268492 – [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]

Bug 268492 - [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]

Summary: [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollVie...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Scrolling (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Wenson Hsieh

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2024-01-31 13:10 PST by Ali Juma
Modified:	2024-02-01 15:22 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Crashlog (26.83 KB, text/plain) 2024-01-31 16:17 PST, Ali Juma	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ali Juma 2024-01-31 13:10:51 PST

Chrome for iOS is getting reports of a new crash in iOS 17.4, in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]. It looks like we might have a null _scrollingTreeNodeDelegate.

Here's the crash stack:
Exception info: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @0x00000036
0x00000001ae924040	(WebCore + 0x0000000001eec040)		WebCore::ScrollingTreeScrollingNodeDelegate::scrollingTree() const
0x00000001afc2c5ec	(WebKit + 0x005dd5ec)		-[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]
0x000000019bec5e4c	(UIKitCore + 0x0001ee4c)		_UIGestureOwnerIsEffectivelyDescendantOfOwner
0x000000019bec5dd8	(UIKitCore + 0x0001edd8)		-[UIGestureRecognizer _affectedByGesture:]
0x000000019bec5c1c	(UIKitCore + 0x0001ec1c)		-[UIGestureRecognizer _isExcludedByExcludable:]
0x000000019bec55fc	(UIKitCore + 0x0001e5fc)		_UIExclusionMatrixPerformExclusion
0x000000019bec32fc	(UIKitCore + 0x0001c2fc)		_UIGestureEnvironmentUpdate
0x0000000199c64d38	(CoreFoundation + 0x00035d38)		__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
0x0000000199c63734	(CoreFoundation + 0x00034734)		__CFRunLoopDoObservers
0x0000000199c62e4c	(CoreFoundation + 0x00033e4c)		__CFRunLoopRun
0x0000000199c62964	(CoreFoundation + 0x00033964)		CFRunLoopRunSpecific
0x00000001dec164dc	(GraphicsServices + 0x000034dc)		GSEventRunModal
0x000000019c0d2bf8	(UIKitCore + 0x0022bbf8)		-[UIApplication _run]
0x000000019c0d2234	(UIKitCore + 0x0022b234)		UIApplicationMain
0x000000010491ead0	(Chrome -chrome_exe_main.mm:72)		(anonymous namespace)::RunUIApplicationMain(int, char**)
0x000000010491ead0	(Chrome -chrome_exe_main.mm:128)		ChromeMain
0x000000010491eb40	(Chrome -chrome_exe_main.mm:135)		main
0x00000001bdda8d80	(dyld + 0x00005d80)		start

Comment 1 Radar WebKit Bug Importer 2024-01-31 14:02:43 PST

<rdar://problem/122041538>

Comment 2 Ali Juma 2024-01-31 16:17:00 PST

Created attachment 469639 [details]
Crashlog

Comment 3 Wenson Hsieh 2024-01-31 20:17:15 PST

Pull request: https://github.com/WebKit/WebKit/pull/23648

Comment 4 EWS 2024-02-01 15:22:49 PST

Committed 273946@main (d29efacb92f3): <https://commits.webkit.org/273946@main>

Reviewed commits have been landed. Closing PR #23648 and removing active labels.