Comment 9 Alexey Proskuryakov 2012-10-22 09:29:30 PDT

*** Bug 99995 has been marked as a duplicate of this bug. ***

Comment 10 Alexey Proskuryakov 2012-10-22 09:30:02 PDT

Per the new duplicates, opening a page from Top Sites is likely to trigger this.

Comment 11 Darin Adler 2012-10-22 09:33:27 PDT

This should be gone now after <http://trac.webkit.org/changeset/132080>.

Comment 12 Kevin M. Dean 2012-10-22 15:42:49 PDT

r132111, crash again.


Process:         SafariForWebKitDevelopment [10431]
Path:            /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment
Identifier:      org.webkit.nightly.WebKit
Version:         r132111 (132111)
Code Type:       X86-64 (Native)
Parent Process:  launchd [154]
User ID:         501

Date/Time:       2012-10-22 18:39:34.971 -0400
OS Version:      Mac OS X 10.8.2 (12C60)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT

Application Specific Information:
objc_msgSend() selector name: window
Enabled Extensions:
firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links
com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource
org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker
com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith
com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS
com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash
de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren
com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links
com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer
net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit
com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide
com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor
com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari
de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes
com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete
com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks
com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information
com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery
com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib               	0x00007fff8f37124c objc_msgSend + 12
1   com.apple.AppKit              	0x00007fff8a17a6c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115
2   com.apple.AppKit              	0x00007fff8a04ac81 -[NSWindow sendEvent:] + 8504
3   com.apple.Safari.framework    	0x00007fff910d9fdc -[Window sendEvent:] + 116
4   com.apple.Safari.framework    	0x00007fff90ecab3b -[BrowserWindow sendEvent:] + 450
5   com.apple.AppKit              	0x00007fff8a046744 -[NSApplication sendEvent:] + 5761
6   com.apple.Safari.framework    	0x00007fff90e67e2e -[BrowserApplication sendEvent:] + 415
7   com.apple.AppKit              	0x00007fff89f5c2fa -[NSApplication run] + 636
8   com.apple.AppKit              	0x00007fff89f00cb6 NSApplicationMain + 869
9   com.apple.Safari.framework    	0x00007fff9103bd54 SafariMain + 166
10  libdyld.dylib                 	0x00007fff926b07e1 start + 1

Comment 13 lars.sonchocky-helldorf 2012-10-23 07:18:19 PDT

Created attachment 170160 [details]
crash log for r132174

Comment 14 lars.sonchocky-helldorf 2012-10-23 07:18:53 PDT

r132174 is still crashing, see attached crash log

Comment 15 lars.sonchocky-helldorf 2012-10-25 02:50:35 PDT

Created attachment 170597 [details]
crash log for r132317

r132317 is still affected

Comment 16 lars.sonchocky-helldorf 2012-10-25 02:52:47 PDT

r132317 too

Comment 17 Alexey Proskuryakov 2012-10-25 09:03:25 PDT

Rolled out the initial fix, too, since it was the only remaining tooltip-related part: <http://trac.webkit.org/changeset/132491>.

I was never hitting this crash, so I can't test if this helps or not. Please comment if you are seeing this after r132491.

Comment 18 Kevin M. Dean 2012-10-26 14:56:56 PDT

Nightlies always seem to be a "watched pot" situation where the more I'm waiting for a new release to be posted, the more likely there'll be nothing new. So, in other words... we need a new nightly.  8)

Comment 19 Alexey Proskuryakov 2012-10-26 15:03:19 PDT

I'm told that the rollout didn't help anyway.

Comment 20 Alexey Proskuryakov 2012-10-27 00:10:37 PDT

Re-opening for a new fix.

Comment 21 Alexey Proskuryakov 2012-10-27 00:15:38 PDT

Created attachment 171082 [details]
proposed fix

Comment 22 Alexey Proskuryakov 2012-10-27 17:11:03 PDT

Sam reverted the rest of r131686 in <http://trac.webkit.org/changeset/132738>, so even though we have this fix for crashes posted for review, it's not necessary any more.