Firefox build with --enable-replace-malloc crashes when using tcmalloc

RESOLVED INVALID

Status

Firefox Build System
General
--
critical
RESOLVED INVALID
5 years ago
2 months ago

People

(Reporter: Octoploid, Unassigned)

Tracking

({crash})

23 Branch
x86_64
Linux
crash

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0
Build ID: 20130427114313

Steps to reproduce:

Build Firefox with --enable-replace-malloc .
Start Firefox:
LD_PRELOAD="/usr/lib/libtcmalloc.so" /usr/lib/firefox/firefox-bin



Actual results:

Firefox crashes.


Expected results:

Firefox should run and use libtcmalloc.

Comment 1

5 years ago
Please provide a stack trace (see https://developer.mozilla.org/docs/How_to_get_a_stacktrace_for_a_bug_report).
Severity: normal → critical
Flags: needinfo?(octoploid)
Keywords: crash, stackwanted
(Reporter)

Comment 2

5 years ago
Backtrace without debug info:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004135e2 in ?? ()
(gdb) bt
#0  0x00000000004135e2 in ?? ()
#1  0x00007ffff792b34a in get_cached_stack (memp=<synthetic pointer>, sizep=<synthetic pointer>) at allocatestack.c:248
#2  allocate_stack (stack=<synthetic pointer>, pdp=<synthetic pointer>, attr=0x7fffffffc7b0) at allocatestack.c:485
#3  __pthread_create_2_1 (newthread=0x7fffffffc7a0, attr=0x7fffffffc7b0, start_routine=0x7ffff6eee8a0, arg=0x7fffd657bd00) at pthread_create.c:457
#4  0x00007ffff6eee5e0 in ?? () from /usr/lib64/firefox/libnspr4.so
#5  0x00007ffff6eeeb38 in PR_CreateThread () from /usr/lib64/firefox/libnspr4.so
#6  0x00007ffff5cc9c79 in ?? () from /usr/lib64/firefox/libxul.so
#7  0x00007ffff5cca0b2 in ?? () from /usr/lib64/firefox/libxul.so
...

will post a full backtrace with debug info tomorrow.
Flags: needinfo?(octoploid)
(Reporter)

Comment 3

5 years ago
...
Program received signal SIGSEGV, Segmentation fault.
arena_dalloc (ptr=ptr@entry=0x532038, offset=offset@entry=204856) at /home/markus/mozilla-central/memory/mozjemalloc/jemalloc.c:4668
4668            RELEASE_ASSERT(arena->magic == ARENA_MAGIC);
(gdb) bt
#0  arena_dalloc (ptr=ptr@entry=0x532038, offset=offset@entry=204856) at /home/markus/mozilla-central/memory/mozjemalloc/jemalloc.c:4668
#1  0x000000000041a12a in je_free (ptr=ptr@entry=0x532038) at /home/markus/mozilla-central/memory/mozjemalloc/jemalloc.c:6597
#2  0x000000000040ff7f in free (ptr=0x532038) at /home/markus/mozilla-central/memory/build/replace_malloc.c:200
#3  0x00007ffff792b34a in get_cached_stack (memp=<synthetic pointer>, sizep=<synthetic pointer>) at allocatestack.c:248
#4  allocate_stack (stack=<synthetic pointer>, pdp=<synthetic pointer>, attr=0x7fffffffae60) at allocatestack.c:485
#5  __pthread_create_2_1 (newthread=newthread@entry=0x7fffffffae58, attr=attr@entry=0x7fffffffae60, start_routine=start_routine@entry=0x7ffff6ee7566 <_pt_root>, 
    arg=arg@entry=0x7fffce031010) at pthread_create.c:457
#6  0x00007ffff6ee735e in _PR_CreateThread (type=PR_USER_THREAD, start=0x7ffff4c2fed0 <nsThread::ThreadFunc(void*)>, arg=0x7fffcf7e6c80, priority=PR_PRIORITY_NORMAL, 
    scope=PR_GLOBAL_THREAD, state=PR_JOINABLE_THREAD, stackSize=stackSize@entry=0, isGCAble=isGCAble@entry=0)
    at /home/markus/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:444
#7  0x00007ffff6ee7c86 in PR_CreateThread (type=<optimized out>, start=<optimized out>, arg=<optimized out>, priority=<optimized out>, scope=<optimized out>, 
    state=<optimized out>, stackSize=0) at /home/markus/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:527
#8  0x00007ffff4c30421 in nsThread::Init (this=this@entry=0x7fffcf7e6c80) at /home/markus/mozilla-central/xpcom/threads/nsThread.cpp:333
#9  0x00007ffff4c3132a in nsThreadManager::NewThread (this=<optimized out>, creationFlags=creationFlags@entry=0, stackSize=stackSize@entry=0, result=0x7fffffffafa0)
    at /home/markus/mozilla-central/xpcom/threads/nsThreadManager.cpp:221
#10 0x00007ffff4c32c63 in nsThreadPool::PutEvent (this=this@entry=0x7fffeac6bc40, event=event@entry=0x7fffcda0e6c0)
    at /home/markus/mozilla-central/xpcom/threads/nsThreadPool.cpp:89
#11 0x00007ffff4c33204 in nsThreadPool::Dispatch (this=0x7fffeac6bc40, event=0x7fffcda0e6c0, flags=0) at /home/markus/mozilla-central/xpcom/threads/nsThreadPool.cpp:230
#12 0x00007ffff30ff41f in nsStreamTransportService::Dispatch (this=0x7fffe92cd490, task=0x7fffcda0e6c0, flags=0)
    at /home/markus/mozilla-central/netwerk/base/src/nsStreamTransportService.cpp:466
#13 0x00007ffff4c0d44d in PostContinuationEvent_Locked (this=0x7fffcda0e6b0) at /home/markus/mozilla-central/xpcom/io/nsStreamUtils.cpp:434
#14 PostContinuationEvent (this=0x7fffcda0e6b0) at /home/markus/mozilla-central/xpcom/io/nsStreamUtils.cpp:425
#15 nsAStreamCopier::OnInputStreamReady (this=0x7fffcda0e6b0, source=<optimized out>) at /home/markus/mozilla-central/xpcom/io/nsStreamUtils.cpp:389
#16 0x00007ffff4c0b870 in nsPipeEvents::~nsPipeEvents (this=0x7fffffffb120, __in_chrg=<optimized out>) at /home/markus/mozilla-central/xpcom/io/nsPipe3.cpp:587
#17 0x00007ffff4c0bdb4 in nsPipe::AdvanceWriteCursor (this=0x7fffd34d5080, bytesWritten=4096) at /home/markus/mozilla-central/xpcom/io/nsPipe3.cpp:545
#18 0x00007ffff4c0ca4b in nsPipeOutputStream::WriteSegments (this=0x7fffd34d50e8, 
    reader=0x7ffff4c09b83 <nsReadFromRawBuffer(nsIOutputStream*, void*, char*, uint32_t, uint32_t, uint32_t*)>, closure=0x7fffcc6bb000, count=12518, 
    writeCount=0x7fffffffb430) at /home/markus/mozilla-central/xpcom/io/nsPipe3.cpp:1130
#19 0x00007ffff4c09879 in nsPipeOutputStream::Write (this=<optimized out>, fromBuf=<optimized out>, bufLen=<optimized out>, writeCount=<optimized out>)
    at /home/markus/mozilla-central/xpcom/io/nsPipe3.cpp:1155
#20 0x00007ffff4c59380 in NS_InvokeByIndex (that=0x7fffd34d50e8, methodIndex=<optimized out>, paramCount=<optimized out>, params=<optimized out>)
    at /home/markus/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:164
#21 0x00007ffff41c6809 in Invoke (this=0x7fffffffb3c0) at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedNative.cpp:2945
#22 CallMethodHelper::Call (this=this@entry=0x7fffffffb3c0) at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedNative.cpp:2280
#23 0x00007ffff41c71b4 in XPCWrappedNative::CallMethod (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD)
    at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedNative.cpp:2246
#24 0x00007ffff41d61cc in XPC_WN_CallMethod (cx=0x7fffede5cca0, argc=2, vp=<optimized out>) at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1485
#25 0x00007ffff52202b8 in js::CallJSNative (cx=0x7fffede5cca0, native=0x7ffff41d5d3d <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /home/markus/mozilla-central/js/src/jscntxtinlines.h:337
#26 0x00007ffff52365fe in js::InvokeKernel (cx=cx@entry=0x7fffede5cca0, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /home/markus/mozilla-central/js/src/jsinterp.cpp:428
#27 0x00007ffff5231a07 in js::Interpret (cx=cx@entry=0x7fffede5cca0, entryFrame=entryFrame@entry=0x7fffecfff050, interpMode=interpMode@entry=js::JSINTERP_NORMAL, 
    useNewType=useNewType@entry=false) at /home/markus/mozilla-central/js/src/jsinterp.cpp:2404
#28 0x00007ffff52361ed in js::RunScript (cx=cx@entry=0x7fffede5cca0, fp=0x7fffecfff050) at /home/markus/mozilla-central/js/src/jsinterp.cpp:385
#29 0x00007ffff5236903 in js::InvokeKernel (cx=cx@entry=0x7fffede5cca0, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /home/markus/mozilla-central/js/src/jsinterp.cpp:442
#30 0x00007ffff5236cf0 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7fffede5cca0) at /home/markus/mozilla-central/js/src/jsinterp.h:134
#31 js::Invoke (cx=cx@entry=0x7fffede5cca0, thisv=..., fval=..., argc=argc@entry=1, argv=argv@entry=0x7fffffffc490, rval=rval@entry=0x7fffffffc400)
    at /home/markus/mozilla-central/js/src/jsinterp.cpp:475
#32 0x00007ffff5131e69 in JS_CallFunctionValue (cx=cx@entry=0x7fffede5cca0, objArg=<optimized out>, fval=..., argc=argc@entry=1, argv=argv@entry=0x7fffffffc490, 
    rval=rval@entry=0x7fffffffc400) at /home/markus/mozilla-central/js/src/jsapi.cpp:5842
#33 0x00007ffff41bb5e5 in nsXPCWrappedJSClass::CallMethod (this=<optimized out>, wrapper=<optimized out>, methodIndex=3, info_=<optimized out>, nativeParams=0x7fffffffc830)
    at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedJSClass.cpp:1435
#34 0x00007ffff41af47a in nsXPCWrappedJS::CallMethod (this=0x7fffea059500, methodIndex=<optimized out>, info=0x7fffedea2dd8, params=0x7fffffffc830)
    at /home/markus/mozilla-central/js/xpconnect/src/XPCWrappedJS.cpp:578
#35 0x00007ffff4c5a0d8 in PrepareAndDispatch (self=0x7fffe88eaf80, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffc930, fpregs=0x7fffffffc960)
    at /home/markus/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:123
#36 0x00007ffff4c593e7 in SharedStub () from /var/tmp/firefox-destdir/usr/lib/firefox-23.0a1/libxul.so
#37 0x00007ffff4c0e4d4 in nsOutputStreamReadyEvent::Run (this=0x7fffcc6139c0) at /home/markus/mozilla-central/xpcom/io/nsStreamUtils.cpp:160
#38 0x00007ffff4c2f325 in nsThread::ProcessNextEvent (this=0x7ffff6f5bd50, mayWait=<optimized out>, result=<optimized out>)
    at /home/markus/mozilla-central/xpcom/threads/nsThread.cpp:627
#39 0x00007ffff4bc95f2 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false) at /var/tmp/moz-build-dir/xpcom/build/nsThreadUtils.cpp:238
#40 0x00007ffff469c9e3 in mozilla::ipc::MessagePump::Run (this=0x7ffff6fd4940, aDelegate=0x7ffff6ff80b0) at /home/markus/mozilla-central/ipc/glue/MessagePump.cpp:82
#41 0x00007ffff4c71496 in MessageLoop::RunInternal (this=this@entry=0x7ffff6ff80b0) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:219
#42 0x00007ffff4c714a7 in MessageLoop::RunHandler (this=this@entry=0x7ffff6ff80b0) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:212
#43 0x00007ffff4c717cb in MessageLoop::Run (this=0x7ffff6ff80b0) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:186
#44 0x00007ffff45b06df in nsBaseAppShell::Run (this=0x7fffeb1590f0) at /home/markus/mozilla-central/widget/xpwidgets/nsBaseAppShell.cpp:163
#45 0x00007ffff433af55 in nsAppStartup::Run (this=0x7fffeb121b50) at /home/markus/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:289
#46 0x00007ffff30a52ab in XREMain::XRE_mainRun (this=this@entry=0x7fffffffce10) at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:3879
#47 0x00007ffff30a561d in XREMain::XRE_main (this=this@entry=0x7fffffffce10, argc=argc@entry=1, argv=argv@entry=0x7fffffffe2f8, aAppData=aAppData@entry=0x7fffffffd020)
    at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:3946
#48 0x00007ffff30a586e in XRE_main (argc=1, argv=0x7fffffffe2f8, aAppData=0x7fffffffd020, aFlags=<optimized out>)
    at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:4147
#49 0x0000000000403623 in do_main (argc=argc@entry=1, argv=argv@entry=0x7fffffffe2f8, xreDirectory=0x7ffff6f2a600)
    at /home/markus/mozilla-central/browser/app/nsBrowserApp.cpp:271
#50 0x0000000000403718 in main (argc=1, argv=0x7fffffffe2f8) at /home/markus/mozilla-central/browser/app/nsBrowserApp.cpp:576

Updated

5 years ago
Component: Untriaged → Build Config
Keywords: stackwanted
Product: Firefox → Core
Do you have both --enable-replace-malloc and --enable-jemalloc set?
(In reply to Octoploid from comment #0)
> Build Firefox with --enable-replace-malloc .
> Start Firefox:
> LD_PRELOAD="/usr/lib/libtcmalloc.so" /usr/lib/firefox/firefox-bin

Since you're using /usr/lib/libtcmalloc.so, I guess it's a lib that provides malloc, free and other functions. That's not how replace malloc works. See http://glandium.org/blog/?p=2848
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
(Reporter)

Comment 6

5 years ago
(In reply to Mike Hommey [:glandium] from comment #5)
> (In reply to Octoploid from comment #0)
> > Build Firefox with --enable-replace-malloc .
> > Start Firefox:
> > LD_PRELOAD="/usr/lib/libtcmalloc.so" /usr/lib/firefox/firefox-bin
> 
> Since you're using /usr/lib/libtcmalloc.so, I guess it's a lib that provides
> malloc, free and other functions. That's not how replace malloc works. See
> http://glandium.org/blog/?p=2848

Then replace-malloc is pretty much useless at the moment. Why don't you implement
a generic mechanism that can be used with any malloc library, as the name replace-malloc
seems to imply?
(In reply to Octoploid from comment #6)
> (In reply to Mike Hommey [:glandium] from comment #5)
> > (In reply to Octoploid from comment #0)
> > > Build Firefox with --enable-replace-malloc .
> > > Start Firefox:
> > > LD_PRELOAD="/usr/lib/libtcmalloc.so" /usr/lib/firefox/firefox-bin
> > 
> > Since you're using /usr/lib/libtcmalloc.so, I guess it's a lib that provides
> > malloc, free and other functions. That's not how replace malloc works. See
> > http://glandium.org/blog/?p=2848
> 
> Then replace-malloc is pretty much useless at the moment.

It's not useless. It just doesn't work as you think it does.

> Why don't you implement
> a generic mechanism that can be used with any malloc library, as the name
> replace-malloc
> seems to imply?

Because that can't work. First and foremost, because LD_PRELOAD loaded libraries don't override symbols from the executable.
(Reporter)

Comment 8

5 years ago
(In reply to Mike Hommey [:glandium] from comment #7)
> (In reply to Octoploid from comment #6)
> > (In reply to Mike Hommey [:glandium] from comment #5)
> > > (In reply to Octoploid from comment #0)
> > > > Build Firefox with --enable-replace-malloc .
> > > > Start Firefox:
> > > > LD_PRELOAD="/usr/lib/libtcmalloc.so" /usr/lib/firefox/firefox-bin
> > > 
> > > Since you're using /usr/lib/libtcmalloc.so, I guess it's a lib that provides
> > > malloc, free and other functions. That's not how replace malloc works. See
> > > http://glandium.org/blog/?p=2848
> > 
> > Then replace-malloc is pretty much useless at the moment.
> 
> It's not useless. It just doesn't work as you think it does.

Ok. Just for the record: Building with --disable-jemalloc did the trick
and I can now preload tcmalloc (or any other allocator lib) without problems.

Updated

2 months ago
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.