Tested against trunk (as of r240557). To reproduce: 0. Log out of icloud.com if logged in 1. Go to icloud.com 2. Enter in a valid Apple ID and password 3. Hit enter to try and log in About when the 2FA modal prompt is shown, MobileSafari crashes: Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Triggered by Thread: 0 Application Specific Information: Pure virtual function called! abort() called Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib __pthread_kill + 8 1 libsystem_pthread.dylib pthread_kill + 300 2 libsystem_c.dylib abort + 144 3 libc++abi.dylib __cxa_bad_cast + 0 4 libc++abi.dylib __cxa_deleted_virtual + 0 5 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 844 6 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 7 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 8 WebCore WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1080 9 WebCore WebCore::ScrollingTree::commitTreeState(std::__1::unique_ptr<WebCore::ScrollingStateTree, std::__1::default_delete<WebCore::ScrollingStateTree> >) + 356 10 WebKit WebKit::RemoteScrollingCoordinatorProxy::commitScrollingTreeState(WebKit::RemoteScrollingCoordinatorTransaction const&, WebKit::RemoteScrollingCoordinatorProxy::RequestedScrollInfo&) + 120 11 WebKit WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 248 12 WebKit void IPC::handleMessage<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree, WebKit::RemoteLayerTreeDrawingAreaProxy, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)>(IPC::Decoder&, WebKit::RemoteLayerTreeDrawingAreaProxy*, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)) + 148 13 WebKit IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 128
The crash is happening under this call: node->commitStateBeforeChildren(*stateNode); ...the ScrollingTreeNode that's trying to commitStateBeforeChildren has been destroyed already. Its node type is 1 (ScrollingNodeType::Subframe).
<rdar://problem/47604080>
*** Bug 193937 has been marked as a duplicate of this bug. ***
Created attachment 360431 [details] Patch
*** Bug 193955 has been marked as a duplicate of this bug. ***
Comment on attachment 360431 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360431&action=review > Source/WebCore/ChangeLog:26 > + It looks like these two refactoring tasks are independent from this bug and could have been handled in separate patches, but ok. > Source/WebCore/ChangeLog:27 > + Tested by existing tests. Shouldn't we add a crash test?
Comment on attachment 360431 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360431&action=review >> Source/WebCore/ChangeLog:27 >> + Tested by existing tests. > > Shouldn't we add a crash test? OK, I guess it's tested at least by compositing/iframes/remove-reinsert-webview-with-iframe.html (bug 193879 comment 4).
Comment on attachment 360431 [details] Patch Attachment 360431 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10936542 New failing tests: fast/scrolling/ios/hit-testing-iframe.html fast/scrolling/ios/scroll-iframe.html
Created attachment 360456 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
Created attachment 360472 [details] Patch
Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10940796 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/iframe-resize.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/iframes/connect-compositing-iframe2.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/become-composited-nested-iframes.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/become-overlapped-iframe.html
Created attachment 360481 [details] Archive of layout-test-results from ews102 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-highsierra Platform: Mac OS X 10.13.6
Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/10940829 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/overlapped-nested-iframes.html compositing/iframes/iframe-resize.html compositing/tiling/tiled-drawing-async-frame-scrolling.html compositing/iframes/connect-compositing-iframe-delayed.html tiled-drawing/tile-coverage-iframe-to-zero-coverage.html compositing/iframes/connect-compositing-iframe2.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html
Created attachment 360483 [details] Archive of layout-test-results from ews107 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/10940804 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/remove-reinsert-webview-with-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/iframe-resize.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/composited-parent-iframe.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/iframes/page-cache-layer-tree.html compositing/iframes/resizer.html compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/iframes/connect-compositing-iframe2.html compositing/iframes/resize-from-zero-size.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/iframes/overlapped-iframe-iframe.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html
Created attachment 360486 [details] Archive of layout-test-results from ews113 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-highsierra Platform: Mac OS X 10.13.6
Comment on attachment 360472 [details] Patch Attachment 360472 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10940972 New failing tests: compositing/iframes/scrolling-iframe.html compositing/iframes/overlapped-nested-iframes.html compositing/iframes/iframe-resize.html compositing/tiling/tiled-drawing-async-frame-scrolling.html compositing/iframes/connect-compositing-iframe-delayed.html compositing/rtl/rtl-iframe-fixed.html compositing/iframes/overlapped-iframe-iframe.html compositing/iframes/overlapped-iframe.html compositing/visible-rect/iframe-with-layers-outside-viewport.html compositing/visible-rect/iframe-and-layers.html compositing/iframes/become-overlapped-iframe.html compositing/iframes/page-cache-layer-tree.html compositing/rtl/rtl-iframe-absolute.html compositing/iframes/composited-parent-iframe.html compositing/iframes/connect-compositing-iframe3.html compositing/iframes/enter-compositing-iframe.html compositing/iframes/leave-compositing-iframe.html compositing/rtl/rtl-iframe-relative.html http/wpt/service-workers/persistent-importScripts.html compositing/iframes/resize-from-zero-size.html compositing/iframes/connect-compositing-iframe.html compositing/iframes/become-composited-nested-iframes.html compositing/rtl/rtl-iframe-absolute-overflow.html compositing/iframes/invisible-nested-iframe-show.html compositing/iframes/resizer.html compositing/iframes/connect-compositing-iframe2.html
Created attachment 360488 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
https://trac.webkit.org/changeset/240677/webkit
These two tests are failing after https://trac.webkit.org/changeset/240677/webkit compositing/repaint/iframes/compositing-iframe-scroll-repaint.html compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint.html History: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=compositing%2Frepaint%2Fiframes%2Fcompositing-iframe-scroll-repaint.html%20compositing%2Frepaint%2Fiframes%2Fcompositing-iframe-with-fixed-background-doc-repaint.html they are constant failure on High Sierra wk1
They pass on Mojave. Please add new high Sierra baselines.
(In reply to Simon Fraser (smfr) from comment #21) > They pass on Mojave. Please add new high Sierra baselines. Expectations changed in https://trac.webkit.org/changeset/240694/webkit.
Committed r240788: <https://trac.webkit.org/changeset/240788>