Closed Bug 1567292 Opened 6 years ago Closed 6 years ago

LeakSanitizer: [@ js::Mutex::heldMutexStack] with evalInWorker

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox-esr68 --- wontfix
firefox68 --- wontfix
firefox69 --- wontfix
firefox70 --- fixed

People

(Reporter: gkw, Assigned: pbone)

References

Details

(4 keywords, Whiteboard: [jsbugmon:update])

Attachments

(2 files)

Detailed Crash Information
2.45 KB, text/plain
Details
Bug 1567292 - Shutdown the mutex checking code in worker threads r=tcampbell
47 bytes, text/x-phabricator-request
Details | Review

The following testcase crashes on mozilla-central revision ca1dbd076e1e (build with --enable-debug --enable-address-sanitizer, run with --fuzzing-safe --ion-offthread-compile=off --no-baseline --no-ion and the environment variables ASAN_OPTIONS=detect_leaks=1 LSAN_OPTIONS=max_leaks=1):

evalInWorker("");

Backtrace:

The 1 top leak(s):
Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x55f0030649f3 in __interceptor_malloc (/home/ubuntu/shell-cache/js-dbg-64-asan-linux-x86_64-ca1dbd076e1e/js-dbg-64-asan-linux-x86_64-ca1dbd076e1e+0x262c9f3)
    #1 0x55f0045b7866 in js_arena_malloc(unsigned long, unsigned long) /home/ubuntu/shell-cache/js-dbg-64-asan-linux-x86_64-ca1dbd076e1e/objdir-js/dist/include/js/Utility.h:392:10
    #2 0x55f0045b7866 in js_malloc(unsigned long) /home/ubuntu/shell-cache/js-dbg-64-asan-linux-x86_64-ca1dbd076e1e/objdir-js/dist/include/js/Utility.h:396
    #3 0x55f0045b7866 in mozilla::Vector<js::Mutex const*, 0ul, mozilla::MallocAllocPolicy>* js_new<mozilla::Vector<js::Mutex const*, 0ul, mozilla::MallocAllocPolicy> >() /home/ubuntu/shell-cache/js-dbg-64-asan-linux-x86_64-ca1dbd076e1e/objdir-js/dist/include/js/Utility.h:545
    #4 0x55f0045b7866 in js::Mutex::heldMutexStack() js/src/threading/Mutex.cpp:31
    #5 0x55f0045b7cb9 in js::Mutex::lock() js/src/threading/Mutex.cpp:41:17
/snip

For detailed crash information, see attachment.

Type: task → defect

autobisectjs shows this is probably related to the following changeset:

The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/138edceae4d9
user: Jason Orendorff
date: Fri Jun 07 19:42:34 2019 +0000
summary: Bug 1556119 - Fix 64-byte memory leak in evalInWorker() shell builtin. r=fitzgen

I think this is only when the previous leak got fixed, the actual leak here in comment 0 should go back further than that. However, I'm not sure how best to proceed, so setting needinfo? from Paul (who fixed the previous similar leak in bug 1562437) as a start. If not, please feel free to forward the needinfo? to the right person.

Flags: needinfo?(pbone)
Summary: LeakSanitizer: [@ js::Mutex::heldMutexStack] → LeakSanitizer: [@ js::Mutex::heldMutexStack] with evalInWorker
Assignee: nobody → pbone
Status: NEW → ASSIGNED
Flags: needinfo?(pbone)
Priority: -- → P2
See Also: → 1568410
Pushed by pbone@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4d97b1a7004d Shutdown the mutex checking code in worker threads r=tcampbell

https://hg.mozilla.org/mozilla-central/rev/4d97b1a7004d

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox70: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: