Crash in [@ arena_t::ArenaRunRegAlloc | arena_t::MallocSmall | arena_t::Malloc | BaseAllocator::malloc | MozJemalloc::malloc]
Categories
(Core :: Memory Allocator, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox124 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/9745486e-136a-40ab-b538-2b1160240131
MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(0)
Top 10 frames of crashing thread:
0 firefox-bin arena_t::ArenaRunRegAlloc memory/build/mozjemalloc.cpp:2558
0 firefox-bin arena_t::MallocSmall memory/build/mozjemalloc.cpp:3286
0 firefox-bin arena_t::Malloc memory/build/mozjemalloc.cpp:3332
0 firefox-bin BaseAllocator::malloc memory/build/mozjemalloc.cpp:4551
0 firefox-bin MozJemalloc::malloc memory/build/malloc_decls.h:51
0 firefox-bin PageMalloc memory/build/PHC.cpp:1306
0 firefox-bin MozJemallocPHC::malloc memory/build/PHC.cpp:1310
0 firefox-bin ReplaceMalloc::malloc memory/build/malloc_decls.h:51
0 firefox-bin malloc memory/build/malloc_decls.h:51
1 libglib-2.0.so.0 g_malloc /usr/src/debug/glib2/glib/glib/gmem.c:130
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-12-14
- Process type: Multiple distinct types
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 3 out of 5 crashes happened on null or near null memory address
Reporter | ||
Comment 1•3 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Memory Allocator' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Reporter | ||
Comment 2•3 months ago
|
||
The severity field is not set for this bug.
:glandium, could you have a look please?
For more information, please visit BugBot documentation.
Comment 3•2 months ago
|
||
We should probably change this
MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(0)
to be more explicit that this is reaching code that is not supposed to be reached.
Which suggests either something went really badly wrong, or... more likely, some bit flip happened. I'm not exclusing the former, Paul, would you mind taking a deeper dive?
Comment 4•2 months ago
|
||
There's a few different crash locations captured by the same signatures for both this and Bug 1878195.
Some are definitely bad ram, I saw one bitflip in an index that was used to lookup an array. For others I think we could add some assertions or promote some debug assertions to diagnostic assertions. I'll consider what assertions we might want and keep looking.
Reporter | ||
Comment 5•21 days ago
|
||
Since the crash volume is low (less than 15 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit BugBot documentation.
Description
•