308214 2026-02-19 03:23:32 -0800 Nullptr crash accessing settings when tearing down render tree 2026-02-19 15:38:23 -0800 1 1 1 Unclassified WebKit Layout and Rendering WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 koivisto koivisto bfulgham simon.fraser webkit-bug-importer zalan oldest_to_newest 2183017 0 koivisto 2026-02-19 03:23:32 -0800 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread: 0 WebCore 0x1ac2295e4 WebCore::Page::WeakValueType* WTF::WeakPtrImplBase<WTF::DefaultWeakPtrImpl>::get<WebCore::Page>() + 0 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/WeakPtrImpl.h:46) [inlined] 1 WebCore 0x1ac2295e4 WTF::WeakPtr<WebCore::Page, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl>>::get() const + 4 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/WeakPtr.h:118) [inlined] 2 WebCore 0x1ac2295e4 WebCore::Frame::page() const + 4 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/dom/DocumentPage.h:36) [inlined] 3 WebCore 0x1ac2295e4 WebCore::RenderObject::page() const + 32 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/RenderObjectInlines.h:72) [inlined] 4 WebCore 0x1ac2295e4 WebCore::RenderObject::settings() const + 32 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/RenderObjectInlines.h:82) [inlined] 5 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::Inline::Inline(WebCore::RenderTreeBuilder&) + 40 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilderInline.cpp:110) [inlined] 6 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::Inline::Inline(WebCore::RenderTreeBuilder&) + 40 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilderInline.cpp:111) [inlined] 7 WebCore 0x1ac2295e4 WTF::UniqueRef<WebCore::RenderTreeBuilder::Inline> WTF::makeUniqueRefWithoutFastMallocCheck<WebCore::RenderTreeBuilder::Inline, WebCore::RenderTreeBuilder&>(WebCore::RenderTreeBuilder&) + 56 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/UniqueRef.h:42) [inlined] 8 WebCore 0x1ac2295e4 WTF::UniqueRef<WebCore::RenderTreeBuilder::Inline> WTF::makeUniqueRef<WebCore::RenderTreeBuilder::Inline, WebCore::RenderTreeBuilder&>(WebCore::RenderTreeBuilder&) + 56 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/UniqueRef.h:57) [inlined] 9 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::RenderTreeBuilder(WebCore::RenderView&) + 292 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:184) 10 WebCore 0x1ac24c9cc WebCore::RenderTreeBuilder::RenderTreeBuilder(WebCore::RenderView&) + 8 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:190) [inlined] 11 WebCore 0x1ac24c9cc WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType) + 84 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:719) 12 WebCore 0x1ab029d78 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 12 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:726) [inlined] 13 WebCore 0x1ab029d78 WebCore::Document::destroyRenderTree() + 324 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/dom/Document.cpp:3622) 14 WebCore 0x1ab02a384 WebCore::Document::willBeRemovedFromFrame() + 628 (/Library/Caches/c 2183018 1 koivisto 2026-02-19 03:23:48 -0800 rdar://117839253 2183039 2 koivisto 2026-02-19 05:43:13 -0800 Pull request: https://github.com/WebKit/WebKit/pull/59004 2183054 3 ews-feeder 2026-02-19 08:06:56 -0800 Committed 307833@main (0ce1f258ce6e): <https://commits.webkit.org/307833@main> Reviewed commits have been landed. Closing PR #59004 and removing active labels. 2183178 4 ews-feeder 2026-02-19 15:38:23 -0800 Committed 305413.321@safari-7624-branch (74f911b7e16f): <https://commits.webkit.org/305413.321@safari-7624-branch> Reviewed commits have been landed. Closing PR #4513 and removing active labels.