[Webkit-unassigned] [Bug 278739] New: REGRESSION(iOS 18): Crash in -[WKContentView(WKInteraction) _hideKeyboard]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 27 11:56:10 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=278739

            Bug ID: 278739
           Summary: REGRESSION(iOS 18): Crash in
                    -[WKContentView(WKInteraction) _hideKeyboard]
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: kkinnunen at apple.com, thorton at apple.com,
                    wenson_hsieh at apple.com

Chrome for iOS is getting reports of a new crash in iOS 18, inside -[WKContentView(WKInteraction) _hideKeyboard].

The crash happens after an NSInvalidArgumentException (-[__NSDictionaryM selectionDidChange:]: unrecognized selector sent to instance), in -[UIWKTextInteractionAssistant selectionChangedWithGestureAt:withGesture:withState:withFlags:].

We don't have steps to reproduce, but about half of the crash URLs are Google search result pages. While this crash is present even in Beta 1, it got much worse in Beta 5 and is still present in Beta 7.

Here's the stack:

0x00000001906732e0      (libobjc.A.dylib + 0x000172e0)          objc_exception_throw
0x00000001934777c4      (CoreFoundation + 0x0018a7c4)           -[NSObject(NSObject) doesNotRecognizeSelector:]
0x000000019330e884      (CoreFoundation + 0x00021884)           ___forwarding___
0x000000019330e1ac      (CoreFoundation + 0x000211ac)           ??__forwarding_prep_0___
0x0000000196e81d44      (UIKitCore + 0x013c1d44)                -[UIWKTextInteractionAssistant selectionChangedWithGestureAt:withGesture:withState:withFlags:]
0x0000000196e82544      (UIKitCore + 0x013c2544)                __94-[UIWKTextInteractionAssistant selectionChangedWithGestureAt:withGesture:withState:withFlags:]_block_invoke
0x0000000195f6e6ac      (UIKitCore + 0x004ae6ac)                -[UIKeyboardTaskEntry execute:]
0x0000000195f6e540      (UIKitCore + 0x004ae540)                -[UIKeyboardTaskQueue continueExecutionOnMainThread]
0x0000000195f6e1ac      (UIKitCore + 0x004ae1ac)                -[UIKeyboardTaskQueue addTask:]
0x000000019644e77c      (UIKitCore + 0x0098e77c)                -[_UIKeyboardStateManager _setupDelegate:delegateSame:hardwareKeyboardStateChanged:endingInputSessionIdentifier:force:delayEndInputSession:]
0x000000019644c1d4      (UIKitCore + 0x0098c1d4)                -[_UIKeyboardStateManager setDelegate:force:delayEndInputSession:]
0x0000000195d66664      (UIKitCore + 0x002a6664)                -[UIKeyboardSceneDelegate _reloadInputViewsForKeyWindowSceneResponder:force:fromBecomeFirstResponder:]
0x0000000195dc37c8      (UIKitCore + 0x003037c8)                -[UIKeyboardSceneDelegate _reloadInputViewsForResponder:force:fromBecomeFirstResponder:]
0x0000000195e7fc40      (UIKitCore + 0x003bfc40)                -[UIResponder(UIResponderInputViewAdditions) reloadInputViews]
0x00000001a8afed10      (WebKit + 0x001eed10)           -[WKContentView(WKInteraction) _hideKeyboard]
0x00000001a8afee94      (WebKit + 0x001eee94)           -[WKContentView(WKInteraction) _elementDidBlur]
0x00000001a8a97d58      (WebKit + 0x00187d58)           -[WKContentView(WKInteraction) _didCommitLoadForMainFrame]
0x00000001a8af9438      (WebKit + 0x001e9438)           WebKit::PageClientImpl::didCommitLoadForMainFrame(WTF::String const&, bool)
0x00000001a9150ff0      (WebKit + 0x00840ff0)           WebKit::WebPageProxy::didCommitLoadForFrame(IPC::Connection&, WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WTF::String const&, bool, WebCore::FrameLoadType, WebCore::CertificateInfo const&, bool, bool, bool, WebCore::HasInsecureContent, WebCore::MouseEventPolicy, WebKit::UserData const&)
0x00000001a914f708      (WebKit + 0x0083f708)           WebKit::WebPageProxy::commitProvisionalPage(IPC::Connection&, WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WTF::String const&, bool, WebCore::FrameLoadType, WebCore::CertificateInfo const&, bool, bool, bool, WebCore::HasInsecureContent, WebCore::MouseEventPolicy, WebKit::UserData const&)
0x00000001a90ea758      (WebKit + 0x007da758)           WebKit::ProvisionalPageProxy::didCommitLoadForFrame(IPC::Connection&, WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WTF::String const&, bool, WebCore::FrameLoadType, WebCore::CertificateInfo const&, bool, bool, bool, WebCore::HasInsecureContent, WebCore::MouseEventPolicy, WebKit::UserData const&)
0x00000001a90ebd74      (WebKit + 0x007dbd74)           WebKit::ProvisionalPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a89f5b18      (WebKit + 0x000e5b18)           IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a8933c40      (WebKit + 0x00023c40)           WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a973a79c      (WebKit + 0x00e2a79c)           IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>)
0x00000001a8943308      (WebKit + 0x00033308)           IPC::Connection::dispatchIncomingMessages()
0x00000001a9a7c7c0      (JavaScriptCore + 0x000587c0)           WTF::RunLoop::performWork()
0x00000001a9a7d6e8      (JavaScriptCore + 0x000596e8)           WTF::RunLoop::performWork(void*)
0x0000000193344084      (CoreFoundation + 0x00057084)           __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x0000000193344018      (CoreFoundation + 0x00057018)           __CFRunLoopDoSource0
0x0000000193341b68      (CoreFoundation + 0x00054b68)           __CFRunLoopDoSources0
0x0000000193340d00      (CoreFoundation + 0x00053d00)           __CFRunLoopRun
0x00000001933405b4      (CoreFoundation + 0x000535b4)           CFRunLoopRunSpecific
0x00000001dec191c0      (GraphicsServices + 0x000011c0)         GSEventRunModal
0x0000000195e9fb68      (UIKitCore + 0x003dfb68)                -[UIApplication _run]
0x0000000195f4dfd8      (UIKitCore + 0x0048dfd8)                UIApplicationMain
0x00000001023dc1f0      (Chrome -chrome_exe_main.mm:63)         (anonymous namespace)::RunUIApplicationMain(int, char**)
0x00000001023dc1f0      (Chrome -chrome_exe_main.mm:117)                ChromeMain(int, char**)
0x00000001b8a52d30      (dyld + 0x00033d30)             start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240827/4e6382e7/attachment.htm>

More information about the webkit-unassigned mailing list