1235122 - AddressSanitizer failed to allocate 0x400002000 (17179877376) bytes of LargeMmapAllocator

Status: UNCONFIRMED

(Core :: JavaScript Engine, defect)

Description

[Spandan Veggalam]

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151210084639

Steps to reproduce:

JS Shell Linux Asan Debug artifact

test();

function test() {
    try {
        Array(1 << 30).sort();
    } catch (ex) {
    }
}



Actual results:

AddressSanitizer failed to allocate 0x400002000 (17179877376) bytes of LargeMmapAllocator

AddressSanitizer CHECK failed: /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)     

#0 0x48a0cb in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_rtl.cc:69     
#1 0x490681 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:76     
#2 0x49465e in RoundUpTo /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.h:268     
#3 0x49465e in __sanitizer::MmapOrDie(unsigned long, char const*) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:51     
#4 0x44ddf8 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h:1011     
#5 0x449cb1 in Allocate /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h:1253     
#6 0x449cb1 in __asan::Allocate(unsigned long, unsigned long, __sanitizer::StackTrace*, __asan::AllocType, bool) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_allocator2.cc:354     
#7 0x483b08 in __interceptor_malloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:75     
#8 0x54b18d in js_malloc /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:221     
#9 0x54b18d in js_pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:407     
#10 0x54b18d in maybe_pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsalloc.h:88     
#11 0x54b18d in pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsalloc.h:103     
#12 0x54b18d in convertToHeapStorage /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:790     
#13 0x54b18d in mozilla::VectorBase<JS::Value, 8ul, js::TempAllocPolicy, js::Vector<JS::Value, 8ul, js::TempAllocPolicy> >::growStorageBy(unsigned long) /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:881     
#14 0x1a01b95 in reserve /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:915     
#15 0x1a01b95 in reserve /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsapi.h:164     
#16 0x1a01b95 in js::array_sort(JSContext*, unsigned int, JS::Value*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsarray.cpp:1871     
#17 0x127d17e in CallJSNative /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jscntxtinlines.h:235     
#18 0x127d17e in js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:394     
#19 0x12c6e64 in js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:446     
#20 0x188913f in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jit/BaselineIC.cpp:8749  


Expected results:

Should throw an error 'InternalError: allocation size overflow'

Comment 1

[Intermittent Failures Robot]

5 failures in 924 pushes (0.005 failures/push) were associated with this bug in the last 7 days.   

Repository breakdown:
* mozilla-inbound: 3
* autoland: 2

Platform breakdown:
* linux64: 5

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-09-04&endday=2017-09-10&tree=all

Comment 2

[Intermittent Failures Robot]

5 failures in 1032 pushes (0.005 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* mozilla-inbound: 3
* autoland: 2

Platform breakdown:
* linux64: 5

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-09-11&endday=2017-09-17&tree=all

Comment 3

[Intermittent Failures Robot]

1 failures in 943 pushes (0.001 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* autoland: 1

Platform breakdown:
* linux64: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-09-18&endday=2017-09-24&tree=all

Comment 4

[Intermittent Failures Robot]

2 failures in 849 pushes (0.002 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* mozilla-inbound: 1
* autoland: 1

Platform breakdown:
* linux64: 2

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-11-06&endday=2017-11-12&tree=all

Comment 5

[Intermittent Failures Robot]

1 failures in 762 pushes (0.001 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* mozilla-inbound: 1

Platform breakdown:
* linux64: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-11-13&endday=2017-11-19&tree=all

Comment 6

[Intermittent Failures Robot]

1 failures in 744 pushes (0.001 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* mozilla-beta: 1

Platform breakdown:
* linux64: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1235122&startday=2017-11-20&endday=2017-11-26&tree=all

Comment 7

[Intermittent Failures Robot]

1 failures in 521 pushes (0.002 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* mozilla-inbound: 1

Platform breakdown:
* windows10-64: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1235122&startday=2018-06-18&endday=2018-06-24&tree=trunk

Comment 8

[Intermittent Failures Robot]

1 failures in 1668 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:
* autoland: 1

Platform breakdown:
* windows10-64: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1235122&startday=2018-12-31&endday=2019-01-06&tree=all

Comment 9

[Intermittent Failures Robot]

2 failures in 4850 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 2

Platform breakdown:

• windows10-64: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1235122&startday=2019-11-04&endday=2019-11-10&tree=all

Comment 10

[Intermittent Failures Robot]

1 failures in 3341 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• windows10-64-2004-asan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1235122&startday=2022-07-11&endday=2022-07-17&tree=all