This appears to be caused by Bug 206828 which added `webkitAccessibleDetach(WEBKIT_ACCESSIBLE(wrapper))` to an already cleared wrapper. When loading URLs in MiniBrowser in a debug build I get the following stacktrace: #0 WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:305 #1 0x00007fffed64760b in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:660 #2 0x00007fffef941d51 in webkitAccessibleDetach (accessible=0x5555556c8870) at ../../Source/WebCore/accessibility/atk/WebKitAccessible.cpp:1308 #3 0x00007fffef93befe in WebCore::AccessibilityObject::detachPlatformWrapper (this=0x7fffd6f90ac8, detachmentType=WebCore::AccessibilityDetachmentType::ElementDestroyed) at ../../Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp:47 #4 0x00007fffef8b1607 in WebCore::AXCoreObject::detachWrapper (this=0x7fffd6f90ac8, detachmentType=WebCore::AccessibilityDetachmentType::ElementDestroyed) at ../../Source/WebCore/accessibility/AccessibilityObjectInterface.h:1158 #5 0x00007fffef8b1596 in WebCore::AXCoreObject::detach (this=0x7fffd6f90ac8, detachmentType=WebCore::AccessibilityDetachmentType::ElementDestroyed) at ../../Source/WebCore/accessibility/AccessibilityObjectInterface.h:1150 #6 0x00007fffef8a0326 in WebCore::AXObjectCache::remove (this=0x7fffd6f47000, axID=1) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:853 #7 0x00007fffef8a0662 in WebCore::AXObjectCache::remove (this=0x7fffd6f47000, view=0x7fffd700c010) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:895 #8 0x00007ffff082a02a in WebCore::FrameView::removeFromAXObjectCache (this=0x7fffd700c010) at ../../Source/WebCore/page/FrameView.cpp:280 #9 0x00007ffff082a2d4 in WebCore::FrameView::prepareForDetach (this=0x7fffd700c010) at ../../Source/WebCore/page/FrameView.cpp:329 #10 0x00007ffff0823860 in WebCore::Frame::setView (this=0x7fffd6fca348, view=...) at ../../Source/WebCore/page/Frame.cpp:228 #11 0x00007ffff08261a9 in WebCore::Frame::createView (this=0x7fffd6fca348, viewportSize=..., backgroundColor=..., fixedLayoutSize=..., fixedVisibleContentRect=..., useFixedLayout=false, horizontalScrollbarMode=WebCore::ScrollbarAuto, horizontalLock=false, verticalScrollbarMode=WebCore::ScrollbarAuto, verticalLock=false) at ../../Source/WebCore/page/Frame.cpp:806 #12 0x00007fffee6d08a4 in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage (this=0x7fffd6ff3340) at ../../Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1510 #13 0x00007ffff068bda0 in WebCore::FrameLoader::transitionToCommitted (this=0x7fffd6f80000, cachedPage=0x0) at ../../Source/WebCore/loader/FrameLoader.cpp:2222 #14 0x00007ffff068b062 in WebCore::FrameLoader::commitProvisionalLoad (this=0x7fffd6f80000) at ../../Source/WebCore/loader/FrameLoader.cpp:2041 #15 0x00007ffff06432f5 in WebCore::DocumentLoader::commitIfReady (this=0x7fffd6f4f000) at ../../Source/WebCore/loader/DocumentLoader.cpp:367 #16 0x00007ffff0646a31 in WebCore::DocumentLoader::commitLoad (this=0x7fffd6f4f000, `AccessibilityObject::detachPlatformWrapper` gets called after `AXObjectCache::detachWrapper` with the new patch, it looks as if the if statement should return early perhaps.
<rdar://problem/59088456>
Created attachment 389461 [details] Patch
Comment on attachment 389461 [details] Patch Thanks!
*** Bug 207035 has been marked as a duplicate of this bug. ***
Comment on attachment 389461 [details] Patch Clearing flags on attachment: 389461 Committed r255556: <https://trac.webkit.org/changeset/255556>
All reviewed patches have been landed. Closing bug.