[Webkit-unassigned] [Bug 268492] New: [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 31 13:10:51 PST 2024 

https://bugs.webkit.org/show_bug.cgi?id=268492

            Bug ID: 268492
           Summary: [iOS 17.4] Crash in
                    -[WKScrollingNodeScrollViewDelegate
                    actingParentScrollViewForScrollView:]
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Scrolling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: simon.fraser at apple.com, thorton at apple.com,
                    wenson_hsieh at apple.com

Chrome for iOS is getting reports of a new crash in iOS 17.4, in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]. It looks like we might have a null _scrollingTreeNodeDelegate.

Here's the crash stack:
Exception info: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @0x00000036
0x00000001ae924040      (WebCore + 0x0000000001eec040)          WebCore::ScrollingTreeScrollingNodeDelegate::scrollingTree() const
0x00000001afc2c5ec      (WebKit + 0x005dd5ec)           -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]
0x000000019bec5e4c      (UIKitCore + 0x0001ee4c)                _UIGestureOwnerIsEffectivelyDescendantOfOwner
0x000000019bec5dd8      (UIKitCore + 0x0001edd8)                -[UIGestureRecognizer _affectedByGesture:]
0x000000019bec5c1c      (UIKitCore + 0x0001ec1c)                -[UIGestureRecognizer _isExcludedByExcludable:]
0x000000019bec55fc      (UIKitCore + 0x0001e5fc)                _UIExclusionMatrixPerformExclusion
0x000000019bec32fc      (UIKitCore + 0x0001c2fc)                _UIGestureEnvironmentUpdate
0x0000000199c64d38      (CoreFoundation + 0x00035d38)           __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
0x0000000199c63734      (CoreFoundation + 0x00034734)           __CFRunLoopDoObservers
0x0000000199c62e4c      (CoreFoundation + 0x00033e4c)           __CFRunLoopRun
0x0000000199c62964      (CoreFoundation + 0x00033964)           CFRunLoopRunSpecific
0x00000001dec164dc      (GraphicsServices + 0x000034dc)         GSEventRunModal
0x000000019c0d2bf8      (UIKitCore + 0x0022bbf8)                -[UIApplication _run]
0x000000019c0d2234      (UIKitCore + 0x0022b234)                UIApplicationMain
0x000000010491ead0      (Chrome -chrome_exe_main.mm:72)         (anonymous namespace)::RunUIApplicationMain(int, char**)
0x000000010491ead0      (Chrome -chrome_exe_main.mm:128)                ChromeMain
0x000000010491eb40      (Chrome -chrome_exe_main.mm:135)                main
0x00000001bdda8d80      (dyld + 0x00005d80)             start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240131/0d74e9f4/attachment-0001.htm>

More information about the webkit-unassigned mailing list