Bug 227088

Summary: [iOS 15] Crash in IPC::clearAsyncReplyHandlers
Product: WebKit Reporter: Ali Juma <ajuma>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: cdumez, kkinnunen, simon.fraser, thorton, wenson_hsieh
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Ali Juma
Reported 2021-06-16 12:48:05 PDT
Chrome for iOS is getting a relatively large number of crash reports in IPC::clearAsyncReplyHandlers, on iOS 15. Most of the crash reports are on iPad. Here's the crash stack: CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] 0x00000001903e7230 (WebKit + 0x0042f230) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e7224 (WebKit + 0x0042f224) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e6f64 (WebKit + 0x0042ef64) WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::EventDispatcher::TouchEvent, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15>(Messages::EventDispatcher::TouchEvent&&, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeae54 (WebKit + 0x00032e54) IPC::clearAsyncReplyHandlers(IPC::Connection const&) 0x000000018ffea97c (WebKit + 0x0003297c) IPC::Connection::~Connection() 0x000000018ffe04b0 (WebKit + 0x000284b0) WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)2>::deref() const::'lambda'(), void>::call() 0x000000018d91c0fc (JavaScriptCore + 0x00000000010b40fc) WTF::RunLoop::performWork() 0x000000018d91d5f4 (JavaScriptCore + 0x00000000010b55f4) WTF::RunLoop::performWork(void*) 0x0000000181754160 (CoreFoundation + 0x000a5160) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00000001817a80d0 (CoreFoundation + 0x000f90d0) __CFRunLoopDoSource0 0x0000000181710480 (CoreFoundation + 0x00061480) __CFRunLoopDoSources0 0x00000001817208d4 (CoreFoundation + 0x000718d4) __CFRunLoopRun 0x000000018172e318 (CoreFoundation + 0x0007f318) CFRunLoopRunSpecific 0x000000019d0cc5fc (GraphicsServices + 0x000035fc) GSEventRunModal 0x0000000183f069ac (UIKitCore + 0x003d19ac) -[UIApplication _run] 0x0000000183f06420 (UIKitCore + 0x003d1420) UIApplicationMain 0x0000000102087f30 (Chrome -chrome_exe_main.mm:66) main 0x0000000104019218
Attachments
Add attachment proposed patch, testcase, etc.
Wenson Hsieh
Comment 1 2021-06-16 12:53:02 PDT
Seems like a dupe of https://bugs.webkit.org/show_bug.cgi?id=226426?
Ali Juma
Comment 2 2021-06-16 13:26:26 PDT
Thanks, this does seem like a dupe of bug 226426. *** This bug has been marked as a duplicate of bug 226426 ***
Note You need to log in before you can comment on or make changes to this bug.