valgrind: "Invalid read of size 8" from jemalloc [@ arena_run_dalloc] STEPS TO REPRODUCE 1. Build Firefox (x86_64 Linux) with: ac_add_options --enable-jemalloc ac_add_options --with-valgrind 2. run Firefox ACTUAL RESULTS On startup I get this once: ==3791== Invalid read of size 8 ==3791== at 0x40B332: arena_run_dalloc (jemalloc.c:3476) ==3791== by 0x40BA2C: arena_dalloc_small (jemalloc.c:4296) ==3791== by 0x40BEB1: arena_dalloc (jemalloc.c:4394) ==3791== by 0x40BFE8: idalloc (jemalloc.c:4410) ==3791== by 0x40E75F: free (jemalloc.c:6211) ==3791== by 0x8A157B8: (within /lib/libc-2.7.so) ==3791== by 0xB56D400: (within /lib/libselinux.so.1) ==3791== by 0xB56F021: (within /lib/libselinux.so.1) ==3791== by 0xB560BBA: (within /lib/libselinux.so.1) ==3791== by 0x7FEFFF587: ??? ==3791== by 0x400E165: (within /lib/ld-2.7.so) ==3791== by 0x400E28D: (within /lib/ld-2.7.so) ==3791== by 0x4000A99: (within /lib/ld-2.7.so) ==3791== by 0x0: ??? ==3791== by 0x7FEFFF93A: ??? ==3791== Address 0xce02008 is 8 bytes after a block of size 8,192 alloc'd ==3791== at 0x404698: arena_chunk_init (jemalloc.c:3187) ==3791== by 0x40AABC: arena_run_alloc (jemalloc.c:3364) ==3791== by 0x40ACA8: arena_bin_nonfull_run_get (jemalloc.c:3634) ==3791== by 0x40CA2E: arena_bin_malloc_hard (jemalloc.c:3698) ==3791== by 0x40CCE0: arena_malloc_small (jemalloc.c:3889) ==3791== by 0x40CF99: arena_malloc (jemalloc.c:3963) ==3791== by 0x40D8E6: imalloc (jemalloc.c:3975) ==3791== by 0x40FE46: malloc (jemalloc.c:5984) ==3791== by 0x8A15729: (within /lib/libc-2.7.so) ==3791== by 0xB56D400: (within /lib/libselinux.so.1) ==3791== by 0xB56F021: (within /lib/libselinux.so.1) ==3791== by 0xB560BBA: (within /lib/libselinux.so.1) ==3791== by 0x7FEFFF587: ??? ==3791== by 0x400E165: (within /lib/ld-2.7.so) ==3791== by 0x400E28D: (within /lib/ld-2.7.so) ==3791== by 0x4000A99: (within /lib/ld-2.7.so) ==3791== by 0x0: ??? ==3791== by 0x7FEFFF93A: ??? ==3791==

I recompiled jemalloc with "#undef MALLOC_PRODUCTION" and produced this log file with MALLOC_OPTIONS=U. It appears there was only one block allocated so far and this is a valid free() of it. Let me know if there is anything else I can do to help.

on 32bit linux I see: ==444== Invalid read of size 4 ==444== at 0x80575F4: arena_run_dalloc (jemalloc.c:3630) ==444== by 0x805A0E2: arena_dalloc_small (jemalloc.c:4450) ==444== by 0x805A7E6: arena_dalloc (jemalloc.c:4548) ==444== by 0x805A946: idalloc (jemalloc.c:4564) ==444== by 0x805E0BE: free (jemalloc.c:6387) ==444== by 0xC71F9F: (within /lib/libselinux.so.1) ==444== by 0xC7457C: (within /lib/libselinux.so.1) ==444== by 0xC628E3: (within /lib/libselinux.so.1) ==444== by 0xA73BDB: call_init (in /lib/ld-2.10.1.so) ==444== by 0xA73D40: _dl_init (in /lib/ld-2.10.1.so) ==444== by 0xA6488E: (within /lib/ld-2.10.1.so) ==444== Address 0x4706004 is not stack'd, malloc'd or (recently) free'd

We really need an owner here...

could this be related to the area_dalloc_small topcrash in bug 519356?

Daniel, I think they're unrelated; IIRC, this bug occurred extremely early in the startup; whereas bug 519356 seems to involve allocation of some object in Mozilla code. I can't reproduce this bug anymore in a local trunk debug build, x86_64 Linux. Bob, can you reproduce it? If not, I think we can resolve it WFM.

I think my running valgrind with jemalloc enabled resulted in bogus messages. I say lets WFM it.