[Webkit-unassigned] [Bug 209847] [WinCairo][WK2] random crashes by 0xC0000374 (STATUS_HEAP_CORRUPTION) in UI process
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 16 13:06:19 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209847
--- Comment #22 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Created attachment 396691
--> https://bugs.webkit.org/attachment.cgi?id=396691&action=review
crash logs.zip
No. I got 70 crashes with mimalloc patch (Comment 21) and 2 CPU affinity (Comment 14).
python ./Tools/Scripts/run-webkit-tests --release --no-new-test-results --no-retry-failures --wincairo -f --iterations=1000 --child-processes=4 fast/text/international/system-language/navigator-language
The crashes happened around IPC. For example,
> # 2 Id: 31d94.2c86c Suspend: 1 Teb: 00000032`911b9000 Unfrozen
> # Child-SP RetAddr Call Site
> 00 (Inline Function) --------`-------- WTF!_mi_heap_delayed_free+0x2d [C:\work\mimalloc\src\page.c @ 284]
> 01 00000032`917ff2e0 00007ffc`6b779149 WTF!_mi_malloc_generic(struct mi_heap_s * heap = 0x000001c4`eff90000, unsigned int64 size = 0x80)+0xc0 [C:\work\mimalloc\src\page.c @ 793]
> 02 00000032`917ff330 00007ffc`6b7e3c1e WTF!WTF::fastMalloc(unsigned int64 n = <Value unavailable error>)+0x9 [S:\gb\Source\WTF\wtf\FastMalloc.cpp @ 202]
> 03 (Inline Function) --------`-------- WTF!WTF::FastMalloc::malloc+0x5 [S:\gb\Source\WTF\wtf\FastMalloc.h @ 197]
> 04 (Inline Function) --------`-------- WTF!WTF::VectorBufferBase<WTF::Function<void __cdecl+0x33 [S:\gb\Source\WTF\wtf\Vector.h @ 292]
> 05 (Inline Function) --------`-------- WTF!WTF::Vector<WTF::Function<void __cdecl+0x50 [S:\gb\Source\WTF\wtf\Vector.h @ 1189]
> 06 00000032`917ff360 00007ffc`6b7e3b81 WTF!WTF::Vector<WTF::Function<void __cdecl(unsigned int64 newMinCapacity = <Value unavailable error>)+0x7e [S:\gb\Source\WTF\wtf\Vector.h @ 1047]
> 07 00000032`917ff3b0 00007ffc`6b7e3953 WTF!WTF::Vector<WTF::Function<void __cdecl(unsigned int64 newMinCapacity = <Value unavailable error>, class WTF::Function<void __cdecl(void)> * ptr = 0x00000032`917ff450)+0x51 [S:\gb\Source\WTF\wtf\Vector.h @ 1060]
> 08 (Inline Function) --------`-------- WTF!WTF::Vector<WTF::Function<void __cdecl+0x10 [S:\gb\Source\WTF\wtf\Vector.h @ 1347]
> 09 (Inline Function) --------`-------- WTF!WTF::Vector<WTF::Function<void __cdecl+0x35 [S:\gb\Source\WTF\wtf\Vector.h @ 780]
> 0a (Inline Function) --------`-------- WTF!WTF::Vector<WTF::Function<void __cdecl+0x35 [S:\gb\Source\WTF\wtf\Vector.h @ 773]
> 0b 00000032`917ff3e0 00007ffc`4b2f500c WTF!WTF::WorkQueue::dispatch(class WTF::Function<void __cdecl(void)> * function = 0x00000032`917ff450)+0x73 [S:\gb\Source\WTF\wtf\win\WorkQueueWin.cpp @ 104]
> 0c 00000032`917ff430 00007ffc`8c68eb1b WebKit2!IPC::Connection::invokeReadEventHandler(void)+0x5c [S:\gb\Source\WebKit\Platform\IPC\win\ConnectionWin.cpp @ 233]
> 0d 00000032`917ff480 00007ffc`8c6905ac ntdll!RtlpTpWaitCallback+0x9b
> 0e 00000032`917ff4f0 00007ffc`8c6941c2 ntdll!TppExecuteWaitCallback+0xa4
> 0f 00000032`917ff540 00007ffc`8c347bd4 ntdll!TppWorkerThread+0x462
> 10 00000032`917ff900 00007ffc`8c6cced1 KERNEL32!BaseThreadInitThunk+0x14
> 11 00000032`917ff930 00000000`00000000 ntdll!RtlUserThreadStart+0x21
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200416/95a20ca0/attachment.htm>
More information about the webkit-unassigned
mailing list