Schrödinger's crash: 8.5 crashes safari but only when web inspector is not open

[gingerbeardman]

This is reproducible every time for me.

https://infinitemac.org/1998/Mac%20OS%208.5

• macOS 12.7.1 (21G920)
• Safari 17.1 (17616.2.9.11.9, 17616)

Normal (no web inspector)

Screen.shot.2023-11-09.at.16.56.41.mov

Web inspector open

Screen.shot.2023-11-09.at.16.57.16.mov

[mihaip]

Fascinating. The crash is in JIT-ed code in the worker that runs the emulator. Not sure there's much I can do.

Crashed Thread:        11  WebCore: Worker

Exception Type:        EXC_BAD_ACCESS (SIGKILL)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x000000792cfffffc
Exception Codes:       0x0000000000000002, 0x000000792cfffffc

Termination Reason:    Namespace PAC_EXCEPTION, Code 2 
...
Thread 11 Crashed:: WebCore: Worker
0   ???                           	       0x121aac188 ???
1   ???                           	       0x121ae38f4 ???
2   ???                           	       0x121a65c3c ???
3   ???                           	       0x1218412e8 ???
4   ???                           	       0x121808248 ???
5   ???                           	       0x121808248 ???
6   ???                           	       0x121808248 ???
7   ???                           	       0x121808248 ???
8   ???                           	       0x121808248 ???
9   ???                           	       0x121808248 ???
10  ???                           	       0x121808248 ???
11  ???                           	       0x121808008 ???
12  ???                           	       0x121808728 ???
13  JavaScriptCore                	       0x103f21388 JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 604
14  JavaScriptCore                	       0x1042a91bc JSC::runJSMicrotask(JSC::JSGlobalObject*, WTF::ObjectIdentifierGeneric<JSC::MicrotaskIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue) + 388
15  WebCore                       	       0x1104d3204 WebCore::JSMicrotaskCallback::call() + 200
16  WebCore                       	       0x1108a2a38 WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 228
17  WebCore                       	       0x11087e8e0 WebCore::EventLoop::run() + 440
18  WebCore                       	       0x11179d080 WebCore::WorkerDedicatedRunLoop::Task::performTask(WebCore::WorkerOrWorkletGlobalScope*) + 224
19  WebCore                       	       0x11179cb90 WebCore::WorkerDedicatedRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&) + 816
20  WebCore                       	       0x11179b250 WebCore::WorkerDedicatedRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) + 132
21  WebCore                       	       0x11179b660 WebCore::WorkerOrWorkletThread::workerOrWorkletThread() + 548
22  JavaScriptCore                	       0x1032472ec WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 244
23  JavaScriptCore                	       0x103056da4 WTF::wtfThreadEntryPoint(void*) + 16
24  libsystem_pthread.dylib       	       0x196177fa8 _pthread_start + 148
25  libsystem_pthread.dylib       	       0x196172da0 thread_start + 8

[gingerbeardman]

No worries, I thought it was the strangest of crashes!

[that-ben]

For all it's worth, it's also happening in Safari Version 17.1 (19616.2.9.11.7) under macOS Sonoma 14.1.1 on an iMac M3 at the time of posting this message. (not that I actually use Safari, but)

[gingerbeardman]

Reported as FB13380365 and at https://bugs.webkit.org/show_bug.cgi?id=264955

[that-ben]

It's kind of weird that it only happens when the inspector is not open. I lol'ed at Schrödinger.

[gingerbeardman]

I'm rarely very interested in bugs, but with this one I would love to know the cause!

Hoping the Schrödinger gets some Apple/WebKit eyes on it.

[that-ben]

I wonder if the inspector just slows down execution enough for the bug not to happen. It almost seems like Safari tries to get ahead too fast for the execution flow? I don't know really, but I'm just guessing. It might not be that, but what can it be if it's not that?

[gingerbeardman]

There has been some activity on the WebKit bug, seems to be an out of memory access (but no clarity as yet on why the web inspector being open prevents it, but maybe permissions/allowances are different when it's open?)

[that-ben]

So basically, what it could mean is that the inspector encapsulates everything in a TRY/CATCH kind of deal where nothing actually crashes, but instead raises exceptions in the console, compared to the inspector not open that would straight just crash? Possible, but weird. Also, why does it only crash with Safari?

[gingerbeardman]

So, "JavaScript compilation changes a lot to aid debugging when Web Inspector is in use."

[gingerbeardman]

This site https://software.inc

Is based on Infinite Mac, and they picked 8.x do it also suffers from this crash. 🙃

[that-ben]

lol I can't even LOAD it under Firefox XD

EDIT: OK now it works. Huh, weird?! Anyway, their site does not implement IM's CTRL<->CMD key binding inversion, so essentially, it's almost unusable on Macs if you use the CMD key a lot like me, plus if you take a look at any of their text files in the "Content" folder, they didn't even bother writing this on Mac either lol :P

[justinmichaud]

Hey folks, is this still reproducing for anyone on the latest versions of Safari?

[gingerbeardman]

I can no longer reproduce: Safari 17.2.1 on macOS 14.2.1 Sonoma