[Webkit-unassigned] [Bug 209847] [WinCairo][WK2] random crashes by 0xC0000374 (STATUS_HEAP_CORRUPTION) in UI process

Sun Apr 12 19:04:05 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=209847

--- Comment #20 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Created attachment 396248

  --> https://bugs.webkit.org/attachment.cgi?id=396248&action=review

CrashLog of attachment 396247

Then, I got the following backtrace.

> #  3  Id: 165c0.16ab4 Suspend: 1 Teb: 00000028`609d8000 Unfrozen
>  # Child-SP          RetAddr           Call Site
> 00 00000028`60fff1c0 00007ffb`a3599273 ntdll!RtlReportFatalFailure+0x9
> 01 00000028`60fff210 00007ffb`a35a1662 ntdll!RtlReportCriticalFailure+0x97
> 02 00000028`60fff300 00007ffb`a35a196a ntdll!RtlpHeapHandleError+0x12
> 03 00000028`60fff330 00007ffb`a35aa929 ntdll!RtlpHpHeapHandleError+0x7a
> 04 00000028`60fff360 00007ffb`a35a1571 ntdll!RtlpLogHeapFailure+0x45
> 05 00000028`60fff390 00007ffb`a35a6493 ntdll!RtlpAnalyzeHeapFailure+0x2fd
> 06 00000028`60fff3f0 00007ffb`a350fe12 ntdll!RtlpValidateHeap+0x8b
> 07 00000028`60fff480 00007ffb`a04f5f7b ntdll!RtlValidateHeap+0xc2
> 08 00000028`60fff4d0 00007ffb`a14fb716 KERNELBASE!HeapValidate+0xb
> 09 00000028`60fff500 00007ffb`74e49b50 ucrtbase!heapchk+0x16
> 0a 00000028`60fff530 00007ffb`5f998ad0 WTF!WTF::fastFree(void * p = <Value unavailable error>)+0x10 [S:\gc\Source\WTF\wtf\FastMalloc.cpp @ 227]
> 0b (Inline Function) --------`-------- WebKit2!WTF::Detail::CallableWrapperBase<void>::operator delete+0x9 [S:\gc\WebKitBuild\Release\WTF\Headers\wtf\Function.h @ 37]
> 0c 00000028`60fff560 00007ffb`74ec162c WebKit2!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebKit\Platform\IPC\win\ConnectionWin.cpp:240:33',void>::~CallableWrapper(int should_call_delete = 0n1)+0x30 [S:\gc\WebKitBuild\Release\WTF\Headers\wtf\Function.h @ 46]
> 0d (Inline Function) --------`-------- WTF!std::default_delete<WTF::Detail::CallableWrapperBase<void> >::operator()+0xa [C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\14.25.28610\include\memory @ 1758]
> 0e (Inline Function) --------`-------- WTF!std::unique_ptr<WTF::Detail::CallableWrapperBase<void>,std::default_delete<WTF::Detail::CallableWrapperBase<void> > >::~unique_ptr+0x13 [C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\14.25.28610\include\memory @ 1873]
> 0f (Inline Function) --------`-------- WTF!WTF::Function<void +0x13 [S:\gc\Source\WTF\wtf\Function.h @ 59]
> 10 (Inline Function) --------`-------- WTF!WTF::VectorDestructor<1,WTF::Function<void +0x1c [S:\gc\Source\WTF\wtf\Vector.h @ 66]
> 11 (Inline Function) --------`-------- WTF!WTF::VectorTypeOperations<WTF::Function<void +0x1c [S:\gc\Source\WTF\wtf\Vector.h @ 242]
> 12 (Inline Function) --------`-------- WTF!WTF::Vector<WTF::Function<void +0x1c [S:\gc\Source\WTF\wtf\Vector.h @ 677]
> 13 00000028`60fff5a0 00007ffb`74ec152e WTF!WTF::WorkQueue::performWorkOnRegisteredWorkThread(void)+0xcc [S:\gc\Source\WTF\wtf\win\WorkQueueWin.cpp @ 64]
> 14 00000028`60fff620 00007ffb`a34cf6d5 WTF!WTF::WorkQueue::workThreadCallback(void * context = 0x00000158`fd209a00)+0x1e [S:\gc\Source\WTF\wtf\win\WorkQueueWin.cpp @ 44]
> 15 00000028`60fff650 00007ffb`a34d4634 ntdll!RtlpTpWorkCallback+0x165
> 16 00000028`60fff730 00007ffb`a1f67bd4 ntdll!TppWorkerThread+0x8d4
> 17 00000028`60fffaf0 00007ffb`a350ced1 KERNEL32!BaseThreadInitThunk+0x14
> 18 00000028`60fffb20 00000000`00000000 ntdll!RtlUserThreadStart+0x21

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200413/e49d42b7/attachment-0001.htm>