Open
Bug 1879451
Opened 7 months ago
Updated 7 months ago
Crash in [@ js::gc::HeapSize::addBytes]
Categories
(Core :: JavaScript: GC, defect, P5)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox124 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/eb24f841-4ab3-44e4-a0fb-54b4d0240203
Reason: SIGSEGV / SI_KERNEL
Top 10 frames of crashing thread:
0 libxul.so std::__atomic_base<unsigned long>::load const /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/atomic_base.h:396
0 libxul.so mozilla::detail::IntrinsicMemoryOps<unsigned long, mfbt/Atomics.h:194
0 libxul.so mozilla::detail::AtomicBaseIncDec<unsigned long, const mfbt/Atomics.h:339
0 libxul.so js::gc::HeapSize::addBytes js/src/gc/Scheduling.h:644
0 libxul.so js::ZoneAllocator::addCellMemory js/src/gc/ZoneAllocator.h:73
0 libxul.so js::AddCellMemory js/src/gc/ZoneAllocator.h:324
0 libxul.so js::AddCellMemory js/src/gc/ZoneAllocator.h:329
0 libxul.so js::Nursery::maybeMoveRawBufferOnPromotion js/src/gc/Nursery.cpp:1644
1 libxul.so js::Nursery::maybeMoveBufferOnPromotion<js::ObjectSlots> js/src/gc/Nursery.h:210
1 libxul.so js::Nursery::maybeMoveBufferOnPromotion<js::ObjectSlots> js/src/gc/Nursery.h:216
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-01-16
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 1 out of 3 crashes happened on null or near null memory address
Updated•7 months ago
|
Component: General → JavaScript: GC
Updated•7 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•