[Webkit-unassigned] [Bug 138961] New: crash in CAAnimation dealloc (CA::release_objects X::List)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 21 05:08:37 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=138961

            Bug ID: 138961
           Summary: crash in CAAnimation dealloc (CA::release_objects
                    X::List)
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: iOS
                OS: iOS 8.1
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: danielo at opera.com

Crashed: WebThread
EXC_BAD_ACCESS KERN_INVALID_ADDRESS at 0xf000000c
See the stack below.

This crash existed since 2013, but it increased a lot since iOS 8 release.
40% of the time it happens on iPhone 5s.

Stack:

Thread : Crashed: WebThread (com.apple.root.default-qos.overcommit)
0  libobjc.A.dylib                0x3a507f46 objc_msgSend + 5
1  CoreFoundation                 0x2cc2ee5d CFRelease + 600
2  QuartzCore                     0x2fc0ba65 CA::release_objects(X::List<void const*>*) + 16
3  QuartzCore                     0x2fc10dc7 -[CAAnimation dealloc] + 54
4  libobjc.A.dylib                0x3a515d5f objc_object::sidetable_release(bool) + 166
5  libobjc.A.dylib                0x3a5161a9 (anonymous namespace)::AutoreleasePoolPage::pop(void*) + 404
6  CoreFoundation                 0x2cc39f99 _CFAutoreleasePoolPop + 16
7  Foundation                     0x2d9780ff -[NSAutoreleasePool drain] + 122
8  CFNetwork                      0x2c84f9d1 AutoAutoreleasePool::~AutoAutoreleasePool() + 24
9  CFNetwork                      0x2c833a43 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 166
10 CFNetwork                      0x2c78834d RunloopBlockContext::_invoke_block(void const*, void*) + 60
11 CoreFoundation                 0x2cc39c7d CFArrayApplyFunction + 36
12 CFNetwork                      0x2c788207 RunloopBlockContext::perform() + 182
13 CFNetwork                      0x2c7880cd MultiplexerSource::perform() + 216
14 CFNetwork                      0x2c787f61 MultiplexerSource::_perform(void*) + 48
15 CoreFoundation                 0x2ccee377 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 14
16 CoreFoundation                 0x2cced787 __CFRunLoopDoSources0 + 218
17 CoreFoundation                 0x2ccebded __CFRunLoopRun + 772
18 CoreFoundation                 0x2cc3a211 CFRunLoopRunSpecific + 476
19 CoreFoundation                 0x2cc3a023 CFRunLoopRunInMode + 106
20 WebCore                        0x38061ec3 RunWebThread(void*) + 418
21 libsystem_pthread.dylib        0x3abbee93 _pthread_body + 138
22 libsystem_pthread.dylib        0x3abbee07 _pthread_start + 118

Some related info:
http://stackoverflow.com/questions/26656342/uiwebview-random-crash-at-uiviewanimationstate-release-message-sent-to-deallo
Sample project:
https://github.com/crarau/WebViewCrash

Sites that can crash with this:
http://www.amazon.com
http://www.yandex.ru
http://m.vk.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141121/0106d2cb/attachment-0002.html>

More information about the webkit-unassigned mailing list