iOS UIWebView crashes randomly on WebCore::FrameTree::top

I have an iOS app that randomly seems to crash on a screen that has a UIWebView. It looks like the crash happens mostly on iPhone 5C devices (74% of the time) and 100% of the time on iOS 10.X.

The exception message is:

EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000028

From that low memory address it makes me think something was nil.

Here's the backtrace (this is not the main thread):

0    WebCore                                       WebCore::FrameTree::top() + 0
1    WebCore                                       WebCore::ContentSecurityPolicy::allowFrameAncestors() + 33
2    WebCore                                       WebCore::DocumentLoader::responseReceived() + 413
3    WebCore                                       WebCore::DocumentLoader::handleSubstituteDataLoadNow() + 203
4    WebCore                                       WebCore::ThreadTimers::sharedTimerFiredInternal() + 149
5    WebCore                                       WebCore::timerFired() + 23
6    CoreFoundation                                __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 15
7    CoreFoundation                                __CFRunLoopDoTimer + 833
8    CoreFoundation                                __CFRunLoopDoTimers + 189
9    CoreFoundation                                __CFRunLoopRun + 781
10   CoreFoundation                               CFRunLoopRunSpecific + 471
11   CoreFoundation                               CFRunLoopRunInMode + 105
12   WebCore                                      RunWebThread() + 427
13   libsystem_pthread.dylib                      _pthread_body + 217
14   libsystem_pthread.dylib                      _pthread_start + 235

I can't reproduce this crash myself.

Since WebKit is open source, I found the code where it crashes: WebCore::FrameTree::top. From looking at that code, I'm guessing m_thisFrame->tree() is NULL, but I'm not sure how to explain it. I'm not sure exactly what "frames" and "trees" are in that context.

From the backtrace it looks like there is some timer that's being fired, possibly after the View Controller or the Web View is already deallocated? Is that timer due to a JavaScript setTimeout call?

Also I notice every time this crash happens, I get a call to [UIWebViewDelegate webView:didFailLoadWithError:] right before the crash. The most common errors returned in that delegate method are:

• Frame load interrupted
• too many HTTP redirects
• The request timed out

But I don't have analytics in place to correlate the error message with the crash, so I'm not sure which (if any) would explain it. When that delegate method fires, I show the user an error message in a modal. Could this be related to the crash? I tried reproducing the "Frame load interrupted" and "too many HTTP redirects" errors but neither causes the crash for me in simulator.

I already follow the advice in this answer (mostly) and call [webview stopLoading] in viewWillDisappear and I call self.webView.delegate = nil in dealloc of the containing View Controller but it didn't help.

This isn't really an answer, but this crash seems to be related to when content filtering (parent controls) are enabled. If you add whatever domain your app is loading in the UIWebView to the iOS parent controls blocklist, you should see this error in the application logs (coming internally from WebKit's WebFilter). It seems to invalidate the UIWebView in some way, so when you interact with it again, it crashes your whole app. You can probably avoid the crash by switching to WKWebView.

WF: WebFilterEvaluator:addData: https://some-blocked-url.com is restricted: blacklisted