RESOLVED FIXED 270477
REGRESSION (274894@main): [ iOS Debug ] accessibility/text-marker/text-marker-range-stale-node-crash.html is a constant crash
https://bugs.webkit.org/show_bug.cgi?id=270477
Summary REGRESSION (274894@main): [ iOS Debug ] accessibility/text-marker/text-marker...
Jay Stfleur
Reported 2024-03-04 13:20:42 PST
Description: accessibility/text-marker/text-marker-range-stale-node-crash.html Is a constant crash on iOS Debug. History: https://results.webkit.org/?suite=layout-tests&test=accessibility%2Ftext-marker%2Ftext-marker-range-stale-node-crash.html Diff/Image Diff/Crash Log: stderr: ASSERTION FAILED: !deletionHasBegun() /Volumes/Data/worker/Apple-iOS-17-Simulator-Debug-Build/build/Source/WebCore/dom/Node.h(821) : void WebCore::Node::ref() const 1 0x10f77e7b8 WTFCrash 2 0x2cb7ed140 WebCore::BaseAudioContext::currentSampleFrame() const 3 0x2cb801fac WebCore::Node::ref() const 4 0x2c951c234 WTF::DefaultRefDerefTraits<WebCore::Node>::refIfNotNull(WebCore::Node*) 5 0x2c951c1f0 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*) 6 0x2c951c124 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*) 7 0x2cb9e6bb8 WebCore::AXObjectCache::characterOffsetForTextMarkerData(WebCore::TextMarkerData&) 8 0x2c94aaa84 -[WebAccessibilityTextMarker characterOffset] 9 0x2c94ba54c -[WebAccessibilityObjectWrapper rangeForTextMarkers:] 10 0x2c94ba8e8 -[WebAccessibilityObjectWrapper textMarkerRangeForMarkers:] 11 0x13accc7dc WTR::AccessibilityUIElement::textMarkerRangeForMarkers(WTR::AccessibilityTextMarker*, WTR::AccessibilityTextMarker*) 12 0x13ad120b8 WTR::JSAccessibilityUIElement::textMarkerRangeForMarkers(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) 13 0x1100a4884 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) 14 0x11009cf44 JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*) 15 0x2900103b0 14 ??? 0x00000002900103b0 0x0 + 11005920176 16 0x111e7bc64 llint_entry 17 0x111e55eb4 vmEntryToJavaScript 18 0x110fb2314 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 19 0x111278a9c JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 20 0x111278be8 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 21 0x2cbd39254 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 22 0x2cbd38d2c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 23 0x2cbd38b60 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 24 0x2cbd39510 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) 25 0x2cc79467c WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 26 0x2cc792410 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&) 27 0x2ccdb5968 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) 28 0x2ccdb5798 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&) 29 0x2ccd77e64 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 30 0x2ccd78370 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 31 0x2ccd776e4 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) com.apple.WebKit.WebContent.Development terminated (pid 2919) for reason: crash LEAK: 1 WebPageProxy
Attachments
Radar WebKit Bug Importer
Comment 1 2024-03-04 13:21:14 PST
Jay Stfleur
Comment 2 2024-03-04 14:00:48 PST
Reproducibility: rwt --root --ios-simulator accessibility/text-marker/text-marker-range-stale-node-crash.html --child-process=1 --iterations 10
Charlie Wolfe
Comment 3 2024-03-04 19:18:31 PST
EWS
Comment 4 2024-03-05 09:08:58 PST
Committed 275695@main (f3f8811670c3): <https://commits.webkit.org/275695@main> Reviewed commits have been landed. Closing PR #25469 and removing active labels.
EWS
Comment 5 2024-04-26 13:53:03 PDT
Test gardening commit 278056@main (745a77767bf2): <https://commits.webkit.org/278056@main> Reviewed commits have been landed. Closing PR #27817 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.