Closed Bug 1466567 Opened 7 years ago Closed 4 years ago

Crash in RedBlackTree<T>::TreeNode::SetColor

Categories

(Core :: Memory Allocator, defect, P3)

Product:
Core
Component:
Memory Allocator
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox62 --- affected

People

(Reporter: MatsPalmgren_bugz, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-b0dd717c-3b1f-4bd3-8306-9230d0180602. ============================================================= MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(mNode) Top 10 frames of crashing thread: 0 mozglue.dll RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::TreeNode::SetColor memory/build/rb.h:203 1 mozglue.dll RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::MoveRedRight memory/build/rb.h:668 2 mozglue.dll RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::Remove memory/build/rb.h:562 3 mozglue.dll arena_t::SplitRun memory/build/mozjemalloc.cpp:2380 4 mozglue.dll arena_t::MallocLarge memory/build/mozjemalloc.cpp:2990 5 mozglue.dll arena_t::RallocSmallOrLarge memory/build/mozjemalloc.cpp:3626 6 mozglue.dll Allocator<MozJemallocBase>::realloc memory/build/malloc_decls.h:39 7 mozglue.dll moz_xrealloc memory/mozalloc/mozalloc.cpp:93 8 xul.dll nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator> xpcom/ds/nsTArray-inl.h:183 9 xul.dll nsTArray_Impl<mozilla::layers::OpSetLayerAttributes, nsTArrayInfallibleAllocator>::AppendElement<mozilla::layers::OpSetLayerAttributes&, nsTArrayInfallibleAllocator> xpcom/ds/nsTArray.h:2288 =============================================================
Bug 1405062 is another odd looking crash involving RedBlackTree and the allocator.
See Also: → 1405062
It's plausible these have the same root as bug 1405062, and if you look at the numbers, the drop in bug 1405062 kind of corresponds to the rise in this one. I wish we could get a dump of the mozjemalloc metadata in crash reports...
More precisely, it is plausible that bug 1439470 turned some of the crashes in bug 1405062 into those here.
https://bit.ly/2swX4jz is another similar signature which shows up in Fennec crash stats. It appears that signature is Pixel devices running the Android P Developer preview.
Priority: -- → P3

Marking this as Resolved > Worksforme since there are no more crashes with this signature in the past 6 months.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.