Open Bug 1536537 Opened 5 years ago Updated 2 years ago

Conditional jump or move depends on uninitialized values in [@ mozilla::FramePointerStackWalk]

Categories

(Core :: Gecko Profiler, defect, P3)

Product:
Core
Component:
Gecko Profiler
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox67 --- affected
firefox68 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-uninitialized)

Came across this while running with Valgrind. I'm not sure how actionable this is.

Stack is from m-c:
BuildID=20190318220034
SourceStamp=2abb636ad481768b7c88619080cf224b2c266b2d

==114108== Thread 17 BHMgr Monitor:
==114108== Conditional jump or move depends on uninitialised value(s)
==114108==    at 0x112B76: mozilla::FramePointerStackWalk(void (*)(unsigned int, void*, void*, void*), unsigned int, unsigned int, void*, void**, void*) (StackWalk.cpp:858)
==114108==    by 0x130DA2FC: profiler_suspend_and_sample_thread(int, unsigned int, ProfilerStackCollector&, bool) (platform.cpp:1317)
==114108==    by 0x131B31AC: mozilla::BackgroundHangManager::RunMonitorThread() (ThreadStackHelper.cpp:137)
==114108==    by 0x131B2E2C: mozilla::BackgroundHangManager::MonitorThread(void*) (BackgroundHangMonitor.cpp:79)
==114108==    by 0x407B0F8: _pt_root (ptthread.c:201)
==114108==    by 0x4E446DA: start_thread (pthread_create.c:463)
==114108==    by 0x5EC888E: clone (clone.S:95)
==114108==  Uninitialised value was created by a stack allocation
==114108==    at 0x5DD9543: __dcigettext (dcigettext.c:661)
Component: mozglue → Gecko Profiler

Tyson, do you know which variable it's upset about?

Flags: needinfo?(twsmith)

I'm not sure, can you get that information from Valgrind? If so I'd enable that.

Flags: needinfo?(twsmith)

(In reply to Tyson Smith [:tsmith] from comment #2)

I'm not sure, can you get that information from Valgrind? If so I'd enable that.

Lets redirect to one of our Valgrind experts. Nick, I'm not sure if you're familiar with this part of Valgrind, but do you know if we can get more actionable info here?

Flags: needinfo?(n.nethercote)

The "Uninitialised value was created by a stack allocation" message shows that Valgrind was run with --track-origins=yes, which already means it's doing extra work (beyond the default) to give more info about the source of the undefinedness.

https://github.com/lattera/glibc/blob/895ef79e04a953cac1493863bcae29ad85657ee1/intl/dcigettext.c#L661 suggests (assuming that code matches the code on the machine in question) that something in the alloca'd memory is being used without being initialized. I don't know why stack-walking would hit that, seems a bit weird.

Flags: needinfo?(n.nethercote)

ASAN also tripped in that function, so I MOZ_ASAN_BLACKLISTed it in https://bugzilla.mozilla.org/show_bug.cgi?id=1528842
Could this be related?
(And is there a real issue, which I should have not hidden under the ASAN carpet?)

Priority: -- → P3

In an attempt to avoid false positives I re-ran using:
Valgrind master commit 965876e22b863bca1cbe7db9578e648397a705a7
m-c commit 92d1c344e7c5 (built with GCC 7.3.0 and -g -O0)

I here is the result:

==4922== Thread 11 BHMgr Monitor:
==4922== Conditional jump or move depends on uninitialised value(s)
==4922==    at 0x116EA1: mozilla::FramePointerStackWalk(void (*)(unsigned int, void*, void*, void*), unsigned int, unsigned int, void*, void**, void*) (StackWalk.cpp:858)
==4922==    by 0x16D850F2: DoFramePointerBacktrace(mozilla::BaseAutoLock<PSMutex&> const&, RegisteredThread const&, Registers const&, NativeStack&) (platform.cpp:1317)
==4922==    by 0x16D8E74D: profiler_suspend_and_sample_thread(int, unsigned int, ProfilerStackCollector&, bool)::{lambda(Registers const&)#1}::operator()(Registers const&) const (platform.cpp:4044)
==4922==    by 0x16D94737: void Sampler::SuspendAndSampleAndResumeThread<profiler_suspend_and_sample_thread(int, unsigned int, ProfilerStackCollector&, bool)::{lambda(Registers const&)#1}>(mozilla::BaseAutoLock<PSMutex&> const&, RegisteredThread const&, profiler_suspend_and_sample_thread(int, unsigned int, ProfilerStackCollector&, bool)::{lambda(Registers const&)#1} const&) (platform-linux-android.cpp:329)
==4922==    by 0x16D8EA11: profiler_suspend_and_sample_thread(int, unsigned int, ProfilerStackCollector&, bool) (platform.cpp:4033)
==4922==    by 0x16EFBB4A: mozilla::ThreadStackHelper::GetStack(mozilla::HangStack&, nsTSubstring<char>&, bool) (ThreadStackHelper.cpp:137)
==4922==    by 0x16EF8604: mozilla::BackgroundHangManager::RunMonitorThread() (BackgroundHangMonitor.cpp:375)
==4922==    by 0x16EFD37F: mozilla::BackgroundHangManager::MonitorThread(void*) (BackgroundHangMonitor.cpp:79)
==4922==    by 0x407D803: _pt_root (ptthread.c:201)
==4922==    by 0x4E446DA: start_thread (pthread_create.c:463)
==4922==    by 0x5CC088E: clone (clone.S:95)
==4922==  Uninitialised value was created by a stack allocation
==4922==    at 0x1184556E: base::MessagePumpLibevent::ScheduleWork() (message_pump_libevent.cc:365)
==4922==
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.