Bug 119224

Summary: REGRESSION: Crash when creating a new spreadsheet on Google Docs
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Critical CC: ap, bfulgham, bribri, fpizlo, jon, oliver, webkit-bug-importer, zan
Priority: P1 Keywords: GoogleBug, InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Ryosuke Niwa
Reported 2013-07-29 14:18:34 PDT
Reproduction steps: 1. Visit docs.google.com with a Google account 2. Create a new spreadsheet via the red button on the left upper corner. Thread 0:: Dispatch queue: com.apple.main-thread 0 ??? 0x0000519362878e8f 0 + 89693455093391 1 com.apple.JavaScriptCore 0x00000001047fde21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 2 com.apple.JavaScriptCore 0x00000001047e324a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 3 com.apple.JavaScriptCore 0x00000001046c9c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 4 com.apple.JavaScriptCore 0x00000001048340ae JSC::boundFunctionCall(JSC::ExecState*) + 558 5 ??? 0x0000519362001045 0 + 89693446213701 6 com.apple.JavaScriptCore 0x00000001047fde21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 7 com.apple.JavaScriptCore 0x00000001047dfa46 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 1526 8 com.apple.JavaScriptCore 0x000000010484b0da JSC::globalFuncEval(JSC::ExecState*) + 874 9 ??? 0x0000519362001045 0 + 89693446213701 10 com.apple.JavaScriptCore 0x00000001047fde21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 11 com.apple.JavaScriptCore 0x00000001047e324a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 12 com.apple.JavaScriptCore 0x00000001046c9c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 13 com.apple.JavaScriptCore 0x00000001048340ae JSC::boundFunctionCall(JSC::ExecState*) + 558 14 ??? 0x0000519362001045 0 + 89693446213701 15 com.apple.JavaScriptCore 0x00000001047fde21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 16 com.apple.JavaScriptCore 0x00000001047e324a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 17 com.apple.JavaScriptCore 0x00000001046c9c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 18 com.apple.JavaScriptCore 0x00000001048340ae JSC::boundFunctionCall(JSC::ExecState*) + 558 19 ??? 0x0000519362001045 0 + 89693446213701 20 com.apple.JavaScriptCore 0x00000001047fde21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 21 com.apple.JavaScriptCore 0x00000001047e324a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 22 com.apple.JavaScriptCore 0x00000001046c9c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 23 com.apple.JavaScriptCore 0x00000001048340ae JSC::boundFunctionCall(JSC::ExecState*) + 558 24 com.apple.JavaScriptCore 0x00000001047e328b JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 715 25 com.apple.JavaScriptCore 0x00000001046c9c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 26 com.apple.WebCore 0x0000000105143c8c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908 27 com.apple.WebCore 0x0000000104e0f1ec WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 364 28 com.apple.WebCore 0x0000000104e0ef06 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 390 29 com.apple.WebCore 0x0000000104e0ed68 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 88 30 com.apple.WebCore 0x0000000105826d2f WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 335 31 com.apple.WebCore 0x0000000105826da8 WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 56 32 com.apple.WebCore 0x00000001058217ac WebCore::XMLHttpRequest::callReadyStateChangeListener() + 252 33 com.apple.WebCore 0x00000001058256f6 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 358 34 com.apple.WebCore 0x0000000104bb792c WebCore::CachedResource::checkNotify() + 76 35 com.apple.WebCore 0x0000000104bb48c2 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) + 194 36 com.apple.WebCore 0x0000000105691085 WebCore::SubresourceLoader::didFinishLoading(double) + 133 37 com.apple.Foundation 0x00007fff93c64d88 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 38 com.apple.Foundation 0x00007fff93c64ccc -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 39 com.apple.Foundation 0x00007fff93c64bc8 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 40 com.apple.CFNetwork 0x00007fff91cf8091 ___delegate_didFinishLoading_block_invoke_0 + 40 41 com.apple.CFNetwork 0x00007fff91cea54a ___withDelegateAsync_block_invoke_0 + 90 42 com.apple.CFNetwork 0x00007fff91d7af3a __block_global_1 + 28 43 com.apple.CoreFoundation 0x00007fff961a2154 CFArrayApplyFunction + 68 44 com.apple.CFNetwork 0x00007fff91cdb2b4 RunloopBlockContext::perform() + 124 45 com.apple.CFNetwork 0x00007fff91cdb18b MultiplexerSource::perform() + 221 46 com.apple.CoreFoundation 0x00007fff96183b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 47 com.apple.CoreFoundation 0x00007fff96183455 __CFRunLoopDoSources0 + 245 48 com.apple.CoreFoundation 0x00007fff961a67f5 __CFRunLoopRun + 789 49 com.apple.CoreFoundation 0x00007fff961a60e2 CFRunLoopRunSpecific + 290 50 com.apple.HIToolbox 0x00007fff8fe27eb4 RunCurrentEventLoopInMode + 209 51 com.apple.HIToolbox 0x00007fff8fe27c52 ReceiveNextEventCommon + 356 52 com.apple.HIToolbox 0x00007fff8fe27ae3 BlockUntilNextEventMatchingListInMode + 62 53 com.apple.AppKit 0x00007fff92743533 _DPSNextEvent + 685 54 com.apple.AppKit 0x00007fff92742df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 55 com.apple.AppKit 0x00007fff9273a1a3 -[NSApplication run] + 517 56 com.apple.WebCore 0x00000001055e3e92 WebCore::RunLoop::run() + 82 57 com.apple.WebKit2 0x00000001042ea263 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 579 58 com.apple.WebProcess 0x00000001041fde23 main + 337 59 libdyld.dylib 0x00007fff9012d7e1 start + 1 Thread 0:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001008e6f8e JSC::Lexer<unsigned char>::lex(JSC::JSTokenData*, JSC::JSTokenLocation*, unsigned int, bool) + 206 1 com.apple.JavaScriptCore 0x000000010097b174 JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseMemberExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 20932 2 com.apple.JavaScriptCore 0x00000001009733aa JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseAssignmentExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 1002 3 com.apple.JavaScriptCore 0x0000000100972d89 JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 153 4 com.apple.JavaScriptCore 0x000000010097280e JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseExpressionOrLabelStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) + 910 5 com.apple.JavaScriptCore 0x000000010096b5e5 JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseStatement<JSC::ASTBuilder>(JSC::ASTBuilder&, JSC::Identifier const*&, unsigned int*) + 1605 6 com.apple.JavaScriptCore 0x000000010096b27c JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseStatement<JSC::ASTBuilder>(JSC::ASTBuilder&, JSC::Identifier const*&, unsigned int*) + 732 7 com.apple.JavaScriptCore 0x000000010093be20 JSC::ASTBuilder::SourceElements JSC::Parser<JSC::Lexer<unsigned char> >::parseSourceElements<(JSC::SourceElementsMode)0, JSC::ASTBuilder>(JSC::ASTBuilder&) + 352 8 com.apple.JavaScriptCore 0x000000010093b94b JSC::Parser<JSC::Lexer<unsigned char> >::parseInner() + 363 9 com.apple.JavaScriptCore 0x00000001009c4451 WTF::PassRefPtr<JSC::FunctionBodyNode> JSC::Parser<JSC::Lexer<unsigned char> >::parse<JSC::FunctionBodyNode>(JSC::ParserError&) + 113 10 com.apple.JavaScriptCore 0x00000001009c412e WTF::PassRefPtr<JSC::FunctionBodyNode> JSC::parse<JSC::FunctionBodyNode>(JSC::VM*, JSC::SourceCode const&, JSC::FunctionParameters*, JSC::Identifier const&, JSC::JSParserStrictness, JSC::JSParserMode, JSC::ParserError&) + 126 11 com.apple.JavaScriptCore 0x00000001009c3152 JSC::UnlinkedFunctionExecutable::codeBlockFor(JSC::VM&, JSC::SourceCode const&, JSC::CodeSpecializationKind, JSC::DebuggerMode, JSC::ProfilerMode, JSC::ParserError&) + 130 12 com.apple.JavaScriptCore 0x0000000100848919 JSC::FunctionExecutable::produceCodeBlockFor(JSC::JSScope*, JSC::CodeSpecializationKind, JSC::JSObject*&) + 345 13 com.apple.JavaScriptCore 0x0000000100848514 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, JSC::CompilationResult*, unsigned int) + 84 14 com.apple.JavaScriptCore 0x000000010090f57d JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 669 15 com.apple.JavaScriptCore 0x0000000100913582 llint_op_call + 185 16 com.apple.JavaScriptCore 0x0000000100876e21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 17 com.apple.JavaScriptCore 0x000000010085c24a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 18 com.apple.JavaScriptCore 0x0000000100742c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 19 com.apple.JavaScriptCore 0x00000001008ad0ae JSC::boundFunctionCall(JSC::ExecState*) + 558 20 ??? 0x00005383c4201045 0 + 91825396256837 21 com.apple.JavaScriptCore 0x0000000100876e21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 22 com.apple.JavaScriptCore 0x0000000100858a46 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 1526 23 com.apple.JavaScriptCore 0x00000001008c40da JSC::globalFuncEval(JSC::ExecState*) + 874 24 ??? 0x00005383c4201045 0 + 91825396256837 25 com.apple.JavaScriptCore 0x0000000100876e21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 26 com.apple.JavaScriptCore 0x000000010085c24a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 27 com.apple.JavaScriptCore 0x0000000100742c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 28 com.apple.JavaScriptCore 0x00000001008ad0ae JSC::boundFunctionCall(JSC::ExecState*) + 558 29 ??? 0x00005383c4201045 0 + 91825396256837 30 com.apple.JavaScriptCore 0x0000000100876e21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 31 com.apple.JavaScriptCore 0x000000010085c24a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 32 com.apple.JavaScriptCore 0x0000000100742c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 33 com.apple.JavaScriptCore 0x00000001008ad0ae JSC::boundFunctionCall(JSC::ExecState*) + 558 34 ??? 0x00005383c4201045 0 + 91825396256837 35 com.apple.JavaScriptCore 0x0000000100876e21 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 36 com.apple.JavaScriptCore 0x000000010085c24a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 37 com.apple.JavaScriptCore 0x0000000100742c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 38 com.apple.JavaScriptCore 0x00000001008ad0ae JSC::boundFunctionCall(JSC::ExecState*) + 558 39 com.apple.JavaScriptCore 0x000000010085c28b JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 715 40 com.apple.JavaScriptCore 0x0000000100742c05 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 41 com.apple.WebCore 0x00000001011bcc8c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908 42 com.apple.WebCore 0x0000000100e881ec WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 364 43 com.apple.WebCore 0x0000000100e87f06 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 390 44 com.apple.WebCore 0x0000000100e87d68 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 88 45 com.apple.WebCore 0x000000010189fd2f WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 335 46 com.apple.WebCore 0x000000010189fda8 WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 56 47 com.apple.WebCore 0x000000010189a7ac WebCore::XMLHttpRequest::callReadyStateChangeListener() + 252 48 com.apple.WebCore 0x000000010189e6f6 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 358 49 com.apple.WebCore 0x0000000100c3092c WebCore::CachedResource::checkNotify() + 76 50 com.apple.WebCore 0x0000000100c2d8c2 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) + 194 51 com.apple.WebCore 0x000000010170a085 WebCore::SubresourceLoader::didFinishLoading(double) + 133 52 com.apple.Foundation 0x00007fff93c64d88 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 53 com.apple.Foundation 0x00007fff93c64ccc -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 54 com.apple.Foundation 0x00007fff93c64bc8 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 55 com.apple.CFNetwork 0x00007fff91cf8091 ___delegate_didFinishLoading_block_invoke_0 + 40 56 com.apple.CFNetwork 0x00007fff91cea54a ___withDelegateAsync_block_invoke_0 + 90 57 com.apple.CFNetwork 0x00007fff91d7af3a __block_global_1 + 28 58 com.apple.CoreFoundation 0x00007fff961a2154 CFArrayApplyFunction + 68 59 com.apple.CFNetwork 0x00007fff91cdb2b4 RunloopBlockContext::perform() + 124 60 com.apple.CFNetwork 0x00007fff91cdb18b MultiplexerSource::perform() + 221 61 com.apple.CoreFoundation 0x00007fff96183b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 62 com.apple.CoreFoundation 0x00007fff9618351d __CFRunLoopDoSources0 + 445 63 com.apple.CoreFoundation 0x00007fff961a67f5 __CFRunLoopRun + 789 64 com.apple.CoreFoundation 0x00007fff961a60e2 CFRunLoopRunSpecific + 290 65 com.apple.HIToolbox 0x00007fff8fe27eb4 RunCurrentEventLoopInMode + 209 66 com.apple.HIToolbox 0x00007fff8fe27c52 ReceiveNextEventCommon + 356 67 com.apple.HIToolbox 0x00007fff8fe27ae3 BlockUntilNextEventMatchingListInMode + 62 68 com.apple.AppKit 0x00007fff92743533 _DPSNextEvent + 685 69 com.apple.AppKit 0x00007fff92742df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 70 com.apple.AppKit 0x00007fff9273a1a3 -[NSApplication run] + 517 71 com.apple.WebCore 0x000000010165ce92 WebCore::RunLoop::run() + 82 72 com.apple.WebKit2 0x0000000100363263 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 579 73 com.apple.WebProcess 0x0000000100276e23 main + 337 74 libdyld.dylib 0x00007fff9012d7e1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2013-07-29 14:19:11 PDT
<rdar://problem/14581442>
Zan Dobersek
Comment 2 2013-08-28 02:20:27 PDT
*** Bug 119530 has been marked as a duplicate of this bug. ***
Zan Dobersek
Comment 3 2013-08-28 02:21:23 PDT
*** Bug 119653 has been marked as a duplicate of this bug. ***
Zan Dobersek
Comment 4 2013-08-28 02:27:29 PDT
Bugs #119396 and #120103 show similar backtraces, but I'll leave it to others to determine whether it's OK to mark them as duplicates of this bug.
Alexey Proskuryakov
Comment 5 2013-08-28 10:01:08 PDT
Following Radar trail, this bug was supposed to be fixed long ago, in <http://trac.webkit.org/changeset/153540>. The bugs currently marked as duplicates were filed later. It would be worth re-verifying this bug, as well as duplicates. Please tell us if any of these issues still occurs.
Brent Fulgham
Comment 6 2022-02-12 20:01:32 PST
*** This bug has been marked as a duplicate of bug 119349 ***
Note You need to log in before you can comment on or make changes to this bug.