Created attachment 134806 [details] Incorrect file - don't use! Overview: A complete crash of safari occurs when removing an embed element from the DOM while the SVG contained in the embed element is still loading and rendering. It may seem like an edge case, but this issue occurs fairly frequently in a web app that we're developing. We need it to be fast and responsive and can't delay the users actions (which include clearing parts of the DOM which contain embedded SVG) as this will result in a poor user experience. Also, there doesn't seem to be a way of binding to a 'SVG has finished rendering' event (if one exists) for SVG rendered in embed tags. Steps to recreate (using the attached files) are: 1) Load the page on an iPad in Safari 2) Click on the load button (this will display some extra SVGs in the DOM) 3) Within about 150-300ms of the last click, click the remove button. This will remove all SVGs from the DOM by removing the embed elements. The crash will occur every time if removed within this time period. Actual Results: Safari crashes completely to the home screen with no user message Expected Results: The embed elements should be removed from the DOM without crashing safari Build Date & Platform: The bug is found using an iPad running iOS 5.1 using Safari (webkit version 534.46) Supporting materials: This is the log we get from iOS when the crash occurs Incident Identifier: F8C1A042-1B1B-419E-B649-08FECE6E2842 CrashReporter Key: c3bb0efec7add244f43eb200d8b512169ef1e78e Hardware Model: iPad2,1 Process: MobileSafari [474] Path: /Applications/MobileSafari.app/MobileSafari Identifier: MobileSafari Version: ??? (???) Code Type: ARM (Native) Parent Process: launchd [1] Date/Time: 2012-03-28 13:59:48.535 +0100 OS Version: iPhone OS 5.1 (9B176) Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000538 Crashed Thread: 2 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0: 0 libsystem_kernel.dylib 0x370a70d8 0x37096000 + 69848 1 libsystem_c.dylib 0x331c2674 0x331c0000 + 9844 2 WebCore 0x3752f980 0x3752a000 + 22912 3 WebCore 0x3752f94c 0x3752a000 + 22860 4 WebKit 0x3084ae54 0x30826000 + 151124 5 CoreFoundation 0x33ddfb14 0x33d52000 + 580372 6 CoreFoundation 0x33dddd50 0x33d52000 + 572752 7 CoreFoundation 0x33dde0aa 0x33d52000 + 573610 8 CoreFoundation 0x33d6149e 0x33d52000 + 62622 9 CoreFoundation 0x33d61366 0x33d52000 + 62310 10 GraphicsServices 0x332df432 0x332db000 + 17458 11 UIKit 0x35a56e76 0x35a25000 + 204406 12 MobileSafari 0x00098e88 0x97000 + 7816 13 MobileSafari 0x00098618 0x97000 + 5656 Thread 1 name: Dispatch queue: com.apple.libdispatch-manager Thread 1: 0 libsystem_kernel.dylib 0x370973a8 0x37096000 + 5032 1 libdispatch.dylib 0x3245bf04 0x32458000 + 16132 2 libdispatch.dylib 0x3245bc22 0x32458000 + 15394 Thread 2 name: WebThread Thread 2 Crashed: 0 WebCore 0x375f9ee6 0x3752a000 + 851686 1 WebCore 0x375f9e92 0x3752a000 + 851602 2 WebCore 0x375f9dcc 0x3752a000 + 851404 3 WebCore 0x375f9d12 0x3752a000 + 851218 4 WebCore 0x3761d494 0x3752a000 + 996500 5 WebCore 0x3761d2f0 0x3752a000 + 996080 6 WebCore 0x3761d1d6 0x3752a000 + 995798 7 WebCore 0x3761cfbe 0x3752a000 + 995262 8 WebCore 0x3761ce8c 0x3752a000 + 994956 9 WebCore 0x3761c472 0x3752a000 + 992370 10 WebCore 0x3761bfae 0x3752a000 + 991150 11 WebCore 0x3761bce4 0x3752a000 + 990436 12 WebCore 0x3761bcb2 0x3752a000 + 990386 13 WebCore 0x376223fa 0x3752a000 + 1016826 14 WebCore 0x37780eae 0x3752a000 + 2453166 15 WebCore 0x3761a3a8 0x3752a000 + 983976 16 WebCore 0x376598b6 0x3752a000 + 1243318 17 WebCore 0x376593ac 0x3752a000 + 1242028 18 WebCore 0x37bd17f8 0x3752a000 + 6977528 19 WebCore 0x3767d5f6 0x3752a000 + 1390070 20 WebCore 0x37574fa0 0x3752a000 + 307104 21 WebCore 0x37574cf6 0x3752a000 + 306422 22 WebCore 0x3767d552 0x3752a000 + 1389906 23 WebCore 0x3767b850 0x3752a000 + 1382480 24 libxml2.2.dylib 0x35204324 0x351f3000 + 70436 25 libxml2.2.dylib 0x352082d8 0x351f3000 + 86744 26 WebCore 0x376799b2 0x3752a000 + 1374642 27 WebCore 0x37679808 0x3752a000 + 1374216 28 WebCore 0x375da274 0x3752a000 + 721524 29 WebCore 0x37608c40 0x3752a000 + 912448 30 WebCore 0x37603092 0x3752a000 + 888978 31 WebKit 0x30842c9a 0x30826000 + 117914 32 WebKit 0x30842b10 0x30826000 + 117520 33 WebKit 0x30842a48 0x30826000 + 117320 34 WebCore 0x375ffe9c 0x3752a000 + 876188 35 WebCore 0x375ffe08 0x3752a000 + 876040 36 WebCore 0x375ffa2e 0x3752a000 + 875054 37 WebCore 0x375ff9ba 0x3752a000 + 874938 38 WebCore 0x375ff706 0x3752a000 + 874246 39 WebCore 0x375ff6ca 0x3752a000 + 874186 40 WebCore 0x375ff5aa 0x3752a000 + 873898 41 CFNetwork 0x3431a058 0x3427c000 + 647256 42 CFNetwork 0x342804b0 0x3427c000 + 17584 43 CFNetwork 0x34280592 0x3427c000 + 17810 44 CFNetwork 0x34280592 0x3427c000 + 17810 45 CFNetwork 0x3428019c 0x3427c000 + 16796 46 CFNetwork 0x342800d2 0x3427c000 + 16594 47 CoreFoundation 0x33ddfacc 0x33d52000 + 580300 48 CoreFoundation 0x33ddf298 0x33d52000 + 578200 49 CoreFoundation 0x33dde03e 0x33d52000 + 573502 50 CoreFoundation 0x33d6149e 0x33d52000 + 62622 51 CoreFoundation 0x33d61366 0x33d52000 + 62310 52 WebCore 0x375d30f0 0x3752a000 + 692464 53 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 54 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 3 name: com.apple.NSURLConnectionLoader Thread 3: 0 libsystem_kernel.dylib 0x37097004 0x37096000 + 4100 1 libsystem_kernel.dylib 0x370971fa 0x37096000 + 4602 2 CoreFoundation 0x33ddf3ec 0x33d52000 + 578540 3 CoreFoundation 0x33dde124 0x33d52000 + 573732 4 CoreFoundation 0x33d6149e 0x33d52000 + 62622 5 CoreFoundation 0x33d61366 0x33d52000 + 62310 6 Foundation 0x32cf8bb2 0x32ce8000 + 68530 7 Foundation 0x32cf8a7a 0x32ce8000 + 68218 8 Foundation 0x32d8c58a 0x32ce8000 + 673162 9 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 10 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 4 name: Safari::SafeBrowsingManager Thread 4: 0 libsystem_kernel.dylib 0x37097004 0x37096000 + 4100 1 libsystem_kernel.dylib 0x370971fa 0x37096000 + 4602 2 CoreFoundation 0x33ddf3ec 0x33d52000 + 578540 3 CoreFoundation 0x33dde124 0x33d52000 + 573732 4 CoreFoundation 0x33d6149e 0x33d52000 + 62622 5 CoreFoundation 0x33d61366 0x33d52000 + 62310 6 MobileSafari 0x000b183a 0x97000 + 108602 7 MobileSafari 0x000b1756 0x97000 + 108374 8 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 9 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 5 name: WebCore: CFNetwork Loader Thread 5: 0 libsystem_kernel.dylib 0x37097004 0x37096000 + 4100 1 libsystem_kernel.dylib 0x370971fa 0x37096000 + 4602 2 CoreFoundation 0x33ddf3ec 0x33d52000 + 578540 3 CoreFoundation 0x33dde124 0x33d52000 + 573732 4 CoreFoundation 0x33d6149e 0x33d52000 + 62622 5 CoreFoundation 0x33d61366 0x33d52000 + 62310 6 WebCore 0x375fc526 0x3752a000 + 861478 7 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 8 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 6 name: com.apple.CFSocket.private Thread 6: 0 libsystem_kernel.dylib 0x370a7570 0x37096000 + 71024 1 CoreFoundation 0x33de363a 0x33d52000 + 595514 2 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 3 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 7 name: WebCore: LocalStorage Thread 7: 0 libsystem_kernel.dylib 0x370a7068 0x37096000 + 69736 1 libsystem_c.dylib 0x331cea46 0x331c0000 + 59974 2 libsystem_c.dylib 0x331ce7c2 0x331c0000 + 59330 3 JavaScriptCore 0x31f1d90e 0x31e58000 + 809230 4 WebCore 0x37733de8 0x3752a000 + 2137576 5 WebCore 0x37733d9e 0x3752a000 + 2137502 6 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 7 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 8 name: WebCore: LocalStorage Thread 8: 0 libsystem_kernel.dylib 0x370a7068 0x37096000 + 69736 1 libsystem_c.dylib 0x331cea46 0x331c0000 + 59974 2 libsystem_c.dylib 0x331ce7c2 0x331c0000 + 59330 3 JavaScriptCore 0x31f1d90e 0x31e58000 + 809230 4 WebCore 0x37733de8 0x3752a000 + 2137576 5 WebCore 0x37733d9e 0x3752a000 + 2137502 6 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 7 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 9: 0 libsystem_kernel.dylib 0x370a7068 0x37096000 + 69736 1 libsystem_c.dylib 0x331cea46 0x331c0000 + 59974 2 libsystem_c.dylib 0x331ce7c2 0x331c0000 + 59330 3 MobileSafari 0x000ff584 0x97000 + 427396 4 Foundation 0x32cf8a7a 0x32ce8000 + 68218 5 Foundation 0x32d8c58a 0x32ce8000 + 673162 6 libsystem_c.dylib 0x331ce72e 0x331c0000 + 59182 7 libsystem_c.dylib 0x331ce5e8 0x331c0000 + 58856 Thread 10: 0 libsystem_kernel.dylib 0x370a7cd4 0x37096000 + 72916 1 libsystem_c.dylib 0x331c8f36 0x331c0000 + 36662 2 libsystem_c.dylib 0x331c8cc8 0x331c0000 + 36040 Thread 11: 0 libsystem_kernel.dylib 0x370a7cd4 0x37096000 + 72916 1 libsystem_c.dylib 0x331c8f36 0x331c0000 + 36662 2 libsystem_c.dylib 0x331c8cc8 0x331c0000 + 36040 Thread 2 crashed with ARM Thread State: r0: 0x0181adf8 r1: 0x00000538 r2: 0x0181ae78 r3: 0x0181ae78 r4: 0x0181ae78 r5: 0x0000037d r6: 0x01674200 r7: 0x0181adec r8: 0x070ec974 r9: 0x00000121 r10: 0x00000000 r11: 0x0181af28 ip: 0x3ef852ec sp: 0x0181adbc lr: 0x375f9e99 pc: 0x375f9ee6 cpsr: 0x20000030 Binary Images: 0x97000 - 0x155fff +MobileSafari armv7 <01d9142cad993f1495d7d948b251ecab> /Applications/MobileSafari.app/MobileSafari 0x2d74000 - 0x2d74fff PhoneNumbers armv7 <e1443a14bbbe3b6cb9522583cd9f35c2> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/PlugIns/PhoneNumbers.plugin/PhoneNumbers 0x480f000 - 0x481ffff Riven armv7 <46e4d9c7b88d3afca369efb40e3ff4d5> /System/Library/TextInput/Riven.bundle/Riven 0x2fe96000 - 0x2feb7fff dyld armv7 <4a817f3e0def30d5ae2032157d889c1d> /usr/lib/dyld 0x3066a000 - 0x3066efff CertUI armv7 <f503892ef60e36108d28d8f9d6144d2a> /System/Library/PrivateFrameworks/CertUI.framework/CertUI 0x3066f000 - 0x3067bfff CoreVideo armv7 <364fa32d513f3c11b50970120545f1a8> /System/Library/Frameworks/CoreVideo.framework/CoreVideo 0x307d2000 - 0x30817fff GeoServices armv7 <a26be2e76e8730ab91a16502aba376be> /System/Library/PrivateFrameworks/GeoServices.framework/GeoServices 0x30826000 - 0x308f6fff WebKit armv7 <6ff2796c2f933050ac6ecdee9fc6a216> /System/Library/PrivateFrameworks/WebKit.framework/WebKit 0x308f7000 - 0x308f7fff vecLib armv7 <a2cfe25e77aa36bfb4a30b2d0d2dd465> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/vecLib 0x308f8000 - 0x308fffff libc++abi.dylib armv7 <bab4dcbfc5943d3fbb637342d35e8045> /usr/lib/libc++abi.dylib 0x3091c000 - 0x30922fff liblockdown.dylib armv7 <9e45ce468a6f31e5b8263f2c224aa800> /usr/lib/liblockdown.dylib 0x30923000 - 0x30936fff DataDetectorsCore armv7 <3f4596cbe1b13fdcb427d87de21df3f6> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/DataDetectorsCore 0x30937000 - 0x30a96fff libmecabra.dylib armv7 <06a0a1ee488030169bdfab11fc8d2c5c> /usr/lib/libmecabra.dylib 0x30b45000 - 0x30b49fff libAccessibility.dylib armv7 <9a17d07b5a3b38cfafdf16f78c99b572> /usr/lib/libAccessibility.dylib 0x30b4a000 - 0x30c10fff GLEngine armv7 <6617f2b4ee283469a5595129889ff049> /System/Library/Frameworks/OpenGLES.framework/GLEngine.bundle/GLEngine 0x30c18000 - 0x30c2efff libmis.dylib armv7 <258bc92be5823b239b4412dd42cb4807> /usr/lib/libmis.dylib 0x30c2f000 - 0x30cd9fff libBLAS.dylib armv7 <bf822cc1a3243ae7b104cf73ca22d352> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBLAS.dylib 0x30d48000 - 0x30d49fff CoreSurface armv7 <7850befd26b630f183ee326aaadd7b34> /System/Library/PrivateFrameworks/CoreSurface.framework/CoreSurface 0x30d5e000 - 0x30da2fff MobileCoreServices armv7 <757226927a873d5492be721908077b48> /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices 0x30da5000 - 0x30dd9fff MIME armv7 <d30292ea8f7e360fa5f5d5b1b62b602d> /System/Library/PrivateFrameworks/MIME.framework/MIME 0x30dda000 - 0x30df7fff libsystem_info.dylib armv7 <50863bcbf478323e96a8e5b1a83ea6f9> /usr/lib/system/libsystem_info.dylib 0x30ede000 - 0x30eeafff libz.1.dylib armv7 <36ce86a3dc8c344596c8c325615f374b> /usr/lib/libz.1.dylib 0x3137a000 - 0x31389fff SpringBoardServices armv7 <ca5b10014b473d2eaec5c48d89ee1b54> /System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices 0x314b0000 - 0x314b1fff libdyld.dylib armv7 <977b0ad6f2f433108b4a0324a57cd2ab> /usr/lib/system/libdyld.dylib 0x314bb000 - 0x314defff Bom armv7 <c3435ecd2e5839f89de51edad0e1bb00> /System/Library/PrivateFrameworks/Bom.framework/Bom 0x315dc000 - 0x31600fff PrintKit armv7 <08509c7bc915358b953de6f5cbef5c56> /System/Library/PrivateFrameworks/PrintKit.framework/PrintKit 0x31601000 - 0x31605fff Marco armv7 <8dea3e558fe534ff868fc92e215ce53b> /System/Library/PrivateFrameworks/Marco.framework/Marco 0x31606000 - 0x31644fff IOKit armv7 <fcda71d29d6136dfbd84c1725f4998e5> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x31647000 - 0x3166cfff OpenCL armv7 <ec915bfc3f7633dda61b5fc87459119b> /System/Library/PrivateFrameworks/OpenCL.framework/OpenCL 0x31725000 - 0x31952fff MediaToolbox armv7 <ec9bc89489763c6c93f86c5c490b2d69> /System/Library/PrivateFrameworks/MediaToolbox.framework/MediaToolbox 0x31955000 - 0x319aefff IMAVCore armv7 <ff723da55c7f3117b061604fa78766f7> /System/Library/PrivateFrameworks/IMAVCore.framework/IMAVCore 0x319af000 - 0x31a5dfff Message armv7 <b8221d43401d315fb84398b7aa570fc1> /System/Library/PrivateFrameworks/Message.framework/Message 0x31b18000 - 0x31b69fff CoreText armv7 <5bfac4ee88d03d5b87a1f105abb7756c> /System/Library/Frameworks/CoreText.framework/CoreText 0x31b6a000 - 0x31b75fff AccountSettings armv7 <373e59421d983c93931cfbad87b1ae35> /System/Library/PrivateFrameworks/AccountSettings.framework/AccountSettings 0x31b76000 - 0x31bb3fff FTServices armv7 <28ed78e01a77388cb4c0f2f6ec33482c> /System/Library/PrivateFrameworks/FTServices.framework/FTServices 0x31bb4000 - 0x31bb8fff IOSurface armv7 <6ae77a40f8e93f28bc466ca93f5675d4> /System/Library/PrivateFrameworks/IOSurface.framework/IOSurface 0x31c06000 - 0x31c1afff PersistentConnection armv7 <65682d21486836a3aa3e17b9461e7b3a> /System/Library/PrivateFrameworks/PersistentConnection.framework/PersistentConnection 0x31c1b000 - 0x31c73fff CoreAudio armv7 <be335e8eb6f93594b028a6ddd503a183> /System/Library/Frameworks/CoreAudio.framework/CoreAudio 0x31c74000 - 0x31c8efff CoreServicesInternal armv7 <cccdb5638b17398f8082542c1b3c8cf6> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/CoreServicesInternal 0x31cc9000 - 0x31d11fff CoreMedia armv7 <eb1f503312be3c93b07b2d0d25177000> /System/Library/Frameworks/CoreMedia.framework/CoreMedia 0x31e58000 - 0x31f7dfff JavaScriptCore armv7 <2ffc6c87b94434288366bd53765ee267> /System/Library/PrivateFrameworks/JavaScriptCore.framework/JavaScriptCore 0x31f7e000 - 0x31fb3fff SystemConfiguration armv7 <4464a4e3bb3f32f7abaa35ebf31fda49> /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration 0x31fb4000 - 0x31fb8fff FTClientServices armv7 <21de970d7ebb3e7fb502a0a5451b0806> /System/Library/PrivateFrameworks/FTClientServices.framework/FTClientServices 0x31fb9000 - 0x31ffcfff libcommonCrypto.dylib armv7 <95b49daf4cf038b6bea8010bba3a1e26> /usr/lib/system/libcommonCrypto.dylib 0x31ffd000 - 0x31ffffff MobileInstallation armv7 <215d93dbb0f63cbf828f9126eb7b5349> /System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation 0x3203c000 - 0x3207cfff libGLImage.dylib armv7 <40448706190031f6b0d9636cc11ee81d> /System/Library/Frameworks/OpenGLES.framework/libGLImage.dylib 0x3207d000 - 0x3216bfff libiconv.2.dylib armv7 <2cfefe2ad1d335dd9549562910e7a2e2> /usr/lib/libiconv.2.dylib 0x3216c000 - 0x321a7fff libCGFreetype.A.dylib armv7 <55941c96cf1f3b048e72a148c4496c16> /System/Library/Frameworks/CoreGraphics.framework/Resources/libCGFreetype.A.dylib 0x321a8000 - 0x321b4fff libCRFSuite.dylib armv7 <bdb2b4d1a78c39c1ba60d791207aed2a> /usr/lib/libCRFSuite.dylib 0x321ee000 - 0x321fdfff MobileDeviceLink armv7 <70ac33720f513f0f97ea2279260678ca> /System/Library/PrivateFrameworks/MobileDeviceLink.framework/MobileDeviceLink 0x321fe000 - 0x32213fff libresolv.9.dylib armv7 <66f7557fa4b43979b186e00271839fdb> /usr/lib/libresolv.9.dylib 0x3221f000 - 0x32224fff CrashReporterSupport armv7 <2bb524b3bb3c3eb2932ce13b655b7c7c> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/CrashReporterSupport 0x32225000 - 0x32288fff IMCore armv7 <6e26e99b9b5f3829a8486ffd8c64f0d2> /System/Library/PrivateFrameworks/IMCore.framework/IMCore 0x32458000 - 0x3246efff libdispatch.dylib armv7 <9ecfaef4110a3bf9a92d12f0fe8d1d78> /usr/lib/system/libdispatch.dylib 0x32601000 - 0x32602fff DataMigration armv7 <d77f0e8f39ee37f5a2ac713a3fd9e693> /System/Library/PrivateFrameworks/DataMigration.framework/DataMigration 0x32603000 - 0x3263afff Security armv7 <eea56f71fde83c2981f9281dc7823725> /System/Library/Frameworks/Security.framework/Security 0x3263b000 - 0x32664fff AppleAccount armv7 <2ba44023410231fcb3f72f762ea3ce6e> /System/Library/PrivateFrameworks/AppleAccount.framework/AppleAccount 0x3269b000 - 0x326a1fff MobileKeyBag armv7 <e1f06241ef0e3f0aae00f15df572077e> /System/Library/PrivateFrameworks/MobileKeyBag.framework/MobileKeyBag 0x326fb000 - 0x326fdfff libCoreVMClient.dylib armv7 <d4d4aa3090c83e87bcb15ed00b93fd5c> /System/Library/Frameworks/OpenGLES.framework/libCoreVMClient.dylib 0x326fe000 - 0x326fefff Accelerate armv7 <55b24cf91a8b3532bde6733c96f14c08> /System/Library/Frameworks/Accelerate.framework/Accelerate 0x326ff000 - 0x327f0fff QuartzCore armv7 <a2afbe6483683d05ad51b106f98776e2> /System/Library/Frameworks/QuartzCore.framework/QuartzCore 0x3289f000 - 0x328a5fff liblaunch.dylib armv7 <aa2bcba6fc7a36a191958fef2e995475> /usr/lib/system/liblaunch.dylib 0x328f4000 - 0x329bafff libobjc.A.dylib armv7 <90014d1bc583366d85622e43097df416> /usr/lib/libobjc.A.dylib 0x329e8000 - 0x32a8efff AddressBookUI armv7 <da424fecc66e3628ab03378ae80b38fc> /System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 0x32aaf000 - 0x32ac9fff libPDFRIP.A.dylib armv7 <42fc0d0055ed38d4a082918a620faadd> /System/Library/Frameworks/CoreGraphics.framework/Resources/libPDFRIP.A.dylib 0x32aef000 - 0x32bf5fff IMGSGX543GLDriver armv7 <a22da8177dc73bb895eb7a9f11e19d6a> /System/Library/Extensions/IMGSGX543GLDriver.bundle/IMGSGX543GLDriver 0x32c1c000 - 0x32c1cfff libCVMSPluginSupport.dylib armv7 <a80aaa9989483ce3a496a061fd1e9e0a> /System/Library/Frameworks/OpenGLES.framework/libCVMSPluginSupport.dylib 0x32c1d000 - 0x32c96fff ProofReader armv7 <6db611d8df6530d480f97a40bc519f70> /System/Library/PrivateFrameworks/ProofReader.framework/ProofReader 0x32ce8000 - 0x32e66fff Foundation armv7 <c40ddb073142315bb4ebb214343d0b7f> /System/Library/Frameworks/Foundation.framework/Foundation 0x32f5f000 - 0x32f76fff WebBookmarks armv7 <bd20a05587783a8e9596eef1d3615ea7> /System/Library/PrivateFrameworks/WebBookmarks.framework/WebBookmarks 0x32f77000 - 0x32f79fff OAuth armv7 <3ccc08bd120934baba4572552dc18ee4> /System/Library/PrivateFrameworks/OAuth.framework/OAuth 0x32fd9000 - 0x32fdcfff NetworkStatistics armv7 <7848d8ebad99367cb4f7f4e3fe88e5d6> /System/Library/PrivateFrameworks/NetworkStatistics.framework/NetworkStatistics 0x32fdd000 - 0x32fdefff libsystem_blocks.dylib armv7 <9fdc27af7350323bbc7d98e14e027907> /usr/lib/system/libsystem_blocks.dylib 0x32fe0000 - 0x33018fff VideoToolbox armv7 <9f25f38d1cd13a1daff99cfde8884410> /System/Library/PrivateFrameworks/VideoToolbox.framework/VideoToolbox 0x3305f000 - 0x330a9fff ManagedConfiguration armv7 <5e0a131bbfec305ea01f9e01f486da63> /System/Library/PrivateFrameworks/ManagedConfiguration.framework/ManagedConfiguration 0x330aa000 - 0x330aefff libGFXShared.dylib armv7 <998fccc16cf735dbb62324202995e193> /System/Library/Frameworks/OpenGLES.framework/libGFXShared.dylib 0x330fb000 - 0x330fefff libmacho.dylib armv7 <e52b77623bd031bc807e77029566c777> /usr/lib/system/libmacho.dylib 0x33192000 - 0x3319ffff libbsm.0.dylib armv7 <750a0de73a733019a77144b805d4d2f8> /usr/lib/libbsm.0.dylib 0x331a2000 - 0x331a5fff ActorKit armv7 <434c756a6b053f4ba3c954cfccddbf59> /System/Library/PrivateFrameworks/ActorKit.framework/ActorKit 0x331c0000 - 0x3324cfff libsystem_c.dylib armv7 <f859ce1ad1773f0ba98d7c6e135b7697> /usr/lib/system/libsystem_c.dylib 0x33252000 - 0x33255fff libcompiler_rt.dylib armv7 <b2c05d8601c13be884097192dca4e187> /usr/lib/system/libcompiler_rt.dylib 0x33256000 - 0x3326ffff libRIP.A.dylib armv7 <1828cddc5dd93c61afbefb59587d7f8a> /System/Library/Frameworks/CoreGraphics.framework/Resources/libRIP.A.dylib 0x3327b000 - 0x332c7fff CoreTelephony armv7 <e8eb52ca5fe33c7488a33efd222e7804> /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 0x332db000 - 0x332e5fff GraphicsServices armv7 <e21a6e61bdd136b6805a9e3abe2e3d1f> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices 0x332e6000 - 0x332ebfff libsystem_dnssd.dylib armv7 <27bb5462450732e380f5a2c170546e93> /usr/lib/system/libsystem_dnssd.dylib 0x332ec000 - 0x332fbfff GenerationalStorage armv7 <d84c3fd0e7bd36e78c256f2f4c5a4e91> /System/Library/PrivateFrameworks/GenerationalStorage.framework/GenerationalStorage 0x3330a000 - 0x33358fff CoreLocation armv7 <44550ebedf23334d85441d9743b74e03> /System/Library/Frameworks/CoreLocation.framework/CoreLocation 0x33372000 - 0x33451fff RawCamera armv7 <98fb7b5042b2314b86f4be8d2881bd04> /System/Library/CoreServices/RawCamera.bundle/RawCamera 0x3345c000 - 0x3349bfff QuickLook armv7 <802b1092542a3017a0380632502610d4> /System/Library/Frameworks/QuickLook.framework/QuickLook 0x33675000 - 0x336b1fff IMFoundation armv7 <77bb4365a65b32a49523b03da0340dbc> /System/Library/PrivateFrameworks/IMCore.framework/Frameworks/IMFoundation.framework/IMFoundation 0x33714000 - 0x33718fff AggregateDictionary armv7 <3a3a33f3a05538988c6e2bb363dc46a8> /System/Library/PrivateFrameworks/AggregateDictionary.framework/AggregateDictionary 0x3371d000 - 0x3373dfff libxslt.1.dylib armv7 <39348471007e39dab80af68b08390456> /usr/lib/libxslt.1.dylib 0x33868000 - 0x33879fff libxpc.dylib armv7 <ccf25b1e49ce3b2fa58d8c8546755505> /usr/lib/system/libxpc.dylib 0x3387a000 - 0x33881fff AssetsLibraryServices armv7 <0703f561f9a038b6850d6e93bba7e5f4> /System/Library/PrivateFrameworks/AssetsLibraryServices.framework/AssetsLibraryServices 0x338b6000 - 0x33959fff libType2Streamer.dylib armv7 <c9a317d53794331fa60f323c384b302c> /usr/lib/libType2Streamer.dylib 0x3395a000 - 0x339d9fff libsqlite3.dylib armv7 <bf01f5ed47b033d8bde30d735ff44416> /usr/lib/libsqlite3.dylib 0x33a05000 - 0x33a0bfff libnotify.dylib armv7 <9406297de3e43742887890662a87ab53> /usr/lib/system/libnotify.dylib 0x33a1e000 - 0x33a37fff Twitter armv7 <8fe6d77b99b43d2287e9c51bc4b22456> /System/Library/Frameworks/Twitter.framework/Twitter 0x33a4e000 - 0x33a55fff MailServices armv7 <ab2388ce733e38b7a261273a401bbbf1> /System/Library/PrivateFrameworks/MailServices.framework/MailServices 0x33b2d000 - 0x33b43fff DictionaryServices armv7 <6ed2e967136f37d4a4b9b318d6c43b83> /System/Library/PrivateFrameworks/DictionaryServices.framework/DictionaryServices 0x33b44000 - 0x33b44fff liblangid.dylib armv7 <644ff4bcfbf337b5b5859e3f0fc0a9a8> /usr/lib/liblangid.dylib 0x33b4c000 - 0x33b88fff AppSupport armv7 <311eac85b2a433a884dacba77217b49e> /System/Library/PrivateFrameworks/AppSupport.framework/AppSupport 0x33d4b000 - 0x33d4efff CaptiveNetwork armv7 <f5cc4b97ce9432da9426f12621453325> /System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork 0x33d52000 - 0x33e69fff CoreFoundation armv7 <6d450fe923d7387f8b01845e0edd713d> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x33e7a000 - 0x33e7bfff libremovefile.dylib armv7 <402f8956975d3b6fb86ab9b31a43242c> /usr/lib/system/libremovefile.dylib 0x33f5c000 - 0x3421dfff libLAPACK.dylib armv7 <0e94e9a7e7a334649afaccae0f1215a2> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLAPACK.dylib 0x34235000 - 0x34239fff IOMobileFramebuffer armv7 <42dbc26828e934acabb4f3b0a35d8250> /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer 0x3423a000 - 0x34244fff libvMisc.dylib armv7 <e8248c797b9b363594bb652ddf7ce16d> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvMisc.dylib 0x34245000 - 0x34245fff libunwind.dylib armv7 <e0a73a57795f3e1698a52ebe6fc07005> /usr/lib/system/libunwind.dylib 0x34246000 - 0x34265fff libSystem.B.dylib armv7 <0c55744b6f7335eebba4ca2c3d10b43c> /usr/lib/libSystem.B.dylib 0x3427c000 - 0x34353fff CFNetwork armv7 <765a472c824830eea91b8f02d12867e4> /System/Library/Frameworks/CFNetwork.framework/CFNetwork 0x343a5000 - 0x343affff libbz2.1.0.dylib armv7 <40e4045fb79e382b8833707746cf28b1> /usr/lib/libbz2.1.0.dylib 0x343b0000 - 0x34436fff CoreMotion armv7 <6a9355d5a8e238b5b8f193605d509e15> /System/Library/Frameworks/CoreMotion.framework/CoreMotion 0x34440000 - 0x34491fff libstdc++.6.dylib armv7 <c352af5a742e3c7a8d4d7e5f6f454793> /usr/lib/libstdc++.6.dylib 0x34a29000 - 0x34a2afff libsystem_sandbox.dylib armv7 <66e985f3eea03ef08afb7cf4c153f76e> /usr/lib/system/libsystem_sandbox.dylib 0x34a2b000 - 0x34a2ffff libcache.dylib armv7 <d6a7436ed8dc33d795c9b42baf864882> /usr/lib/system/libcache.dylib 0x34a3c000 - 0x34a99fff StoreServices armv7 <628fbbc73ed93730962c53bfbfde6794> /System/Library/PrivateFrameworks/StoreServices.framework/StoreServices 0x34ac6000 - 0x34b36fff CoreImage armv7 <86ac6f5a267637b6b7f8a831dfc7c64b> /System/Library/Frameworks/CoreImage.framework/CoreImage 0x34c5f000 - 0x34c61fff libCoreFSCache.dylib armv7 <808518e0fbf539af8489f028ca5198c7> /System/Library/Frameworks/OpenGLES.framework/libCoreFSCache.dylib 0x34ca9000 - 0x34e4ffff CoreData armv7 <b0215b6d4d143859a2b313ecade095ec> /System/Library/Frameworks/CoreData.framework/CoreData 0x35045000 - 0x3508efff AddressBook armv7 <b17a2962e9043e0385c3c2c652155f2b> /System/Library/Frameworks/AddressBook.framework/AddressBook 0x350c9000 - 0x350dcfff AssistantServices armv7 <a947b2365a503c4ca168f7de4ed0c8ff> /System/Library/PrivateFrameworks/AssistantServices.framework/AssistantServices 0x35120000 - 0x35184fff MessageUI armv7 <b74d79ea691a35ada276f063b7217a20> /System/Library/Frameworks/MessageUI.framework/MessageUI 0x351a8000 - 0x351b1fff libMobileGestalt.dylib armv7 <4a15e845dc6f3a4a980de66c1cc44c42> /usr/lib/libMobileGestalt.dylib 0x351f3000 - 0x352a0fff libxml2.2.dylib armv7 <58d47f064e0232119f4b838ad659f9c1> /usr/lib/libxml2.2.dylib 0x352a1000 - 0x35370fff libGLProgrammability.dylib armv7 <49607ffe4ee9389494285a213e392924> /System/Library/Frameworks/OpenGLES.framework/libGLProgrammability.dylib 0x35371000 - 0x35376fff ApplePushService armv7 <f424c0340de637c08bbeb4f3bd8c6eaf> /System/Library/PrivateFrameworks/ApplePushService.framework/ApplePushService 0x353ab000 - 0x353e7fff iCalendar armv7 <f2836083051132d3aa40ad82d7f73aea> /System/Library/PrivateFrameworks/iCalendar.framework/iCalendar 0x353f4000 - 0x353fafff MobileIcons armv7 <ed1b46f917903c9b9baaa2be4392dafe> /System/Library/PrivateFrameworks/MobileIcons.framework/MobileIcons 0x35403000 - 0x354c5fff Celestial armv7 <2a59586b0ae937c3b25fe526924aa885> /System/Library/PrivateFrameworks/Celestial.framework/Celestial 0x359db000 - 0x35a24fff libc++.1.dylib armv7 <5b690e5dd5a43a7fb166ade9fe58a7a4> /usr/lib/libc++.1.dylib 0x35a25000 - 0x35ec7fff UIKit armv7 <d72bcc68e76a3a55a963590cdcffe8cd> /System/Library/Frameworks/UIKit.framework/UIKit 0x35ef4000 - 0x35efcfff ProtocolBuffer armv7 <0e846afacf823d2b8c029cc3010a8253> /System/Library/PrivateFrameworks/ProtocolBuffer.framework/ProtocolBuffer 0x35efd000 - 0x35f2dfff ContentIndex armv7 <7a64670bb2ff3ee39ddee1dc1c72f92d> /System/Library/PrivateFrameworks/ContentIndex.framework/ContentIndex 0x35f4f000 - 0x35f4ffff libkeymgr.dylib armv7 <ebd2dddf55d83cf48a18913968775960> /usr/lib/system/libkeymgr.dylib 0x35f50000 - 0x36095fff CoreGraphics armv7 <903545b89a7f311d95100ac7d1d44709> /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics 0x36165000 - 0x361fefff EventKit armv7 <d67aa1508ee7306b8e2a45c76ffddff0> /System/Library/Frameworks/EventKit.framework/EventKit 0x3625f000 - 0x3626efff OpenGLES armv7 <e80acc691001301e96101bb89d940033> /System/Library/Frameworks/OpenGLES.framework/OpenGLES 0x36353000 - 0x36897fff FaceCoreLight armv7 <f326d88709683520b251dc53cb847c11> /System/Library/PrivateFrameworks/FaceCoreLight.framework/FaceCoreLight 0x3689f000 - 0x36a83fff AudioToolbox armv7 <c91e27850452330ea804db6408840fd2> /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox 0x36ad3000 - 0x36b47fff MediaControlSender armv7 <87315c54b2293ab589950341ff91b45d> /System/Library/PrivateFrameworks/MediaControlSender.framework/MediaControlSender 0x36bfe000 - 0x36f6dfff TextInput armv7 <8d7f24642c7634cc8e3a6e65f1dcd98e> /System/Library/PrivateFrameworks/TextInput.framework/TextInput 0x36f6e000 - 0x36f6efff libgcc_s.1.dylib armv7 <eb82984fa36c329387aa518aa5205f3d> /usr/lib/libgcc_s.1.dylib 0x36f6f000 - 0x36f80fff DataAccessExpress armv7 <e6144ba265da3bb7b9a263aa1a29b054> /System/Library/PrivateFrameworks/DataAccessExpress.framework/DataAccessExpress 0x36f8d000 - 0x36f90fff libsystem_network.dylib armv7 <356cb66612e836968ef24e6e5c3364cc> /usr/lib/system/libsystem_network.dylib 0x36f91000 - 0x36fdbfff libvDSP.dylib armv7 <441b42aca07b3da39feab25f8349918f> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvDSP.dylib 0x36fdc000 - 0x36fe4fff MobileWiFi armv7 <b76c3e9fb78234c392058250d4620e72> /System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi 0x36ff0000 - 0x36ffcfff Accounts armv7 <79f22009b1173e1e81f70fc5c0410119> /System/Library/Frameworks/Accounts.framework/Accounts 0x36ffe000 - 0x37003fff libcopyfile.dylib armv7 <52e874396c393ed29099789ce702cfe2> /usr/lib/system/libcopyfile.dylib 0x37096000 - 0x370acfff libsystem_kernel.dylib armv7 <7ac5560851ce3cb3981068092074b409> /usr/lib/system/libsystem_kernel.dylib 0x370ad000 - 0x3726afff ImageIO armv7 <02e3578171fa3b6a969b244275fd2bab> /System/Library/Frameworks/ImageIO.framework/ImageIO 0x37270000 - 0x37276fff XPCObjects armv7 <dc568831fa5b3b22b673c62bc9d21d16> /System/Library/PrivateFrameworks/XPCObjects.framework/XPCObjects 0x372d5000 - 0x372d6fff libdnsinfo.dylib armv7 <9aede8d6579d3430ac39ae5f95cce498> /usr/lib/system/libdnsinfo.dylib 0x3735f000 - 0x37375fff EAP8021X armv7 <fffe86a22bc434a6ae84f23bfecef9d6> /System/Library/PrivateFrameworks/EAP8021X.framework/EAP8021X 0x37376000 - 0x374bffff libicucore.A.dylib armv7 <b70646b63f1f3b33896dd8cb91b8dab1> /usr/lib/libicucore.A.dylib 0x3752a000 - 0x37ce8fff WebCore armv7 <814351ff217e3425a8e532c2e2251f73> /System/Library/PrivateFrameworks/WebCore.framework/WebCore 0x37ce9000 - 0x37cf2fff WebUI armv7 <983052fd974d3b82bf1ab2878d62d0ba> /System/Library/PrivateFrameworks/WebUI.framework/WebUI 0x37d35000 - 0x37d61fff libtidy.A.dylib armv7 <3aacc5b650e037c086a8ff6657d154bf> /usr/lib/libtidy.A.dylib 0x37e2c000 - 0x37e44fff Notes armv7 <724966ed5cd4395cb70f9c996b123f53> /System/Library/PrivateFrameworks/Notes.framework/Notes 0x37e50000 - 0x37e66fff VoiceServices armv7 <c5b98e94eff33bf49006ff157c819987> /System/Library/PrivateFrameworks/VoiceServices.framework/VoiceServices 0x37e67000 - 0x37e6afff CoreTime armv7 <a398de5ba1e43a11b7008e9bb5a7f6fe> /System/Library/PrivateFrameworks/CoreTime.framework/CoreTime 0x37e6b000 - 0x37e70fff libGPUSupportMercury.dylib armv7 <3c1cc3175c403ace8fcbd3826bd43807> /System/Library/PrivateFrameworks/GPUSupport.framework/libGPUSupportMercury.dylib 0x380f1000 - 0x38126fff DataAccess armv7 <89fd0c22338b37538cf61803a0bca9e2> /System/Library/PrivateFrameworks/DataAccess.framework/DataAccess 0x38133000 - 0x3820bfff vImage armv7 <caf3648be2933384b6aa1ae7408ab4f0> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage 0x3820c000 - 0x3822ffff MobileSync armv7 <e42604c550283f4aa517ae8f108b340f> /System/Library/PrivateFrameworks/MobileSync.framework/MobileSync
Created attachment 134810 [details] ** Updated ** Files to reproduce
If just mobile Safari is affected, please report bugs at: https://bugreport.apple.com/ You might also test your file with a latest nightly build of WebKit to see if it is a WebKit bug: http://nightly.webkit.org/ Greetings, Dirk
@Dirk, Thanks for the comment, it seems to be some sort of race condition during the load and removal of an SVG and since desktop versions of the browsers (I assume I'd need a desktop browser to try a nightly of webkit) are really fast with loading and rendering of SVG, it rather limits the window of operability for the race condition to occur. So I'm not sure if I'll be able to tell if it occurs using the latest nightlies! :) We should have an iPad 3 soon (which I'm guessing will have a later version of webkit with safari), so I'll be able to try that! I've lodged a separate bug already with apple, but I guess the webkit references in the stack trace lead me to believe that it is webkit related. (That and apple don't seem to ever give feedback to their bug reports!) Thanks! Andy.
Dirk is right - when there is no direct evidence that a bug you observe on iOS affects other platforms, it should go to <http://bugreport.apple.com>. > I've lodged a separate bug already with apple Please post the 8-digit bug number here.
Hey, the apple bug ID is: 11155336 I guess there are a couple of references to WebKit in the crashed thread's stack, but I can understand that it isn't really evidence of such that WebKit is to blame. Thanks, Andy.