[Webkit-unassigned] [Bug 120577] New: REGRESSION - crash on Macworld.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Sep 1 02:52:14 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=120577
Summary: REGRESSION - crash on Macworld.com
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://www.macworld.com/article/2047899/macalope-weekl
y-the-axis-of-dumb.html
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: phiw at l-c-n.com
1. Load URL: http://www.macworld.com/article/2047899/macalope-weekly-the-axis-of-dumb.html
2. scroll down to comments, sort by oldest first.
3. scroll down further, click button ‘show more’
result: poof, crash
Reproduced with r154939, r154932, possibly older, but I don’t have time to test right now.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010d19995d WebCore::HTMLElement::eventNameForAttributeName(WebCore::QualifiedName const&) const + 29
1 com.apple.WebCore 0x000000010d19ce60 WebCore::HTMLElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 288
2 com.apple.WebCore 0x000000010d08dada WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 42
3 com.apple.WebCore 0x000000010d0946b4 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 500
4 com.apple.WebCore 0x000000010d08d9e4 WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&, int&) + 260
5 com.apple.WebCore 0x000000010d3b9fd7 WebCore::jsElementPrototypeFunctionSetAttribute(JSC::ExecState*) + 567
6 ??? 0x000032d959401045 0 + 55909086662725
7 com.apple.JavaScriptCore 0x000000010ca66601 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
8 com.apple.JavaScriptCore 0x000000010ca4cf4d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 573
9 com.apple.JavaScriptCore 0x000000010c9234e5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
10 com.apple.WebCore 0x000000010d3cc78c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908
11 com.apple.WebCore 0x000000010d0b4b6c WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 364
12 com.apple.WebCore 0x000000010d0b4815 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 469
13 com.apple.WebCore 0x000000010d61dca3 WebCore::Node::handleLocalEvents(WebCore::Event*) + 67
14 com.apple.WebCore 0x000000010d09c137 WebCore::EventContext::handleLocalEvents(WebCore::Event*) const + 87
15 com.apple.WebCore 0x000000010d09cf21 WebCore::EventDispatcher::dispatch() + 721
16 com.apple.WebCore 0x000000010d60b37f WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 159
17 com.apple.WebCore 0x000000010d09c34c WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) + 124
18 com.apple.WebCore 0x000000010d61e3a5 WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) + 133
19 com.apple.WebCore 0x000000010d0a3afb WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 107
20 com.apple.WebCore 0x000000010d0a55ae WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 1198
21 com.apple.WebKit2 0x000000010c59c4e8 WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 419
22 com.apple.WebKit2 0x000000010c59c309 WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 221
23 com.apple.WebKit2 0x000000010c5af354 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 83
24 com.apple.WebKit2 0x000000010c4e4963 CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 137
25 com.apple.WebKit2 0x000000010c5ea59e WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 34
26 com.apple.WebKit2 0x000000010c4b9fc5 CoreIPC::Connection::dispatchMessage(WTF::PassOwnPtr<CoreIPC::MessageDecoder>) + 105
27 com.apple.WebKit2 0x000000010c4bbb2e CoreIPC::Connection::dispatchOneMessage() + 106
28 com.apple.WebCore 0x000000010d7f6e11 WebCore::RunLoop::performWork() + 129
29 com.apple.WebCore 0x000000010d7f73d2 WebCore::RunLoop::performWork(void*) + 34
30 com.apple.CoreFoundation 0x00007fff93f94b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
31 com.apple.CoreFoundation 0x00007fff93f94455 __CFRunLoopDoSources0 + 245
32 com.apple.CoreFoundation 0x00007fff93fb77f5 __CFRunLoopRun + 789
33 com.apple.CoreFoundation 0x00007fff93fb70e2 CFRunLoopRunSpecific + 290
34 com.apple.HIToolbox 0x00007fff93770eb4 RunCurrentEventLoopInMode + 209
35 com.apple.HIToolbox 0x00007fff93770c52 ReceiveNextEventCommon + 356
36 com.apple.HIToolbox 0x00007fff93770ae3 BlockUntilNextEventMatchingListInMode + 62
37 com.apple.AppKit 0x00007fff914b2533 _DPSNextEvent + 685
38 com.apple.AppKit 0x00007fff914b1df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
39 com.apple.AppKit 0x00007fff914a91a3 -[NSApplication run] + 517
40 com.apple.WebCore 0x000000010d7f7a52 WebCore::RunLoop::run() + 82
41 com.apple.WebKit2 0x000000010c55a26a int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 422
42 com.apple.WebProcess 0x000000010c472e23 main + 337
43 libdyld.dylib 0x00007fff89efb7e1 start + 1
Thread 1:: Dispatch queue: com.apple.libdispatch-manager
0 libsystem_kernel.dylib 0x00007fff8e7e0d16 kevent + 10
1 libdispatch.dylib 0x00007fff93a46dea _dispatch_mgr_invoke + 883
2 libdispatch.dylib 0x00007fff93a469ee _dispatch_mgr_thread + 54
Thread 2:: JavaScriptCore::BlockFree
0 libsystem_kernel.dylib 0x00007fff8e7e00fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8c04bfe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010cc2ec26 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 118
3 com.apple.JavaScriptCore 0x000000010c90981b JSC::BlockAllocator::blockFreeingThreadMain() + 123
4 com.apple.JavaScriptCore 0x000000010cc2df3f WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 3:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8e7e00fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8c04bfe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010ca3f0eb JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010ca3f1af JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010cc2df3f WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 4:: WebCore: Scrolling
0 libsystem_kernel.dylib 0x00007fff8e7de686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8e7ddc42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff93fb2233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff93fb7916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff93fb70e2 CFRunLoopRunSpecific + 290
5 com.apple.CoreFoundation 0x00007fff93fc5dd1 CFRunLoopRun + 97
6 com.apple.WebCore 0x000000010d8229ce WebCore::ScrollingThread::initializeRunLoop() + 254
7 com.apple.JavaScriptCore 0x000000010cc2df3f WTF::wtfThreadEntryPoint(void*) + 15
8 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
9 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 5:: com.apple.NSURLConnectionLoader
0 libsystem_kernel.dylib 0x00007fff8e7de686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8e7ddc42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff93fb2233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff93fb7916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff93fb70e2 CFRunLoopRunSpecific + 290
5 com.apple.Foundation 0x00007fff8c55c546 +[NSURLConnection(Loader) _resourceLoadLoop:] + 356
6 com.apple.Foundation 0x00007fff8c5ba562 __NSThread__main__ + 1345
7 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
8 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 6:: com.apple.CFSocket.private
0 libsystem_kernel.dylib 0x00007fff8e7e0322 __select + 10
1 com.apple.CoreFoundation 0x00007fff93ff6f46 __CFSocketManager + 1302
2 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
3 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 7:: JSC Compilation Thread
0 libsystem_kernel.dylib 0x00007fff8e7e00fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8c04bfe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010ca3379b JSC::DFG::Worklist::runThread() + 763
3 com.apple.JavaScriptCore 0x000000010cc2df3f WTF::wtfThreadEntryPoint(void*) + 15
4 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
5 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 8:: QTKit: listenOnDelegatePort
0 libsystem_kernel.dylib 0x00007fff8e7de686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8e7ddc42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff93fb2233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff93fb7916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff93fb70e2 CFRunLoopRunSpecific + 290
5 com.apple.CoreFoundation 0x00007fff93fc5dd1 CFRunLoopRun + 97
6 com.apple.QTKit 0x00007fff89d9b2d6 listenOnDelegatePort + 403
7 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
8 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 9:: QTKit: listenOnNotificationPort
0 libsystem_kernel.dylib 0x00007fff8e7de686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8e7ddc42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff93fb2233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff93fb7916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff93fb70e2 CFRunLoopRunSpecific + 290
5 com.apple.CoreFoundation 0x00007fff93fc5dd1 CFRunLoopRun + 97
6 com.apple.QTKit 0x00007fff89d9b771 listenOnNotificationPort + 371
7 libsystem_c.dylib 0x00007fff8c0477a2 _pthread_start + 327
8 libsystem_c.dylib 0x00007fff8c0341e1 thread_start + 13
Thread 10:
0 libsystem_kernel.dylib 0x00007fff8e7e06d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8c049f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8c049d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8c0341d1 start_wqthread + 13
Thread 11:
0 libsystem_kernel.dylib 0x00007fff8e7e06d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8c049f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8c049d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8c0341d1 start_wqthread + 13
Thread 12:
0 libsystem_kernel.dylib 0x00007fff8e7e06d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8c049f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8c049d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8c0341d1 start_wqthread + 13
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x000000011f3d8540 rcx: 0x000000010dfc1af8 rdx: 0x00000001139e56f0
rdi: 0x00007fff5378b4d8 rsi: 0x00000001139e56f0 rbp: 0x00007fff5378b4b0 rsp: 0x00007fff5378ad90
r8: 0x0000000112ef30b0 r9: 0x0000000112ef30d4 r10: 0x0000000117c3fb98 r11: 0x0000000000000007
r12: 0x00000001139e56f0 r13: 0x000000011f3d8540 r14: 0x00000001139e56f0 r15: 0x00007fff5378b4d8
rip: 0x000000010d19995d rfl: 0x0000000000010206 cr2: 0x0000000000000018
Logical CPU: 0
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list