1898397 - Startup crash in [@ __gnu_cxx::new_allocator<T>::allocate] in WebRenderLayerManager::ClearPendingScrollInfoUpdate()

Status: NEW

(Core :: Graphics: WebRender, defect)

Description

[BugBot [:suhaib / :marco/ :calixte]]

Crash report: https://crash-stats.mozilla.org/report/index/0839ea87-6c12-48e2-b960-f19cb0240520

MOZ_CRASH Reason: fatal: STL threw bad_alloc

Top 10 frames of crashing thread:

0  firefox-bin  MOZ_Crash  mfbt/Assertions.h:317
0  firefox-bin  mozalloc_abort  memory/mozalloc/mozalloc_abort.cpp:35
1  libxul.so  std::__throw_bad_alloc  memory/mozalloc/throw_gcc.h:60
1  libxul.so  __gnu_cxx::new_allocator<std::__detail::_Hash_node_base*>::allocate  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/ext/new_allocator.h:102
1  libxul.so  std::allocator_traits<std::allocator<std::__detail::_Hash_node_base*> >::allocate  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/alloc_traits.h:436
1  libxul.so  std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<unsigned long, false> > >::_M_allocate_buckets  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/hashtable_policy.h:2134
1  libxul.so  std::_Hashtable<unsigned long, unsigned long, std::allocator<unsigned long>, std::__detail::_Identity, std::equal_to<unsigned long>, std::hash<unsigned long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true> >::_M_allocate_buckets  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/hashtable.h:361
1  libxul.so  std::_Hashtable<unsigned long, unsigned long, std::allocator<unsigned long>, std::__detail::_Identity, std::equal_to<unsigned long>, std::hash<unsigned long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true> >::_Hashtable<detail::nsTHashtableKeyIterator<nsBaseHashtableET<nsIntegralHashKey<unsigned long, 0>, nsTArray<mozilla::ScrollPositionUpdate> > > >  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/hashtable.h:983
1  libxul.so  std::_Hashtable<unsigned long, unsigned long, std::allocator<unsigned long>, std::__detail::_Identity, std::equal_to<unsigned long>, std::hash<unsigned long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true> >::_Hashtable<detail::nsTHashtableKeyIterator<nsBaseHashtableET<nsIntegralHashKey<unsigned long, 0>, nsTArray<mozilla::ScrollPositionUpdate> > > >  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/hashtable.h:450
1  libxul.so  std::unordered_set<unsigned long, std::hash<unsigned long>, std::equal_to<unsigned long>, std::allocator<unsigned long> >::unordered_set<detail::nsTHashtableKeyIterator<nsBaseHashtableET<nsIntegralHashKey<unsigned long, 0>, nsTArray<mozilla::ScrollPositionUpdate> > > >  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8/bits/unordered_set.h:171

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

• First crash report: 2024-05-20
• Process type: Parent
• Is startup crash: Yes - 1 out of 31 crashes happened during startup
• Has user comments: No
• Is null crash: Yes - all crashes happened on null or near null memory address

Comment 1

[Andrew McCreight [:mccr8]]

This signature sucks, but it looks like the first Gecko frame for all of these crashes is WebRenderLayerManager::ClearPendingScrollInfoUpdate(). Looks like an OOM?