Created attachment 326261 [details] Crash log Thread 4 Crashed:: WebThread 0 com.apple.WebCore 0x000000010bf7e65b WebCore::RenderBlockFlow::~RenderBlockFlow() + 43 1 com.apple.WebCore 0x000000010bfdf5c8 WebCore::RenderElement::removeAndDestroyChild(WebCore::RenderObject&) + 56 2 com.apple.WebCore 0x000000010c18d501 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType)::$_8::operator()(unsigned int) const + 161 3 com.apple.WebCore 0x000000010c18cd21 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType) + 1041 4 com.apple.WebCore 0x000000010b95b502 WebCore::Document::destroyRenderTree() + 210 5 com.apple.WebCore 0x000000010b95b84f WebCore::Document::prepareForDestruction() + 495 6 com.apple.WebCore 0x000000010bc6409a WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 138 7 com.apple.WebCore 0x000000010bc4ea7e WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 414 8 com.apple.WebCore 0x000000010bc4c0c1 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 97 9 com.apple.WebKitLegacy 0x00000001139386f2 -[WebHTMLRepresentation receivedData:withDataSource:] + 98 10 com.apple.WebKitLegacy 0x0000000113905a70 -[WebDataSource(WebInternal) _receivedData:] + 64 11 com.apple.WebKitLegacy 0x00000001139269dd WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 109 12 com.apple.WebCore 0x000000010bc4e834 WebCore::DocumentLoader::commitLoad(char const*, int) + 148 13 com.apple.WebCore 0x000000010bcc3af2 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 370 14 com.apple.WebCore 0x000000010bcc38b3 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 179 15 com.apple.WebCore 0x000000010bc992b4 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 372 16 com.apple.WebCore 0x000000010bc9938a WebCore::SubresourceLoader::didReceiveBuffer(WTF::Ref<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 90 17 com.apple.WebCore 0x000000010b33b32a WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveData:lengthReceived:]::$_5>::call() + 122 18 JavaScriptCore 0x0000000109a63370 WTF::dispatchFunctionsFromMainThread() + 176 19 com.apple.Foundation 0x00000001110fe948 __NSThreadPerformPerform + 334 20 com.apple.CoreFoundation 0x0000000111d982b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 21 com.apple.CoreFoundation 0x0000000111e37d31 __CFRunLoopDoSource0 + 81 22 com.apple.CoreFoundation 0x0000000111d7cc19 __CFRunLoopDoSources0 + 185 23 com.apple.CoreFoundation 0x0000000111d7c1ff __CFRunLoopRun + 1279 24 com.apple.CoreFoundation 0x0000000111d7ba89 CFRunLoopRunSpecific + 409 25 com.apple.WebCore 0x000000010b2bafb5 RunWebThread(void*) + 533 26 libsystem_pthread.dylib 0x00000001129e293b _pthread_body + 180 27 libsystem_pthread.dylib 0x00000001129e2887 _pthread_start + 286 28 libsystem_pthread.dylib 0x00000001129e208d thread_start + 13

It looks like this started with https://trac.webkit.org/changeset/224537/webkit

(In reply to Ryan Haddad from comment #2) > It looks like this started with > https://trac.webkit.org/changeset/224537/webkit Do you see any failures like this on macOS? We can disable on iOS only pretty easily. But if it's more widespread then maybe rollout is better.

Created attachment 326269 [details] the patch to disable isoheaps on iOS

(In reply to Filip Pizlo from comment #3) > (In reply to Ryan Haddad from comment #2) > > It looks like this started with > > https://trac.webkit.org/changeset/224537/webkit > > Do you see any failures like this on macOS? > > We can disable on iOS only pretty easily. But if it's more widespread then > maybe rollout is better. I posted a patch to disable on iOS. Feel free to r+/cq+. Note that you can also use that to disable everywhere (replace "|| PLATFORM(IOS)" with "|| 1").

Attachment 326269 [details] did not pass style-queue: ERROR: Source/WTF/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.

(In reply to Filip Pizlo from comment #3) > (In reply to Ryan Haddad from comment #2) > > It looks like this started with > > https://trac.webkit.org/changeset/224537/webkit > > Do you see any failures like this on macOS? > > We can disable on iOS only pretty easily. But if it's more widespread then > maybe rollout is better. I haven't yet seen any fallout on macOS.

Comment on attachment 326269 [details] the patch to disable isoheaps on iOS Marking CQ- because this appears to break the iOS build on EWS.

Created attachment 326271 [details] for real this time

(In reply to Ryan Haddad from comment #8) > Comment on attachment 326269 [details] > the patch to disable isoheaps on iOS > > Marking CQ- because this appears to break the iOS build on EWS. Fixed.

Attachment 326271 [details] did not pass style-queue: ERROR: Source/WTF/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style.

The default answer to test regressions is rollback. Are there any exceptional circumstances here that make disabling tests to preferable?

(In reply to Alexey Proskuryakov from comment #12) > The default answer to test regressions is rollback. Are there any > exceptional circumstances here that make disabling tests to preferable? This change doesn't disable tests.

Comment on attachment 326271 [details] for real this time Clearing flags on attachment: 326271 Committed r224562: <https://trac.webkit.org/changeset/224562>

All reviewed patches have been landed. Closing bug.

<rdar://problem/35566977>