Bug 244390 - REGRESSION (252564@main): WK1 ScriptDisallowedScope assertion failure via WidgetHierarchyUpdatesSuspensionScope::moveWidgets()
Summary: REGRESSION (252564@main): WK1 ScriptDisallowedScope assertion failure via Wid...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-08-26 08:29 PDT by Karl Rackler
Modified: 2022-08-27 14:11 PDT (History)
4 users (show)

See Also:

Attachments
crash log (42.41 KB, text/plain)
2022-08-26 08:42 PDT, Karl Rackler 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karl Rackler 2022-08-26 08:29:03 PDT 
Description:
editing/selection/cleared-by-relayout.html

This test is consistently crashing on macOS wk1 Debug starting at 252564@main.

REPRODUCTION STEPS
I can reproduce this on 252564@main but cannot reproduce it on 252563@main or earlier.

Command: 
run-webkit-tests --debug -1 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --iterations 50 -f --no-retry editing/selection/cleared-by-relayout.html

Result: 
Regressions: Unexpected crashes (1)
  editing/selection/cleared-by-relayout.html [ Crash ]

History:
https://results.webkit.org/?suite=layout-tests&test=editing%2Fselection%2Fcleared-by-relayout.html&platform=mac&style=debug&flavor=wk1&limit=50000

Crash Log:
Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	       0x1068e19de    WTFCrash
1   com.apple.JavaScriptCore      	       0x1068e19f8    WTFCrashWithSecurityImplication
2   com.apple.WebCore             	       0x18d9aee4c    WebCore::Document::dispatchWindowEvent(WebCore::Event&, WebCore::EventTarget*)
3   com.apple.WebCore             	       0x18e719ec0    WebCore::dispatchEventsOnWindowAndFocusedElement(WebCore::Document*, bool)
4   com.apple.WebCore             	       0x18e719db0    WebCore::FocusController::setFocusedInternal(bool)
5   com.apple.WebCore             	       0x18e71bde4    WebCore::FocusController::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
Comment 1 Radar WebKit Bug Importer 2022-08-26 08:29:19 PDT 
<rdar://problem/99188200>
Comment 2 Karl Rackler 2022-08-26 08:39:04 PDT 
I have marked this test as a consistent crash while this issue is investigated.
Comment 3 Karl Rackler 2022-08-26 08:42:47 PDT 
Created attachment 461883 [details]
crash log
Comment 4 EWS 2022-08-26 08:44:18 PDT 
Test gardening commit 253818@main (18ba0a68341e): <https://commits.webkit.org/253818@main>

Reviewed commits have been landed. Closing PR #3704 and removing active labels.
Comment 5 Ryan Haddad 2022-08-26 18:53:22 PDT 
ASSERTION FAILED: ScriptDisallowedScope::InMainThread::isScriptAllowed()
dom/Document.cpp(5156) : void WebCore::Document::dispatchWindowEvent(WebCore::Event &, WebCore::EventTarget *)
Comment 6 Ryosuke Niwa 2022-08-26 21:35:34 PDT 
Sigh... stupid widget tree gets updated.

Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	       0x1068e19de    WTFCrash
1   com.apple.JavaScriptCore      	       0x1068e19f8    WTFCrashWithSecurityImplication
2   com.apple.WebCore             	       0x18d9aee4c    WebCore::Document::dispatchWindowEvent(WebCore::Event&, WebCore::EventTarget*)
3   com.apple.WebCore             	       0x18e719ec0    WebCore::dispatchEventsOnWindowAndFocusedElement(WebCore::Document*, bool)
4   com.apple.WebCore             	       0x18e719db0    WebCore::FocusController::setFocusedInternal(bool)
5   com.apple.WebCore             	       0x18e71bde4    WebCore::FocusController::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
6   com.apple.WebCore             	       0x18e7abef6    WebCore::Page::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag>)
7   com.apple.WebCore             	       0x18e719c5a    WebCore::FocusController::setFocused(bool)
8   com.apple.WebKitLegacy        	       0x1117d2b66    -[WebHTMLView resignFirstResponder]
9   com.apple.AppKit              	       0x7ff809929ddc -[NSWindow _realMakeFirstResponder:] + 178 (/AppleInternal/Library/BuildRoots/dd001be1-8f4d-11ec-b343-4a23b0182bfd/Library/Caches/com.apple.xbs/Sources/AppKit/AppKit.subproj/NSWindow.m:6024)
10  com.apple.WebCore             	       0x18ca16bc0    WebCore::safeRemoveFromSuperview(NSView*)
11  com.apple.WebCore             	       0x18ca16ac6    WebCore::Widget::removeFromSuperview()
12  com.apple.WebCore             	       0x18c935988    WebCore::ScrollView::platformRemoveChild(WebCore::Widget*)
13  com.apple.WebCore             	       0x18e998eaa    WebCore::ScrollView::removeChild(WebCore::Widget&)
14  com.apple.WebCore             	       0x18e740d14    WebCore::FrameView::removeChild(WebCore::Widget&)
15  com.apple.WebCore             	       0x18f2ebdf2    WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets()
16  com.apple.WebCore             	       0x18bc998c8    WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope()
17  com.apple.WebCore             	       0x18bc8d9b4    WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope()
18  com.apple.WebCore             	       0x18d99f002    WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
19  com.apple.WebCore             	       0x18d99fb7c    WebCore::Document::updateStyleIfNeeded()
20  com.apple.WebCore             	       0x18d9a6fca    WebCore::Document::implicitClose()
21  com.apple.WebCore             	       0x18e51c86a    WebCore::FrameLoader::checkCallImplicitClose()
22  com.apple.WebCore             	       0x18e51c2a0    WebCore::FrameLoader::checkCompleted()
23  com.apple.WebCore             	       0x18e51c930    WebCore::FrameLoader::completed()
24  com.apple.WebCore             	       0x18e51c2be    WebCore::FrameLoader::checkCompleted()
25  com.apple.WebCore             	       0x18e51a230    WebCore::FrameLoader::finishedParsing()
26  com.apple.WebCore             	       0x18d9bc54e    WebCore::Document::finishedParsing()
27  com.apple.WebCore             	       0x18e08ae68    WebCore::HTMLConstructionSite::finishedParsing()
28  com.apple.WebCore             	       0x18e0cc6d0    WebCore::HTMLTreeBuilder::finished()
29  com.apple.WebCore             	       0x18e096ed2    WebCore::HTMLDocumentParser::end()
Comment 7 Ryosuke Niwa 2022-08-26 22:19:18 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3730
Comment 8 EWS 2022-08-27 14:11:03 PDT 
Committed 253870@main (4cc5aa54fb86): <https://commits.webkit.org/253870@main>

Reviewed commits have been landed. Closing PR #3730 and removing active labels.