Bug 242857

Summary: [iOS 16] Crash when tapping on input field opens a new tab
Product: WebKit Reporter: Ali Juma <ajuma>
Component: FormsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: cdumez, justincohen, wenson_hsieh
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Test case none

Description Ali Juma 2022-07-18 06:37:54 PDT 
Created attachment 460972 [details]
Test case

The attached test case crashes in both Safari and Chrome in iOS 16 developer beta 2. Tapping on the following input crashes the UIProcess:

<input type="text" name="test" onclick="window.open('https://www.webkit.org')"/>

The crash happens because of an NSInternalInconsistencyException ("Received request for main thread, but there is no current keyboard task executing.").

The relevant portion of the crash stack is:
0   CoreFoundation                  0x1abeaf248 __exceptionPreprocess + 164 (NSException.m:202)
1   libobjc.A.dylib                 0x1abad3098 objc_exception_throw + 60 (objc-exception.mm:356)
2   Foundation                      0x1acf56724 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 188 (NSException.m:242)
3   UIKitCore                       0x1b2d02018 -[UIKeyboardTaskQueue performTaskOnMainThread:waitUntilDone:] + 396 (UIKeyboardTaskQueue.m:323)
4   UIKitCore                       0x1b305dacc -[UIKeyboardTaskQueue performSingleTask:] + 80 (UIKeyboardTaskQueue.m:477)
5   UIKitCore                       0x1b37885ac -[UIKeyboardImpl updateForChangedSelection] + 116 (UIKeyboardImpl.m:9826)
6   UIKitCore                       0x1b377d394 -[UIKeyboardImpl setDelegate:force:fromBecomeFirstResponder:] + 6144 (UIKeyboardImpl.m:6008)
7   UIKitCore                       0x1b34eb5d0 -[UIKeyboardSceneDelegate _reloadInputViewsForKeyWindowSceneResponder:force:fromBecomeFirstResponder:] + 948 (UIKeyboardSceneDelegate.m:1145)
8   UIKitCore                       0x1b34eb1dc -[UIKeyboardSceneDelegate _reloadInputViewsForResponder:force:fromBecomeFirstResponder:] + 128 (UIKeyboardSceneDelegate.m:1067)
9   UIKitCore                       0x1b2e0dc48 -[UIResponder(UIResponderInputViewAdditions) reloadInputViews] + 84 (UIResponder.m:1983)

Also see FB10505050 for full crash logs from Safari and Chrome.
Comment 1 Ali Juma 2022-07-18 06:39:11 PDT 
> The attached test case crashes in both Safari and Chrome in iOS 16 developer beta 2

This also crashes in beta 3.
Comment 2 Sam Sneddon [:gsnedders] 2022-07-18 16:19:43 PDT 

*** This bug has been marked as a duplicate of bug 242732 ***