Closed Bug 1547052 Opened 5 years ago Closed 5 years ago

Crash in [@ BaseAllocator::realloc]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1546881
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- unaffected
firefox67 --- unaffected
firefox68 --- fixed

People

(Reporter: calixte, Assigned: cmartin)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

This bug is for crash report bp-243311d6-a73c-42f8-86af-2852c0190425.

Top 10 frames of crashing thread:

0 mozglue.dll void* BaseAllocator::realloc memory/build/mozjemalloc.cpp:3960
1 mozglue.dll static void* Allocator<MozJemallocBase>::moz_arena_realloc memory/build/malloc_decls.h:40
2 xul.dll xul.dll@0xa3c7ca 
3 xul.dll xul.dll@0x8a92bc 
4 xul.dll xul.dll@0xb6bb17 
5 xul.dll xul.dll@0x8bf386 
6 xul.dll xul.dll@0x9067dc 
7 xul.dll xul.dll@0x8eb4cb 
8 xul.dll xul.dll@0x8eb478 
9 xul.dll xul.dll@0x8ebbd1

There are 10 crashes (from 7 installations) in nightly 68 starting with buildid 20190424215525. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1052579.

[1] https://hg.mozilla.org/mozilla-central/rev?node=401f2be1ced1

Flags: needinfo?(cmartin)

I am currently investigating Bug 1546881, which I believe is caused by the same issue as this crash.

Unless you know otherwise, I believe that https://hg.mozilla.org/mozilla-central/rev/e51a022e039f is the cause of these crashes.

I am investigating Bug 1546881, and I think that fixing it may fix this as well. Both only happen on x86, which makes me think it's the same codepath (OOM handler) that is causing the issue.

Will have a fix ready shortly.

Flags: needinfo?(cmartin)
Type: task → defect

woops didn't mean to clear status flags.

status-firefox66: --- → unaffected
status-firefox67: --- → unaffected
status-firefox-esr60: --- → unaffected
Assignee: nobody → cmartin

I have added a fix to Bug 1546881. When it is checked-in, I will close this ticket.

(In reply to Calixte Denizet (:calixte) from comment #0)

This bug is for crash report bp-243311d6-a73c-42f8-86af-2852c0190425.

Hi Calixte,

This fix made it to central yesterday morning at 2019-05-01 04:21Z, and should be in the nightly now.

https://hg.mozilla.org/mozilla-central/rev/b08155896113

Are you able to tell if the crashes you reported above have been fixed?

Thanks!
Chris

Flags: needinfo?(cdenizet)

No more crashes with this signature after the patch landed.

Flags: needinfo?(cdenizet)

Let's call this a dupe.

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68: affectedfixed
Resolution: --- → DUPLICATE
See Also: 1546881
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.