[Webkit-unassigned] [Bug 200437] Web process crashes on cnn.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 23 16:43:00 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200437
--- Comment #14 from Yury Semikhatsky <yurys at chromium.org> ---
Created attachment 379406
--> https://bugs.webkit.org/attachment.cgi?id=379406&action=review
double free or corruption (fasttop)
Looks like memory corruption somewhere
Thread 1 (Thread 0x7f16c0dfe700 (LWP 10807)):
#3 0x00007f174188190a in malloc_printerr (str=str at entry=0x7f17419a9828 "double free or corruption (fasttop)") at malloc.c:5350
No locals.
#4 0x00007f1741889004 in _int_free (have_lock=0, p=0x7f16b408c790, av=0x7f16b4000020) at malloc.c:4230
#5 __GI___libc_free (mem=mem at entry=0x7f16b408c7a0) at malloc.c:3124
#6 0x00007f16b9661de6 in nouveau_bo_del (bo=0x7f16b408c7a0) at ../nouveau/nouveau.c:618
#7 nouveau_bo_ref (bo=bo at entry=0x0, pref=pref at entry=0x7f16c0dfd860) at ../nouveau/nouveau.c:784
#8 0x00007f16b9662f00 in pushbuf_flush (push=push at entry=0x7f16b4091290) at ../nouveau/pushbuf.c:413
nvpb = <optimized out>
krec = 0x7f16b4091860
kref = 0x7f16b4091890
bctx = <optimized out>
btmp = <optimized out>
bo = 0x7f16b408c7a0
ret = -2
i = 1
#9 0x00007f16b9663a40 in nouveau_pushbuf_kick (push=0x7f16b4091290, chan=<optimized out>) at ../nouveau/pushbuf.c:775
No locals.
#10 0x00007f16ba47f116 in ?? () from /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so
No symbol table info available.
#11 0x00007f16ba5c5e6b in ?? () from /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so
No symbol table info available.
#12 0x00007f16ba14382a in ?? () from /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so
No symbol table info available.
#13 0x00007f16c03de583 in glPrimitiveBoundingBox () from /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0
No symbol table info available.
#14 0x00007f174ca7b395 in WebKit::ThreadedCompositor::renderLayerTree() () from /home/yurys/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
No symbol table info available.
#15 0x00007f174a4e7ae1 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_2::__invoke(void*) () from /home/yurys/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
No symbol table info available.
#16 0x00007f1744757bc5 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
No locals.
#17 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
No locals.
#18 0x00007f1744757f90 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
No locals.
#19 0x00007f17447582a2 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
No locals.
#20 0x00007f174a4e75a8 in WTF::RunLoop::run() () from /home/yurys/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
No symbol table info available.
#21 0x00007f174a49505f in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /home/yurys/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
No symbol table info available.
#22 0x00007f174a4e8136 in WTF::wtfThreadEntryPoint(void*) () from /home/yurys/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
No symbol table info available.
#23 0x00007f17451356db in start_thread (arg=0x7f16c0dfe700) at pthread_create.c:463
pd = 0x7f16c0dfe700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139735701907200, 887403434324897123, 139735701904704, 0, 139735727867440, 140725081343720, -973568036388360861, -973276017472721565}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#24 0x00007f174191288f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190923/87612b8b/attachment-0001.html>
More information about the webkit-unassigned
mailing list