Bug 244390

Summary: REGRESSION (252564@main): WK1 ScriptDisallowedScope assertion failure via WidgetHierarchyUpdatesSuspensionScope::moveWidgets()
Product: WebKit Reporter: Karl Rackler <rackler>
Component: New BugsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
crash log none

Description Karl Rackler 2022-08-26 08:29:03 PDT 
Description:
editing/selection/cleared-by-relayout.html

This test is consistently crashing on macOS wk1 Debug starting at 252564@main.

REPRODUCTION STEPS
I can reproduce this on 252564@main but cannot reproduce it on 252563@main or earlier.

Command: 
run-webkit-tests --debug -1 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --iterations 50 -f --no-retry editing/selection/cleared-by-relayout.html

Result: 
Regressions: Unexpected crashes (1)
  editing/selection/cleared-by-relayout.html [ Crash ]

History:
https://results.webkit.org/?suite=layout-tests&test=editing%2Fselection%2Fcleared-by-relayout.html&platform=mac&style=debug&flavor=wk1&limit=50000

Crash Log:
Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	       0x1068e19de    WTFCrash
1   com.apple.JavaScriptCore      	       0x1068e19f8    WTFCrashWithSecurityImplication
2   com.apple.WebCore             	       0x18d9aee4c    WebCore::Document::dispatchWindowEvent(WebCore::Event&, WebCore::EventTarget*)
3   com.apple.WebCore             	       0x18e719ec0    WebCore::dispatchEventsOnWindowAndFocusedElement(WebCore::Document*, bool)
4   com.apple.WebCore             	       0x18e719db0    WebCore::FocusController::setFocusedInternal(bool)
5   com.apple.WebCore             	       0x18e71bde4    WebCore::FocusController::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
Comment 1 Radar WebKit Bug Importer 2022-08-26 08:29:19 PDT 
<rdar://problem/99188200>
Comment 2 Karl Rackler 2022-08-26 08:39:04 PDT 
I have marked this test as a consistent crash while this issue is investigated.
Comment 3 Karl Rackler 2022-08-26 08:42:47 PDT 
Created attachment 461883 [details]
crash log
Comment 4 EWS 2022-08-26 08:44:18 PDT 
Test gardening commit 253818@main (18ba0a68341e): <https://commits.webkit.org/253818@main>

Reviewed commits have been landed. Closing PR #3704 and removing active labels.
Comment 5 Ryan Haddad 2022-08-26 18:53:22 PDT 
ASSERTION FAILED: ScriptDisallowedScope::InMainThread::isScriptAllowed()
dom/Document.cpp(5156) : void WebCore::Document::dispatchWindowEvent(WebCore::Event &, WebCore::EventTarget *)
Comment 6 Ryosuke Niwa 2022-08-26 21:35:34 PDT 
Sigh... stupid widget tree gets updated.

Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	       0x1068e19de    WTFCrash
1   com.apple.JavaScriptCore      	       0x1068e19f8    WTFCrashWithSecurityImplication
2   com.apple.WebCore             	       0x18d9aee4c    WebCore::Document::dispatchWindowEvent(WebCore::Event&, WebCore::EventTarget*)
3   com.apple.WebCore             	       0x18e719ec0    WebCore::dispatchEventsOnWindowAndFocusedElement(WebCore::Document*, bool)
4   com.apple.WebCore             	       0x18e719db0    WebCore::FocusController::setFocusedInternal(bool)
5   com.apple.WebCore             	       0x18e71bde4    WebCore::FocusController::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
6   com.apple.WebCore             	       0x18e7abef6    WebCore::Page::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
7   com.apple.WebCore             	       0x18e719c5a    WebCore::FocusController::setFocused(bool)
8   com.apple.WebKitLegacy        	       0x1117d2b66    -[WebHTMLView resignFirstResponder]
9   com.apple.AppKit              	       0x7ff809929ddc -[NSWindow _realMakeFirstResponder:] + 178 (/AppleInternal/Library/BuildRoots/dd001be1-8f4d-11ec-b343-4a23b0182bfd/Library/Caches/com.apple.xbs/Sources/AppKit/AppKit.subproj/NSWindow.m:6024)
10  com.apple.WebCore             	       0x18ca16bc0    WebCore::safeRemoveFromSuperview(NSView*)
11  com.apple.WebCore             	       0x18ca16ac6    WebCore::Widget::removeFromSuperview()
12  com.apple.WebCore             	       0x18c935988    WebCore::ScrollView::platformRemoveChild(WebCore::Widget*)
13  com.apple.WebCore             	       0x18e998eaa    WebCore::ScrollView::removeChild(WebCore::Widget&)
14  com.apple.WebCore             	       0x18e740d14    WebCore::FrameView::removeChild(WebCore::Widget&)
15  com.apple.WebCore             	       0x18f2ebdf2    WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets()
16  com.apple.WebCore             	       0x18bc998c8    WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope()
17  com.apple.WebCore             	       0x18bc8d9b4    WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope()
18  com.apple.WebCore             	       0x18d99f002    WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
19  com.apple.WebCore             	       0x18d99fb7c    WebCore::Document::updateStyleIfNeeded()
20  com.apple.WebCore             	       0x18d9a6fca    WebCore::Document::implicitClose()
21  com.apple.WebCore             	       0x18e51c86a    WebCore::FrameLoader::checkCallImplicitClose()
22  com.apple.WebCore             	       0x18e51c2a0    WebCore::FrameLoader::checkCompleted()
23  com.apple.WebCore             	       0x18e51c930    WebCore::FrameLoader::completed()
24  com.apple.WebCore             	       0x18e51c2be    WebCore::FrameLoader::checkCompleted()
25  com.apple.WebCore             	       0x18e51a230    WebCore::FrameLoader::finishedParsing()
26  com.apple.WebCore             	       0x18d9bc54e    WebCore::Document::finishedParsing()
27  com.apple.WebCore             	       0x18e08ae68    WebCore::HTMLConstructionSite::finishedParsing()
28  com.apple.WebCore             	       0x18e0cc6d0    WebCore::HTMLTreeBuilder::finished()
29  com.apple.WebCore             	       0x18e096ed2    WebCore::HTMLDocumentParser::end()
Comment 7 Ryosuke Niwa 2022-08-26 22:19:18 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3730
Comment 8 EWS 2022-08-27 14:11:03 PDT 
Committed 253870@main (4cc5aa54fb86): <https://commits.webkit.org/253870@main>

Reviewed commits have been landed. Closing PR #3730 and removing active labels.