146478 2015-06-30 16:05:18 -0700 Crash at WebCore::MemoryCache::remove(WebCore::CachedResource&) 2015-07-03 09:58:08 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified ASSIGNED P2 Normal --- 1 cdumez cdumez ap simon.fraser oldest_to_newest 1105881 0 cdumez 2015-06-30 16:05:18 -0700 Flaky crash on webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html: Time Awake Since Boot: 820000 seconds Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004 VM Regions Near 0x4: --> __TEXT 000000010d9f8000-000000010da96000 [ 632K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: CRASHING TEST: webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010dd8640c WTF::StringImpl::length() const + 12 1 com.apple.JavaScriptCore 0x000000010e82d8e9 bool WTF::equalCommon<WTF::StringImpl, WTF::StringImpl>(WTF::StringImpl const&, WTF::StringImpl const&) + 25 2 com.apple.JavaScriptCore 0x000000010e8290dd WTF::equal(WTF::StringImpl const&, WTF::StringImpl const&) + 29 3 com.apple.WebCore 0x000000011288508d WTF::StringHash::equal(WTF::StringImpl const*, WTF::StringImpl const*) + 29 (StringHash.h:48) 4 com.apple.WebCore 0x0000000112885062 WTF::StringHash::equal(WTF::String const&, WTF::String const&) + 50 (StringHash.h:68) 5 com.apple.WebCore 0x0000000112b6e882 WebCore::URLHash::equal(WebCore::URL const&, WebCore::URL const&) + 50 (URLHash.h:43) 6 com.apple.WebCore 0x0000000113dd091d WTF::PairHash<WebCore::URL, WTF::String>::equal(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashFunctions.h:163) 7 com.apple.WebCore 0x0000000113dd08ed bool WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >::equal<std::__1::pair<WebCore::URL, WTF::String>, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashTable.h:282) 8 com.apple.WebCore 0x0000000113dd081c WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>* WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::lookup<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 220 (HashTable.h:624) 9 com.apple.WebCore 0x0000000113dd06ff WTF::HashTableIterator<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > > WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 79 (HashTable.h:939) 10 com.apple.WebCore 0x0000000113dd06a4 WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 36 (HashTable.h:387) 11 com.apple.WebCore 0x0000000113dd065f WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 47 (HashMap.h:242) 12 com.apple.WebCore 0x0000000113dca988 WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::remove(std::__1::pair<WebCore::URL, WTF::String> const&) + 40 (HashMap.h:377) 13 com.apple.WebCore 0x0000000113dc544d WebCore::MemoryCache::remove(WebCore::CachedResource&) + 413 (MemoryCache.cpp:435) 14 com.apple.WebCore 0x0000000113dc6a95 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 1221 (MemoryCache.cpp:395) 15 com.apple.WebCore 0x0000000113dc65ca WebCore::MemoryCache::pruneDeadResources() + 106 (MemoryCache.cpp:338) 16 com.apple.WebCore 0x0000000113dc6cef WebCore::MemoryCache::prune() + 47 (MemoryCache.cpp:758) 17 com.apple.WebCore 0x0000000113dc4725 WebCore::MemoryCache::pruneTimerFired() + 21 (MemoryCache.cpp:765) 18 com.apple.WebCore 0x0000000113dd3db3 std::__1::__function::__func<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*>, std::__1::allocator<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*> >, void ()>::operator()() + 259 (functional:1370) 19 com.apple.WebCore 0x0000000112841aca std::__1::function<void ()>::operator()() const + 26 (functional:1756) 20 com.apple.WebCore 0x0000000112841a7c WebCore::Timer::fired() + 28 (Timer.h:134) 21 com.apple.WebCore 0x00000001147c5b6e WebCore::ThreadTimers::sharedTimerFiredInternal() + 398 (ThreadTimers.cpp:135) 22 com.apple.WebCore 0x00000001147c5829 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:108) 23 com.apple.WebCore 0x00000001144773b2 WebCore::timerFired(__CFRunLoopTimer*, void*) + 34 (SharedTimerCF.cpp:82) 24 com.apple.CoreFoundation 0x00007fff961172e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 25 com.apple.CoreFoundation 0x00007fff96116f73 __CFRunLoopDoTimer + 1059 26 com.apple.CoreFoundation 0x00007fff9618a53d __CFRunLoopDoTimers + 301 27 com.apple.CoreFoundation 0x00007fff960d2608 __CFRunLoopRun + 2024 28 com.apple.CoreFoundation 0x00007fff960d1bd8 CFRunLoopRunSpecific + 296 29 DumpRenderTree 0x000000010da16818 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6536 (DumpRenderTree.mm:2012) 30 DumpRenderTree 0x000000010da14e2a runTestingServerLoop() + 330 (DumpRenderTree.mm:1176) 31 DumpRenderTree 0x000000010da143a0 dumpRenderTree(int, char const**) + 448 (DumpRenderTree.mm:1285) 32 DumpRenderTree 0x000000010da1710d DumpRenderTreeMain(int, char const**) + 125 (DumpRenderTree.mm:1420) 33 DumpRenderTree 0x000000010da6c722 main + 34 (DumpRenderTreeMain.mm:30) 34 libdyld.dylib 0x00007fff9ab6d5c9 start + 1 1106660 1 ap 2015-07-03 02:09:41 -0700 Is webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html the culprit, or is it some other test that leaves the cache in a broken state? 1106722 2 cdumez 2015-07-03 09:58:08 -0700 This is a crash when pruning the memory cache it is likely unrelated to this particular test. It looks like we have a bug in the memory cache implementation.