RESOLVED FIXED 99792
REGRESSION (r131686): Crashes in NSToolTipManager 
https://bugs.webkit.org/show_bug.cgi?id=99792
Summary REGRESSION (r131686): Crashes in NSToolTipManager
Kevin M. Dean
Reported 2012-10-18 18:27:55 PDT
I've crashed 9 times so far today with general web usage. Hard to discover the exact repeatable steps, but it happens often enough. Process: SafariForWebKitDevelopment [4662] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131735 (131735) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-18 16:35:16.645 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0xffff8030d91cf06f VM Regions Near 0xffff8030d91cf06f: --> shared memory 00007ffffff60000-00007ffffff61000 [ 4K] r-x/r-x SM=SHM Application Specific Information: objc_msgSend() selector name: window Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fac256 objc_msgSend + 22 1 com.apple.AppKit 0x00007fff8bdb56c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1 Slightly different version: Process: SafariForWebKitDevelopment [4981] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131735 (131735) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-18 16:53:46.542 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000085 VM Regions Near 0x85: --> __TEXT 00000001085c7000-00000001085c8000 [ 4K] r-x/rwx SM=COW /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Application Specific Information: Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fad718 objc_msgSend_vtable13 + 24 1 com.apple.AppKit 0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1
Attachments
crash log for r132174 (60.85 KB, text/plain)
2012-10-23 07:18 PDT, lars.sonchocky-helldorf 		no flags
Details
crash log for r132317 (57.89 KB, text/plain)
2012-10-25 02:50 PDT, lars.sonchocky-helldorf 		no flags
Details
proposed fix (5.46 KB, patch)
2012-10-27 00:15 PDT, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2012-10-18 21:11:56 PDT
<rdar://problem/12527528>
Alexey Proskuryakov
Comment 2 2012-10-18 21:27:00 PDT
Even though this is not 100% reproducible, I'm reasonably sure that this started with <http://trac.webkit.org/changeset/131686>.
Alexey Proskuryakov
Comment 3 2012-10-18 22:42:03 PDT
*** Bug 99743 has been marked as a duplicate of this bug. ***
Brady Eidson
Comment 4 2012-10-19 10:26:15 PDT
Darin came up with a 1-line patch, and I tested and reviewed it. Landed in http://trac.webkit.org/changeset/131916
Kevin M. Dean
Comment 5 2012-10-19 21:59:16 PDT
Fully Fixed? Crash with r131972 Process: SafariForWebKitDevelopment [16422] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r131972 (131972) Code Type: X86-64 (Native) Parent Process: launchd [153] User ID: 501 Date/Time: 2012-10-20 00:55:24.099 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000017 VM Regions Near 0x17: --> __TEXT 000000010645f000-0000000106460000 [ 4K] r-x/rwx SM=COW /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Application Specific Information: objc_msgSend() selector name: retain Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff90fad710 objc_msgSend_vtable13 + 16 1 com.apple.AppKit 0x00007fff8bdb58a3 -[NSToolTipManager startTimer:userInfo:] + 128 2 com.apple.AppKit 0x00007fff8bc85c81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff92d14fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff92b05b3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8bc81744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff92aa2e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff8bb972fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff8bb3bcb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff92c76d54 SafariMain + 166 10 libdyld.dylib 0x00007fff942eb7e1 start + 1
Alexey Proskuryakov
Comment 6 2012-10-19 22:06:33 PDT
*** Bug 99900 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2012-10-19 22:08:25 PDT
Re-opening due to comment 5.
Alexey Proskuryakov
Comment 8 2012-10-22 09:29:20 PDT
*** Bug 99988 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 9 2012-10-22 09:29:30 PDT
*** Bug 99995 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 10 2012-10-22 09:30:02 PDT
Per the new duplicates, opening a page from Top Sites is likely to trigger this.
Darin Adler
Comment 11 2012-10-22 09:33:27 PDT
This should be gone now after <http://trac.webkit.org/changeset/132080>.
Kevin M. Dean
Comment 12 2012-10-22 15:42:49 PDT
r132111, crash again. Process: SafariForWebKitDevelopment [10431] Path: /Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment Identifier: org.webkit.nightly.WebKit Version: r132111 (132111) Code Type: X86-64 (Native) Parent Process: launchd [154] User ID: 501 Date/Time: 2012-10-22 18:39:34.971 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Application Specific Information: objc_msgSend() selector name: window Enabled Extensions: firdau.si.copyalllinks-9ZLKXCA6UM (1 - 1.0) Copy All Links com.awarepixel.safari.bettersource-24E7DYSH92 (1.0 - 1.0) BetterSource org.ysoldak.safari.franker-YC74FH34F8 (1.3.1 - 1.3.1) Franker com.yourcompany.builtwith-YDBU6SA4GL (1 - 1.0) BuiltWith com.gridth.usercss-V892BVZC73 (4.6 - 1.3.2) User CSS com.hoyois.safari.clicktoflash-GY5KR7239Q (46 - 2.7.1) ClickToFlash de.tekl.maximize-3D3Y3WDMYF (0.95 - 0.95) Maximieren com.vidalvbergen.imdblinks-893H52NGF5 (2.4 - 2.4) IMDb Links com.socialfixer-9HFEUWTRM9 (7105 - 7.105) Social Fixer net.os0x.ninjakit-LAM47A73AC (0.9.1 - 0.9.1) NinjaKit com.pedrocc.youtubewide-LJESPEW5C6 (10 - 10.0) YoutubeWide com.echodot.thetracktor-DEJ3C586XW (6 - 1.1) The Tracktor com.opensearchforsafari.opensearchforsafari-5AEUMJLY2N (1.08 - 1.08) OpenSearch for Safari de.einserver.nomoreitunes-E7ZXX8R29L (231 - 2.3.1) NoMoreiTunes com.lapcatsoftware.autocomplete-8LT69JF8NZ (1 - 1.0) autocomplete com.canisbos.directlinks-ZANVZTSER6 (1001 - 1.0.1) gDirectLinks com.tcpiputils.ipaddress-N8XSRRUULU (2.3 - 2.3) IP Address and Domain Information com.betteradvertising.ghostery-HPY23A294X (7 - 1.3.0) Ghostery com.yourcompany.ext-WQZ25NN54H (1 - 1.0) 3camels Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff8f37124c objc_msgSend + 12 1 com.apple.AppKit 0x00007fff8a17a6c1 -[NSToolTipManager mouseEnteredToolTip:inWindow:withEvent:] + 115 2 com.apple.AppKit 0x00007fff8a04ac81 -[NSWindow sendEvent:] + 8504 3 com.apple.Safari.framework 0x00007fff910d9fdc -[Window sendEvent:] + 116 4 com.apple.Safari.framework 0x00007fff90ecab3b -[BrowserWindow sendEvent:] + 450 5 com.apple.AppKit 0x00007fff8a046744 -[NSApplication sendEvent:] + 5761 6 com.apple.Safari.framework 0x00007fff90e67e2e -[BrowserApplication sendEvent:] + 415 7 com.apple.AppKit 0x00007fff89f5c2fa -[NSApplication run] + 636 8 com.apple.AppKit 0x00007fff89f00cb6 NSApplicationMain + 869 9 com.apple.Safari.framework 0x00007fff9103bd54 SafariMain + 166 10 libdyld.dylib 0x00007fff926b07e1 start + 1
lars.sonchocky-helldorf
Comment 13 2012-10-23 07:18:19 PDT
Created attachment 170160 [details] crash log for r132174
lars.sonchocky-helldorf
Comment 14 2012-10-23 07:18:53 PDT
r132174 is still crashing, see attached crash log
lars.sonchocky-helldorf
Comment 15 2012-10-25 02:50:35 PDT
Created attachment 170597 [details] crash log for r132317 r132317 is still affected
lars.sonchocky-helldorf
Comment 16 2012-10-25 02:52:47 PDT
r132317 too
Alexey Proskuryakov
Comment 17 2012-10-25 09:03:25 PDT
Rolled out the initial fix, too, since it was the only remaining tooltip-related part: <http://trac.webkit.org/changeset/132491>. I was never hitting this crash, so I can't test if this helps or not. Please comment if you are seeing this after r132491.
Kevin M. Dean
Comment 18 2012-10-26 14:56:56 PDT
Nightlies always seem to be a "watched pot" situation where the more I'm waiting for a new release to be posted, the more likely there'll be nothing new. So, in other words... we need a new nightly. 8)
Alexey Proskuryakov
Comment 19 2012-10-26 15:03:19 PDT
I'm told that the rollout didn't help anyway.
Alexey Proskuryakov
Comment 20 2012-10-27 00:10:37 PDT
Re-opening for a new fix.
Alexey Proskuryakov
Comment 21 2012-10-27 00:15:38 PDT
Created attachment 171082 [details] proposed fix
Alexey Proskuryakov
Comment 22 2012-10-27 17:11:03 PDT
Sam reverted the rest of r131686 in <http://trac.webkit.org/changeset/132738>, so even though we have this fix for crashes posted for review, it's not necessary any more.
Note You need to log in before you can comment on or make changes to this bug.