Open Bug 1879451 Opened 7 months ago Updated 7 months ago

Crash in [@ js::gc::HeapSize::addBytes]

Categories

(Core :: JavaScript: GC, defect, P5)

Other
Linux
defect

Tracking

()

Tracking Status
firefox124 --- affected

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/eb24f841-4ab3-44e4-a0fb-54b4d0240203

Reason: SIGSEGV / SI_KERNEL

Top 10 frames of crashing thread:

0  libxul.so  std::__atomic_base<unsigned long>::load const  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/atomic_base.h:396
0  libxul.so  mozilla::detail::IntrinsicMemoryOps<unsigned long,   mfbt/Atomics.h:194
0  libxul.so  mozilla::detail::AtomicBaseIncDec<unsigned long,  const  mfbt/Atomics.h:339
0  libxul.so  js::gc::HeapSize::addBytes  js/src/gc/Scheduling.h:644
0  libxul.so  js::ZoneAllocator::addCellMemory  js/src/gc/ZoneAllocator.h:73
0  libxul.so  js::AddCellMemory  js/src/gc/ZoneAllocator.h:324
0  libxul.so  js::AddCellMemory  js/src/gc/ZoneAllocator.h:329
0  libxul.so  js::Nursery::maybeMoveRawBufferOnPromotion  js/src/gc/Nursery.cpp:1644
1  libxul.so  js::Nursery::maybeMoveBufferOnPromotion<js::ObjectSlots>  js/src/gc/Nursery.h:210
1  libxul.so  js::Nursery::maybeMoveBufferOnPromotion<js::ObjectSlots>  js/src/gc/Nursery.h:216

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2024-01-16
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - 1 out of 3 crashes happened on null or near null memory address
Component: General → JavaScript: GC
Severity: -- → S4
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.