[Webkit-unassigned] [Bug 227088] New: [iOS 15] Crash in IPC::clearAsyncReplyHandlers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 16 12:48:05 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=227088
Bug ID: 227088
Summary: [iOS 15] Crash in IPC::clearAsyncReplyHandlers
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ajuma at chromium.org
CC: cdumez at apple.com, kkinnunen at apple.com
Chrome for iOS is getting a relatively large number of crash reports in IPC::clearAsyncReplyHandlers, on iOS 15.
Most of the crash reports are on iPad.
Here's the crash stack:
CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ]
0x00000001903e7230 (WebKit + 0x0042f230) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&)
0x00000001903e7224 (WebKit + 0x0042f224) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&)
0x00000001903e6f64 (WebKit + 0x0042ef64) WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::EventDispatcher::TouchEvent, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15>(Messages::EventDispatcher::TouchEvent&&, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*)
0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*)
0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*)
0x000000018ffeae54 (WebKit + 0x00032e54) IPC::clearAsyncReplyHandlers(IPC::Connection const&)
0x000000018ffea97c (WebKit + 0x0003297c) IPC::Connection::~Connection()
0x000000018ffe04b0 (WebKit + 0x000284b0) WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)2>::deref() const::'lambda'(), void>::call()
0x000000018d91c0fc (JavaScriptCore + 0x00000000010b40fc) WTF::RunLoop::performWork()
0x000000018d91d5f4 (JavaScriptCore + 0x00000000010b55f4) WTF::RunLoop::performWork(void*)
0x0000000181754160 (CoreFoundation + 0x000a5160) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001817a80d0 (CoreFoundation + 0x000f90d0) __CFRunLoopDoSource0
0x0000000181710480 (CoreFoundation + 0x00061480) __CFRunLoopDoSources0
0x00000001817208d4 (CoreFoundation + 0x000718d4) __CFRunLoopRun
0x000000018172e318 (CoreFoundation + 0x0007f318) CFRunLoopRunSpecific
0x000000019d0cc5fc (GraphicsServices + 0x000035fc) GSEventRunModal
0x0000000183f069ac (UIKitCore + 0x003d19ac) -[UIApplication _run]
0x0000000183f06420 (UIKitCore + 0x003d1420) UIApplicationMain
0x0000000102087f30 (Chrome -chrome_exe_main.mm:66) main
0x0000000104019218
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210616/06c1736f/attachment-0001.htm>
More information about the webkit-unassigned
mailing list