[Webkit-unassigned] [Bug 21265] Crash in RenderObject::containingBlock() opening chess.com live chess
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 25 13:40:07 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=21265
gus at flyingmeat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gus at flyingmeat.com
------- Comment #3 from gus at flyingmeat.com 2008-10-25 13:40 PDT -------
I've narrowed down the crash to build svn revision 36427. It works ok in
36426, although at some point "Debugger() called!" is printed out when loading
a plugin I think.
WebKit ends up dying in deref() on line 92 of RegisterID.h:
ASSERT(m_refCount >= 0);
m_refCount is -1.
And here's the stack trace for 36427:
Thread 0 Crashed:
0 com.apple.JavaScriptCore 0x0049b672 JSC::RegisterID::deref() +
82 (RegisterID.h:92)
1 com.apple.JavaScriptCore 0x0049e70b
WTF::RefPtr<JSC::RegisterID>::~RefPtr() + 31
2 com.apple.JavaScriptCore 0x00471311
JSC::CodeGenerator::emitConstruct(JSC::RegisterID*, JSC::RegisterID*,
JSC::ArgumentsNode*) + 749 (CodeGenerator.cpp:1129)
3 com.apple.JavaScriptCore 0x00471eff
JSC::NewExprNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 167
(nodes.cpp:412)
4 com.apple.JavaScriptCore 0x004ba19e
JSC::CodeGenerator::emitNode(JSC::RegisterID*, JSC::Node*) + 310
(CodeGenerator.h:177)
5 com.apple.JavaScriptCore 0x004773dc
JSC::ReturnNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 146
(nodes.cpp:1440)
6 com.apple.JavaScriptCore 0x004ba19e
JSC::CodeGenerator::emitNode(JSC::RegisterID*, JSC::Node*) + 310
(CodeGenerator.h:177)
7 com.apple.JavaScriptCore 0x0044b4b2
JSC::statementListEmitCode(WTF::Vector<WTF::RefPtr<JSC::StatementNode>, 0ul>&,
JSC::CodeGenerator&, JSC::RegisterID*) + 130 (nodes.cpp:1085)
8 com.apple.JavaScriptCore 0x00470c8c
JSC::FunctionBodyNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 80
(nodes.cpp:1820)
9 com.apple.JavaScriptCore 0x0044fed6
JSC::CodeGenerator::generate() + 116 (CodeGenerator.cpp:140)
10 com.apple.JavaScriptCore 0x0046f35d
JSC::FunctionBodyNode::generateCode(JSC::ScopeChainNode*) + 407
(nodes.cpp:1813)
11 com.apple.JavaScriptCore 0x0050a14f
JSC::FunctionBodyNode::byteCode(JSC::ScopeChainNode*) + 109 (nodes.h:2259)
12 com.apple.JavaScriptCore 0x004f859f
JSC::Machine::cti_op_call_JSFunction(void*) + 289 (Machine.cpp:4274)
13 ??? 0x1fcb3793 0 + 533411731
14 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
15 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
16 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
17 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
18 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
19 ??? 0x1ddb1670 0 + 500897392
20 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
21 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
22 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
23 com.apple.JavaScriptCore 0x004621f1
JSC::functionProtoFuncCall(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 227 (FunctionPrototype.cpp:127)
24 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
25 ??? 0x1ddb1b3f 0 + 500898623
26 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
27 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
28 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
29 com.apple.JavaScriptCore 0x004621f1
JSC::functionProtoFuncCall(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 227 (FunctionPrototype.cpp:127)
30 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
31 ??? 0x1ddab71e 0 + 500872990
32 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
33 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
34 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
35 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
36 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
37 ??? 0x1fcad7d1 0 + 533387217
38 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
39 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
40 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
41 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
42 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
43 ??? 0x1fcad7d1 0 + 533387217
44 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
45 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
46 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
47 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
48 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
49 ??? 0x1fcad7d1 0 + 533387217
50 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
51 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
52 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
53 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
54 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
55 ??? 0x1fcad7d1 0 + 533387217
56 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
57 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
58 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
59 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
60 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
61 ??? 0x1cfe0383 0 + 486409091
62 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
63 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
64 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
65 com.apple.JavaScriptCore 0x004623f2
JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*,
JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107)
66 com.apple.JavaScriptCore 0x004f82a7
JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329)
67 ??? 0x1cfe0383 0 + 486409091
68 com.apple.JavaScriptCore 0x004f8a48
JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*,
JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*,
JSC::JSValue**) + 746 (Machine.cpp:906)
69 com.apple.JavaScriptCore 0x00459215
JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) +
139 (JSFunction.cpp:71)
70 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*,
JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList
const&) + 149 (CallData.cpp:39)
71 com.apple.WebCore 0x038f7866
WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664
(JSEventListener.cpp:97)
72 com.apple.WebCore 0x033d3bbd
WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 281
(Document.cpp:2664)
73 com.apple.WebCore 0x0343a5fb
WebCore::EventTargetNode::dispatchWindowEvent(WTF::PassRefPtr<WebCore::Event>)
+ 265 (EventTargetNode.cpp:158)
74 com.apple.WebCore 0x0343c596
WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&,
bool, bool) + 168 (EventTargetNode.cpp:165)
75 com.apple.WebCore 0x033d926d
WebCore::Document::implicitClose() + 717 (Document.cpp:1563)
76 com.apple.WebCore 0x034788c6
WebCore::FrameLoader::checkCallImplicitClose() + 226 (FrameLoader.cpp:1345)
77 com.apple.WebCore 0x03484fc8
WebCore::FrameLoader::checkCompleted() + 268 (FrameLoader.cpp:1300)
78 com.apple.WebCore 0x0348511b
WebCore::FrameLoader::loadDone() + 39 (FrameLoader.cpp:1264)
79 com.apple.WebCore 0x033cd103
WebCore::DocLoader::setLoadInProgress(bool) + 109 (DocLoader.cpp:263)
80 com.apple.WebCore 0x03902a4a
WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 494
(loader.cpp:306)
81 com.apple.WebCore 0x0387b811
WebCore::SubresourceLoader::didFinishLoading() + 169
(SubresourceLoader.cpp:195)
82 com.apple.WebCore 0x0379a4e0
WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24
(ResourceLoader.cpp:399)
83 com.apple.WebCore 0x03797aec
-[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 160
(ResourceHandleMac.mm:530)
84 com.apple.Foundation 0x91585097
-[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87
85 com.apple.Foundation 0x91585003
_NSURLConnectionDidFinishLoading + 147
86 com.apple.CFNetwork 0x92ba3209 sendDidFinishLoadingCallback
+ 148
87 com.apple.CFNetwork 0x92bbeed3 handleCacheResponseIsValid +
157
88 com.apple.CFNetwork 0x92b9ff22
_CFURLConnectionSendCallbacks + 1153
89 com.apple.CFNetwork 0x92b9fa25 muxerSourcePerform + 283
90 com.apple.CoreFoundation 0x93c3c615 CFRunLoopRunSpecific + 3141
91 com.apple.CoreFoundation 0x93c3ccf8 CFRunLoopRunInMode + 88
92 com.apple.HIToolbox 0x9123c480 RunCurrentEventLoopInMode +
283
93 com.apple.HIToolbox 0x9123c299 ReceiveNextEventCommon + 374
94 com.apple.HIToolbox 0x9123c10d
BlockUntilNextEventMatchingListInMode + 106
95 com.apple.AppKit 0x962c83ed _DPSNextEvent + 657
96 com.apple.AppKit 0x962c7ca0 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
97 com.apple.Safari 0x000086be 0x1000 + 30398
98 com.apple.AppKit 0x962c0cdb -[NSApplication run] + 795
99 com.apple.AppKit 0x9628df14 NSApplicationMain + 574
100 com.apple.Safari 0x000ba4d6 0x1000 + 758998
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list