Open Bug 1878195 Opened 1 year ago Updated 1 year ago

Crash in [@ arena_t::MallocSmall | arena_t::Malloc | BaseAllocator::malloc | MozJemalloc::moz_arena_malloc]

Categories

(Core :: Memory Allocator, defect)

Product:
Core
Component:
Memory Allocator
Platform:
Other
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox124 --- affected

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/83b563ad-46b6-4b02-b1e3-9d0690240201

MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(run->mNumFree > 0)

Top 10 frames of crashing thread:

0  firefox-bin  arena_t::MallocSmall  memory/build/mozjemalloc.cpp:3285
0  firefox-bin  arena_t::Malloc  memory/build/mozjemalloc.cpp:3332
0  firefox-bin  BaseAllocator::malloc  memory/build/mozjemalloc.cpp:4551
0  firefox-bin  MozJemalloc::moz_arena_malloc  memory/build/malloc_decls.h:51
0  firefox-bin  PageMalloc  memory/build/PHC.cpp:1305
0  firefox-bin  MozJemallocPHC::moz_arena_malloc  memory/build/PHC.cpp:1673
0  firefox-bin  ReplaceMalloc::moz_arena_malloc  memory/build/malloc_decls.h:150
0  firefox-bin  moz_arena_malloc  memory/build/malloc_decls.h:150
1  libxul.so  js_arena_malloc  js/public/Utility.h:370
1  libxul.so  js_pod_arena_malloc<unsigned char>  js/public/Utility.h:586

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2023-12-16
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - 4 out of 10 crashes happened on null or near null memory address

The Bugbug bot thinks this bug should belong to the 'Core::Memory Allocator' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: General → Memory Allocator

The severity field is not set for this bug.
:glandium, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(mh+mozilla)

This seems like this could be the same kind of problem as bug 1878984

Severity: -- → S2
Flags: needinfo?(mh+mozilla) → needinfo?(pbone)
See Also: → 1878984

It looks like there's a few different crashes under both signatures.

Flags: needinfo?(pbone)

Since the crash volume is low (less than 15 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit BugBot documentation.

Severity: S2 → S3
You need to log in before you can comment on or make changes to this bug.