Context Navigation

#16931 new bug

Crash in BPrivate::processHeap::free(void*)

Reported by:	humdinger	Owned by:	axeld
Priority:	normal	Milestone:	Unscheduled
Component:	Servers/app_server	Version:	R1/Development
Keywords:		Cc:
Blocked By:		Blocking:
Platform:	All

Description

This is hrev55064, 64bits

Had an app-server crash. Along with a 'rebased' WebPositive (I think compiled on 2nd April 2021), I was running a current HaikuLauncher (built 2nd May 2021) checking if some issue on the Gerrit site solved itself... So, I'm not quite sure who triggered the app_server crash, but I'd say it was the HaikuLauncher's tool tip.

Here a snippet, full debug report attached:

thread 3534: w:985:tool tip 
state: Exception (General protection fault)

Frame		IP			Function Name
-----------------------------------------------
0x7fffd2602080	0x1f2dd0ecf91	BPrivate::processHeap::free(void*) + 0x41 
	Disassembly:
		BPrivate::processHeap::free(void*):
		0x000001f2dd0ecf50:           4885f6  test %rsi, %rsi
		0x000001f2dd0ecf53:     0f8447010000  jz 0x1f2dd0ed0a0
		0x000001f2dd0ecf59:               55  push %rbp
		0x000001f2dd0ecf5a:         488d46f0  lea -0x10(%rsi), %rax
		0x000001f2dd0ecf5e:           4889e5  mov %rsp, %rbp
		0x000001f2dd0ecf61:             4156  push %r14
		0x000001f2dd0ecf63:             4155  push %r13
		0x000001f2dd0ecf65:             4154  push %r12
		0x000001f2dd0ecf67:               53  push %rbx
		0x000001f2dd0ecf68:         4883ec10  sub $0x10, %rsp
		0x000001f2dd0ecf6c:         488b56f0  mov -0x10(%rsi), %rdx
		0x000001f2dd0ecf70:         488945d0  mov %rax, -0x30(%rbp)
		0x000001f2dd0ecf74:           f6c201  test $0x1, %dl
		0x000001f2dd0ecf77:     0f85f3000000  jnz 0x1f2dd0ed070
		0x000001f2dd0ecf7d:           4989fc  mov %rdi, %r12
		0x000001f2dd0ecf80:         488b7808  mov 0x8(%rax), %rdi
		0x000001f2dd0ecf84:         48897dd8  mov %rdi, -0x28(%rbp)
		0x000001f2dd0ecf88:           4885ff  test %rdi, %rdi
		0x000001f2dd0ecf8b:     0f846d010000  jz 0x1f2dd0ed0fe
		0x000001f2dd0ecf91:           8b4704  mov 0x4(%rdi), %eax <--

	Frame memory:
		[0x7fffd2602040]  0Y......UVVVWWWX   30 59 c3 02 ee 11 00 00 55 56 56 56 57 57 57 58
		[0x7fffd2602050]  @Y..............   40 59 c3 02 ee 11 00 00 84 ff ff ff 00 00 00 00
		[0x7fffd2602060]  ................   00 0d 1e 04 ee 11 00 00 01 00 00 00 00 00 00 00
		[0x7fffd2602070]  . `.....".......   90 20 60 d2 ff 7f 00 00 22 e1 0e dd f2 01 00 00
0x7fffd26020a0	0x1f2dd0ee11d	free + 0x3d 
0x7fffd26020c0	0x1a4602d1cad	BMessage::_Clear() + 0x4d 
0x7fffd2602190	0xe4da22d2a1	Window::ResizeBy(int, int, BRegion*, bool) + 0x411 
0x7fffd2602280	0xe4da1ef053	Desktop::ResizeWindowBy(Window*, float, float) + 0x203 
0x7fffd2602340	0xe4da2255a7	ServerWindow::_DispatchMessage(int, BPrivate::LinkReceiver&) + 0x787 
0x7fffd26023b0	0xe4da21f331	ServerWindow::_MessageLooper() + 0x191 
0x7fffd26023c0	0xe4da1fd377	MessageLooper::_message_thread(void*) + 0x7 
0x7fffd26023e0	0x1f2dd060367	thread_entry + 0x17 
00000000	0x7fd5008a0260	commpage_thread_exit + 0

Attachments (1)

app_server-680-debug-04-05-2021-05-36-05.report (80.8 KB ) - added by humdinger 3 years ago.

Download all attachments as: .zip

Change History (2)

by humdinger, 3 years ago

Attachment:	app_server-680-debug-04-05-2021-05-36-05.report added

comment:1 by pulkomandy, 3 years ago

rdi:  0x5857575756565655

This does not look like a pointer...

It could be ASCII text: XWWWVVVU

Note: See TracTickets for help on using tickets.

Download in other formats: