Bug 180485

Summary: REGRESSION (r225398?): Crash in WebCore::SecurityOriginDataHash::hash(WebCore::SecurityOriginData const&) + 13
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ap, cdumez, jlewis3, youennf
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=180255
Attachments:
Description Flags
Crash log none

Ryan Haddad
Reported 2017-12-06 10:39:40 PST
Created attachment 328588 [details] Crash log The following crash was seen on iOS Simulator with (probably unrelated) LayoutTest media/modern-media-controls/localized-strings/replaced-string.html https://build.webkit.org/results/Apple%20iOS%2011%20Simulator%20Release%20WK2%20(Tests)/r225575%20(1752)/results.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000112abbdbd WebCore::SecurityOriginDataHash::hash(WebCore::SecurityOriginData const&) + 13 1 com.apple.WebCore 0x00000001136976ef WebCore::ServiceWorkerRegistrationKey::hash() const + 15 2 com.apple.WebCore 0x00000001136a74e4 WTF::KeyValuePair<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > >* WTF::HashTable<WebCore::ServiceWorkerRegistrationKey, WTF::KeyValuePair<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > > >, WTF::ServiceWorkerRegistrationKeyHash, WTF::HashMap<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> >, WTF::ServiceWorkerRegistrationKeyHash, WTF::HashTraits<WebCore::ServiceWorkerRegistrationKey>, WTF::HashTraits<std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > > >::KeyValuePairTraits, WTF::HashTraits<WebCore::ServiceWorkerRegistrationKey> >::lookup<WTF::HashMapTranslatorAdapter<WTF::HashMap<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> >, WTF::ServiceWorkerRegistrationKeyHash, WTF::HashTraits<WebCore::ServiceWorkerRegistrationKey>, WTF::HashTraits<std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > > >::KeyValuePairTraits, WTF::IdentityHashTranslator<WTF::HashMap<WebCore::ServiceWorkerRegistrationKey, std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> >, WTF::ServiceWorkerRegistrationKeyHash, WTF::HashTraits<WebCore::ServiceWorkerRegistrationKey>, WTF::HashTraits<std::__1::unique_ptr<WebCore::SWServerRegistration, std::__1::default_delete<WebCore::SWServerRegistration> > > >::KeyValuePairTraits, WTF::ServiceWorkerRegistrationKeyHash> >, WebCore::ServiceWorkerRegistrationKey>(WebCore::ServiceWorkerRegistrationKey const&) + 36 3 com.apple.WebCore 0x00000001136a1c0e WebCore::SWServer::invokeRunServiceWorker(WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType>) + 302 4 com.apple.WebKit 0x00000001097fcd1e WebKit::WebSWServerConnection::startFetch(unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest const&, WebCore::FetchOptions const&, IPC::FormDataReference const&) + 54 5 com.apple.WebKit 0x0000000109800fd6 void IPC::callMemberFunctionImpl<WebKit::WebSWServerConnection, void (WebKit::WebSWServerConnection::*)(unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest const&, WebCore::FetchOptions const&, IPC::FormDataReference const&), std::__1::tuple<unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest, WebCore::FetchOptions, IPC::FormDataReference>, 0ul, 1ul, 2ul, 3ul, 4ul>(WebKit::WebSWServerConnection*, void (WebKit::WebSWServerConnection::*)(unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest const&, WebCore::FetchOptions const&, IPC::FormDataReference const&), std::__1::tuple<unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest, WebCore::FetchOptions, IPC::FormDataReference>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul>) + 84 6 com.apple.WebKit 0x00000001097ff7e1 void IPC::handleMessage<Messages::WebSWServerConnection::StartFetch, WebKit::WebSWServerConnection, void (WebKit::WebSWServerConnection::*)(unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest const&, WebCore::FetchOptions const&, IPC::FormDataReference const&)>(IPC::Decoder&, WebKit::WebSWServerConnection*, void (WebKit::WebSWServerConnection::*)(unsigned long long, std::optional<WTF::ObjectIdentifier<WebCore::ServiceWorkerIdentifierType> >, WebCore::ResourceRequest const&, WebCore::FetchOptions const&, IPC::FormDataReference const&)) + 212 7 com.apple.WebKit 0x000000010966bc8a WebKit::StorageToWebProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 134 8 com.apple.WebKit 0x000000010957a189 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 119 9 com.apple.WebKit 0x000000010957c910 IPC::Connection::dispatchOneMessage() + 176 10 JavaScriptCore 0x000000011141a75f WTF::RunLoop::performWork() + 175 11 JavaScriptCore 0x000000011141a992 WTF::RunLoop::performWork(void*) + 34 12 com.apple.CoreFoundation 0x000000010a9602b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 13 com.apple.CoreFoundation 0x000000010a9ffd31 __CFRunLoopDoSource0 + 81 14 com.apple.CoreFoundation 0x000000010a944c19 __CFRunLoopDoSources0 + 185 15 com.apple.CoreFoundation 0x000000010a9441ff __CFRunLoopRun + 1279 16 com.apple.CoreFoundation 0x000000010a943a89 CFRunLoopRunSpecific + 409 17 com.apple.Foundation 0x0000000108f38e5e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 274 18 com.apple.Foundation 0x0000000108f38d39 -[NSRunLoop(NSRunLoop) run] + 76 19 libxpc.dylib 0x000000010c4530d9 _xpc_objc_main + 460 20 libxpc.dylib 0x000000010c4554cb xpc_main + 143 21 com.apple.WebKit.Storage 0x0000000108e8e532 main + 408 22 libdyld.dylib 0x000000010c0fed81 start + 1
Attachments
Crash log (73.19 KB, text/plain)
2017-12-06 10:39 PST, Ryan Haddad 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2017-12-06 10:40:29 PST
This could be related to https://trac.webkit.org/changeset/225398/webkit
Alexey Proskuryakov
Comment 2 2017-12-08 16:55:33 PST
rdar://problem/35814137
Alexey Proskuryakov
Comment 3 2017-12-08 16:59:13 PST
Looking at when this crash started, it seems very likely that it is indeed a regression from r225398. Please look into this soon, as this makes unrelated tests crash pretty frequently.
Chris Dumez
Comment 4 2017-12-08 17:39:28 PST
(In reply to Alexey Proskuryakov from comment #3) > Looking at when this crash started, it seems very likely that it is indeed a > regression from r225398. > > Please look into this soon, as this makes unrelated tests crash pretty > frequently. This code has changed significantly recently, is this still happening?
Chris Dumez
Comment 5 2017-12-08 17:39:58 PST
(In reply to Chris Dumez from comment #4) > (In reply to Alexey Proskuryakov from comment #3) > > Looking at when this crash started, it seems very likely that it is indeed a > > regression from r225398. > > > > Please look into this soon, as this makes unrelated tests crash pretty > > frequently. > > This code has changed significantly recently, is this still happening? If so, an updated stack trace would be nice.
Alexey Proskuryakov
Comment 6 2017-12-08 19:30:00 PST
The latest I see is from yesterday morning, but newer reports may not be in the database yet. I'll send you a link.
Chris Dumez
Comment 7 2017-12-08 19:39:02 PST
(In reply to Alexey Proskuryakov from comment #6) > The latest I see is from yesterday morning, but newer reports may not be in > the database yet. I'll send you a link. Nothing after r225622 yet which modified this code.
Alexey Proskuryakov
Comment 8 2017-12-11 08:59:15 PST
Still no crashes after 2017-12-07.
Note You need to log in before you can comment on or make changes to this bug.