193907 – REGRESSION(r240553): [iOS] Crash in ScrollingTree::updateTreeFromStateNode when attempting to log in to icloud.com

RESOLVED FIXED 193907

REGRESSION(r240553): [iOS] Crash in ScrollingTree::updateTreeFromStateNode when attempting to log in to icloud.com

https://bugs.webkit.org/show_bug.cgi?id=193907

Summary REGRESSION(r240553): [iOS] Crash in ScrollingTree::updateTreeFromStateNode wh...

Wenson Hsieh

Reported 2019-01-28 07:32:07 PST

Tested against trunk (as of r240557). To reproduce: 0. Log out of icloud.com if logged in 1. Go to icloud.com 2. Enter in a valid Apple ID and password 3. Hit enter to try and log in About when the 2FA modal prompt is shown, MobileSafari crashes: Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Triggered by Thread: 0 Application Specific Information: Pure virtual function called! abort() called Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib __pthread_kill + 8 1 libsystem_pthread.dylib pthread_kill + 300 2 libsystem_c.dylib abort + 144 3 libc++abi.dylib __cxa_bad_cast + 0 4 libc++abi.dylib __cxa_deleted_virtual + 0 5 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 844 6 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 7 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 8 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 9 WebCore WebCore::ScrollingTree::commitTreeState(std::__1::unique_ptr<WebCore::ScrollingStateTree, std::__1::default_delete<WebCore::ScrollingStateTree> >) + 356 10 WebKit WebKit::RemoteScrollingCoordinatorProxy::commitScrollingTreeState(WebKit::RemoteScrollingCoordinatorTransaction const&, WebKit::RemoteScrollingCoordinatorProxy::RequestedScrollInfo&) + 120 11 WebKit WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 248 12 WebKit void IPC::handleMessage<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree, WebKit::RemoteLayerTreeDrawingAreaProxy, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)>(IPC::Decoder&, WebKit::RemoteLayerTreeDrawingAreaProxy*, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)) + 148 13 WebKit IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 128

Attachments
Patch (29.09 KB, patch) 2019-01-28 20:54 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews125 for ios-simulator-wk2 (2.67 MB, application/zip) 2019-01-29 03:59 PST, EWS Watchlist	no flags	Details
Patch (36.26 KB, patch) 2019-01-29 10:39 PST, Simon Fraser (smfr)	ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews102 for mac-highsierra (2.56 MB, application/zip) 2019-01-29 11:42 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews107 for mac-highsierra-wk2 (2.68 MB, application/zip) 2019-01-29 11:55 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews113 for mac-highsierra (2.35 MB, application/zip) 2019-01-29 12:14 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (9.21 MB, application/zip) 2019-01-29 12:37 PST, EWS Watchlist	no flags	Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Wenson Hsieh

Comment 1 2019-01-28 08:20:01 PST

The crash is happening under this call: node->commitStateBeforeChildren(*stateNode); ...the ScrollingTreeNode that's trying to commitStateBeforeChildren has been destroyed already. Its node type is 1 (ScrollingNodeType::Subframe).

Radar WebKit Bug Importer

Comment 2 2019-01-28 11:27:27 PST

<rdar://problem/47604080>

Simon Fraser (smfr)

Comment 3 2019-01-28 20:53:16 PST

*** Bug 193937 has been marked as a duplicate of this bug. ***

Simon Fraser (smfr)

Comment 4 2019-01-28 20:54:20 PST

Created attachment 360431 [details] Patch

Wenson Hsieh

Comment 5 2019-01-28 23:36:02 PST

*** Bug 193955 has been marked as a duplicate of this bug. ***

Frédéric Wang (:fredw)

Comment 6 2019-01-29 00:26:25 PST

Comment on attachment 360431 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360431&action=review > Source/WebCore/ChangeLog:26 > + It looks like these two refactoring tasks are independent from this bug and could have been handled in separate patches, but ok. > Source/WebCore/ChangeLog:27 > + Tested by existing tests. Shouldn't we add a crash test?

Frédéric Wang (:fredw)

Comment 7 2019-01-29 00:30:10 PST

Comment on attachment 360431 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360431&action=review >> Source/WebCore/ChangeLog:27 >> + Tested by existing tests. > > Shouldn't we add a crash test? OK, I guess it's tested at least by compositing/iframes/remove-reinsert-webview-with-iframe.html (bug 193879 comment 4).

EWS Watchlist

Comment 8 2019-01-29 03:59:41 PST

Comment on attachment 360431 [details] Patch Attachment 360431 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10936542 New failing tests: fast/scrolling/ios/hit-testing-iframe.html fast/scrolling/ios/scroll-iframe.html

EWS Watchlist

Comment 9 2019-01-29 03:59:43 PST

Created attachment 360456 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

Simon Fraser (smfr)

Comment 10 2019-01-29 10:39:47 PST

Created attachment 360472 [details] Patch

EWS Watchlist

Comment 11 2019-01-29 11:42:34 PST

Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10940796 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/iframe-resize.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/iframes/connect-compositing-iframe2.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/become-composited-nested-iframes.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/become-overlapped-iframe.html

EWS Watchlist

Comment 12 2019-01-29 11:42:36 PST

Created attachment 360481 [details] Archive of layout-test-results from ews102 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 13 2019-01-29 11:55:06 PST

Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/10940829 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/overlapped-nested-iframes.html compositing/iframes/iframe-resize.html compositing/tiling/tiled-drawing-async-frame-scrolling.html compositing/iframes/connect-compositing-iframe-delayed.html tiled-drawing/tile-coverage-iframe-to-zero-coverage.html compositing/iframes/connect-compositing-iframe2.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html

EWS Watchlist

Comment 14 2019-01-29 11:55:08 PST

Created attachment 360483 [details] Archive of layout-test-results from ews107 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 15 2019-01-29 12:14:13 PST

Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/10940804 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/iframe-resize.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/iframes/connect-compositing-iframe2.html compositing/iframes/resize-from-zero-size.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/iframes/overlapped-iframe-iframe.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html

EWS Watchlist

Comment 16 2019-01-29 12:14:15 PST

Created attachment 360486 [details] Archive of layout-test-results from ews113 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 17 2019-01-29 12:37:41 PST

Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10940972 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/overlapped-nested-iframes.html compositing/iframes/iframe-resize.html compositing/tiling/tiled-drawing-async-frame-scrolling.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/rtl/rtl-iframe-fixed.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/page-cache-layer-tree.html compositing/rtl/rtl-iframe-absolute.html compositing/iframes/composited-parent-iframe.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/leave-compositing-iframe.html compositing/rtl/rtl-iframe-relative.html http/wpt/service-workers/persistent-importScripts.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/rtl/rtl-iframe-absolute-overflow.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/resizer.html compositing/iframes/connect-compositing-iframe2.html

EWS Watchlist

Comment 18 2019-01-29 12:37:46 PST

Created attachment 360488 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

Simon Fraser (smfr)

Comment 19 2019-01-29 13:29:57 PST

https://trac.webkit.org/changeset/240677/webkit

Truitt Savell

Comment 20 2019-01-29 16:49:06 PST

These two tests are failing after https://trac.webkit.org/changeset/240677/webkit compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html History: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=compositing%2Frepaint%2Fiframes%2Fcompositing-iframe-scroll-repaint.html%20compositing%2Frepaint%2Fiframes%2Fcompositing-iframe-with-fixed-background-doc-repaint.html they are constant failure on High Sierra wk1

Simon Fraser (smfr)

Comment 21 2019-01-29 16:55:12 PST

They pass on Mojave. Please add new high Sierra baselines.

Truitt Savell

Comment 22 2019-01-29 17:14:49 PST

(In reply to Simon Fraser (smfr) from comment #21) > They pass on Mojave. Please add new high Sierra baselines. Expectations changed in https://trac.webkit.org/changeset/240694/webkit.

Michael Catanzaro

Comment 23 2019-01-31 08:37:45 PST

Committed r240788: <https://trac.webkit.org/changeset/240788>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Simon Fraser (smfr)

Reported

2019-01-28 07:32 PST

Modified

2019-01-31 08:37 PST History

CC List

16 users Show

URL

Keywords InRadar

Duplicates (2)

193937 193955 View as bug list

Depends on

Blocks