Bug 279145
| Summary: | AX: misspelling-range.html is pass crash flaky on iOS simulator. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andres Gonzalez <andresg_22> |
| Component: | Accessibility | Assignee: | Andres Gonzalez <andresg_22> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | andresg_22, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
Andres Gonzalez
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x103089e84 objc_release + 16
1 WebKitTestRunnerInjectedBundle 0x15a2b287c WTF::RetainPtr<objc_object*>::~RetainPtr() + 72 (RetainPtr.h:198)
2 WebKitTestRunnerInjectedBundle 0x15a2aff64 WTF::RetainPtr<objc_object*>::~RetainPtr() + 28 (RetainPtr.h:196)
3 WebKitTestRunnerInjectedBundle 0x15a2b74b8 WTR::AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange() + 48 (AccessibilityTextMarkerRange.cpp:58)
4 WebKitTestRunnerInjectedBundle 0x15a2b74ec WTR::AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange() + 28 (AccessibilityTextMarkerRange.cpp:57)
5 WebKitTestRunnerInjectedBundle 0x15a2b7518 WTR::AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange() + 28 (AccessibilityTextMarkerRange.cpp:57)
6 WebKitTestRunnerInjectedBundle 0x15a2af508 WTF::ThreadSafeRefCounted<WTR::JSWrappable, (WTF::DestructionThread)0>::deref() const + 88 (ThreadSafeRefCounted.h:144)
7 WebKitTestRunnerInjectedBundle 0x15a352e3c WTR::JSWrapper::finalize(OpaqueJSValue*) + 68 (JSWrapper.cpp:77)
8 JavaScriptCore 0x13b6cbbac JSC::JSCallbackObject<JSC::JSNonFinalObject>::~JSCallbackObject() + 304 (JSCallbackObjectFunctions.h:85)
9 JavaScriptCore 0x13b6cba6c JSC::JSCallbackObject<JSC::JSNonFinalObject>::~JSCallbackObject() + 28 (JSCallbackObjectFunctions.h:77)
10 JavaScriptCore 0x13b6c0db8 JSC::JSCallbackObject<JSC::JSNonFinalObject>::destroy(JSC::JSCell*) + 24 (JSCallbackObject.h:151)
11 JavaScriptCore 0x13c551890 JSC::IsoHeapCellType::operator()(JSC::VM&, JSC::JSCell*) const + 40 (IsoHeapCellType.h:62)
12 JavaScriptCore 0x13c5541f8 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::IsoHeapCellType>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::IsoHeapCellType const&)::'lambda'(void*)::operator()(void*) const + 76 (MarkedBlockInlines.h:284)
13 JavaScriptCore 0x13c55427c void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::IsoHeapCellType>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::IsoHeapCellType const&)::'lambda'(unsigned long)::operator()(unsigned long) const + 104 (MarkedBlockInlines.h:363)
14 JavaScriptCore 0x13c54d254 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::IsoHeapCellType>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::IsoHeapCellType const&) + 1580 (MarkedBlockInlines.h:412)
15 JavaScriptCore 0x13c54068c void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::IsoHeapCellType>(JSC::FreeList*, JSC::IsoHeapCellType const&) + 356 (MarkedBlockInlines.h:512)
16 JavaScriptCore 0x13c54051c JSC::IsoHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) const + 40 (IsoHeapCellType.cpp:47)
17 JavaScriptCore 0x13c58b5d0 JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 52 (Subspace.cpp:61)
18 JavaScriptCore 0x13c560bf0 JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) + 820 (MarkedBlock.cpp:452)
19 JavaScriptCore 0x13c544968 JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*, unsigned long) + 396 (LocalAllocator.cpp:232)
20 JavaScriptCore 0x13c544554 JSC::LocalAllocator::tryAllocateWithoutCollecting(unsigned long) + 356 (LocalAllocator.cpp:196)
21 JavaScriptCore 0x13c543f54 JSC::LocalAllocator::allocateSlowCase(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 468 (LocalAllocator.cpp:132)
22 JavaScriptCore 0x13cbbb3f0 JSC::LocalAllocator::allocate(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'()::operator()() const + 80 (LocalAllocatorInlines.h:41)
23 JavaScriptCore 0x13cbbb308 JSC::HeapCell* JSC::FreeList::allocateWithCellSize<JSC::LocalAllocator::allocate(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'()>(JSC::LocalAllocator::allocate(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'() const&, unsigned long) + 144 (FreeListInlines.h:44)
24 JavaScriptCore 0x13c2114f4 JSC::LocalAllocator::allocate(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 148 (LocalAllocatorInlines.h:38)
25 JavaScriptCore 0x13c2147ec JSC::GCClient::IsoSubspace::allocate(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 60 (IsoSubspaceInlines.h:34)
26 JavaScriptCore 0x13b6fcf64 void* JSC::tryAllocateCellHelper<JSC::JSCallbackObject<JSC::JSNonFinalObject>, (JSC::AllocationFailureMode)0>(JSC::VM&, unsigned long, JSC::GCDeferralContext*) + 368 (JSCellInlines.h:191)
27 JavaScriptCore 0x13b6fccd8 void* JSC::allocateCell<JSC::JSCallbackObject<JSC::JSNonFinalObject>>(JSC::VM&, unsigned long) + 36 (JSCellInlines.h:207)
28 JavaScriptCore 0x13b6e604c JSC::JSCallbackObject<JSC::JSNonFinalObject>::create(JSC::JSGlobalObject*, JSC::Structure*, OpaqueJSClass*, void*) + 224 (JSCallbackObject.h:142)
29 JavaScriptCore 0x13b6e8874 JSObjectMake + 256 (JSObjectRef.cpp:92)
30 WebKitTestRunnerInjectedBundle 0x15a352b60 WTR::JSWrapper::wrap(OpaqueJSContext const*, WTR::JSWrappable*) + 292 (JSWrapper.cpp:42)
31 WebKitTestRunnerInjectedBundle 0x15a2ad168 WTR::toJS(OpaqueJSContext const*, WTR::JSWrappable*) + 32 (JSWrapper.h:45)
32 WebKitTestRunnerInjectedBundle 0x15a30bc98 WTR::JSAccessibilityUIElement::startTextMarkerForTextMarkerRange(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 244 (JSAccessibilityUIElement.cpp:1604)
33 JavaScriptCore 0x13b6c90a8 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420 (APICallbackFunction.h:60)
34 JavaScriptCore 0x13b6c02e4 JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*) + 32 (JSCallbackFunction.cpp:42)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/135298645>
Andres Gonzalez
Pull request: https://github.com/WebKit/WebKit/pull/33141
EWS
Committed 283206@main (1d817283101f): <https://commits.webkit.org/283206@main>
Reviewed commits have been landed. Closing PR #33141 and removing active labels.