[Webkit-unassigned] [Bug 243226] New: [iOS 16] Crash in -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 26 13:09:21 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=243226
Bug ID: 243226
Summary: [iOS 16] Crash in -[WKScrollingNodeScrollViewDelegate
_actingParentScrollViewForScrollView:]
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Scrolling
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ajuma at chromium.org
CC: simon.fraser at apple.com
Chrome on iOS is getting reports of a new crash in iOS 16, in -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]. We have reports from all developer betas of iOS 16 released so far.
We don't have steps to reproduce, but based on our reports, this seems to be more common right after a renderer crash, and the crash URLs seem to be disproportionately from https://mail.tpb.com.vn and https://web.whatsapp.com/.
Here's the crash stack (looks like _scrollingTreeNodeDelegate is null):
Exception info: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @0x00000050
0x00000001b468be88 (WebKit + 0x0047ce88) -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
0x00000001b468be78 (WebKit + 0x0047ce78) -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
0x00000001a71ea588 (UIKitCore + 0x0037d588) -[UIScrollView _actingParentScrollView]
0x00000001a6f97368 (UIKitCore + 0x0012a368) _UIGestureOwnerIsEffectivelyDescendantOfOwner
0x00000001a7131170 (UIKitCore + 0x002c4170) -[UIGestureRecognizer _affectedByGesture:]
0x00000001a7efda4c (UIKitCore + 0x0000000001090a4c) -[UIHoverGestureRecognizer _affectedByGesture:]
0x00000001a6f82778 (UIKitCore + 0x00115778) _UIGestureEnvironmentUpdate
0x00000001a7814228 (UIKitCore + 0x009a7228) -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:]
0x00000001a6fae800 (UIKitCore + 0x00141800) -[UIGestureEnvironment _updateForEvent:window:]
0x00000001a6fb8e78 (UIKitCore + 0x0014be78) -[UIWindow sendEvent:]
0x00000001a7112968 (UIKitCore + 0x002a5968) -[UIApplication sendEvent:]
0x00000001a6f93c7c (UIKitCore + 0x00126c7c) __dispatchPreprocessedEventFromEventQueue
0x00000001a6f8a528 (UIKitCore + 0x0011d528) __processEventQueue
0x00000001a7bdafd8 (UIKitCore + 0x00d6dfd8) updateCycleEntry
0x00000001a74bd6cc (UIKitCore + 0x006506cc) _UIUpdateSequenceRun
0x00000001a7ae7fd8 (UIKitCore + 0x00c7afd8) schedulerStepScheduledMainSection
0x00000001a7ae7620 (UIKitCore + 0x00c7a620) runloopSourceCallback
0x00000001a013de3c (CoreFoundation + 0x000b8e3c) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001a014e978 (CoreFoundation + 0x000c9978) __CFRunLoopDoSource0
0x00000001a008a728 (CoreFoundation + 0x00005728) __CFRunLoopDoSources0
0x00000001a009001c (CoreFoundation + 0x0000b01c) __CFRunLoopRun
0x00000001a00a3ba8 (CoreFoundation + 0x0001eba8) CFRunLoopRunSpecific
0x00000001c291b35c (GraphicsServices + 0x0000135c) GSEventRunModal
0x00000001a7277a30 (UIKitCore + 0x0040aa30) -[UIApplication _run]
0x00000001a707de00 (UIKitCore + 0x00210e00) UIApplicationMain
0x0000000104342ef0 (Chrome -chrome_exe_main.mm:65) main
0x0000000230e848f4 (dyld + 0x000158f4) start
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220726/9defea6c/attachment.htm>
More information about the webkit-unassigned
mailing list