[Webkit-unassigned] [Bug 227088] New: [iOS 15] Crash in IPC::clearAsyncReplyHandlers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 16 12:48:05 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=227088

            Bug ID: 227088
           Summary: [iOS 15] Crash in IPC::clearAsyncReplyHandlers
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: cdumez at apple.com, kkinnunen at apple.com

Chrome for iOS is getting a relatively large number of crash reports in IPC::clearAsyncReplyHandlers, on iOS 15.

Most of the crash reports are on iPad. 

Here's the crash stack:

CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ]
0x00000001903e7230      (WebKit + 0x0042f230)           WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&)
0x00000001903e7224      (WebKit + 0x0042f224)           WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&)
0x00000001903e6f64      (WebKit + 0x0042ef64)           WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::EventDispatcher::TouchEvent, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15>(Messages::EventDispatcher::TouchEvent&&, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*)
0x000000018ffeda9c      (WebKit + 0x00035a9c)           WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*)
0x000000018ffeda9c      (WebKit + 0x00035a9c)           WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*)
0x000000018ffeae54      (WebKit + 0x00032e54)           IPC::clearAsyncReplyHandlers(IPC::Connection const&)
0x000000018ffea97c      (WebKit + 0x0003297c)           IPC::Connection::~Connection()
0x000000018ffe04b0      (WebKit + 0x000284b0)           WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)2>::deref() const::'lambda'(), void>::call()
0x000000018d91c0fc      (JavaScriptCore + 0x00000000010b40fc)           WTF::RunLoop::performWork()
0x000000018d91d5f4      (JavaScriptCore + 0x00000000010b55f4)           WTF::RunLoop::performWork(void*)
0x0000000181754160      (CoreFoundation + 0x000a5160)           __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001817a80d0      (CoreFoundation + 0x000f90d0)           __CFRunLoopDoSource0
0x0000000181710480      (CoreFoundation + 0x00061480)           __CFRunLoopDoSources0
0x00000001817208d4      (CoreFoundation + 0x000718d4)           __CFRunLoopRun
0x000000018172e318      (CoreFoundation + 0x0007f318)           CFRunLoopRunSpecific
0x000000019d0cc5fc      (GraphicsServices + 0x000035fc)         GSEventRunModal
0x0000000183f069ac      (UIKitCore + 0x003d19ac)                -[UIApplication _run]
0x0000000183f06420      (UIKitCore + 0x003d1420)                UIApplicationMain
0x0000000102087f30      (Chrome -chrome_exe_main.mm:66)         main
0x0000000104019218

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210616/06c1736f/attachment-0001.htm>

More information about the webkit-unassigned mailing list