Open Bug 1725085 Opened 3 years ago Updated 1 year ago

LeakSanitizer: Direct leak [@ js::TenuringTracer::moveSlotsToTenured]

Categories

(Core :: JavaScript: GC, defect, P3)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox92 --- affected
firefox93 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 3 open bugs)

Details

(Keywords: testcase)

Attachments

(1 file)

testcase.html
457 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20210620-95970359b68e (--enable-address-sanitizer --enable-fuzzing)

To help catch this issue ASAN_OPTIONS=detect_leaks=1 was used.

==160208==ERROR: LeakSanitizer: detected memory leaks

The 1 top leak(s):
Direct leak of 20992 byte(s) in 144 object(s) allocated from:
    #0 0x55b9445083cd in malloc /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x7f98967dd787 in js::HeapSlot* js::MallocProvider<JS::Zone>::pod_arena_malloc<js::HeapSlot>(unsigned long, unsigned long) /gecko/js/src/vm/MallocProvider.h:109:12
    #2 0x7f98967aef37 in pod_malloc<js::HeapSlot> /gecko/js/src/vm/MallocProvider.h:127:12
    #3 0x7f98967aef37 in js::TenuringTracer::moveSlotsToTenured(js::NativeObject*, js::NativeObject*) /gecko/js/src/gc/Marking.cpp:3276:15
    #4 0x7f98967aadea in js::TenuringTracer::moveToTenuredSlow(JSObject*) /gecko/js/src/gc/Marking.cpp:3200:20
    #5 0x7f98967ad9f0 in DispatchToOnEdge /gecko/js/src/gc/Tracer.h:333:15
    #6 0x7f98967ad9f0 in trace /gecko/js/src/gc/Marking.cpp:3057:11
    #7 0x7f98967ad9f0 in js::gc::StoreBuffer::MonoTypeBuffer<js::gc::StoreBuffer::CellPtrEdge<JSObject> >::trace(js::TenuringTracer&) /gecko/js/src/gc/Marking.cpp:2828:15
    #8 0x7f98967c234a in js::Nursery::doCollection(JS::GCReason) /gecko/js/src/gc/Nursery.cpp:1234:6
    #9 0x7f98967c1456 in js::Nursery::collect(JS::GCOptions, JS::GCReason) /gecko/js/src/gc/Nursery.cpp:1104:31
    #10 0x7f9896765c96 in js::gc::GCRuntime::collectNursery(JS::GCOptions, JS::GCReason, js::gcstats::PhaseKind) /gecko/js/src/gc/GC.cpp:8194:13
    #11 0x7f9896763f6b in collectNurseryFromMajorGC /gecko/js/src/gc/GC.cpp:7353:3
    #12 0x7f9896763f6b in js::gc::GCRuntime::incrementalSlice(js::SliceBudget&, mozilla::Maybe<JS::GCOptions> const&, JS::GCReason, bool) /gecko/js/src/gc/GC.cpp:7188:9
    #13 0x7f9896769800 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget const&, mozilla::Maybe<JS::GCOptions> const&, JS::GCReason) /gecko/js/src/gc/GC.cpp:7751:3
    #14 0x7f989676af32 in js::gc::GCRuntime::collect(bool, js::SliceBudget const&, mozilla::Maybe<JS::GCOptions> const&, JS::GCReason) /gecko/js/src/gc/GC.cpp:7960:9
    #15 0x7f9896770ee2 in gc /gecko/js/src/gc/GC.cpp:8040:3
    #16 0x7f9896770ee2 in JS::NonIncrementalGC(JSContext*, JS::GCOptions, JS::GCReason) /gecko/js/src/gc/GC.cpp:8896:21
    #17 0x7f9889a52509 in nsCycleCollector::FixGrayBits(bool, TimeLog&) /gecko/xpcom/base/nsCycleCollector.cpp:3272:19
    #18 0x7f9889a53bb0 in nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) /gecko/xpcom/base/nsCycleCollector.cpp:3578:3
    #19 0x7f9889a532ee in nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) /gecko/xpcom/base/nsCycleCollector.cpp:3407:9
    #20 0x7f9889a52de5 in nsCycleCollector::ShutdownCollect() /gecko/xpcom/base/nsCycleCollector.cpp:3350:20
    #21 0x7f9889a54e26 in nsCycleCollector::Shutdown(bool) /gecko/xpcom/base/nsCycleCollector.cpp:3644:5
    #22 0x7f9889a56c43 in nsCycleCollector_shutdown(bool) /gecko/xpcom/base/nsCycleCollector.cpp:3959:18
    #23 0x7f9889c7c92b in mozilla::ShutdownXPCOM(nsIServiceManager*) /gecko/xpcom/build/XPCOMInit.cpp:709:3
    #24 0x7f98957b796b in ScopedXPCOMStartup::~ScopedXPCOMStartup() /gecko/toolkit/xre/nsAppRunner.cpp:1683:5

Objects leaked above:
0x60600019d000 (64 bytes)
0x60600019d060 (64 bytes)
0x60600019d0c0 (64 bytes)
0x60600019d180 (64 bytes)
0x60600019d300 (64 bytes)
0x60600019d3c0 (64 bytes)
0x60600019d480 (64 bytes)
0x60600019d4e0 (64 bytes)
0x60600019d540 (64 bytes)
0x60600019d5a0 (64 bytes)
0x60600019d900 (64 bytes)
0x60600019dc00 (64 bytes)
0x60600019dc60 (64 bytes)
0x60600019dcc0 (64 bytes)
0x60600019dd80 (64 bytes)
0x60600019dde0 (64 bytes)
0x60600019de40 (64 bytes)
0x60600019e080 (64 bytes)
0x60600019e1a0 (64 bytes)
0x60600019e200 (64 bytes)
0x60600019e260 (64 bytes)
0x60600019e320 (64 bytes)
0x60600019e3e0 (64 bytes)
0x60600019e440 (64 bytes)
0x60600019e500 (64 bytes)
0x60600019e620 (64 bytes)
0x60600019e680 (64 bytes)
0x60600019e6e0 (64 bytes)
0x60600019e7a0 (64 bytes)
0x60600019e860 (64 bytes)
0x60600019e8c0 (64 bytes)
0x60600019e980 (64 bytes)
0x60600019ea40 (64 bytes)
0x60600019eb00 (64 bytes)
0x60600019ec80 (64 bytes)
0x60600019ece0 (64 bytes)
0x60600019eda0 (64 bytes)
0x60600019eec0 (64 bytes)
0x6060003b3cc0 (64 bytes)
0x6060003b3d20 (64 bytes)
0x6060003b3d80 (64 bytes)
0x6060003b41a0 (64 bytes)
0x6060003b42c0 (64 bytes)
0x6060003b4380 (64 bytes)
0x6060003b4500 (64 bytes)
0x6060003b45c0 (64 bytes)
0x6060003b4680 (64 bytes)
0x6060003b46e0 (64 bytes)
0x6060003b4740 (64 bytes)
0x6060003b4860 (64 bytes)
0x6060003b48c0 (64 bytes)
0x6060003b4920 (64 bytes)
0x6060003b4980 (64 bytes)
0x6060008a6620 (64 bytes)
0x6060008a6680 (64 bytes)
0x6060008a7040 (64 bytes)
0x6060008a7460 (64 bytes)
0x6060008a7820 (64 bytes)
0x6060008a79a0 (64 bytes)
0x6060008a7b20 (64 bytes)
0x6060008a7be0 (64 bytes)
0x6060008a7d60 (64 bytes)
0x6060008a7e20 (64 bytes)
0x6060008a7e80 (64 bytes)
0x6060008a7fa0 (64 bytes)
0x6060008a8000 (64 bytes)
0x6060008a8060 (64 bytes)
0x6060008a80c0 (64 bytes)
0x6060008a8120 (64 bytes)
0x6060008a8180 (64 bytes)
0x6060008a8240 (64 bytes)
0x6060008a84e0 (64 bytes)
0x6060008a8720 (64 bytes)
0x6060008a8780 (64 bytes)
0x6060008a87e0 (64 bytes)
0x6060008a88a0 (64 bytes)
0x6060008a8900 (64 bytes)
0x6060008a89c0 (64 bytes)
0x6060008a8a20 (64 bytes)
0x6060008a8ae0 (64 bytes)
0x6060008a8c60 (64 bytes)
0x6060008a8cc0 (64 bytes)
0x6060008a8d80 (64 bytes)
0x6060008a8ea0 (64 bytes)
0x6060008a8f00 (64 bytes)
0x6060008a8fc0 (64 bytes)
0x6060008a9080 (64 bytes)
0x6060008a90e0 (64 bytes)
0x6060008a9140 (64 bytes)
0x6060008a91a0 (64 bytes)
0x6060008a9200 (64 bytes)
0x6060008a92c0 (64 bytes)
0x6060008a9320 (64 bytes)
0x6060008a9380 (64 bytes)
0x6060008a93e0 (64 bytes)
0x6060008a94a0 (64 bytes)
0x6060008a9500 (64 bytes)
0x6060008a9620 (64 bytes)
0x6060008a97a0 (64 bytes)
0x6060008a9800 (64 bytes)
0x6060008a9920 (64 bytes)
0x6060008a99e0 (64 bytes)
0x60c000b3fe00 (128 bytes)
0x60c000b61340 (128 bytes)
0x60c000b614c0 (128 bytes)
0x60c000b617c0 (128 bytes)
0x60c000b61c40 (128 bytes)
0x60c000b62e40 (128 bytes)
0x60c000b63a40 (128 bytes)
0x60c000b63b00 (128 bytes)
0x60c0011abb00 (128 bytes)
0x60c0011ad0c0 (128 bytes)
0x60c0011b0600 (128 bytes)
0x60c0011b1a40 (128 bytes)
0x60c0011b7b00 (128 bytes)
0x60c0011bc480 (128 bytes)
0x60c0011bcc00 (128 bytes)
0x60c0011be100 (128 bytes)
0x60c0011bf300 (128 bytes)
0x6110002e5940 (256 bytes)
0x6110002e5a80 (256 bytes)
0x6110002e5bc0 (256 bytes)
0x6110008c1f80 (256 bytes)
0x6110008c2340 (256 bytes)
0x61100099bdc0 (256 bytes)
0x611000a8bc80 (256 bytes)
0x611000a8bf00 (256 bytes)
0x611000a8c180 (256 bytes)
0x611000a8c2c0 (256 bytes)
0x611000a8c540 (256 bytes)
0x611000a8c900 (256 bytes)
0x611000a8ca40 (256 bytes)
0x611000a8ce00 (256 bytes)
0x615000a15980 (512 bytes)
0x615000a16600 (512 bytes)
0x615000a1c000 (512 bytes)
0x615000a24700 (512 bytes)
0x615000a24980 (512 bytes)
0x619000671b80 (1024 bytes)
0x619000672a80 (1024 bytes)
0x619000673980 (1024 bytes)
0x619000691980 (1024 bytes)
0x619000693280 (1024 bytes)
0x619000cafd80 (1024 bytes)
Flags: in-testsuite?
Severity: -- → S2
Priority: -- → P3
Blocks: LSan
Severity: S2 → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: