Bug 167308

Summary: REGRESSION (r211033): ASSERTION FAILED: m_ptr in com.apple.WebCore: WTF::RefPtr<WebCore::Element>::operator* const + 70
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, darin, dbates, esprehn+autocc, kangil.han, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 167224    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Ryan Haddad
Reported 2017-01-23 08:55:56 PST
ASSERTION FAILED: m_ptr /Volumes/Data/slave/elcapitan-debug/build/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h(73) : T &WTF::RefPtr<WebCore::Element>::operator*() const [T = WebCore::Element] 1 0x107b264c0 WTFCrash 2 0x10a51aaf9 WTF::RefPtr<WebCore::Element>::operator*() const 3 0x10ab2c222 WebCore::Document::webkitExitFullscreen() 4 0x10ab2bed5 WebCore::Document::webkitCancelFullScreen() 5 0x10b642b6a WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreenCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&) 6 0x10b635bc4 long long WebCore::BindingCaller<WebCore::JSDocument>::callOperation<&(WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreenCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*) 7 0x10b61ac2c WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreen(JSC::ExecState*) 8 0x572fcac01028 9 0x107701225 llint_entry 10 0x107701225 llint_entry 11 0x1076f9aee vmEntryToJavaScript 12 0x1074fd34c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 13 0x1074b388f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 14 0x106cb37ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 15 0x106cb38c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 16 0x106cb3acd JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 17 0x10b54cefb WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 18 0x10b7f54c4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 19 0x10ad0f3cf WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) 20 0x10ad0efbb WebCore::EventTarget::fireEventListeners(WebCore::Event&) 21 0x10c2df921 WebCore::Node::handleLocalEvents(WebCore::Event&) 22 0x10acdd451 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const 23 0x10acde0bf WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) 24 0x10acddc76 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) 25 0x10c2df97d WebCore::Node::dispatchEvent(WebCore::Event&) 26 0x10ab2cdbd WebCore::Document::dispatchFullScreenChangeOrErrorEvent(WTF::Deque<WTF::RefPtr<WebCore::Node>, 0ul>&, WTF::AtomicString const&, bool) 27 0x10ab0dfa2 WebCore::Document::fullScreenChangeDelayTimerFired() 28 0x10ab53878 void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>&>(std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>&&&) 29 0x10ab5374c std::__1::__function::__func<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>, std::__1::allocator<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*> >, void ()>::operator()() 30 0x10a4799aa std::__1::function<void ()>::operator()() const 31 0x10a4798bc WebCore::Timer::fired() https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r211038%20(1733)/results.html
Attachments
Patch (1.63 KB, patch)
2017-01-23 09:37 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.41 KB, patch)
2017-01-23 10:16 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (10.11 KB, patch)
2017-01-23 10:27 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2017-01-23 08:56:07 PST
Started with https://trac.webkit.org/changeset/211033
Ryan Haddad
Comment 2 2017-01-23 08:57:03 PST
<rdar://problem/30144964>
Ryan Haddad
Comment 3 2017-01-23 08:57:54 PST
Seen on macOS Debug WK2 with LayoutTest fullscreen/exit-full-screen-iframe.html
Chris Dumez
Comment 4 2017-01-23 09:37:02 PST
Created attachment 299518 [details] Patch
Chris Dumez
Comment 5 2017-01-23 09:37:20 PST
I am still building locally to confirm the fix.
Chris Dumez
Comment 6 2017-01-23 10:16:56 PST
Created attachment 299523 [details] Patch
Chris Dumez
Comment 7 2017-01-23 10:17:43 PST
Waiting for EWS to be green before landing.
Chris Dumez
Comment 8 2017-01-23 10:27:15 PST
Created attachment 299524 [details] Patch
Chris Dumez
Comment 9 2017-01-23 10:41:05 PST
Comment on attachment 299524 [details] Patch Clearing flags on attachment: 299524 Committed r211042: <http://trac.webkit.org/changeset/211042>
Chris Dumez
Comment 10 2017-01-23 10:41:12 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.