Bug 243226 - [iOS 16] Crash in -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
Summary: [iOS 16] Crash in -[WKScrollingNodeScrollViewDelegate _actingParentScrollView...
Status: RESOLVED DUPLICATE of bug 242207
Alias: None
Product: WebKit
Classification: Unclassified
Component: Scrolling (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-26 13:09 PDT by Ali Juma
Modified: 2022-07-26 13:54 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ali Juma 2022-07-26 13:09:21 PDT 
Chrome on iOS is getting reports of a new crash in iOS 16, in -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]. We have reports from all developer betas of iOS 16 released so far.

We don't have steps to reproduce, but based on our reports, this seems to be more common right after a renderer crash, and the crash URLs seem to be disproportionately from https://mail.tpb.com.vn and https://web.whatsapp.com/.

Here's the crash stack (looks like _scrollingTreeNodeDelegate is null):

Exception info: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @0x00000050
0x00000001b468be88	(WebKit + 0x0047ce88)		        -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
0x00000001b468be78	(WebKit + 0x0047ce78)		        -[WKScrollingNodeScrollViewDelegate _actingParentScrollViewForScrollView:]
0x00000001a71ea588	(UIKitCore + 0x0037d588)		-[UIScrollView _actingParentScrollView]
0x00000001a6f97368	(UIKitCore + 0x0012a368)		_UIGestureOwnerIsEffectivelyDescendantOfOwner
0x00000001a7131170	(UIKitCore + 0x002c4170)		-[UIGestureRecognizer _affectedByGesture:]
0x00000001a7efda4c	(UIKitCore + 0x0000000001090a4c)	-[UIHoverGestureRecognizer _affectedByGesture:]
0x00000001a6f82778	(UIKitCore + 0x00115778)		_UIGestureEnvironmentUpdate
0x00000001a7814228	(UIKitCore + 0x009a7228)		-[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:]
0x00000001a6fae800	(UIKitCore + 0x00141800)		-[UIGestureEnvironment _updateForEvent:window:]
0x00000001a6fb8e78	(UIKitCore + 0x0014be78)		-[UIWindow sendEvent:]
0x00000001a7112968	(UIKitCore + 0x002a5968)		-[UIApplication sendEvent:]
0x00000001a6f93c7c	(UIKitCore + 0x00126c7c)		__dispatchPreprocessedEventFromEventQueue
0x00000001a6f8a528	(UIKitCore + 0x0011d528)		__processEventQueue
0x00000001a7bdafd8	(UIKitCore + 0x00d6dfd8)		updateCycleEntry
0x00000001a74bd6cc	(UIKitCore + 0x006506cc)		_UIUpdateSequenceRun
0x00000001a7ae7fd8	(UIKitCore + 0x00c7afd8)		schedulerStepScheduledMainSection
0x00000001a7ae7620	(UIKitCore + 0x00c7a620)		runloopSourceCallback
0x00000001a013de3c	(CoreFoundation + 0x000b8e3c)		__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001a014e978	(CoreFoundation + 0x000c9978)		__CFRunLoopDoSource0
0x00000001a008a728	(CoreFoundation + 0x00005728)		__CFRunLoopDoSources0
0x00000001a009001c	(CoreFoundation + 0x0000b01c)		__CFRunLoopRun
0x00000001a00a3ba8	(CoreFoundation + 0x0001eba8)		CFRunLoopRunSpecific
0x00000001c291b35c	(GraphicsServices + 0x0000135c)		GSEventRunModal
0x00000001a7277a30	(UIKitCore + 0x0040aa30)		-[UIApplication _run]
0x00000001a707de00	(UIKitCore + 0x00210e00)		UIApplicationMain
0x0000000104342ef0	(Chrome -chrome_exe_main.mm:65)		main
0x0000000230e848f4	(dyld + 0x000158f4)		        start
Comment 1 Simon Fraser (smfr) 2022-07-26 13:54:47 PDT 

*** This bug has been marked as a duplicate of bug 242207 ***