Bug 104326

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010f9b3094 WebCore::Node::rareData() const + 84 (Node.cpp:484) 1 com.apple.WebCore 0x000000010f9b302d WebCore::Node::setTreeScope(WebCore::TreeScope*) + 141 (Node.cpp:451) 2 com.apple.WebCore 0x000000011016d1d0 WebCore::TreeScopeAdopter::moveTreeToNewScope(WebCore::Node*) const + 288 (TreeScopeAdopter.cpp:53) 3 com.apple.WebCore 0x000000011016a668 WebCore::TreeScopeAdopter::execute() const + 24 (TreeScopeAdopter.h:38) 4 com.apple.WebCore 0x0000000110169a77 WebCore::TreeScope::adoptIfNeeded(WebCore::Node*) + 391 (TreeScope.cpp:269) 5 com.apple.WebCore 0x000000010ea09274 WebCore::Private::NodeRemovalDispatcher<WebCore::Node, WebCore::ContainerNode, true>::dispatch(WebCore::Node*, WebCore::ContainerNode*) + 68 (ContainerNodeAlgorithms.h:141) 6 com.apple.WebCore 0x000000010ea091eb void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode*) + 331 (ContainerNodeAlgorithms.h:183) 7 com.apple.WebCore 0x000000010ea069c0 void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 48 (ContainerNodeAlgorithms.h:91) 8 com.apple.WebCore 0x000000010ea01ba5 WebCore::ContainerNode::removeAllChildren() + 21 (ContainerNode.cpp:94) 9 com.apple.WebCore 0x000000010f1cebe4 WebCore::InputType::destroyShadowSubtree() + 68 (InputType.cpp:492) 10 com.apple.WebCore 0x00000001101217df WebCore::TextFieldInputType::destroyShadowSubtree() + 31 (TextFieldInputType.cpp:308) 11 com.apple.WebCore 0x000000010f0b2561 WebCore::HTMLInputElement::updateType() + 545 (HTMLInputElement.cpp:485) 12 com.apple.WebCore 0x000000010f0b3556 WebCore::HTMLInputElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 438 (HTMLInputElement.cpp:650) 13 com.apple.WebCore 0x000000010ee33ed2 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&) + 130 (Element.cpp:778) 14 com.apple.WebCore 0x000000010ff29b25 WebCore::StyledElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&) + 181 (StyledElement.cpp:169) 15 com.apple.WebCore 0x000000010ee351b8 WebCore::Element::parserSetAttributes(WTF::Vector<WebCore::Attribute, 0ul> const&, WebCore::FragmentScriptingPermission) + 856 (Element.cpp:995) 16 com.apple.WebCore 0x000000010f0525fe WebCore::HTMLConstructionSite::createHTMLElement(WebCore::AtomicHTMLToken*) + 190 (HTMLConstructionSite.cpp:422) 17 com.apple.WebCore 0x000000010f052b6a WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement(WebCore::AtomicHTMLToken*) + 138 (HTMLConstructionSite.cpp:311) 18 com.apple.WebCore 0x000000010f13d7b4 WebCore::HTMLTreeBuilder::processStartTagForInBody(WebCore::AtomicHTMLToken*) + 4484 (HTMLTreeBuilder.cpp:847) 19 com.apple.WebCore 0x000000010f1373a9 WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken*) + 1945 (HTMLTreeBuilder.cpp:1166) 20 com.apple.WebCore 0x000000010f136a8a WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*) + 186 (HTMLTreeBuilder.cpp:419) 21 com.apple.WebCore 0x000000010f135deb WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken*) + 91 (HTMLTreeBuilder.cpp:394) 22 com.apple.WebCore 0x000000010f135cea WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) + 122 (HTMLTreeBuilder.cpp:373) 23 com.apple.WebCore 0x000000010f06ffaa WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 858 (HTMLDocumentParser.cpp:270) 24 com.apple.WebCore 0x000000010f06fa40 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 192 (HTMLDocumentParser.cpp:174) 25 com.apple.WebCore 0x000000010f07068f WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString const&) + 143 (HTMLDocumentParser.cpp:319) 26 com.apple.WebCore 0x000000010f0713c6 WebCore::HTMLDocumentParser::parseDocumentFragment(WTF::String const&, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 150 (HTMLDocumentParser.cpp:541) 27 com.apple.WebCore 0x000000010ec6c5db WebCore::DocumentFragment::parseHTML(WTF::String const&, WebCore::Element*, WebCore::FragmentScriptingPermission) + 43 (DocumentFragment.cpp:82) 28 com.apple.WebCore 0x000000010f90d157 WebCore::createFragmentForInnerOuterHTML(WTF::String const&, WebCore::Element*, WebCore::FragmentScriptingPermission, int&) + 135 (markup.cpp:1003) 29 com.apple.WebCore 0x000000010f07e2a3 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 67 (HTMLElement.cpp:347) 30 com.apple.WebCore 0x000000010f4f67ea WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 106 (JSHTMLElement.cpp:544) 31 com.apple.WebCore 0x000000010f4f8859 bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 249 (Lookup.h:373) 32 com.apple.WebCore 0x000000010f4f82f8 void JSC::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) + 120 (Lookup.h:389) 33 com.apple.WebCore 0x000000010f4f5537 WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 279 (JSHTMLElement.cpp:446) 34 com.apple.WebCore 0x000000010f4eec0c void JSC::lookupPut<WebCore::JSHTMLDivElement, WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLDivElement*, JSC::PutPropertySlot&) + 172 (Lookup.h:391) 35 com.apple.WebCore 0x000000010f4edc97 WebCore::JSHTMLDivElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 279 (JSHTMLDivElement.cpp:144) 36 com.apple.JavaScriptCore 0x000000010d976609 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 185 (JSObject.h:1523) 37 com.apple.JavaScriptCore 0x000000010dc22dd0 llint_slow_path_put_by_id + 416 (LLIntSlowPaths.cpp:985) 38 com.apple.JavaScriptCore 0x000000010dc2bd67 llint_op_put_by_id + 155 39 com.apple.JavaScriptCore 0x000000010da26b64 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134) 40 com.apple.JavaScriptCore 0x000000010da2360f JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4735 (Interpreter.cpp:980) 41 com.apple.JavaScriptCore 0x000000010d8ed5f3 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 483 (Completion.cpp:75) 42 com.apple.WebCore 0x000000010f5a22f2 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 82 (JSMainThreadExecState.h:77) 43 com.apple.WebCore 0x000000010fdc26c3 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 339 (ScriptController.cpp:141) 44 com.apple.WebCore 0x000000010fdc2804 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 68 (ScriptController.cpp:158) 45 com.apple.WebCore 0x000000010fdda8ca WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 746 (ScriptElement.cpp:304) 46 com.apple.WebCore 0x000000010f1064f7 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 375 (HTMLScriptRunner.cpp:139) 47 com.apple.WebCore 0x000000010f106363 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 451 (HTMLScriptRunner.cpp:118) 48 com.apple.WebCore 0x000000010f106ba1 WebCore::HTMLScriptRunner::executeParsingBlockingScripts() + 97 (HTMLScriptRunner.cpp:190) 49 com.apple.WebCore 0x000000010f106ea0 WebCore::HTMLScriptRunner::executeScriptsWaitingForStylesheets() + 352 (HTMLScriptRunner.cpp:211) 50 com.apple.WebCore 0x000000010f0712f1 WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() + 193 (HTMLDocumentParser.cpp:534) 51 com.apple.WebCore 0x000000010ec1f890 WebCore::Document::didRemoveAllPendingStylesheet() + 80 (Document.cpp:2811) 52 com.apple.WebCore 0x000000010ec909d0 WebCore::DocumentStyleSheetCollection::removePendingSheet(WebCore::DocumentStyleSheetCollection::RemovePendingSheetNotificationType) + 176 (DocumentStyleSheetCollection.cpp:232) 53 com.apple.WebCore 0x000000010f0bc3cc WebCore::HTMLLinkElement::removePendingSheet(WebCore::HTMLLinkElement::RemovePendingSheetNotificationType) + 156 (HTMLLinkElement.cpp:481) 54 com.apple.WebCore 0x000000010f0bdf7f WebCore::HTMLLinkElement::sheetLoaded() + 47 (HTMLLinkElement.cpp:364) 55 com.apple.WebCore 0x000000010ffa96f7 WebCore::StyleSheetContents::checkLoaded() + 231 (StyleSheetContents.cpp:355) 56 com.apple.WebCore 0x000000010ffa74b6 WebCore::StyleRuleImport::setCSSStyleSheet(WTF::String const&, WebCore::KURL const&, WTF::String const&, WebCore::CachedCSSStyleSheet const*) + 662 (StyleRuleImport.cpp:82) 57 com.apple.WebCore 0x000000010ffa7d69 WebCore::StyleRuleImport::ImportedStyleSheetClient::setCSSStyleSheet(WTF::String const&, WebCore::KURL const&, WTF::String const&, WebCore::CachedCSSStyleSheet const*) + 57 (StyleRuleImport.h:66) 58 com.apple.WebCore 0x000000010e93ef5c WebCore::CachedCSSStyleSheet::checkNotify() + 252 (CachedCSSStyleSheet.cpp:122) 59 com.apple.WebCore 0x000000010e93ee17 WebCore::CachedCSSStyleSheet::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 471 (CachedCSSStyleSheet.cpp:112) 60 com.apple.WebCore 0x000000010ffb695b WebCore::SubresourceLoader::didFinishLoading(double) + 539 (SubresourceLoader.cpp:275) 61 com.apple.WebCore 0x000000010fd6f805 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 (ResourceLoader.cpp:454) 62 com.apple.WebCore 0x000000010fd6c21b -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 187 (ResourceHandleMac.mm:834) 63 com.apple.Foundation 0x00007fff8a069f58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 64 com.apple.Foundation 0x00007fff8a069e9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 65 com.apple.Foundation 0x00007fff8a069d98 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 66 com.apple.CFNetwork 0x00007fff88be9f01 ___delegate_didFinishLoading_block_invoke_0 + 40 67 com.apple.CFNetwork 0x00007fff88bdc3ca ___withDelegateAsync_block_invoke_0 + 90 68 com.apple.CFNetwork 0x00007fff88c6c56a __block_global_1 + 28 69 com.apple.CoreFoundation 0x00007fff82e21724 CFArrayApplyFunction + 68 70 com.apple.CFNetwork 0x00007fff88bcd554 RunloopBlockContext::perform() + 124 71 com.apple.CFNetwork 0x00007fff88bcd42b MultiplexerSource::perform() + 221 72 com.apple.CoreFoundation 0x00007fff82e03101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 73 com.apple.CoreFoundation 0x00007fff82e02a25 __CFRunLoopDoSources0 + 245 74 com.apple.CoreFoundation 0x00007fff82e25dc5 __CFRunLoopRun + 789 75 com.apple.CoreFoundation 0x00007fff82e256b2 CFRunLoopRunSpecific + 290 76 com.apple.HIToolbox 0x00007fff86a900a4 RunCurrentEventLoopInMode + 209 77 com.apple.HIToolbox 0x00007fff86a8fe42 ReceiveNextEventCommon + 356 78 com.apple.HIToolbox 0x00007fff86a8fcd3 BlockUntilNextEventMatchingListInMode + 62 79 com.apple.AppKit 0x00007fff8b6db613 _DPSNextEvent + 685 80 com.apple.AppKit 0x00007fff8b6daed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 81 com.apple.AppKit 0x00007fff8b6d2283 -[NSApplication run] + 517 82 com.apple.WebCore 0x000000010fda645c WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 83 com.apple.WebKit2 0x000000010c83b4f3 WebKit::WebProcessMain(WebKit::CommandLine const&) + 4451 (WebProcessMainMac.mm:187) 84 com.apple.WebKit2 0x000000010c729aea WebKitMain(WebKit::CommandLine const&) + 202 (WebKitMain.cpp:58) 85 com.apple.WebKit2 0x000000010c7299f9 WebKitMain + 153 (WebKitMain.cpp:88) 86 com.apple.WebProcess 0x000000010c4b2da2 main + 274 (MainMacProcess.cpp:68) 87 libdyld.dylib 0x00007fff882417e1 start + 1