1917999 - Crash in [@ js::gc::MarkBitmap<T>::markIfUnmarked]

Status: RESOLVED DUPLICATE of bug 719114

(Core :: JavaScript: GC, defect)

Description

[BugBot [:suhaib / :marco/ :calixte]]

Crash report: https://crash-stats.mozilla.org/report/index/6d050bc5-bdb8-4e08-843b-ea86a0240908

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  std::_Atomic_storage<unsigned long long, 8>::load const  /builds/worker/fetches/vs/VC/Tools/MSVC/14.39.33519/include/atomic:1121
0  xul.dll  mozilla::detail::IntrinsicMemoryOps<unsigned long long, 0>::load  mfbt/Atomics.h:199
0  xul.dll  mozilla::detail::AtomicBaseIncDec<unsigned long long, 0>::operator unsigned long long const  mfbt/Atomics.h:344
0  xul.dll  js::gc::MarkBitmap<8, 16384>::markIfUnmarked  js/src/gc/Heap-inl.h:90
0  xul.dll  js::gc::TenuredCell::markIfUnmarked const  js/src/gc/Heap-inl.h:219
0  xul.dll  js::GCMarker::mark  js/src/gc/Marking.cpp:1210
0  xul.dll  js::GCMarker::markAndTraverse  js/src/gc/Marking.cpp:981
0  xul.dll  js::GCMarker::markAndTraverseEdge  js/src/gc/Marking.cpp:1160
0  xul.dll  js::GCMarker::processMarkStackTop  js/src/gc/Marking.cpp:1609
0  xul.dll  js::GCMarker::markOneColor  js/src/gc/Marking.cpp:1332

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

• First crash report: 2024-09-08
• Process type: Content
• Is startup crash: No
• Has user comments: No
• Is null crash: Yes - 2 out of 4 crashes happened on null or near null memory address

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::JavaScript: GC' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 2

[Jon Coppeard (:jonco)]

This is another signature for bug 719114. The signature changed slightly due to the change to MarkBitmap in bug 1916758.