227088 2021-06-16 12:48:05 -0700 [iOS 15] Crash in IPC::clearAsyncReplyHandlers 2021-06-16 13:26:26 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 226426 P2 Normal --- 1 ajuma webkit-unassigned cdumez kkinnunen simon.fraser thorton wenson_hsieh oldest_to_newest 1770341 0 ajuma 2021-06-16 12:48:05 -0700 Chrome for iOS is getting a relatively large number of crash reports in IPC::clearAsyncReplyHandlers, on iOS 15. Most of the crash reports are on iPad. Here's the crash stack: CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] 0x00000001903e7230 (WebKit + 0x0042f230) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e7224 (WebKit + 0x0042f224) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e6f64 (WebKit + 0x0042ef64) WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::EventDispatcher::TouchEvent, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15>(Messages::EventDispatcher::TouchEvent&&, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeae54 (WebKit + 0x00032e54) IPC::clearAsyncReplyHandlers(IPC::Connection const&) 0x000000018ffea97c (WebKit + 0x0003297c) IPC::Connection::~Connection() 0x000000018ffe04b0 (WebKit + 0x000284b0) WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)2>::deref() const::'lambda'(), void>::call() 0x000000018d91c0fc (JavaScriptCore + 0x00000000010b40fc) WTF::RunLoop::performWork() 0x000000018d91d5f4 (JavaScriptCore + 0x00000000010b55f4) WTF::RunLoop::performWork(void*) 0x0000000181754160 (CoreFoundation + 0x000a5160) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00000001817a80d0 (CoreFoundation + 0x000f90d0) __CFRunLoopDoSource0 0x0000000181710480 (CoreFoundation + 0x00061480) __CFRunLoopDoSources0 0x00000001817208d4 (CoreFoundation + 0x000718d4) __CFRunLoopRun 0x000000018172e318 (CoreFoundation + 0x0007f318) CFRunLoopRunSpecific 0x000000019d0cc5fc (GraphicsServices + 0x000035fc) GSEventRunModal 0x0000000183f069ac (UIKitCore + 0x003d19ac) -[UIApplication _run] 0x0000000183f06420 (UIKitCore + 0x003d1420) UIApplicationMain 0x0000000102087f30 (Chrome -chrome_exe_main.mm:66) main 0x0000000104019218 1770344 1 wenson_hsieh 2021-06-16 12:53:02 -0700 Seems like a dupe of https://bugs.webkit.org/show_bug.cgi?id=226426? 1770354 2 ajuma 2021-06-16 13:26:26 -0700 Thanks, this does seem like a dupe of bug 226426. *** This bug has been marked as a duplicate of bug 226426 ***