Closed Bug 1166041 Opened 5 years ago Closed 5 years ago

Intermittent LeakSanitizer | leak at js_pod_malloc, pod_malloc, js::Nursery::allocateBuffer, AllocateObjectBuffer or js_pod_malloc, AllocateObjectBuffer, js::NativeObject::growSlots, js::NativeObject::updateSlotsForSpan

Categories

(Core :: JavaScript: GC, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla43
Tracking Status
firefox40 --- unaffected
firefox41 --- fixed
firefox42 --- fixed
firefox43 --- fixed
firefox-esr38 --- unaffected

People

(Reporter: RyanVM, Assigned: jandem)

References

(Blocks 1 open bug)

Details

(Keywords: intermittent-failure, memory-leak)

Attachments

(3 files, 1 obsolete file)

11:36:35 INFO - ==1906==ERROR: LeakSanitizer: detected memory leaks
11:36:35 INFO - Direct leak of 64 byte(s) in 1 object(s) allocated from:
11:36:35 INFO - #0 0x472111 in malloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
11:36:35 INFO - #1 0x7f8b25e85a7e in js_malloc /builds/slave/fx-team-l64-asan-0000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:119
11:36:35 INFO - #2 0x7f8b25e85a7e in js_pod_malloc<unsigned char> /builds/slave/fx-team-l64-asan-0000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:274
11:36:35 INFO - #3 0x7f8b25e85a7e in pod_malloc<unsigned char> /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/vm/MallocProvider.h:63
11:36:35 INFO - #4 0x7f8b25e85a7e in js::Nursery::allocateBuffer(JSObject*, unsigned int) /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/gc/Nursery.cpp:263
11:36:35 INFO - #5 0x7f8b25fe750d in AllocateObjectBuffer<js::HeapSlot> /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/gc/Nursery-inl.h:55
11:36:35 INFO - #6 0x7f8b25fe750d in js::NativeObject::growSlots(js::ExclusiveContext*, unsigned int, unsigned int) /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/vm/NativeObject.cpp:399
11:36:36 INFO - #7 0x7f8b25fe6581 in js::NativeObject::updateSlotsForSpan(js::ExclusiveContext*, unsigned long, unsigned long) /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/vm/NativeObject.cpp:262
11:36:36 INFO - #8 0x7f8b25fe61ca in js::NativeObject::setLastProperty(js::ExclusiveContext*, js::Shape*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/js/src/vm/NativeObject.cpp:298:10
Blocks: LSan
Ping?
Flags: needinfo?(terrence)
Appears to be new with Brian's rewrite of this subsystem.
Flags: needinfo?(terrence) → needinfo?(bhackett1024)
At least I think it starts around the time that that landed. Brian, feel free to punt this back my way if you disagree.
We actually intentionally leak slots memory on that path if we hit OOM inserting into a hash table.

Here's a patch to tighten that up and fail the allocation instead.
Attachment #8612271 - Flags: review?(terrence)
Comment on attachment 8612271 [details] [diff] [review]
bug1166041-nursery-leak

Review of attachment 8612271 [details] [diff] [review]:
-----------------------------------------------------------------

Yup, better to just raise the error.
Attachment #8612271 - Flags: review?(terrence) → review+
Assignee: nobody → jcoppeard
Status: NEW → ASSIGNED
Flags: needinfo?(bhackett1024)
(In reply to Treeherder Robot from comment #113)

This was on a rev after your push :(
Flags: needinfo?(jcoppeard)
Keywords: leave-open
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #114)

Oh well it was worth fixing that first.  The real cause must be something more subtle.
Add some assertions to hopefully catch this.
Flags: needinfo?(jcoppeard)
Attachment #8620893 - Flags: review?(terrence)
Attachment #8620893 - Flags: review?(terrence) → review+