Regression(r199360): assertion hit in Element::fastGetAttribute(): Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010bc32da7 WTFCrash + 39 1 com.apple.WebCore 0x00000001109a86d1 WebCore::Element::fastGetAttribute(WebCore::QualifiedName const&) const + 81 (Element.h:652) 2 com.apple.WebCore 0x00000001111829ae WebCore::DOMTokenList::tokens() + 46 (DOMTokenList.cpp:231) 3 com.apple.WebCore 0x00000001109c6805 WebCore::DOMTokenList::tokens() const + 21 (DOMTokenList.h:70) 4 com.apple.WebCore 0x00000001109c0f35 WebCore::DOMTokenList::length() const + 21 (DOMTokenList.h:87) 5 com.apple.WebCore 0x0000000111ad9719 WebCore::jsDOMTokenListLength(JSC::ExecState*, long long, JSC::PropertyName) + 153 (JSDOMTokenList.cpp:183) 6 com.apple.JavaScriptCore 0x000000010ba012a5 JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const + 149 7 com.apple.JavaScriptCore 0x000000010adaa374 JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const + 132 8 com.apple.JavaScriptCore 0x000000010adaed0b JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 91 9 com.apple.JavaScriptCore 0x000000010b84bb03 llint_slow_path_get_by_id + 243 10 com.apple.JavaScriptCore 0x000000010b858a38 llint_entry + 12020