307303 2026-02-08 17:50:13 -0800 AX: Deadlock involving s_storeLock when ENABLE_ACCESSIBILITY_LOCAL_FRAME is enabled 2026-02-08 19:43:38 -0800 1 1 1 Unclassified WebKit Accessibility WebKit Nightly Build All All RESOLVED FIXED InRadar P2 Normal --- 1 dm_mazzoni dm_mazzoni andresg_22 webkit-bug-importer oldest_to_newest 2179290 0 dm_mazzoni 2026-02-08 17:50:13 -0800 WebProcess::accessibilityFocusedUIElement iterates over isolated trees to see which one is focused, and it uses findAXTree, which acquires s_storeLock. When ENABLE_ACCESSIBILITY_LOCAL_FRAME is enabled, it also calls typedTree->focusedNode() on each tree because it needs to check whether that frame is the specific frame within a page that's focused - the flags like ActivityState::IsFocused only tell us about the page, not the frame. This results in a call to AXIsolatedTree::focusedNodeID(), which calls AXIsolatedTree::applyPendingChanges. This is call fine so far, but if the tree happens to be queued for destruction, then it calls AXTreeStore::remove(), which also needs s_storeLock, leading to deadlock. This manifests when running accessibility layout tests in parallel with ENABLE_ACCESSIBILITY_LOCAL_FRAME enabled - even if the tests don't involve iframes, sooner or later the deadlock occurs and causes tests to timeout. The simplest fix is to just call the existing applyPendingChangesUnlessQueuedForDestruction method. We should also consider if there's a safer time to trigger AXTreeStore::remove(). 2179292 1 webkit-bug-importer 2026-02-08 17:50:19 -0800 <rdar://problem/169934927> 2179301 2 dm_mazzoni 2026-02-08 18:17:42 -0800 Pull request: https://github.com/WebKit/WebKit/pull/58168 2179308 3 ews-feeder 2026-02-08 19:43:36 -0800 Committed 307050@main (653381a67bbf): <https://commits.webkit.org/307050@main> Reviewed commits have been landed. Closing PR #58168 and removing active labels.