Closed
Bug 1943823
Opened 1 year ago
Closed 1 year ago
LSan: Direct leak of 256 byte(s) possibly [@ js::ArenaAllocPolicyBase::maybe_pod_arena_malloc]
Categories
(Core :: JavaScript Engine: JIT, defect, P2)
Tracking
()
RESOLVED
FIXED
136 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr128 | --- | unaffected |
| firefox134 | --- | unaffected |
| firefox135 | --- | unaffected |
| firefox136 | --- | fixed |
People
(Reporter: gkw, Assigned: iain)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: regression, reporter-external, testcase)
Attachments
(2 files)
setJitCompilerOption("offthread-compilation.enable", 1);
try {
x = y;
} catch (e) {
print(e);
}
Debug stack:
==2057271==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x648d630b857f in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
#1 0x648d6464185a in js_arena_malloc(unsigned long, unsigned long) /home/i32g7900a/shell-cache/js-64-asan-linux-x86_64-86db950c775f/objdir-js/dist/include/js/Utility.h:386:10
#2 0x648d6464185a in js::jit::RetAddrEntry* js_pod_arena_malloc<js::jit::RetAddrEntry>(unsigned long, unsigned long) /home/i32g7900a/shell-cache/js-64-asan-linux-x86_64-86db950c775f/objdir-js/dist/include/js/Utility.h:602:26
#3 0x648d6464185a in js::jit::RetAddrEntry* js::ArenaAllocPolicyBase::maybe_pod_arena_malloc<js::jit::RetAddrEntry>(unsigned long, unsigned long) /home/i32g7900a/shell-cache/js-64-asan-linux-x86_64-86db950c775f/objdir-js/dist/include/js/AllocPolicy.h:32:12
#4 0x648d6464185a in js::jit::RetAddrEntry* js::ArenaAllocPolicyBase::pod_arena_malloc<js::jit::RetAddrEntry>(unsigned long, unsigned long) /home/i32g7900a/shell-cache/js-64-asan-linux-x86_64-86db950c775f/objdir-js/dist/include/js/AllocPolicy.h:45:12
#5 0x648d6464185a in js::jit::RetAddrEntry* js::AllocPolicyBase::pod_malloc<js::jit::RetAddrEntry>(unsigned long) /home/i32g7900a/shell-cache/js-64-asan-linux-x86_64-86db950c775f/objdir-js/dist/include/js/AllocPolicy.h:75:12
/snip
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/f4948f1d7709
user: Iain Ireland
date: Tue Jan 07 22:17:19 2025 +0000
summary: Bug 1935289: Compile baseline code offthread r=jandem
Run with --fuzzing-safe --ion-offthread-compile=off --ion-eager and environment variable ASAN_OPTIONS=detect_leaks=1, compile with AR=ar sh ../configure --enable-fuzzing --without-sysroot --enable-address-sanitizer --disable-jemalloc --disable-stdcxx-compat --enable-undefined-sanitizer --with-ccache --enable-nspr-build --enable-ctypes --enable-gczeal --enable-rust-simd --disable-tests, tested on m-c rev 86db950c775f.
Iain, is bug 1935289 a likely regressor?
Flags: needinfo?(iireland)
Comment 1•1 year ago
|
||
Set release status flags based on info from the regressing bug 1935289
status-firefox134:
--- → unaffected
status-firefox135:
--- → unaffected
status-firefox-esr128:
--- → unaffected
| Assignee | ||
Comment 2•1 year ago
|
||
Ah, good catch. We free the offthread macroassembler in BaselineCompileTask::FinishOffThreadTask, but I didn't notice that there are non-temporary allocations in the baseline compiler too.
Assignee: nobody → iireland
Severity: -- → S4
Flags: needinfo?(iireland)
Priority: -- → P2
| Assignee | ||
Comment 3•1 year ago
|
||
Pushed by iireland@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e80e164336c2
Avoid leaking BaselineCompiler r=jandem
Comment 5•1 year ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•