LeakSanitizer: [@ js::Mutex::heldMutexStack]
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | wontfix |
| firefox68 | --- | wontfix |
| firefox69 | --- | wontfix |
| firefox70 | --- | fixed |
People
(Reporter: gkw, Assigned: pbone)
References
(Regression)
Details
(4 keywords, Whiteboard: [jsbugmon:update])
Attachments
(2 files)
The following testcase crashes on mozilla-central revision 900a0b127043 (build with --enable-debug --enable-more-deterministic --enable-address-sanitizer, run with --fuzzing-safe --no-threads --no-baseline --no-ion and the environment variable ASAN_OPTIONS=detect_leaks=1 LSAN_OPTIONS=max_leaks=1):
x = timeout(1);
Backtrace:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0xaaaae6c88d33 in malloc (/home/ubuntu/shell-cache/js-dbg-64-dm-asan-linux-aarch64-900a0b127043/js-dbg-64-dm-asan-linux-aarch64-900a0b127043+0xb39d33)
#1 0xaaaae80882eb in js_arena_malloc(unsigned long, unsigned long) /home/ubuntu/shell-cache/js-dbg-64-dm-asan-linux-aarch64-900a0b127043/objdir-js/dist/include/js/Utility.h:393:10
#2 0xaaaae80882eb in js_malloc(unsigned long) /home/ubuntu/shell-cache/js-dbg-64-dm-asan-linux-aarch64-900a0b127043/objdir-js/dist/include/js/Utility.h:397
#3 0xaaaae80882eb in mozilla::Vector<js::Mutex const*, 0ul, mozilla::MallocAllocPolicy>* js_new<mozilla::Vector<js::Mutex const*, 0ul, mozilla::MallocAllocPolicy>>() /home/ubuntu/shell-cache/js-dbg-64-dm-asan-linux-aarch64-900a0b127043/objdir-js/dist/include/js/Utility.h:546
#4 0xaaaae80882eb in js::Mutex::heldMutexStack() js/src/threading/Mutex.cpp:31
#5 0xaaaae8088757 in js::Mutex::lock() js/src/threading/Mutex.cpp:41:17
#6 0xaaaae6d4836f in js::LockGuard<js::Mutex>::LockGuard(js::Mutex&) js/src/threading/LockGuard.h:22:57
#7 0xaaaae6d4836f in WatchdogMain(JSContext*) js/src/shell/js.cpp:4266
/snip
For detailed crash information, see attachment.
|
Reporter | |
Comment 1•5 years ago
|
||
|
|
Reporter | |
Comment 2•5 years ago
|
||
Due to skipped revisions, the first bad revision could be any of:
changeset: https://hg.mozilla.org/mozilla-central/rev/32aab5bf983a
parent: 453862:cd696bc79dff
user: Emanuel Hoogeveen
date: Sat Dec 15 14:26:00 2018 +0200
summary: Bug 1502733 - Part 1: Clean up and refactor GC system memory allocation functions. r=sfink
changeset: https://hg.mozilla.org/mozilla-central/rev/ac29aabfda36
user: Emanuel Hoogeveen
date: Sun Jan 13 23:10:00 2019 +0200
summary: Bug 1502733 - Part 2: Allocate at randomly chosen aligned addresses on 64-bit platforms. r=sfink
Emanuel/Steve/Paul, is bug 1502733 a likely regressor?
|
||
Comment 3•5 years ago
|
||
My understanding is that this might be a shell-only issue which is leaking the thread-local HeldMutexStack by not calling js::Mutex::ShutDown on shutdown of the Watchdog thread of the JS shell.
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 4•5 years ago
|
||
(In reply to Nicolas B. Pierron [:nbp] from comment #3)
My understanding is that this might be a shell-only issue which is leaking the thread-local
HeldMutexStackby not callingjs::Mutex::ShutDownon shutdown of the Watchdog thread of the JS shell.
You're exactly right.
|
|
Assignee | |
Comment 5•5 years ago
|
||
Pushed by pbone@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2ab78a0e3a04 Call Mutex::Shutdown when the watchdog thread exits r=nbp
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
|
||
Updated•5 years ago
|
Description
•