After iOS 15.4, I found that when using the CSS overflow:scroll property, there would be a crash when quickly creating and destroying webviews. Recently, this issue has occurred on iOS 16.4, iOS 16.4.1, iOS 16.5, iOS 16.5.1, and iOS 16.6. The crash stack trace is as follows:
----------------------------------------------------------------------------
WebCore/WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 328

OS Version:      iOS 16.6 (20G75)
Report Version:  104

Monitor Type:    Mach Exception
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Crashed Thread:  0

Pthread id: 2934709
Thread 0 Crashed:
0   WebKit                          WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 180
1   WebKit                          WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 140
2   WebCore                         WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 328
3   WebKit                          WebKit::ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll(WebCore::FloatPoint const&, bool) + 112
4   WebKit                          -[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:] + 68
5   UIKitCore                       -[UIScrollView _notifyDidScroll] + 72
6   UIKitCore                       -[UIScrollView setContentOffset:] + 1032
7   UIKitCore                       -[UIScrollViewScrollAnimation setProgress:] + 276
8   UIKitCore                       -[UIAnimator _advanceAnimationsOnScreenWithIdentifier:withTimestamp:] + 184
9   UIKitCore                       _UIUpdateSequenceRun + 84
10  UIKitCore                       schedulerStepScheduledMainSection + 144
11  UIKitCore                       runloopSourceCallback + 92
12  CoreFoundation                  __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
13  CoreFoundation                  __CFRunLoopDoSource0 + 176
14  CoreFoundation                  __CFRunLoopDoSources0 + 244
15  CoreFoundation                  __CFRunLoopRun + 828
16  CoreFoundation                  CFRunLoopRunSpecific + 612
17  GraphicsServices                GSEventRunModal + 164
18  UIKitCore                       -[UIApplication _run] + 888
19  UIKitCore                       UIApplicationMain + 340
20  imeituan                        main (main.m:41)
21  (null) 0x00000001e7718dec 0x0 + 8177946092

----------------------------------------------------------------------------
On iOS 15.4 and iOS 15.4.1, the crash stack trace is as follows:
----------------------------------------------------------------------------
WebCore/WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308

OS Version:      iOS 15.4.1 (19E258)
Report Version:  104

Monitor Type:    Mach Exception
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Crashed Thread:  0

Pthread id: 3104660
Thread 0 Crashed:
0   WebKit                          WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 104
1   WebCore                         WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308
2   WebCore                         WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308
3   WebKit                          WebKit::ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll(WebCore::FloatPoint const&, bool) + 112
4   WebKit                          -[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:] + 76
5   UIKitCore                       -[UIScrollView _notifyDidScroll] + 80
6   UIKitCore                       -[UIScrollView setContentOffset:] + 1224
7   UIKitCore                       -[UIScrollViewScrollAnimation setProgress:] + 320
8   UIKitCore                       -[UIAnimator _advanceAnimationsOfType:withTimestamp:] + 280
9   QuartzCore                      CA::Display::DisplayLink::dispatch_items(unsigned long long, unsigned long long, unsigned long long) + 748
10  QuartzCore                      display_timer_callback(__CFMachPort*, void*, long, void*) + 372
11  CoreFoundation                  __CFMachPortPerform + 176
12  CoreFoundation                  __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 60
13  CoreFoundation                  __CFRunLoopDoSource1 + 604
14  CoreFoundation                  __CFRunLoopRun + 2372
15  CoreFoundation                  CFRunLoopRunSpecific + 600
16  GraphicsServices                GSEventRunModal + 164
17  UIKitCore                       -[UIApplication _run] + 1100
18  UIKitCore                       UIApplicationMain + 364
19  imeituan                        main (main.m:41)
20  (null) 0x000000010ace9ce4 0x0 + 4476280036

----------------------------------------------------------------------------

I'm having trouble reproducing the issue myself, but there are related crashes happening on the production environment. Could you please take a look at the stack trace and see if there is any relevant information? The issue seems to occur when the overflow property is set to scroll or auto.