Bug 262764

Summary: Regression: ASSERT(!m_adoptionIsRequired) under Node::ref() on iOS Debug
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Chris Dumez 2023-10-05 22:33:19 PDT 
ASSERT(!m_adoptionIsRequired) under Node::ref():
```
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
  * frame #0: 0x0000000141f96878 JavaScriptCore`::WTFCrash() at Assertions.cpp:333:35
    frame #1: 0x00000002a6263090 WebCore`WTFCrashWithInfo((null)=792, (null)="/Volumes/Data/Development/system/webkit/OpenSource/Source/WebCore/dom/Node.h", (null)="void WebCore::Node::ref() const", (null)=2817) at Assertions.h:778:5
    frame #2: 0x00000002a67bd8d0 WebCore`WebCore::Node::ref(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) const at Node.h:792:5
    frame #3: 0x00000002a38e1130 WebCore`WTF::DefaultRefDerefTraits<WebCore::Document>::refIfNotNull(ptr={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at RefPtr.h:36:18
    frame #4: 0x00000002a62a68c4 WebCore`WTF::RefPtr<WebCore::Document, WTF::RawPtrTraits<WebCore::Document>, WTF::DefaultRefDerefTraits<WebCore::Document>>::RefPtr(this=0x000000016d52acd0, ptr={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at RefPtr.h:63:42
    frame #5: 0x00000002a38df550 WebCore`WTF::RefPtr<WebCore::Document, WTF::RawPtrTraits<WebCore::Document>, WTF::DefaultRefDerefTraits<WebCore::Document>>::RefPtr(this=0x000000016d52acd0, ptr={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at RefPtr.h:63:77
    frame #6: 0x00000002a72be208 WebCore`WebCore::FrameSelection::protectedDocument(this=0x000000015c1622e0) const at FrameSelection.h:323:57
    frame #7: 0x00000002a72bee68 WebCore`WebCore::FrameSelection::updateSelectionAppearanceNow(this=0x000000015c1622e0) at FrameSelection.cpp:501:23
    frame #8: 0x00000002a72c5fb8 WebCore`WebCore::FrameSelection::setCaretVisibility(this=0x000000015c1622e0, visibility=Visible, doAppearanceUpdate=Yes) at FrameSelection.cpp:2345:9
    frame #9: 0x00000002a72bc420 WebCore`WebCore::FrameSelection::setCaretVisible(this=0x000000015c1622e0, caretIsVisible=true) at FrameSelection.h:198:49
    frame #10: 0x00000002a72bbfc4 WebCore`WebCore::FrameSelection::FrameSelection(this=0x000000015c1622e0, document={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at FrameSelection.cpp:209:5
    frame #11: 0x00000002a72bc450 WebCore`WebCore::FrameSelection::FrameSelection(this=0x000000015c1622e0, document={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at FrameSelection.cpp:200:1
    frame #12: 0x00000002a6fb7868 WebCore`WTF::UniqueRef<WebCore::FrameSelection> WTF::makeUniqueRefWithoutFastMallocCheck<WebCore::FrameSelection, WebCore::Document*>(args={ origin = , url = , inMainFrame = Detached, backForwardCacheState = None }) at UniqueRef.h:40:30
    frame #13: 0x00000002a6f3c414 WebCore`WTF::UniqueRef<WebCore::FrameSelection> WTF::makeUniqueRef<WebCore::FrameSelection, WebCore::Document*>(args={ origin = , url = , inMainFrame = Detached, backForwardCacheState = None }) at UniqueRef.h:47:12
    frame #14: 0x00000002a6f3a160 WebCore`WebCore::Document::Document(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, frame=0x000000015c150690, settings=0x000000015c14fd80, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, documentClasses={ size = 1 }, constructionFlags={ size = 0 }, identifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52b1e0) at Document.cpp:638:19
    frame #15: 0x00000002a7487298 WebCore`WebCore::HTMLDocument::HTMLDocument(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, frame=0x000000015c150690, settings=0x000000015c14fd80, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, documentIdentifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52b2f0, documentClasses={ size = 1 }, constructionFlags={ size = 0 }) at HTMLDocument.cpp:98:7
    frame #16: 0x00000002a7487164 WebCore`WebCore::HTMLDocument::HTMLDocument(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, frame=0x000000015c150690, settings=0x000000015c14fd80, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, documentIdentifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52b2f0, documentClasses={ size = 1 }, constructionFlags={ size = 0 }) at HTMLDocument.cpp:99:1
    frame #17: 0x00000002a6f1a4a0 WebCore`WebCore::HTMLDocument::create(frame=0x000000015c150690, settings=0x000000015c14fd80, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, identifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52b600) at HTMLDocument.h:71:35
    frame #18: 0x00000002a6f1a71c WebCore`WebCore::DOMImplementation::createDocument(contentType={ length = 9, contents = 'text/html' }, frame=0x000000015c150690, settings=0x000000015c14fd80, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, documentIdentifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52b6d0) at DOMImplementation.cpp:157:16
    frame #19: 0x00000002a7bf9e74 WebCore`WebCore::DocumentWriter::createDocument(this=0x000000016d80b4d8, url={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, documentIdentifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52ba80) at DocumentWriter.cpp:143:12
    frame #20: 0x00000002a7beb62c WebCore`WebCore::DocumentWriter::begin(this=0x000000016d80b4d8, urlReference={ http://127.0.0.1:8080/scrollbars/async-overflow-custom-scrollbar-expected.html }, dispatch=false, ownerDocument={ origin = , url = , inMainFrame = Detached, backForwardCacheState = None }, documentIdentifier=WebCore::ScriptExecutionContextIdentifier @ 0x000000016d52bd60, triggeringAction=0x000000016d80bad0) at DocumentWriter.cpp:155:30
    frame #21: 0x00000002a7be4790 WebCore`WebCore::DocumentLoader::commitData(this=0x000000016d80b400, data=0x000000015c149aa0) at DocumentLoader.cpp:1279:34
    frame #22: 0x00000001249b62a8 WebKit`WebKit::WebLocalFrameLoaderClient::committedLoad(this=0x000000015c14e920, loader=0x000000016d80b400, data=0x000000015c149aa0) at WebLocalFrameLoaderClient.cpp:1106:17
    frame #23: 0x00000002a7beb504 WebCore`WebCore::DocumentLoader::commitLoad(this=0x000000016d80b400, data=0x000000015c149aa0) at DocumentLoader.cpp:1243:27
```
Comment 1 Chris Dumez 2023-10-05 22:37:33 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/18746
Comment 2 EWS 2023-10-06 04:35:35 PDT 
Committed 268983@main (272fd33e2ef9): <https://commits.webkit.org/268983@main>

Reviewed commits have been landed. Closing PR #18746 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2023-10-06 04:36:15 PDT 
<rdar://problem/116574492>