[Webkit-unassigned] [Bug 200266] New: [WinCairo] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRoundedUp → Integer divide-by-zero exception

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 29 19:40:27 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=200266

            Bug ID: 200266
           Summary: [WinCairo] JSC::SlotVisitor::drain →
                    WTF::StringImpl::costDuringGC → divideRoundedUp →
                    Integer divide-by-zero exception
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

[WinCairo] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRoundedUp → Integer divide-by-zero exception

"WinCairo 64-bit WKL Release (Tests)" is infrequently crashing by Integer divide-by-zero exception

https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r247904%20(4650)/results.html
http/tests/websocket/tests/hybi/no-subprotocol.html

https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r247890%20(4639)/results.html
http/tests/websocket/tests/hybi/pong.html


Callstack:

> JavaScriptCore!divideRoundedUp+0x8 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\WebKitBuild\Release\WTF\Headers\wtf\MathExtras.h @ 307]
> JavaScriptCore!WTF::StringImpl::costDuringGC(void)+0x69 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\WebKitBuild\Release\WTF\Headers\wtf\text\StringImpl.h @ 1031]
> JavaScriptCore!JSC::JSString::visitChildren(class JSC::JSCell * cell = 0x000001d4`f2671600, class JSC::SlotVisitor * visitor = 0x000001d4`f26253b0)+0x1a2 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\runtime\JSString.cpp @ 148]
> JavaScriptCore!JSC::SlotVisitor::visitChildren+0x7a [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 374]
> JavaScriptCore!<lambda_3e016a9e0b54f91598bc5981a39993bb>::operator()(class JSC::MarkStackArray * stack = 0x000001d4`f26253b0)+0x109 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 498]
> JavaScriptCore!JSC::SlotVisitor::forEachMarkStack+0x20 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitorInlines.h @ 190]
> JavaScriptCore!JSC::SlotVisitor::drain(class WTF::MonotonicTime timeout = class WTF::MonotonicTime)+0xa4 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 488]
> JavaScriptCore!JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode sharedDrainMode = SlaveDrain (0n0), class WTF::MonotonicTime timeout = class WTF::MonotonicTime)+0x559 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 691]
> JavaScriptCore!<lambda_7434909dfa36dd6f16db939b22739ad3>::operator()(void)+0xcc [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\Heap.cpp @ 1320]
> WTF!WTF::ParallelHelperClient::runTask(class WTF::RefPtr<WTF::SharedTask<void __cdecl(void)>,WTF::DumbPtrTraits<WTF::SharedTask<void __cdecl(void)> > > * task = 0x000001d4`f8996e80)+0x31 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\ParallelHelperPool.cpp @ 115]
> WTF!WTF::ParallelHelperPool::Thread::work(void)+0x1a [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\ParallelHelperPool.cpp @ 202]
> WTF!<lambda_04ae092c605b9fd3c9763a9cc8e9078a>::operator()(void)+0x140 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\AutomaticThread.cpp @ 224]
> WTF!WTF::Function<void __cdecl+0xe [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\Function.h @ 79]
> WTF!WTF::Thread::entryPoint(struct WTF::Thread::NewThreadContext * newThreadContext = 0x000001d4`f89a7b20)+0x127 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\Threading.cpp @ 148]
> WTF!WTF::wtfThreadEntryPoint(void * data = <Value unavailable error>)+0x9 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\win\ThreadingWin.cpp @ 153]
> ucrtbase!thread_start<unsigned int +0x42
> KERNEL32!BaseThreadInitThunk+0x14
> ntdll!RtlUserThreadStart+0x21

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190730/215d6be6/attachment.html>


More information about the webkit-unassigned mailing list