200266 – [curl] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRoundedUp → Integer divide-by-zero exception

RESOLVED DUPLICATE of bug 200378 200266

[curl] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRoundedUp → Integer divide-by-zero exception

https://bugs.webkit.org/show_bug.cgi?id=200266

Summary [curl] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRounde...

Fujii Hironori

Reported 2019-07-29 19:40:27 PDT

[WinCairo] JSC::SlotVisitor::drain → WTF::StringImpl::costDuringGC → divideRoundedUp → Integer divide-by-zero exception "WinCairo 64-bit WKL Release (Tests)" is infrequently crashing by Integer divide-by-zero exception https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r247904%20(4650)/results.html http/tests/websocket/tests/hybi/no-subprotocol.html https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r247890%20(4639)/results.html http/tests/websocket/tests/hybi/pong.html Callstack: > JavaScriptCore!divideRoundedUp+0x8 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\WebKitBuild\Release\WTF\Headers\wtf\MathExtras.h @ 307] > JavaScriptCore!WTF::StringImpl::costDuringGC(void)+0x69 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\WebKitBuild\Release\WTF\Headers\wtf\text\StringImpl.h @ 1031] > JavaScriptCore!JSC::JSString::visitChildren(class JSC::JSCell * cell = 0x000001d4`f2671600, class JSC::SlotVisitor * visitor = 0x000001d4`f26253b0)+0x1a2 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\runtime\JSString.cpp @ 148] > JavaScriptCore!JSC::SlotVisitor::visitChildren+0x7a [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 374] > JavaScriptCore!<lambda_3e016a9e0b54f91598bc5981a39993bb>::operator()(class JSC::MarkStackArray * stack = 0x000001d4`f26253b0)+0x109 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 498] > JavaScriptCore!JSC::SlotVisitor::forEachMarkStack+0x20 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitorInlines.h @ 190] > JavaScriptCore!JSC::SlotVisitor::drain(class WTF::MonotonicTime timeout = class WTF::MonotonicTime)+0xa4 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 488] > JavaScriptCore!JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode sharedDrainMode = SlaveDrain (0n0), class WTF::MonotonicTime timeout = class WTF::MonotonicTime)+0x559 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\SlotVisitor.cpp @ 691] > JavaScriptCore!<lambda_7434909dfa36dd6f16db939b22739ad3>::operator()(void)+0xcc [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\JavaScriptCore\heap\Heap.cpp @ 1320] > WTF!WTF::ParallelHelperClient::runTask(class WTF::RefPtr<WTF::SharedTask<void __cdecl(void)>,WTF::DumbPtrTraits<WTF::SharedTask<void __cdecl(void)> > > * task = 0x000001d4`f8996e80)+0x31 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\ParallelHelperPool.cpp @ 115] > WTF!WTF::ParallelHelperPool::Thread::work(void)+0x1a [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\ParallelHelperPool.cpp @ 202] > WTF!<lambda_04ae092c605b9fd3c9763a9cc8e9078a>::operator()(void)+0x140 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\AutomaticThread.cpp @ 224] > WTF!WTF::Function<void __cdecl+0xe [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\Function.h @ 79] > WTF!WTF::Thread::entryPoint(struct WTF::Thread::NewThreadContext * newThreadContext = 0x000001d4`f89a7b20)+0x127 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\Threading.cpp @ 148] > WTF!WTF::wtfThreadEntryPoint(void * data = <Value unavailable error>)+0x9 [C:\WebKit-BuildWorker\wincairo-wkl-release\build\Source\WTF\wtf\win\ThreadingWin.cpp @ 153] > ucrtbase!thread_start<unsigned int +0x42 > KERNEL32!BaseThreadInitThunk+0x14 > ntdll!RtlUserThreadStart+0x21

Attachments
no-subprotocol-crash-log.txt (78.46 KB, text/plain) 2019-07-29 19:40 PDT, Fujii Hironori	no flags	Details
pong-crash-log.txt (80.81 KB, text/plain) 2019-07-29 19:40 PDT, Fujii Hironori	no flags	Details
no-subprotocol-crash-log.txt (debug build) (90.25 KB, text/plain) 2019-08-01 18:49 PDT, Fujii Hironori	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2019-07-29 19:40:48 PDT

Created attachment 375140 [details] no-subprotocol-crash-log.txt

Fujii Hironori

Comment 2 2019-07-29 19:40:59 PDT

Created attachment 375141 [details] pong-crash-log.txt

Fujii Hironori

Comment 3 2019-07-30 01:52:57 PDT

https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r248004%20(4659)/results.html http/tests/websocket/tests/hybi/null-character.html

Fujii Hironori

Comment 4 2019-07-30 18:38:56 PDT

https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Release%20(Tests)/r248014%20(4663)/results.html http/tests/websocket/tests/hybi/reserved-bits.html

Fujii Hironori

Comment 5 2019-08-01 18:49:32 PDT

Created attachment 375377 [details] no-subprotocol-crash-log.txt (debug build) Debug builds also crashed. https://build.webkit.org/results/WinCairo%2064-bit%20WKL%20Debug%20(Tests)/r248104%20(2106)/results.html http/tests/websocket/tests/hybi/no-subprotocol.html

Fujii Hironori

Comment 6 2019-08-04 18:43:59 PDT

It seems that Buildbot doesn't crash since r248182. Closed as duplicated of Bug 200378. *** This bug has been marked as a duplicate of bug 200378 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 200378

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2019-07-29 19:40 PDT

Modified

2019-08-04 18:43 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks