Bug ID: JDK-8068886 IDEA IntelliJ crashes in objc_msgSend when an accessibility tool is enabled

JDK-8068886 : IDEA IntelliJ crashes in objc_msgSend when an accessibility tool is enabled

Type: Bug
Component: client-libs
Sub-Component: java.awt
Affected Version: 8u25

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2015-01-13
Updated: 2020-05-13
Resolved: 2015-06-04

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 8	JDK 9
8u60 b20Fixed	9Fixed

Related Reports

Duplicate :	JDK-8038015 - [macosx] Intermittent crash in api.java.awt.Window.ShapeGeneral
Duplicate :	JDK-8085821 - IDEA IntelliJ crashes in objc_msgSend when an accessibility tool is enabled
Duplicate :	JDK-8051604 - [macosx] Enhance native nested loops
Duplicate :	JDK-8054211 - [macosx] JVM Crashes when executing Android Studio on Mac
Relates :	JDK-8054112 - JRE Crashes when closing multiple JDialogs with Dragon Dictate running
Relates :	JDK-8032864 - [macosx] sigsegv (0Xb) Being Generated When Starting JDev With Voiceover Running
Relates :	JDK-8244929 - jetbean IDEA crash very often with JavaThread "AWT-AppKit" daemon
Relates :	JDK-8134917 - [macosx] JOptionPane doesn't receive mouse events when opened from a drop event
Relates :	JDK-8054211 - [macosx] JVM Crashes when executing Android Studio on Mac
Relates :	JDK-8130752 - Wrong changes were pushed with 8068886
Relates :	JDK-8132382 - [macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries
Relates :	JDK-8080504 - [macosx] SunToolkit.realSync() may hang

Description

Install IntelliJ IDEA 14, and create a project with enabled Karabiner-10.4.0
To crash IntelliJ Idea open a project, press Command + N (goto class), type
several letters of class name and quickly press Command + Shift + N (goto
file).
The controls for navigation are modal dialogs and when disposed, should not
get typing event any more


crash8u40b19.txt

Stack: [0x00007fff5f400000,0x00007fff5fc00000],  sp=0x00007fff5fbfd298,  free
space=8180k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native
code)
C  [libobjc.A.dylib+0x10dd]  objc_msgSend+0x1d
C  [AppKit+0x23d094]  -[NSWindow
_orderOutAndCalcKeyWithCounter:stillVisible:docWindow:]+0x4c6
C  [AppKit+0x143d4e]  -[NSWindow
_reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:]+0xde1
C  [AppKit+0x142cc7]  -[NSWindow
_doOrderWindow:relativeTo:findKey:forCounter:force:isModal:]+0x33d
C  [AppKit+0x14291b]  -[NSWindow orderWindow:relativeTo:]+0x9f
C  [Foundation+0x65f4c]  __NSThreadPerformPerform+0x125
C  [CoreFoundation+0x80661]
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x11
@ C  [CoreFoundation+0x727ed]  __CFRunLoopDoSources0+0x10d
C  [CoreFoundation+0x71e1f]  __CFRunLoopRun+0x39f
C  [CoreFoundation+0x71838]  CFRunLoopRunSpecific+0x128
C  [HIToolbox+0x2e43f]  RunCurrentEventLoopInMode+0xeb
C  [HIToolbox+0x2e1ba]  ReceiveNextEventCommon+0x1af
C  [HIToolbox+0x2dffb]  _BlockUntilNextEventMatchingListInModeWithFilter+0x47
C  [AppKit+0x246d1]  _DPSNextEvent+0x3c4
C  [AppKit+0x23e80]  -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:]+0xc2
C  [libosxapp.dylib+0x242a]  -[NSApplicationAWT
nextEventMatchingMask:untilDate:inMode:dequeue:]+0x7c
C  [AppKit+0x17e23]  -[NSApplication run]+0x252
@ C  [libosxapp.dylib+0x223e]  +[NSApplicationAWT runAWTLoopWithApp:]+0x9c
C  [libawt_lwawt.dylib+0x4463b]  -[AWTStarter starter:]+0x389
C  [Foundation+0x65f4c]  __NSThreadPerformPerform+0x125
C  [CoreFoundation+0x80661]
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x11
@ C  [CoreFoundation+0x727ed]  __CFRunLoopDoSources0+0x10d
C  [CoreFoundation+0x71e1f]  __CFRunLoopRun+0x39f
C  [CoreFoundation+0x71838]  CFRunLoopRunSpecific+0x128
C  [idea+0x1443]  parkRunLoop+0x83
C  [idea+0x12d9]  main+0xb9
C  [idea+0x11f4]  start+0x34
C  0x0000000000000001

@ Look similar to https://bugs.openjdk.java.net/browse/JDK-8054211 and
@ https://bugs.openjdk.java.net/browse/JDK-8032864

The presence of applications like "Karabiner" in Accessibility (System
@ Preferences -> Security & Privacy -> Privacy (Tab) -> Accessibility) is
related to the crashes; switching them off avoids the crashes


A lot of out users complains about the issue.

@ https://youtrack.jetbrains.com/issue/IDEA-127574
@ https://youtrack.jetbrains.com/issue/IDEA-133701
@ https://youtrack.jetbrains.com/issue/IDEA-131510
@ https://youtrack.jetbrains.com/issue/IDEA-130012
@ https://youtrack.jetbrains.com/issue/IDEA-131594
@ https://youtrack.jetbrains.com/issue/IDEA-130482
@ https://youtrack.jetbrains.com/issue/IDEA-127921

The problem can be reproduced in earlier Mac OSX/Java version, e.g.

System Mac OSX 10.9.4
IntelliJ IDEA 13.1.4
Build #IU-135.1229, built on July 16, 2014
JRE: 1.7.0_60-b19 x86_64
JVM: Java HotSpot(TM) 64-Bit Server VM by Oracle Corporation

Process: idea [39272]
Path: /Applications/IntelliJ IDEA 13.app/Contents/MacOS/idea
Identifier: com.jetbrains.intellij
Version: 13.1.4 (IU-135.1229)

Comments

Webrev: http://cr.openjdk.java.net/~anashaty/8068886/webrev.00/
08-05-2015
The solution is to post the CFRelease requests as App messages which are to be executed on the main (not nested) AppKit loop
17-04-2015
Thread 0 Crashed:: AppKit Thread Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff8da69282 __pthread_kill + 10 1 libsystem_c.dylib 0x00007fff8b72fb73 abort + 129 2 libjvm.dylib 0x0000000103ae5adf os::abort(bool) + 25 3 libjvm.dylib 0x0000000103c05f94VMError::report_and_die() + 2250 4 libjvm.dylib 0x0000000103ae770a JVM_handle_bsd_signal +1131 5 libjvm.dylib 0x0000000103ae39e7 signalHandler(int,__siginfo, void) + 47 6 libsystem_platform.dylib 0x00007fff87ec4f1a _sigtramp + 26 7 libobjc.A.dylib 0x00007fff8468f0dd objc_msgSend + 29 8 com.apple.AppKit 0x00007fff84b0d1e4 -[NSWindow_orderOutAndCalcKeyWithCounter:stillVisible:docWindow:] + 1222 9 com.apple.AppKit 0x00007fff84a13e9e -[NSWindow_reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 3553 10 com.apple.AppKit 0x00007fff84a12e17 -[NSWindow_doOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 829 11 com.apple.AppKit 0x00007fff84a12a6b -[NSWindow orderWindow:relativeTo:] + 159 <==== most likely posted by Cocoa internally 12 com.apple.Foundation 0x00007fff821b0f4c __NSThreadPerformPerform + 293 13 com.apple.CoreFoundation 0x00007fff816d9661 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 14 com.apple.CoreFoundation 0x00007fff816cb7ed __CFRunLoopDoSources0 +269 15 com.apple.CoreFoundation 0x00007fff816cae1f __CFRunLoopRun + 927 16 com.apple.CoreFoundation 0x00007fff816ca838 CFRunLoopRunSpecific + 296 17 com.apple.HIToolbox 0x00007fff824f643f RunCurrentEventLoopInMode + 235 18 com.apple.HIToolbox 0x00007fff824f61ba ReceiveNextEventCommon + 431 19 com.apple.HIToolbox 0x00007fff824f5ffb _BlockUntilNextEventMatchingListInModeWithFilter + 71 20 com.apple.AppKit 0x00007fff848f4821 _DPSNextEvent + 964 21 com.apple.AppKit 0x00007fff848f3fd0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194 22 libosxapp.dylib 0x0000000117dd542a -[NSApplicationAWT nextEventMatchingMask:untilDate:inMode:dequeue:] + 124 23 com.apple.AppKit 0x00007fff848e7f73 -[NSApplication run] + 594 24 libosxapp.dylib 0x0000000117dd523e +[NSApplicationAWT runAWTLoopWithApp:] + 156 25 libawt_lwawt.dylib 0x0000000117d6363b -[AWTStarter starter:] + 905 26 com.apple.Foundation 0x00007fff821b0f4c __NSThreadPerformPerform + 293 NSWindow orderWindow:relativeTo: 1. internally calculates the second window (call it Win2) which participates in the ordering and probably stores its pointer internally in a local var 2. call initiates Accessibility machinery: 0 libawt_lwawt.dylib 0x0000000119c53e44 -[JavaComponentAccessibility accessibilityFocusedUIElement] + 59 1 libawt_lwawt.dylib 0x0000000119c27eb0 -[AWTView accessibilityFocusedUIElement] + 156 2 AppKit 0x00007fff8b80267e NSAccessibilityHandleFocusChangedForce + 102 3 AppKit 0x00007fff8b8329f5 -[NSApplication _setKeyWindow:] + 142 4 AppKit 0x00007fff8b83256f -[NSWindow _changeKeyAndMainLimitedOK:] + 716 5 AppKit 0x00007fff8b95505d -[NSWindow _orderOutAndCalcKeyWithCounter:stillVisible:docWindow:] + 1156 6 AppKit 0x00007fff8b83a6c5 -[NSWindow _reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 3123 7 AppKit 0x00007fff8b8397f0 -[NSWindow _doOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 786 8 AppKit 0x00007fff8b839470 -[NSWindow orderWindow:relativeTo:] + 162 3. Nested AppKit loop is created where the events are processed 4. Win2 at some point (likely before the step 1) starts disposing which finally results in executing native CFRelease(win2Ptr) asynchronously on the AppKit thread 5. The nested loop dispatches Release code - the Win2 is disposed 6. When the Accessibility code completed the execution returns to the NSWindow _orderOutAndCalcKeyWithCounter which still holds the Win2 ptr and sends it a becomeKeyWindow message - crash
17-04-2015
Just found two Karabiner issues: - https://github.com/tekezo/Karabiner/issues/243 LibreOffice crashes with the same symptoms but has no Java trace (no Java libs are loaded) in the crash dump: (deleting crash dump, since the issue is not related)
06-04-2015
Oh, my bad, according to the issue description the MathLab doesn't crash - it just freezes.
22-01-2015
Another one is the MathLab crash: https://github.com/tekezo/Karabiner/issues/259 There is no dump, but I'm suspecting it is not Java related as well, since the very simple action leads to crash: the user just presses F1 to open about dialog. Those two bugs make me think that the problem might be in ether Karabiner or Mac OS.
22-01-2015
When setting NSZombieEnabled=YES and adding some debug out, got the following: 2015-01-22 15:54:20.564 idea[6339:507] AWTWindow_Normal alloc: 0x11f6d31a0 2015-01-22 15:54:20.644 idea[6339:507] AWTWindow_Normal alloc: 0x11fee3800 2015-01-22 15:54:20.658 idea[6339:507] AWTWindow_Normal alloc: 0x11f6ee650 2015-01-22 15:54:24.604 idea[6339:507] AWTWindow_Normal alloc: 0x12a103040 2015-01-22 15:54:24.814 idea[6339:507] AWTWindow_Normal becomeKeyWindow: 0x12a103040 2015-01-22 15:54:24.869 idea[6339:507] AWTWindow_Normal dealloc: 0x11f6ee650 2015-01-22 15:54:24.876 idea[6339:507] AWTWindow_Normal dealloc: 0x11fee3800 2015-01-22 15:54:28.763 idea[6339:507] AWTWindow_Normal becomeKeyWindow: 0x12a103040 (1) pressed Cmd+N -> opened 'GoTo Class' popup dialog 2015-01-22 15:54:43.561 idea[6339:507] AWTWindow_Normal alloc: 0x131512e80 2015-01-22 15:54:43.609 idea[6339:507] AWTWindow_Normal becomeKeyWindow: 0x131512e80 (2) started typing class name -> opened classes list popup dialog 2015-01-22 15:54:45.999 idea[6339:507] AWTWindow_Normal alloc: 0x131529330 (3) pressed Enter -> both popups are closed and disposed 2015-01-22 15:54:47.334 idea[6339:507] AWTWindow_Normal dealloc: 0x131512e80 2015-01-22 15:54:47.342 idea[6339:507] AWTWindow_Normal dealloc: 0x131529330 (4) the main window becomes topmost 2015-01-22 15:54:47.379 idea[6339:507] AWTWindow_Normal becomeKeyWindow: 0x12a103040 (5) the message becomeKeyWindow sent to the disposed classes list window 2015-01-22 15:54:47.394 idea[6339:507] *** -[AWTWindow_Normal becomeKeyWindow]: message sent to deallocated instance 0x131529330 Trace/BPT trap: 5 When AXNotifier is switched off the message (5) is not sent.
22-01-2015