227088 – [iOS 15] Crash in IPC::clearAsyncReplyHandlers

RESOLVED DUPLICATE of bug 226426 227088

[iOS 15] Crash in IPC::clearAsyncReplyHandlers

https://bugs.webkit.org/show_bug.cgi?id=227088

Summary [iOS 15] Crash in IPC::clearAsyncReplyHandlers

Ali Juma

Reported 2021-06-16 12:48:05 PDT

Chrome for iOS is getting a relatively large number of crash reports in IPC::clearAsyncReplyHandlers, on iOS 15. Most of the crash reports are on iPad. Here's the crash stack: CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] 0x00000001903e7230 (WebKit + 0x0042f230) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e7224 (WebKit + 0x0042f224) WTF::Detail::CallableWrapper<WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15, void, bool&&>::call(bool&&) 0x00000001903e6f64 (WebKit + 0x0042ef64) WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::EventDispatcher::TouchEvent, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15>(Messages::EventDispatcher::TouchEvent&&, WebKit::WebPageProxy::handlePreventableTouchEvent(WebKit::NativeWebTouchEvent&)::$_15&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeda9c (WebKit + 0x00035a9c) WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) 0x000000018ffeae54 (WebKit + 0x00032e54) IPC::clearAsyncReplyHandlers(IPC::Connection const&) 0x000000018ffea97c (WebKit + 0x0003297c) IPC::Connection::~Connection() 0x000000018ffe04b0 (WebKit + 0x000284b0) WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)2>::deref() const::'lambda'(), void>::call() 0x000000018d91c0fc (JavaScriptCore + 0x00000000010b40fc) WTF::RunLoop::performWork() 0x000000018d91d5f4 (JavaScriptCore + 0x00000000010b55f4) WTF::RunLoop::performWork(void*) 0x0000000181754160 (CoreFoundation + 0x000a5160) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00000001817a80d0 (CoreFoundation + 0x000f90d0) __CFRunLoopDoSource0 0x0000000181710480 (CoreFoundation + 0x00061480) __CFRunLoopDoSources0 0x00000001817208d4 (CoreFoundation + 0x000718d4) __CFRunLoopRun 0x000000018172e318 (CoreFoundation + 0x0007f318) CFRunLoopRunSpecific 0x000000019d0cc5fc (GraphicsServices + 0x000035fc) GSEventRunModal 0x0000000183f069ac (UIKitCore + 0x003d19ac) -[UIApplication _run] 0x0000000183f06420 (UIKitCore + 0x003d1420) UIApplicationMain 0x0000000102087f30 (Chrome -chrome_exe_main.mm:66) main 0x0000000104019218

Attachments
Add attachment proposed patch, testcase, etc.

Wenson Hsieh

Comment 1 2021-06-16 12:53:02 PDT

Seems like a dupe of https://bugs.webkit.org/show_bug.cgi?id=226426?

Ali Juma

Comment 2 2021-06-16 13:26:26 PDT

Thanks, this does seem like a dupe of bug 226426. *** This bug has been marked as a duplicate of bug 226426 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 226426

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Nobody

Reported

2021-06-16 12:48 PDT

Modified

2021-06-16 13:26 PDT History

CC List

5 users Show

URL

Keywords

Depends on

Blocks