Bug 270477

Description: accessibility/text-marker/text-marker-range-stale-node-crash.html Is a constant crash on iOS Debug. History: https://results.webkit.org/?suite=layout-tests&test=accessibility%2Ftext-marker%2Ftext-marker-range-stale-node-crash.html Diff/Image Diff/Crash Log: stderr: ASSERTION FAILED: !deletionHasBegun() /Volumes/Data/worker/Apple-iOS-17-Simulator-Debug-Build/build/Source/WebCore/dom/Node.h(821) : void WebCore::Node::ref() const 1 0x10f77e7b8 WTFCrash 2 0x2cb7ed140 WebCore::BaseAudioContext::currentSampleFrame() const 3 0x2cb801fac WebCore::Node::ref() const 4 0x2c951c234 WTF::DefaultRefDerefTraits<WebCore::Node>::refIfNotNull(WebCore::Node*) 5 0x2c951c1f0 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*) 6 0x2c951c124 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*) 7 0x2cb9e6bb8 WebCore::AXObjectCache::characterOffsetForTextMarkerData(WebCore::TextMarkerData&) 8 0x2c94aaa84 -[WebAccessibilityTextMarker characterOffset] 9 0x2c94ba54c -[WebAccessibilityObjectWrapper rangeForTextMarkers:] 10 0x2c94ba8e8 -[WebAccessibilityObjectWrapper textMarkerRangeForMarkers:] 11 0x13accc7dc WTR::AccessibilityUIElement::textMarkerRangeForMarkers(WTR::AccessibilityTextMarker*, WTR::AccessibilityTextMarker*) 12 0x13ad120b8 WTR::JSAccessibilityUIElement::textMarkerRangeForMarkers(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) 13 0x1100a4884 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) 14 0x11009cf44 JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*) 15 0x2900103b0 14 ??? 0x00000002900103b0 0x0 + 11005920176 16 0x111e7bc64 llint_entry 17 0x111e55eb4 vmEntryToJavaScript 18 0x110fb2314 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 19 0x111278a9c JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 20 0x111278be8 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 21 0x2cbd39254 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 22 0x2cbd38d2c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 23 0x2cbd38b60 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 24 0x2cbd39510 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) 25 0x2cc79467c WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 26 0x2cc792410 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&) 27 0x2ccdb5968 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) 28 0x2ccdb5798 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&) 29 0x2ccd77e64 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 30 0x2ccd78370 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 31 0x2ccd776e4 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) com.apple.WebKit.WebContent.Development terminated (pid 2919) for reason: crash LEAK: 1 WebPageProxy