Bug 269656

test imported/w3c/web-platform-tests/media-source/URL-createObjectURL-null.html intermittently crashes when running the `mported/w3c/web-platform-tests/media-source` tests. assertion: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x13c733158 WTFCrash 1 com.apple.WebCore 0x328dafed4 WTFCrashWithInfo(int, char const*, char const*, int) 2 com.apple.WebCore 0x32936fdb0 WebCore::Node::ref() const 3 com.apple.WebCore 0x3265b1dc0 WTF::DefaultRefDerefTraits<WebCore::HTMLMediaElement>::refIfNotNull(WebCore::HTMLMediaElement*) 4 com.apple.WebCore 0x3265b1d78 WTF::RefPtr<WebCore::HTMLMediaElement, WTF::RawPtrTraits<WebCore::HTMLMediaElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLMediaElement>>::RefPtr(WebCore::HTMLMediaElement*) 5 com.apple.WebCore 0x3265b1a24 WTF::RefPtr<WebCore::HTMLMediaElement, WTF::RawPtrTraits<WebCore::HTMLMediaElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLMediaElement>>::RefPtr(WebCore::HTMLMediaElement*) 6 com.apple.WebCore 0x328a60a60 WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(WTF::Function<void (WebCore::HTMLMediaElement&)>&&) const::$_29::operator()() 7 com.apple.WebCore 0x328a6097c WTF::Detail::CallableWrapper<WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(WTF::Function<void (WebCore::HTMLMediaElement&)>&&) const::$_29, void>::call() 8 com.apple.JavaScriptCore 0x13e67c47c WTF::Function<void ()>::operator()() const 9 com.apple.JavaScriptCore 0x13c7cbbc4 WTF::ensureOnMainThread(WTF::Function<void ()>&&) 10 com.apple.WebCore 0x328a27300 WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(WTF::Function<void (WebCore::HTMLMediaElement&)>&&) const 11 com.apple.WebCore 0x328a2526c WebCore::MediaSource::notifyElementUpdateMediaState() const 12 com.apple.WebCore 0x328a2c3f8 WebCore::MediaSource::removeSourceBuffer(WebCore::SourceBuffer&) 13 com.apple.WebCore 0x328a2cc20 WebCore::MediaSource::detachFromElement() 14 com.apple.WebCore 0x328a2fdfc WebCore::MediaSourceInterfaceMainThread::detachFromElement() 15 com.apple.WebCore 0x32a2ecb04 WebCore::HTMLMediaElement::detachMediaSource() 16 com.apple.WebCore 0x32a2ec078 WebCore::HTMLMediaElement::~HTMLMediaElement() 17 com.apple.WebCore 0x32a3d5d3c WebCore::HTMLVideoElement::~HTMLVideoElement() 18 com.apple.WebCore 0x32a3cf2e0 WebCore::HTMLVideoElement::~HTMLVideoElement() 19 com.apple.WebCore 0x32a3cf310 WebCore::HTMLVideoElement::~HTMLVideoElement() 20 com.apple.WebCore 0x329ebc160 WebCore::Node::removedLastRef() 21 com.apple.WebCore 0x328ded0bc WebCore::Node::derefAllowingPartiallyDestroyed() const 22 com.apple.WebCore 0x328decec4 WebCore::Node::deref() const 23 com.apple.WebCore 0x326531160 WebCore::EventTarget::deref() 24 com.apple.WebCore 0x3265310e0 WTF::DefaultRefDerefTraits<WebCore::EventTarget>::derefIfNotNull(WebCore::EventTarget*) 25 com.apple.WebCore 0x32653106c WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~Ref() 26 com.apple.WebCore 0x326530e68 WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~Ref() 27 com.apple.WebCore 0x326bc1d30 WebCore::JSDOMWrapper<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~JSDOMWrapper() 28 com.apple.WebCore 0x326bc1cfc WebCore::JSEventTarget::~JSEventTarget() 29 com.apple.WebCore 0x326b5e938 WebCore::JSEventTarget::~JSEventTarget() 30 com.apple.WebCore 0x326b07da4 WebCore::JSEventTarget::destroy(JSC::JSCell*) 31 com.apple.JavaScriptCore 0x13e550004 JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 32 com.apple.JavaScriptCore 0x13e54ffbc JSC::JSDestructibleObjectHeapCellType::destroy(JSC::VM&, JSC::JSCell*) const 33 com.apple.JavaScriptCore 0x13df2edf8 JSC::Subspace::destroy(JSC::VM&, JSC::JSCell*) 34 com.apple.JavaScriptCore 0x13df232c4 JSC::PreciseAllocation::sweep() 35 com.apple.JavaScriptCore 0x13df065cc JSC::MarkedSpace::sweepPreciseAllocations() 36 com.apple.JavaScriptCore 0x13de465e4 JSC::Heap::sweepInFinalize() 37 com.apple.JavaScriptCore 0x13de461fc JSC::Heap::finalize() 38 com.apple.JavaScriptCore 0x13de4597c JSC::Heap::handleNeedFinalize(unsigned int) 39 com.apple.JavaScriptCore 0x13de44958 JSC::Heap::handleNeedFinalize() 40 com.apple.JavaScriptCore 0x13de40eec JSC::Heap::finishChangingPhase(JSC::GCConductor) 41 com.apple.JavaScriptCore 0x13de42490 JSC::Heap::changePhase(JSC::GCConductor, JSC::CollectorPhase) 42 com.apple.JavaScriptCore 0x13de42434 JSC::Heap::runEndPhase(JSC::GCConductor) 43 com.apple.JavaScriptCore 0x13de407fc JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) 44 com.apple.JavaScriptCore 0x13de9d444 JSC::Heap::collectInMutatorThread()::$_23::operator()(JSC::CurrentThreadState&) const 45 com.apple.JavaScriptCore 0x13de9d3d0 WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_23>::implFunction(void*, JSC::CurrentThreadState&) 46 com.apple.JavaScriptCore 0x13df01650 void WTF::ScopedLambda<void (JSC::CurrentThreadState&)>::operator()<JSC::CurrentThreadState&>(JSC::CurrentThreadState&) const 47 com.apple.JavaScriptCore 0x13df015e4 JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) 48 com.apple.JavaScriptCore 0x13de45a80 JSC::Heap::collectInMutatorThread() 49 com.apple.JavaScriptCore 0x13de45814 JSC::Heap::stopIfNecessarySlow(unsigned int) 50 com.apple.JavaScriptCore 0x13de46b94 void JSC::Heap::waitForCollector<JSC::Heap::waitForCollection(unsigned long long)::$_24>(JSC::Heap::waitForCollection(unsigned long long)::$_24 const&) 51 com.apple.JavaScriptCore 0x13de4042c JSC::Heap::waitForCollection(unsigned long long) 52 com.apple.JavaScriptCore 0x13de3fd40 JSC::Heap::collectSync(JSC::GCRequest) 53 com.apple.JavaScriptCore 0x13e9374f8 JSC::VM::performOpportunisticallyScheduledTasks(WTF::MonotonicTime, WTF::OptionSet<JSC::VM::SchedulerOptions>)::$_16::operator()() const 54 com.apple.JavaScriptCore 0x13e937058 JSC::VM::performOpportunisticallyScheduledTasks(WTF::MonotonicTime, WTF::OptionSet<JSC::VM::SchedulerOptions>) 55 com.apple.WebCore 0x32ae0c6d8 WebCore::Page::performOpportunisticallyScheduledTasks(WTF::MonotonicTime) 56 com.apple.WebCore 0x32addb104 WebCore::OpportunisticTaskScheduler::runLoopObserverFired() 57 com.apple.WebCore 0x32addfb84 WebCore::OpportunisticTaskScheduler::OpportunisticTaskScheduler(WebCore::Page&)::$_8::operator()() const 58 com.apple.WebCore 0x32addfa24 WTF::Detail::CallableWrapper<WebCore::OpportunisticTaskScheduler::OpportunisticTaskScheduler(WebCore::Page&)::$_8, void>::call() 59 com.apple.WebCore 0x32937f10c WTF::Function<void ()>::operator()() const 60 com.apple.WebCore 0x32b074644 WebCore::RunLoopObserver::runLoopObserverFired() 61 com.apple.WebCore 0x32b170c64 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) 62 com.apple.CoreFoundation 0x187909254 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36 /Volumes/BuildRootMonorailSunburstE/Library/Caches/com.apple.xbs/Sources/d23e6036-179c-4c53-9396-358ab6cfdd06/Foundation-2418/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1789 63 com.apple.CoreFoundation 0x187909140 __CFRunLoopDoObservers + 536 /Volumes/BuildRootMonorailSunburstE/Library/Caches/com.apple.xbs/Sources/d23e6036-179c-4c53-9396-358ab6cfdd06/Foundation-2418/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1902 64 com.apple.CoreFoundation 0x187907e58 CFRunLoopRunSpecific + 684 /Volumes/BuildRootMonorailSunburstE/Library/Caches/com.apple.xbs/Sources/d23e6036-179c-4c53-9396-358ab6cfdd06/Foundation-2418/CoreFoundation/RunLoop.subproj/CFRunLoop.c:3423 65 com.apple.Foundation 0x188a3b028 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation/Soil.subproj/NSRunLoop.m:373 66 com.apple.Foundation 0x188ab4224 -[NSRunLoop(NSRunLoop) run] + 64 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation/Soil.subproj/NSRunLoop.m:398 67 libxpc.dylib 0x187543694 _xpc_objc_main + 684 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/libxpc/src/main.m:267 68 libxpc.dylib 0x187552f80 _xpc_main + 324 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/libxpc/src/init.c:1294 69 libxpc.dylib 0x187543240 xpc_main + 64 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/libxpc/src/init.c:1377 70 com.apple.WebKit 0x120bb3a58 WebKit::XPCServiceMain(int, char const**) 71 com.apple.WebKit 0x1232b66c8 WKXPCServiceMain 72 com.apple.WebKit.WebContent 0x1026dff9c main 73 dyld 0x1874a20e0 start + 2360 /AppleInternal/Library/BuildRoots/03ee8479-bf5a-11ee-b9d7-6eda818a94b4/Library/Caches/com.apple.xbs/Sources/dyld/dyld/dyldMain.cpp:1298 ``` The cause is that `MediaSource::ensureWeakOnHTMLMediaElementContext` takes a strong ref to the HTMLMediaElement but this code can be called while the HTMLMediaElement is being destructed. `ASSERT(!deletionHasBegun());` It's a weak pointer, accessed from the main thread, running a single line of code, we don't need to take a strong ref, as if the media element being destructed by the task it won't affect this code (responsibility is on the task itself to do it, not the dispatcher)