Closed
Bug 1321186
Opened 7 years ago
Closed 7 years ago
Intermittent LeakSanitizer | leak at js_pod_malloc, maybe_pod_malloc, js::DebuggerFrame::onPopSetter, CallJSNative
Categories
(DevTools :: General, defect, P3)
DevTools
General
Tracking
(firefox51 unaffected, firefox52 unaffected, firefox53 fixed)
RESOLVED
FIXED
Firefox 53
Tracking | Status | |
---|---|---|
firefox51 | --- | unaffected |
firefox52 | --- | unaffected |
firefox53 | --- | fixed |
People
(Reporter: intermittent-bug-filer, Assigned: jimb)
References
Details
(Keywords: intermittent-failure)
Attachments
(1 file)
1011 bytes,
patch
|
fitzgen
:
review+
|
Details | Diff | Splinter Review |
Filed by: philringnalda [at] gmail.com https://treeherder.mozilla.org/logviewer.html#?job_id=5739415&repo=mozilla-central https://queue.taskcluster.net/v1/task/C_l9Gc2xRI-ZREaDP6388A/runs/0/artifacts/public/logs/live_backing.log
:jimb, perhaps you are interested in this report. Marking as P3 for now until we know more.
Flags: needinfo?(jimb)
Priority: -- → P3
Assignee | ||
Comment 2•7 years ago
|
||
Yes, I am, thank you very much!
Assignee: nobody → jimb
Flags: needinfo?(jimb)
Comment hidden (Intermittent Failures Robot) |
Assignee | ||
Comment 4•7 years ago
|
||
I'm pretty sure this is another instance of a bug we've already fixed elsewhere... jeez
Assignee | ||
Comment 5•7 years ago
|
||
("Experience keeps a dear school...")
Assignee | ||
Comment 6•7 years ago
|
||
For ease of reference, here's the stack at which the leaked values were allocated: With: SRC=/home/worker/workspace/build/src ==1287==ERROR: LeakSanitizer: detected memory leaks Direct leak of 240 byte(s) in 15 object(s) allocated from: #0 0x4b24ab in malloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:52:3 #1 0x7f05c7bce16b in js_malloc $SRC/obj-firefox/dist/include/js/Utility.h:229:12 #2 0x7f05c7bce16b in js_pod_malloc<unsigned char> $SRC/obj-firefox/dist/include/js/Utility.h:420 #3 0x7f05c7bce16b in maybe_pod_malloc<unsigned char> $SRC/js/src/vm/MallocProvider.h:57 #4 0x7f05c7bce16b in unsigned char* js::MallocProvider<js::ExclusiveContext>::pod_malloc<unsigned char>(unsigned long) $SRC/js/src/vm/MallocProvider.h:90 #5 0x7f05c8857873 in new_<js::ScriptedOnPopHandler, JSObject *> $SRC/js/src/vm/MallocProvider.h:190:5 #6 0x7f05c8857873 in js::DebuggerFrame::onPopSetter(JSContext*, unsigned int, JS::Value*) $SRC/js/src/vm/Debugger.cpp:8336 #7 0x7f05c8a48e11 in CallJSNative $SRC/js/src/jscntxtinlines.h:239:15 #8 0x7f05c8a48e11 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) $SRC/js/src/vm/Interpreter.cpp:457 #9 0x7f05c8a4ada8 in Call $SRC/js/src/vm/Interpreter.cpp:521:10 #10 0x7f05c8a4ada8 in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) $SRC/js/src/vm/Interpreter.cpp:648
Assignee | ||
Comment 7•7 years ago
|
||
I can reproduce this leak under valgrind: $ valgrind --leak-check=full '/home/jimb/moz/dbg/js/src/obj~/js/src/js' -f /home/jimb/moz/dbg/js/src/jit-test/lib/prologue.js --js-cache /home/jimb/moz/dbg/js/src/jit-test/.js-cache -e 'const platform='"'"'linux2'"'"'; const libdir='"'"'/home/jimb/moz/dbg/js/src/jit-test/lib/'"'"'; const scriptdir='"'"'/home/jimb/moz/dbg/js/src/jit-test/tests/debug/'"'"'' -f /home/jimb/moz/dbg/js/src/jit-test/tests/debug/Frame-onPop-02.js ==20669== 16 bytes in 1 blocks are definitely lost in loss record 2 of 4 ==20669== at 0x4C28BF6: malloc (vg_replace_malloc.c:299) ==20669== by 0x42ED15: js_malloc(unsigned long) (Utility.h:229) ==20669== by 0x4535C3: unsigned char* js_pod_malloc<unsigned char>(unsigned long) (Utility.h:420) ==20669== by 0x4780EA: unsigned char* js::MallocProvider<js::ExclusiveContext>::maybe_pod_malloc<unsigned char>(unsigned long) (MallocProvider.h:57) ==20669== by 0x46FF8F: unsigned char* js::MallocProvider<js::ExclusiveContext>::pod_malloc<unsigned char>(unsigned long) (MallocProvider.h:90) ==20669== by 0xC322B9: js::ScriptedOnPopHandler* js::MallocProvider<js::ExclusiveContext>::new_<js::ScriptedOnPopHandler, JSObject*>(JSObject*&&) (MallocProvider.h:190) ==20669== by 0xBF005A: js::DebuggerFrame::onPopSetter(JSContext*, unsigned int, JS::Value*) (Debugger.cpp:8336) ==20669== by 0xD05D6D: js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (jscntxtinlines.h:239) ==20669== by 0xCDCA9E: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (Interpreter.cpp:457) ==20669== by 0xCDCE0C: InternalCall(JSContext*, js::AnyInvokeArgs const&) (Interpreter.cpp:502) ==20669== by 0xCDCEA3: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) (Interpreter.cpp:521) ==20669== by 0xCDD914: js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) (Interpreter.cpp:648)
Assignee | ||
Comment 8•7 years ago
|
||
Commit message says it all.
Attachment #8820592 -
Flags: review?(nfitzgerald)
Comment 9•7 years ago
|
||
Comment on attachment 8820592 [details] [diff] [review] Bother to free old onPopHandler when we set a new one. Review of attachment 8820592 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/vm/Debugger.cpp @@ +7770,5 @@ > MOZ_ASSERT(isLive()); > > + OnPopHandler* prior = onPopHandler(); > + if (prior && prior != handler) > + prior->drop(); This is the polite thing to do, isn't it?
Attachment #8820592 -
Flags: review?(nfitzgerald) → review+
Assignee | ||
Updated•7 years ago
|
Flags: in-testsuite-
Keywords: checkin-needed
OS: Unspecified → All
Hardware: Unspecified → All
Target Milestone: --- → Firefox 52
Version: unspecified → Trunk
Comment 10•7 years ago
|
||
Pushed by ihsiao@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/34b75871dd7e Bother to free old onPopHandler when we set a new one. r=nfitzgerald.
Keywords: checkin-needed
Comment 11•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/34b75871dd7e
Comment hidden (Intermittent Failures Robot) |
Updated•7 years ago
|
status-firefox51:
--- → unaffected
status-firefox52:
--- → unaffected
Target Milestone: Firefox 52 → Firefox 53
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•