RESOLVED FIXED 235612
ASSERTION FAILED: !hasPendingSheets() under WebCore::Style::Scope::~Scope() 
https://bugs.webkit.org/show_bug.cgi?id=235612
Summary ASSERTION FAILED: !hasPendingSheets() under WebCore::Style::Scope::~Scope()
Ryan Haddad
Reported 2022-01-25 15:16:06 PST
The following assertion failure is seen on macOS Debug bots with various tests and is causing false positives on some EWS runs: https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fcss%2Fcss-color%2Fbackground-color-hsl-004.html ASSERTION FAILED: !hasPendingSheets() ./style/StyleScope.cpp(78) : WebCore::Style::Scope::~Scope() 1 0x13ce2379c WTFCrash 2 0x1180d58f0 JSC::JSCell::structure() const 3 0x11cbd6cd4 WebCore::Style::Scope::~Scope() 4 0x11cbd6ec4 WebCore::Style::Scope::~Scope() 5 0x11ac012d0 std::__1::default_delete<WebCore::Style::Scope>::operator()(WebCore::Style::Scope*) const 6 0x11ac01254 std::__1::unique_ptr<WebCore::Style::Scope, std::__1::default_delete<WebCore::Style::Scope> >::reset(WebCore::Style::Scope*) 7 0x11ac011e8 std::__1::unique_ptr<WebCore::Style::Scope, std::__1::default_delete<WebCore::Style::Scope> >::~unique_ptr() 8 0x11ab8ae64 std::__1::unique_ptr<WebCore::Style::Scope, std::__1::default_delete<WebCore::Style::Scope> >::~unique_ptr() 9 0x11ab89490 WebCore::Document::~Document() 10 0x11b0e9b8c WebCore::HTMLDocument::~HTMLDocument() 11 0x11b0e9bc0 WebCore::HTMLDocument::~HTMLDocument() 12 0x11b0e9c80 WebCore::HTMLDocument::~HTMLDocument() 13 0x11ab8b9c8 WebCore::Document::decrementReferencingNodeCount() 14 0x11ad5c21c WebCore::Node::~Node() 15 0x11ab36f94 WebCore::ContainerNode::~ContainerNode() 16 0x11ac7dbc0 WebCore::Element::~Element() 17 0x11ae1ca7c WebCore::StyledElement::~StyledElement() 18 0x11a3801f0 WebCore::HTMLElement::~HTMLElement() 19 0x11b1fa8f0 WebCore::HTMLStyleElement::~HTMLStyleElement() 20 0x11b1faa7c WebCore::HTMLStyleElement::~HTMLStyleElement() 21 0x11b1faab0 WebCore::HTMLStyleElement::~HTMLStyleElement() 22 0x11ad67880 WebCore::Node::removedLastRef() 23 0x118168f3c WebCore::Node::deref() const 24 0x11ad5ecd0 WebCore::Node::derefEventTarget() 25 0x117e71544 WebCore::EventTarget::deref() 26 0x117d6035c WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget> >::~Ref() 27 0x117bdece0 WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget> >::~Ref() 28 0x1181c2e1c WebCore::JSDOMWrapper<WebCore::EventTarget>::~JSDOMWrapper() 29 0x1181c2de4 WebCore::JSEventTarget::~JSEventTarget() 30 0x1181347e4 WebCore::JSEventTarget::~JSEventTarget() 31 0x1180d7ab0 WebCore::JSEventTarget::destroy(JSC::JSCell*) com.apple.WebKit.WebContent.Development terminated (pid 7009) because the process crashed #CRASHED - com.apple.WebKit.WebContent.Development (pid 7009)
Attachments
Patch (2.65 KB, patch)
2022-01-26 02:33 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-01-25 15:16:29 PST
<rdar://problem/88046988>
Antti Koivisto
Comment 2 2022-01-25 22:35:18 PST
Probably regression from https://trac.webkit.org/changeset/288362/webkit
Antti Koivisto
Comment 3 2022-01-26 01:19:50 PST
This reproes with run-webkit-tests --debug --no-build imported/w3c/web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html --repeat 50 The crash gets attributed to a wrong test since it happens on destructor.
Antti Koivisto
Comment 4 2022-01-26 01:21:18 PST
*on Document destruction.
Antti Koivisto
Comment 5 2022-01-26 02:33:55 PST
Created attachment 450008 [details] Patch
EWS
Comment 6 2022-01-26 06:37:00 PST
Committed r288617 (246436@main): <https://commits.webkit.org/246436@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 450008 [details].
Note You need to log in before you can comment on or make changes to this bug.