157000 2016-04-25 15:29:11 -0700 Crash under MemoryCache::remove() 2016-04-25 17:49:47 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez beidson commit-queue japhet kling koivisto webkit-bug-importer oldest_to_newest 1187083 0 cdumez 2016-04-25 15:29:11 -0700 Crash under MemoryCache::remove(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000438) [ 0] 0x00007fff96f24da7 WebCore`WebCore::MemoryCache::remove(WebCore::CachedResource&) [inlined] WebCore::CachedResource::sessionID() const at CachedResource.h:116:42 112 const URL& url() const { return m_resourceRequest.url();} 113 #if ENABLE(CACHE_PARTITIONING) 114 const String& cachePartition() const { return m_resourceRequest.cachePartition(); } 115 #endif -> 116 SessionID sessionID() const { return m_sessionID; } 117 Type type() const { return static_cast<Type>(m_type); } 118 119 ResourceLoadPriority loadPriority() const { return m_loadPriority; } 120 void setLoadPriority(const Optional<ResourceLoadPriority>&); 0x00007fff96f24d94: movq %rdi, %r14 0x00007fff96f24d97: movq 0x158(%r14), %rax 0x00007fff96f24d9e: testq %rax, %rax 0x00007fff96f24da1: je 0xb0f08c ; <+780> at MemoryCache.cpp:450 -> 0x00007fff96f24da7: movq 0x438(%r13), %r9 0x00007fff96f24dae: movl 0x164(%r14), %r8d 0x00007fff96f24db5: movl %r8d, %esi 0x00007fff96f24db8: andl %r9d, %esi 0x00007fff96f24dbb: movq %rsi, %rcx [ 0] 0x00007fff96f24da7 WebCore`WebCore::MemoryCache::remove(WebCore::CachedResource&) + 39 at MemoryCache.cpp:427 423 ASSERT(WTF::isMainThread()); 424 LOG(ResourceLoading, "Evicting resource %p for '%s' from cache", &resource, resource.url().string().latin1().data()); 425 // The resource may have already been removed by someone other than our caller, 426 // who needed a fresh copy for a reload. See <http://bugs.webkit.org/show_bug.cgi?id=12479#c6>. -> 427 if (auto* resources = sessionResourceMap(resource.sessionID())) { 428 #if ENABLE(CACHE_PARTITIONING) 429 auto key = std::make_pair(resource.url(), resource.cachePartition()); 430 #else 431 auto& key = resource.url(); [ 1] 0x00007fff96f27673 WebCore`WebCore::MemoryCache::evictResources(WebCore::SessionID) + 99 at MemoryCache.cpp:743:9 739 return; 740 auto& resources = *it->value; 741 742 for (int i = 0, size = resources.size(); i < size; ++i) -> 743 remove(*resources.begin()->value); 744 745 ASSERT(!m_sessionResources.contains(sessionID)); 746 } 747 0x00007fff96f27660: movq %r14, %rdi 0x00007fff96f27663: callq 0xb11c70 ; WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::begin at HashMap.h:217 0x00007fff96f27668: movq 0x40(%rax), %rsi 0x00007fff96f2766c: movq %r15, %rdi -> 0x00007fff96f2766f: callq 0xb0ed80 ; WebCore::MemoryCache::remove at MemoryCache.cpp:422 0x00007fff96f27674: decl %ebx 0x00007fff96f27676: jne 0xb11660 ; <+80> at MemoryCache.cpp:743 0x00007fff96f27678: addq $0x8, %rsp 0x00007fff96f2767c: popq %rbx [ 2] 0x00007fff94286040 WebKit`WebKit::WebProcess::deleteWebsiteData(WebCore::SessionID, unsigned long long, std::__1::chrono::time_point<std::__1::chrono::system_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000l> > >, unsigned long long) + 56 at WebProcess.cpp:1179:9 1175 UNUSED_PARAM(modifiedSince); 1176 1177 if (websiteDataTypes & WebsiteDataTypeMemoryCache) { 1178 PageCache::singleton().pruneToSizeNow(0, PruningReason::None); -> 1179 MemoryCache::singleton().evictResources(sessionID); 1180 1181 CrossOriginPreflightResultCache::singleton().empty(); 1182 } 1183 0x00007fff9428602c: callq 0x2bd96a ; symbol stub for: WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) 0x00007fff94286031: callq 0x2bc1a6 ; symbol stub for: WebCore::MemoryCache::singleton() 0x00007fff94286036: movq %rax, %rdi 0x00007fff94286039: movq %r15, %rsi -> 0x00007fff9428603c: callq 0x2bc194 ; symbol stub for: WebCore::MemoryCache::evictResources(WebCore::SessionID) 0x00007fff94286041: callq 0x2bd274 ; symbol stub for: WebCore::CrossOriginPreflightResultCache::singleton() 0x00007fff94286046: movq %rax, %rdi 0x00007fff94286049: callq 0x2bd26e ; symbol stub for: WebCore::CrossOriginPreflightResultCache::empty() 0x00007fff9428604e: movq 0x50(%rbx), %rdi 1187084 1 cdumez 2016-04-25 15:29:39 -0700 rdar://problem/23344660 1187103 2 277287 cdumez 2016-04-25 16:24:22 -0700 Created attachment 277287 Patch 1187106 3 commit-queue 2016-04-25 16:26:28 -0700 Attachment 277287 did not pass style-queue: ERROR: Source/WebCore/loader/cache/MemoryCache.cpp:284: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style. 1187111 4 277287 kling 2016-04-25 16:27:45 -0700 Comment on attachment 277287 Patch Would be nice with a test but r=me 1187145 5 277287 commit-queue 2016-04-25 17:49:42 -0700 Comment on attachment 277287 Patch Clearing flags on attachment: 277287 Committed r200066: <http://trac.webkit.org/changeset/200066> 1187146 6 commit-queue 2016-04-25 17:49:47 -0700 All reviewed patches have been landed. Closing bug. 277287 2016-04-25 16:24:22 -0700 2016-04-25 17:49:42 -0700 Patch bug-157000-20160425162449.patch text/plain 3799 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjAwMDUyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMmUzOTRmZmFiNjY0ODky YmFiMDlmZDUzMDhjY2UwNzFhYjIyNzFmNC4uNDQ3ZWM3N2EwMmU3Yjk0NDI3YTMyOWNkNjU0NWQ4 YjJhYTYyMGUyNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI3IEBACisyMDE2LTA0LTI1ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgTWVtb3J5 Q2FjaGU6OnJlbW92ZSgpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xNTcwMDAKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzIzMzQ0NjYwPgorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIE1lbW9yeUNhY2hlOjpl dmljdFJlc291cmNlcygpIHdhcyBjYWNoaW5nIHRoZSBudW1iZXIgb2YgcmVzb3VyY2VzICgnc2l6 ZScpCisgICAgICAgIGluIHRoZSBjYWNoZSBmb3IgYSBwYXJ0aWN1bGFyIHNlc3Npb25JRCwgYW5k IHRoZW4gcHJvY2VlZCB0byBjYWxsCisgICAgICAgIE1lbW9yeUNhY2hlOjpyZW1vdmUoKSAnc2l6 ZScgdGltZXMgdXNpbmcgdGhlIGZpcnN0IGl0ZW0gaW4gdGhlIEhhc2hNYXAKKyAgICAgICAgZWFj aCB0aW1lLiBUaGlzIHdhcyB1bnNhZmUgYmVjYXVzZSByZXNvdXJjZXMgbWF5IGJlIHJlZidpbmcg ZWFjaCBvdGhlcgorICAgICAgICBhbmQgdGhlcmVmb3JlIHJlbW92aW5nIG9uZSBtYXkgY2F1c2Ug b3RoZXIgcmVzb3VyY2VzIHRvIGdldCByZW1vdmVkIGFzCisgICAgICAgIHdlbGwuIEluIHN1Y2gg Y2FzZSwgd2Ugd291bGQgY2FsbCByZW1vdmUoKSB0b28gbWFueSB0aW1lcyBhbmQgY3Jhc2ggYmVj YXVzZQorICAgICAgICB3ZSBkZXJlZmVyZW5jZWQgcmVzb3VyY2VzLmJlZ2luKCktPnZhbHVlICh3 aXRoIHRoZSBIYXNoTWFwIGJlaW5nIGVtcHR5KS4KKworICAgICAgICBUaGlzIHBhdGNoIGF2b2lk cyB0aGUgaXNzdWUgYnkgY29weWluZyB0aGUgcmVzb3VyY2VzIHRvIGEgVmVjdG9yIGFuZAorICAg ICAgICByZWYnaW5nIHRoZW0gZmlyc3QsIGJlZm9yZSBnb2luZyBvbiB0byByZW1vdmUgZWFjaCBv bmUgZnJvbSB0aGUgY2FjaGUuCisKKyAgICAgICAgKiBsb2FkZXIvY2FjaGUvTWVtb3J5Q2FjaGUu Y3BwOgorICAgICAgICAoV2ViQ29yZTo6TWVtb3J5Q2FjaGU6OmZvckVhY2hTZXNzaW9uUmVzb3Vy Y2UpOgorICAgICAgICAoV2ViQ29yZTo6TWVtb3J5Q2FjaGU6OmV2aWN0UmVzb3VyY2VzKToKKyAg ICAgICAgKiBsb2FkZXIvY2FjaGUvTWVtb3J5Q2FjaGUuaDoKKwogMjAxNi0wNC0yNSAgSmVyIE5v YmxlICA8amVyLm5vYmxlQGFwcGxlLmNvbT4KIAogICAgICAgICBXZWJLaXRQbGF5YmFja1Nlc3Np b25Nb2RlbE1lZGlhRWxlbWVudCBzaG91bGQgaW5pdGlhbGl6ZSB0aGUgaW50ZXJmYWNlIGFkZGVk IGJ5IHNldFdlYlBsYXliYWNrU2Vzc2lvbkludGVyZmFjZSgpIHdpdGggaW5pdGlhbCBkYXRhCmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2FjaGUvTWVtb3J5Q2FjaGUuY3BwIGIv U291cmNlL1dlYkNvcmUvbG9hZGVyL2NhY2hlL01lbW9yeUNhY2hlLmNwcAppbmRleCAwOTkzMGUw ZThjYjE5Y2E5MTBiMGUxM2JhYzU2MDc3YTYyZmEzNjk0Li42ZjVhNDJhZjQzNTlhNjRiNWM0MWE2 MmQ3NWU2MmEwZjYxZmYwZTBkIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2Fj aGUvTWVtb3J5Q2FjaGUuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9jYWNoZS9NZW1v cnlDYWNoZS5jcHAKQEAgLTI4MSw2ICsyODEsMTkgQEAgdm9pZCBNZW1vcnlDYWNoZTo6Zm9yRWFj aFJlc291cmNlKGNvbnN0IHN0ZDo6ZnVuY3Rpb248dm9pZChDYWNoZWRSZXNvdXJjZSYpPiYgZnUK ICAgICB9CiB9CiAKK3ZvaWQgTWVtb3J5Q2FjaGU6OmZvckVhY2hTZXNzaW9uUmVzb3VyY2UoU2Vz c2lvbklEIHNlc3Npb25JRCwgY29uc3Qgc3RkOjpmdW5jdGlvbjx2b2lkIChDYWNoZWRSZXNvdXJj ZSYpPiYgZnVuY3Rpb24pCit7CisgICAgYXV0byBpdCA9IG1fc2Vzc2lvblJlc291cmNlcy5maW5k KHNlc3Npb25JRCk7CisgICAgaWYgKGl0ID09IG1fc2Vzc2lvblJlc291cmNlcy5lbmQoKSkKKyAg ICAgICAgcmV0dXJuOworCisgICAgVmVjdG9yPENhY2hlZFJlc291cmNlSGFuZGxlPENhY2hlZFJl c291cmNlPj4gcmVzb3VyY2VzRm9yU2Vzc2lvbjsKKyAgICBjb3B5VmFsdWVzVG9WZWN0b3IoKml0 LT52YWx1ZSwgcmVzb3VyY2VzRm9yU2Vzc2lvbik7CisKKyAgICBmb3IgKGF1dG8mIHJlc291cmNl IDogcmVzb3VyY2VzRm9yU2Vzc2lvbikKKyAgICAgICAgZnVuY3Rpb24oKnJlc291cmNlKTsKK30K Kwogdm9pZCBNZW1vcnlDYWNoZTo6ZGVzdHJveURlY29kZWREYXRhRm9yQWxsSW1hZ2VzKCkKIHsK ICAgICBNZW1vcnlDYWNoZTo6c2luZ2xldG9uKCkuZm9yRWFjaFJlc291cmNlKFtdKENhY2hlZFJl c291cmNlJiByZXNvdXJjZSkgewpAQCAtNzI3LDEzICs3NDAsNyBAQCB2b2lkIE1lbW9yeUNhY2hl OjpldmljdFJlc291cmNlcyhTZXNzaW9uSUQgc2Vzc2lvbklEKQogICAgIGlmIChkaXNhYmxlZCgp KQogICAgICAgICByZXR1cm47CiAKLSAgICBhdXRvIGl0ID0gbV9zZXNzaW9uUmVzb3VyY2VzLmZp bmQoc2Vzc2lvbklEKTsKLSAgICBpZiAoaXQgPT0gbV9zZXNzaW9uUmVzb3VyY2VzLmVuZCgpKQot ICAgICAgICByZXR1cm47Ci0gICAgYXV0byYgcmVzb3VyY2VzID0gKml0LT52YWx1ZTsKLQotICAg IGZvciAoaW50IGkgPSAwLCBzaXplID0gcmVzb3VyY2VzLnNpemUoKTsgaSA8IHNpemU7ICsraSkK LSAgICAgICAgcmVtb3ZlKCpyZXNvdXJjZXMuYmVnaW4oKS0+dmFsdWUpOworICAgIGZvckVhY2hT ZXNzaW9uUmVzb3VyY2Uoc2Vzc2lvbklELCBbdGhpc10gKENhY2hlZFJlc291cmNlJiByZXNvdXJj ZSkgeyByZW1vdmUocmVzb3VyY2UpOyB9KTsKIAogICAgIEFTU0VSVCghbV9zZXNzaW9uUmVzb3Vy Y2VzLmNvbnRhaW5zKHNlc3Npb25JRCkpOwogfQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUv bG9hZGVyL2NhY2hlL01lbW9yeUNhY2hlLmggYi9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2FjaGUv TWVtb3J5Q2FjaGUuaAppbmRleCA1MzFlOWFmZjRiNWFiMDQwZWIxYmJkMjg3NmY3YTBhNWZiOTFh MTFkLi42YmUxNzQ3YzJhM2JhZWI1ZjlhMGE4YmY1Nzk5NGE3MTI5MDQ1NzRjIDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2FjaGUvTWVtb3J5Q2FjaGUuaAorKysgYi9Tb3VyY2Uv V2ViQ29yZS9sb2FkZXIvY2FjaGUvTWVtb3J5Q2FjaGUuaApAQCAtMTAzLDYgKzEwMyw3IEBAIHB1 YmxpYzoKICAgICB2b2lkIHJldmFsaWRhdGlvbkZhaWxlZChDYWNoZWRSZXNvdXJjZSYgcmV2YWxp ZGF0aW5nUmVzb3VyY2UpOwogCiAgICAgdm9pZCBmb3JFYWNoUmVzb3VyY2UoY29uc3Qgc3RkOjpm dW5jdGlvbjx2b2lkKENhY2hlZFJlc291cmNlJik+Jik7CisgICAgdm9pZCBmb3JFYWNoU2Vzc2lv blJlc291cmNlKFNlc3Npb25JRCwgY29uc3Qgc3RkOjpmdW5jdGlvbjx2b2lkKENhY2hlZFJlc291 cmNlJik+Jik7CiAgICAgdm9pZCBkZXN0cm95RGVjb2RlZERhdGFGb3JBbGxJbWFnZXMoKTsKICAg ICAKICAgICAvLyBTZXRzIHRoZSBjYWNoZSdzIG1lbW9yeSBjYXBhY2l0aWVzLCBpbiBieXRlcy4g VGhlc2Ugd2lsbCBob2xkIG9ubHkgYXBwcm94aW1hdGVseSwgCg==