179393 – REGRESSION (r224537): [iOS] 3 API tests crashing in WebCore::RenderBlockFlow::~RenderBlockFlow + 43

Bug 179393 - REGRESSION (r224537): [iOS] 3 API tests crashing in WebCore::RenderBlockFlow::~RenderBlockFlow + 43

Summary: REGRESSION (r224537): [iOS] 3 API tests crashing in WebCore::RenderBlockFlow:...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-11-07 14:27 PST by Ryan Haddad
Modified:	2017-11-15 12:07 PST (History)
CC List:	13 users (show)

See Also:	178108

Attachments
Crash log (134.30 KB, text/plain) 2017-11-07 14:27 PST, Ryan Haddad	no flags	Details
the patch to disable isoheaps on iOS (837 bytes, patch) 2017-11-07 15:23 PST, Filip Pizlo	rniwa: review+ ryanhaddad: commit-queue-	Details \| Formatted Diff \| Diff
for real this time (1.22 KB, patch) 2017-11-07 15:52 PST, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Haddad 2017-11-07 14:27:08 PST

UNEXPECTEDLY EXITED QuickLook.LegacyQuickLookContent
UNEXPECTEDLY EXITED WebKitLegacy.AudioSessionCategoryIOS
UNEXPECTEDLY EXITED WebKitLegacy.RenderInContextSnapshot

https://build.webkit.org/builders/Apple%20iOS%2011%20Simulator%20Release%20WK2%20(Tests)/builds/1111

Comment 1 Ryan Haddad 2017-11-07 14:27:39 PST

Created attachment 326261 [details]
Crash log

Thread 4 Crashed:: WebThread
0   com.apple.WebCore             	0x000000010bf7e65b WebCore::RenderBlockFlow::~RenderBlockFlow() + 43
1   com.apple.WebCore             	0x000000010bfdf5c8 WebCore::RenderElement::removeAndDestroyChild(WebCore::RenderObject&) + 56
2   com.apple.WebCore             	0x000000010c18d501 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType)::$_8::operator()(unsigned int) const + 161
3   com.apple.WebCore             	0x000000010c18cd21 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType) + 1041
4   com.apple.WebCore             	0x000000010b95b502 WebCore::Document::destroyRenderTree() + 210
5   com.apple.WebCore             	0x000000010b95b84f WebCore::Document::prepareForDestruction() + 495
6   com.apple.WebCore             	0x000000010bc6409a WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 138
7   com.apple.WebCore             	0x000000010bc4ea7e WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 414
8   com.apple.WebCore             	0x000000010bc4c0c1 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 97
9   com.apple.WebKitLegacy        	0x00000001139386f2 -[WebHTMLRepresentation receivedData:withDataSource:] + 98
10  com.apple.WebKitLegacy        	0x0000000113905a70 -[WebDataSource(WebInternal) _receivedData:] + 64
11  com.apple.WebKitLegacy        	0x00000001139269dd WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 109
12  com.apple.WebCore             	0x000000010bc4e834 WebCore::DocumentLoader::commitLoad(char const*, int) + 148
13  com.apple.WebCore             	0x000000010bcc3af2 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 370
14  com.apple.WebCore             	0x000000010bcc38b3 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 179
15  com.apple.WebCore             	0x000000010bc992b4 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 372
16  com.apple.WebCore             	0x000000010bc9938a WebCore::SubresourceLoader::didReceiveBuffer(WTF::Ref<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 90
17  com.apple.WebCore             	0x000000010b33b32a WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveData:lengthReceived:]::$_5>::call() + 122
18  JavaScriptCore                	0x0000000109a63370 WTF::dispatchFunctionsFromMainThread() + 176
19  com.apple.Foundation          	0x00000001110fe948 __NSThreadPerformPerform + 334
20  com.apple.CoreFoundation      	0x0000000111d982b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
21  com.apple.CoreFoundation      	0x0000000111e37d31 __CFRunLoopDoSource0 + 81
22  com.apple.CoreFoundation      	0x0000000111d7cc19 __CFRunLoopDoSources0 + 185
23  com.apple.CoreFoundation      	0x0000000111d7c1ff __CFRunLoopRun + 1279
24  com.apple.CoreFoundation      	0x0000000111d7ba89 CFRunLoopRunSpecific + 409
25  com.apple.WebCore             	0x000000010b2bafb5 RunWebThread(void*) + 533
26  libsystem_pthread.dylib       	0x00000001129e293b _pthread_body + 180
27  libsystem_pthread.dylib       	0x00000001129e2887 _pthread_start + 286
28  libsystem_pthread.dylib       	0x00000001129e208d thread_start + 13

Comment 2 Ryan Haddad 2017-11-07 14:29:47 PST

It looks like this started with https://trac.webkit.org/changeset/224537/webkit

Comment 3 Filip Pizlo 2017-11-07 15:20:59 PST

(In reply to Ryan Haddad from comment #2)
> It looks like this started with
> https://trac.webkit.org/changeset/224537/webkit

Do you see any failures like this on macOS?

We can disable on iOS only pretty easily.  But if it's more widespread then maybe rollout is better.

Comment 4 Filip Pizlo 2017-11-07 15:23:05 PST

Created attachment 326269 [details]
the patch to disable isoheaps on iOS

Comment 5 Filip Pizlo 2017-11-07 15:23:53 PST

(In reply to Filip Pizlo from comment #3)
> (In reply to Ryan Haddad from comment #2)
> > It looks like this started with
> > https://trac.webkit.org/changeset/224537/webkit
> 
> Do you see any failures like this on macOS?
> 
> We can disable on iOS only pretty easily.  But if it's more widespread then
> maybe rollout is better.

I posted a patch to disable on iOS.  Feel free to r+/cq+.

Note that you can also use that to disable everywhere (replace "|| PLATFORM(IOS)" with "|| 1").

Comment 6 Build Bot 2017-11-07 15:24:46 PST

Attachment 326269 [details] did not pass style-queue:


ERROR: Source/WTF/ChangeLog:1:  ChangeLog entry has no bug number  [changelog/bugnumber] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 7 Ryan Haddad 2017-11-07 15:26:01 PST

(In reply to Filip Pizlo from comment #3)
> (In reply to Ryan Haddad from comment #2)
> > It looks like this started with
> > https://trac.webkit.org/changeset/224537/webkit
> 
> Do you see any failures like this on macOS?
> 
> We can disable on iOS only pretty easily.  But if it's more widespread then
> maybe rollout is better.
I haven't yet seen any fallout on macOS.

Comment 8 Ryan Haddad 2017-11-07 15:38:59 PST

Comment on attachment 326269 [details]
the patch to disable isoheaps on iOS

Marking CQ- because this appears to break the iOS build on EWS.

Comment 9 Filip Pizlo 2017-11-07 15:52:48 PST

Created attachment 326271 [details]
for real this time

Comment 10 Filip Pizlo 2017-11-07 15:52:56 PST

(In reply to Ryan Haddad from comment #8)
> Comment on attachment 326269 [details]
> the patch to disable isoheaps on iOS
> 
> Marking CQ- because this appears to break the iOS build on EWS.

Fixed.

Comment 11 Build Bot 2017-11-07 15:55:08 PST

Attachment 326271 [details] did not pass style-queue:


ERROR: Source/WTF/ChangeLog:1:  ChangeLog entry has no bug number  [changelog/bugnumber] [5]
Total errors found: 1 in 3 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 12 Alexey Proskuryakov 2017-11-07 16:12:12 PST

The default answer to test regressions is rollback. Are there any exceptional circumstances here that make disabling tests to preferable?

Comment 13 Filip Pizlo 2017-11-07 17:10:42 PST

(In reply to Alexey Proskuryakov from comment #12)
> The default answer to test regressions is rollback. Are there any
> exceptional circumstances here that make disabling tests to preferable?

This change doesn't disable tests.

Comment 14 WebKit Commit Bot 2017-11-07 17:30:17 PST

Comment on attachment 326271 [details]
for real this time

Clearing flags on attachment: 326271

Committed r224562: <https://trac.webkit.org/changeset/224562>

Comment 15 WebKit Commit Bot 2017-11-07 17:30:19 PST

All reviewed patches have been landed.  Closing bug.

Comment 16 Radar WebKit Bug Importer 2017-11-15 12:07:13 PST

<rdar://problem/35566977>