1378339 - Crash in arena_dalloc | CFAllocatorDeallocate

Status: RESOLVED FIXED

(Core :: Memory Allocator, defect)

Description

[[:philipp]]

This bug was filed from the Socorro interface and is 
report bp-704903de-232f-4056-bc63-c7c100170705.
=============================================================
MOZ_CRASH Reason 	MOZ_RELEASE_ASSERT(arena->magic == 0x947d3d24)

Crashing Thread (74)
Frame 	Module 	Signature 	Source
0 	libmozglue.dylib 	arena_dalloc(void*, unsigned long) 	memory/mozjemalloc/mozjemalloc.cpp:3815
1 	CoreFoundation 	CFAllocatorDeallocate 	
2 	CoreFoundation 	__CFBasicHashAddValue 	
3 	CoreFoundation 	CFBasicHashSetValue 	
4 	Foundation 	_NSThreadGet0 	
5 	FinderKit 	-[FI_TRunSoonHelper post] 	
6 	FinderKit 	+[FI_TRunSoonHelper postFunctor:withOwningTargetID:andDispatchType:] 	
7 	FinderKit 	SendBrowserViewDataSourceBusyStateChangedNotificationSoon(FI_TBrowserViewDataSource*) 	
8 	FinderKit 	-[FI_TBVDSBusyStateIncrementer aboutToTearDown] 	
9 	FinderKit 	-[FI_TBVDSBusyStateIncrementer dealloc] 	
10 	libobjc.A.dylib 	objc_setProperty_atomic_copy 	
11 	FinderKit 	__destroy_helper_block_.158 	
12 	libsystem_blocks.dylib 	_Block_release 	
13 	libdispatch.dylib 	_dispatch_client_callout 	
14 	libdispatch.dylib 	_dispatch_queue_serial_drain 	
15 	libdispatch.dylib 	_dispatch_queue_invoke 	
16 	libdispatch.dylib 	_dispatch_queue_override_invoke 	
17 	libdispatch.dylib 	_dispatch_root_queue_drain 	
18 	libdispatch.dylib 	_dispatch_worker_thread3 	
19 	libsystem_pthread.dylib 	_pthread_wqthread 	
20 	libsystem_pthread.dylib 	start_wqthread 	
21 	libdispatch.dylib 	dispatch_source_set_cancel_handler

these crashes on macos 10.12.5 16F73 are regressing in today's 56.0a1 build 20170705100303.

one user on irc is reporting that the crash is happening when the file picker windows is appearing for choosing an image to attach to bugzilla.

Comment 1

[Marcia Knous [:marcia]]

Possible regression from bug 1356701? ni on :glandium

Comment 2

[Ting-Yu Lin [:TYLin] (PDT, UTC-7)]

I can reproduce this on nightly 20170705 on my Mac by typing arbitrary string into the search box, and press command + a. mozregression points to bug 1356701 as well.

Comment 3

[Corey Shields [:cshields]]

Happened to me while typing a filename into the print - pdf dialog, nightly 20170705 osx.  3946f527-1def-405a-a28d-2b7740170705

Comment 4

[Bogdan Maris, Desktop QA]

I also ran into this on today's Nightly (20170705100303) but with a different signature, I think it could be the same issue though, just save any page (cmd+s) and wait 1-2 seconds.

- Signature: [@ arena_dalloc | __CFBasicHashRehash ]
- Crashes:
bp-e699e0c7-6c20-4945-b5e7-910a10170705
bp-b72a7d20-844e-4ada-8f36-f2fb30170705
bp-174c76cd-7098-46b6-9b51-255420170705

Comment 5

[Calixte Denizet (:calixte)]

This signature is ranked #1 in mac top-crashers.
:glandium, could you investigate ?

Comment 6

[Marcia Knous [:marcia]]

Suggesting erahm take a look due to time zone considerations. I think maybe we should just back this out due to the fact people are crashing so easily.

Comment 7

[Liz Henry (:lizzard) (relman/hg->git project)]

I'm hearing reports from irc that today's nightly is unusable on Macs.  Let's back out the patch from bug 1356701 and probably rebuild Nightly (for macs only if we can)

Comment 8

[Eric Rahm [:erahm]]

(In reply to Marcia Knous [:marcia - use ni] from comment #6)
> Suggesting erahm take a look due to time zone considerations. I think maybe
> we should just back this out due to the fact people are crashing so easily.

Yeah I agree bug 1356701 should be backed out, it looks like RyanVM took care of it.

Comment 9

[Mike Hommey [:glandium]]

Fixed by the backout.

I reproduced locally and was able to fix the problem in a new iteration of the patch in bug 1356701.