Bug 167308

Summary: REGRESSION (r211033): ASSERTION FAILED: m_ptr in com.apple.WebCore: WTF::RefPtr<WebCore::Element>::operator* const + 70
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, darin, dbates, esprehn+autocc, kangil.han, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 167224    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Description Ryan Haddad 2017-01-23 08:55:56 PST 
ASSERTION FAILED: m_ptr
/Volumes/Data/slave/elcapitan-debug/build/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h(73) : T &WTF::RefPtr<WebCore::Element>::operator*() const [T = WebCore::Element]
1   0x107b264c0 WTFCrash
2   0x10a51aaf9 WTF::RefPtr<WebCore::Element>::operator*() const
3   0x10ab2c222 WebCore::Document::webkitExitFullscreen()
4   0x10ab2bed5 WebCore::Document::webkitCancelFullScreen()
5   0x10b642b6a WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreenCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&)
6   0x10b635bc4 long long WebCore::BindingCaller<WebCore::JSDocument>::callOperation<&(WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreenCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*)
7   0x10b61ac2c WebCore::jsDocumentPrototypeFunctionWebkitCancelFullScreen(JSC::ExecState*)
8   0x572fcac01028
9   0x107701225 llint_entry
10  0x107701225 llint_entry
11  0x1076f9aee vmEntryToJavaScript
12  0x1074fd34c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
13  0x1074b388f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
14  0x106cb37ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
15  0x106cb38c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
16  0x106cb3acd JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
17  0x10b54cefb WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
18  0x10b7f54c4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
19  0x10ad0f3cf WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>)
20  0x10ad0efbb WebCore::EventTarget::fireEventListeners(WebCore::Event&)
21  0x10c2df921 WebCore::Node::handleLocalEvents(WebCore::Event&)
22  0x10acdd451 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const
23  0x10acde0bf WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&)
24  0x10acddc76 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
25  0x10c2df97d WebCore::Node::dispatchEvent(WebCore::Event&)
26  0x10ab2cdbd WebCore::Document::dispatchFullScreenChangeOrErrorEvent(WTF::Deque<WTF::RefPtr<WebCore::Node>, 0ul>&, WTF::AtomicString const&, bool)
27  0x10ab0dfa2 WebCore::Document::fullScreenChangeDelayTimerFired()
28  0x10ab53878 void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>&>(std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>&&&)
29  0x10ab5374c std::__1::__function::__func<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*>, std::__1::allocator<std::__1::__bind<void (WebCore::Document::*&)(), WebCore::Document*> >, void ()>::operator()()
30  0x10a4799aa std::__1::function<void ()>::operator()() const
31  0x10a4798bc WebCore::Timer::fired()

https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r211038%20(1733)/results.html
Comment 1 Ryan Haddad 2017-01-23 08:56:07 PST 
Started with https://trac.webkit.org/changeset/211033
Comment 2 Ryan Haddad 2017-01-23 08:57:03 PST 
<rdar://problem/30144964>
Comment 3 Ryan Haddad 2017-01-23 08:57:54 PST 
Seen on macOS Debug WK2 with LayoutTest fullscreen/exit-full-screen-iframe.html
Comment 4 Chris Dumez 2017-01-23 09:37:02 PST 
Created attachment 299518 [details]
Patch
Comment 5 Chris Dumez 2017-01-23 09:37:20 PST 
I am still building locally to confirm the fix.
Comment 6 Chris Dumez 2017-01-23 10:16:56 PST 
Created attachment 299523 [details]
Patch
Comment 7 Chris Dumez 2017-01-23 10:17:43 PST 
Waiting for EWS to be green before landing.
Comment 8 Chris Dumez 2017-01-23 10:27:15 PST 
Created attachment 299524 [details]
Patch
Comment 9 Chris Dumez 2017-01-23 10:41:05 PST 
Comment on attachment 299524 [details]
Patch

Clearing flags on attachment: 299524

Committed r211042: <http://trac.webkit.org/changeset/211042>
Comment 10 Chris Dumez 2017-01-23 10:41:12 PST 
All reviewed patches have been landed.  Closing bug.