According to our crash analytics, our application crashes while a context menu is closed (after being opened on a web view). This crash takes place on iOS 26+ only.
Seems like WebCore::ElementContext::isSameElement is called after ElementContext has been destroyed, so it's a kind of use-after-free issue.
Can you please help with a fix or at least workaround for this issue? What's your opinion for bug localization (application or framework)?
EXC_BAD_ACCESS 0x0000000000000001
Crashed: CrBrowserMain
0 WebKit WebCore::ElementContext::isSameElement(WebCore::ElementContext const&) const + 12
1 WebKit __74-[WKSelectPicker contextMenuInteraction:willEndForConfiguration:animator:]_block_invoke + 84
2 UIKitCore -[_UIContextMenuAnimator performAllCompletions] + 248
3 UIKitCore (Missing)
4 UIKitCore (Missing)
5 UIKitCore (Missing)
6 UIKitCore (Missing)
7 UIKitCore (Missing)
8 UIKitCore -[_UIGroupCompletion _performAllCompletions] + 160
9 UIKitCore (Missing)
10 UIKitCore (Missing)
11 UIKitCore (Missing)
12 UIKitCore (Missing)
13 UIKitCore __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36
14 UIKitCore -[UIViewAnimationBlockDelegate _sendDeferredCompletion:] + 92
15 libdispatch.dylib _dispatch_call_block_and_release + 32
16 libdispatch.dylib _dispatch_client_callout + 16
17 libdispatch.dylib _dispatch_main_queue_drain.cold.5 + 812
18 libdispatch.dylib _dispatch_main_queue_drain + 180
19 libdispatch.dylib _dispatch_main_queue_callback_4CF + 44
20 CoreFoundation __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16
21 CoreFoundation __CFRunLoopRun + 1944
22 CoreFoundation _CFRunLoopRunSpecificWithOptions + 532
23 GraphicsServices GSEventRunModal + 120
24 UIKitCore -[UIApplication _run] + 792
25 UIKitCore UIApplicationMain + 336