Open Bug 1563679 Opened 5 years ago Updated 2 years ago

double free or corruption in gtest ArenaAllocator without jemalloc

Categories

(Testing :: GTest, defect, P3)

68 Branch
defect

Tracking

(Not tracked)

People

(Reporter: msirringhaus, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

Building mozilla-esr68 with --disable-jemalloc and repeatedly running ./mach gtest ArenaAllocator*

Noticed the failures on an s390x machine. After activating --disable-jemalloc, this can be reproduced on an x86_64 machine as well.

Actual results:

Test fails either in ArenaAllocator.MemoryIsValid with double free or corruption (!prev) or in ArenaAllocator.AllocationsPerChunk with an actual gtest-failure (ASSERT_EQ of 2 addresses fails).
The failure seems due to the fact that filling up the ArenaChunk with small Allocations fails at some point.

Expected results:

Tests succeed.

This seems to have happend before: #1353882 and #1358163 mention the same location of test-aborts. But the solution was to simply deactivate that test, it seems.

Looked at the code in question and couldn't find a place where disabling of jemalloc might make a difference.
The bug might be somewhere else and only get triggered because of different addresses returned by malloc.
I somehow suspect AlignedSize(), but couldn't yet trigger any ill behavior.

Just found bug 1358744, which is still open and seems to be the same issue.

Sebastian, this is a duplicate after bug 1358744?

Component: Untriaged → GTest
Flags: needinfo?(aryx.bugmail)
Product: Firefox → Testing

This bug has more info (thank you msirringhaus) - set the other one as duplicate and kept this one open.

Flags: needinfo?(aryx.bugmail)
Status: UNCONFIRMED → NEW
Ever confirmed: true

The priority flag is not set for this bug.
:ahal, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(ahal)
Flags: needinfo?(ahal)
Priority: -- → P3
Severity: normal normal → S3 S3
You need to log in before you can comment on or make changes to this bug.