WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
ASSIGNED
146478
Crash at WebCore::MemoryCache::remove(WebCore::CachedResource&)
https://bugs.webkit.org/show_bug.cgi?id=146478
Summary
Crash at WebCore::MemoryCache::remove(WebCore::CachedResource&)
Chris Dumez
Reported
2015-06-30 16:05:18 PDT
Flaky crash on webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html: Time Awake Since Boot: 820000 seconds Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004 VM Regions Near 0x4: --> __TEXT 000000010d9f8000-000000010da96000 [ 632K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: CRASHING TEST: webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010dd8640c WTF::StringImpl::length() const + 12 1 com.apple.JavaScriptCore 0x000000010e82d8e9 bool WTF::equalCommon<WTF::StringImpl, WTF::StringImpl>(WTF::StringImpl const&, WTF::StringImpl const&) + 25 2 com.apple.JavaScriptCore 0x000000010e8290dd WTF::equal(WTF::StringImpl const&, WTF::StringImpl const&) + 29 3 com.apple.WebCore 0x000000011288508d WTF::StringHash::equal(WTF::StringImpl const*, WTF::StringImpl const*) + 29 (StringHash.h:48) 4 com.apple.WebCore 0x0000000112885062 WTF::StringHash::equal(WTF::String const&, WTF::String const&) + 50 (StringHash.h:68) 5 com.apple.WebCore 0x0000000112b6e882 WebCore::URLHash::equal(WebCore::URL const&, WebCore::URL const&) + 50 (URLHash.h:43) 6 com.apple.WebCore 0x0000000113dd091d WTF::PairHash<WebCore::URL, WTF::String>::equal(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashFunctions.h:163) 7 com.apple.WebCore 0x0000000113dd08ed bool WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >::equal<std::__1::pair<WebCore::URL, WTF::String>, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashTable.h:282) 8 com.apple.WebCore 0x0000000113dd081c WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>* WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::lookup<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 220 (HashTable.h:624) 9 com.apple.WebCore 0x0000000113dd06ff WTF::HashTableIterator<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > > WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 79 (HashTable.h:939) 10 com.apple.WebCore 0x0000000113dd06a4 WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 36 (HashTable.h:387) 11 com.apple.WebCore 0x0000000113dd065f WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 47 (HashMap.h:242) 12 com.apple.WebCore 0x0000000113dca988 WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::remove(std::__1::pair<WebCore::URL, WTF::String> const&) + 40 (HashMap.h:377) 13 com.apple.WebCore 0x0000000113dc544d WebCore::MemoryCache::remove(WebCore::CachedResource&) + 413 (MemoryCache.cpp:435) 14 com.apple.WebCore 0x0000000113dc6a95 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 1221 (MemoryCache.cpp:395) 15 com.apple.WebCore 0x0000000113dc65ca WebCore::MemoryCache::pruneDeadResources() + 106 (MemoryCache.cpp:338) 16 com.apple.WebCore 0x0000000113dc6cef WebCore::MemoryCache::prune() + 47 (MemoryCache.cpp:758) 17 com.apple.WebCore 0x0000000113dc4725 WebCore::MemoryCache::pruneTimerFired() + 21 (MemoryCache.cpp:765) 18 com.apple.WebCore 0x0000000113dd3db3 std::__1::__function::__func<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*>, std::__1::allocator<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*> >, void ()>::operator()() + 259 (functional:1370) 19 com.apple.WebCore 0x0000000112841aca std::__1::function<void ()>::operator()() const + 26 (functional:1756) 20 com.apple.WebCore 0x0000000112841a7c WebCore::Timer::fired() + 28 (Timer.h:134) 21 com.apple.WebCore 0x00000001147c5b6e WebCore::ThreadTimers::sharedTimerFiredInternal() + 398 (ThreadTimers.cpp:135) 22 com.apple.WebCore 0x00000001147c5829 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:108) 23 com.apple.WebCore 0x00000001144773b2 WebCore::timerFired(__CFRunLoopTimer*, void*) + 34 (SharedTimerCF.cpp:82) 24 com.apple.CoreFoundation 0x00007fff961172e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 25 com.apple.CoreFoundation 0x00007fff96116f73 __CFRunLoopDoTimer + 1059 26 com.apple.CoreFoundation 0x00007fff9618a53d __CFRunLoopDoTimers + 301 27 com.apple.CoreFoundation 0x00007fff960d2608 __CFRunLoopRun + 2024 28 com.apple.CoreFoundation 0x00007fff960d1bd8 CFRunLoopRunSpecific + 296 29 DumpRenderTree 0x000000010da16818 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6536 (DumpRenderTree.mm:2012) 30 DumpRenderTree 0x000000010da14e2a runTestingServerLoop() + 330 (DumpRenderTree.mm:1176) 31 DumpRenderTree 0x000000010da143a0 dumpRenderTree(int, char const**) + 448 (DumpRenderTree.mm:1285) 32 DumpRenderTree 0x000000010da1710d DumpRenderTreeMain(int, char const**) + 125 (DumpRenderTree.mm:1420) 33 DumpRenderTree 0x000000010da6c722 main + 34 (DumpRenderTreeMain.mm:30) 34 libdyld.dylib 0x00007fff9ab6d5c9 start + 1
Attachments
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2015-07-03 02:09:41 PDT
Is webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html the culprit, or is it some other test that leaves the cache in a broken state?
Chris Dumez
Comment 2
2015-07-03 09:58:08 PDT
This is a crash when pruning the memory cache it is likely unrelated to this particular test. It looks like we have a bug in the memory cache implementation.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug