Crash under ~LegacyRenderSVGRoot() when loading nytimes.com since 268511@main: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x113b77ed4 WTFCrashWithInfo(int, char const*, char const*, int) + 20 (Assertions.h:778) 1 WebCore 0x114ab0bfc WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::~CanMakeCheckedPtrBase() + 28 (CheckedRef.h:250) [inlined] 2 WebCore 0x114ab0bfc WebCore::RenderObject::~RenderObject() + 164 (RenderObject.cpp:172) 3 WebCore 0x114bc56b4 WebCore::LegacyRenderSVGRoot::~LegacyRenderSVGRoot() + 16 (LegacyRenderSVGRoot.cpp:76) [inlined] 4 WebCore 0x114bc56b4 WebCore::LegacyRenderSVGRoot::~LegacyRenderSVGRoot() + 16 (LegacyRenderSVGRoot.cpp:76) [inlined] 5 WebCore 0x114bc56b4 WebCore::LegacyRenderSVGRoot::~LegacyRenderSVGRoot() + 44 (LegacyRenderSVGRoot.cpp:76) 6 WebCore 0x114bc95fc std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>::reset[abi:v160006](WebCore::RenderObject*) + 16 (unique_ptr.h:297) [inlined] 7 WebCore 0x114bc95fc std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>::~unique_ptr[abi:v160006]() + 16 (unique_ptr.h:263) [inlined] 8 WebCore 0x114bc95fc std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>::~unique_ptr[abi:v160006]() + 16 (unique_ptr.h:263) [inlined] 9 WebCore 0x114bc95fc WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 192 (RenderTreeBuilder.cpp:175) 10 WebCore 0x114bcd3d8 WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) + 240 (RenderTreeBuilder.cpp:892) 11 WebCore 0x114bd9d6c WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&)::$_9::operator()(unsigned int) const + 248 (RenderTreeUpdater.cpp:641) [inlined] 12 WebCore 0x114bd9d6c WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) + 2176 (RenderTreeUpdater.cpp:664) ```
<rdar://116257845>
Pull request: https://github.com/WebKit/WebKit/pull/18447
Committed 268678@main (b4da3e2a9e8d): <https://commits.webkit.org/268678@main> Reviewed commits have been landed. Closing PR #18447 and removing active labels.