Issue 594829 link

Starred by 1 user

Issue metadata

Status:	Untriaged
Owner:	----
Cc:	█ cpu@chromium.org wfh@chromium.org rockot@google.com
Components:	Internals>Sandbox
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
Stability-Memory-DrMemory

Handle leaks in content::StartSandboxedProcess

Project Member Reported by reillyg@chromium.org, Mar 14 2016

Issue description

Dr. Memory is seeing what look like both a process handle and a file handle leak in content::StartSandboxedProcess:

https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Content%20Browser%20%28DrMemory%20full%29%20%286%29/builds/3294

HANDLE LEAK: KERNEL handle 0x0000079c and 2 similar handle(s) were opened but not closed:
# 0 system call NtCreateUserProcess
# 1 KERNEL32.dll!CreateProcessInternalW                                 +0x768    (0x76fa4314 <KERNEL32.dll+0x24314>)
# 2 KERNEL32.dll!CreateProcessW                                         +0x2b     (0x76f91069 <KERNEL32.dll+0x11069>)
# 3 base.dll!base::LaunchProcess                                         [base\process\launch_win.cc:316]
# 4 base.dll!base::LaunchProcess                                         [base\process\launch_win.cc:210]
# 5 content.dll!content::StartSandboxedProcess                           [content\common\sandbox_win.cc:694]
# 6 content.dll!content::`anonymous namespace'::LaunchOnLauncherThread   [content\browser\child_process_launcher.cc:151]
# 7 content.dll!base::internal::Invoker<>::Run                           [base\bind_internal.h:352]
# 8 base.dll!base::debug::TaskAnnotator::RunTask                         [base\debug\task_annotator.cc:51]
# 9 base.dll!base::MessageLoop::RunTask                                  [base\message_loop\message_loop.cc:476]
#10 base.dll!base::MessageLoop::DeferOrRunPendingTask                    [base\message_loop\message_loop.cc:485]
#11 base.dll!base::MessageLoop::DoWork                                   [base\message_loop\message_loop.cc:597]
#12 base.dll!base::MessagePumpDefault::Run                               [base\message_loop\message_pump_default.cc:33]
#13 base.dll!base::MessageLoop::RunHandler                               [base\message_loop\message_loop.cc:440]
#14 base.dll!base::MessageLoop::Run                                      [base\message_loop\message_loop.cc:293]
#15 base.dll!base::Thread::Run                                           [base\threading\thread.cc:202]
#16 content.dll!content::BrowserThreadImpl::ProcessLauncherThreadRun     [content\browser\browser_thread_impl.cc:202]
#17 content.dll!content::BrowserThreadImpl::Run                          [content\browser\browser_thread_impl.cc:247]
#18 base.dll!base::Thread::ThreadMain                                    [base\threading\thread.cc:254]
#19 base.dll!base::`anonymous namespace'::ThreadFunc                     [base\threading\platform_thread_win.cc:84]
#20 KERNEL32.dll!BaseThreadInitThunk                                    +0x11     (0x76f9337a <KERNEL32.dll+0x1337a>)
Note: @0:05:06.723 in thread 404
Note: handles created with the same callstack are closed here:
Note: # 0 system call NtClose
Note: # 1 KERNELBASE.dll!CloseHandle                                                +0x2c     (0x75dbc463 <KERNELBASE.dll+0xc463>)
Note: # 2 KERNEL32.dll!CloseHandle                                                  +0x27     (0x76f91418 <KERNEL32.dll+0x11418>)
Note: # 3 base.dll!`anonymous namespace'::CloseHandleWrapper                         [base\win\scoped_handle.cc:116]
Note: # 4 base.dll!`anonymous namespace'::ActiveVerifier::CloseHandle                [base\win\scoped_handle.cc:178]
Note: # 5 base.dll!base::win::HandleTraits::CloseHandle                              [base\win\scoped_handle.cc:264]
Note: # 6 base.dll!base::win::ScopedProcessInformation::Close                        [base\win\scoped_process_information.cc:94]
Note: # 7 base.dll!base::win::ScopedProcessInformation::~ScopedProcessInformation    [base\win\scoped_process_information.cc:84]
Note: # 8 base.dll!base::LaunchProcess                                               [base\process\launch_win.cc:342]
Note: # 9 base.dll!base::LaunchProcess                                               [base\process\launch_win.cc:210]
Note: #10 content.dll!content::StartSandboxedProcess                                 [content\common\sandbox_win.cc:694]
Note: #11 content.dll!content::`anonymous namespace'::LaunchOnLauncherThread         [content\browser\child_process_launcher.cc:151]
Note: #12 content.dll!base::internal::Invoker<>::Run                                 [base\bind_internal.h:352]
Note: #13 base.dll!base::debug::TaskAnnotator::RunTask                               [base\debug\task_annotator.cc:51]
Note: #14 base.dll!base::MessageLoop::RunTask                                        [base\message_loop\message_loop.cc:476]
Note: #15 base.dll!base::MessageLoop::DeferOrRunPendingTask                          [base\message_loop\message_loop.cc:485]
Note: #16 base.dll!base::MessageLoop::DoWork                                         [base\message_loop\message_loop.cc:597]
Note: #17 base.dll!base::MessagePumpDefault::Run                                     [base\message_loop\message_pump_default.cc:33]
Note: #18 base.dll!base::MessageLoop::RunHandler                                     [base\message_loop\message_loop.cc:440]
Note: #19 base.dll!base::MessageLoop::Run                                            [base\message_loop\message_loop.cc:293]
Note: #20 base.dll!base::Thread::Run                                                 [base\threading\thread.cc:202]
Note: #21 content.dll!content::BrowserThreadImpl::ProcessLauncherThreadRun           [content\browser\browser_thread_impl.cc:202]
Note: #22 content.dll!content::BrowserThreadImpl::Run                                [content\browser\browser_thread_impl.cc:247]
Note: #23 base.dll!base::Thread::ThreadMain                                          [base\threading\thread.cc:254]
Note: #24 base.dll!base::`anonymous namespace'::ThreadFunc                           [base\threading\platform_thread_win.cc:84]
Note: #25 KERNEL32.dll!BaseThreadInitThunk                                          +0x11     (0x76f9337a <KERNEL32.dll+0x1337a>)
The report came from the `RenderFrameHostManagerTest.BackForwardNotStale` test.

https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Content%20Browser%20%28DrMemory%20full%29%20%286%29/builds/3294

HANDLE LEAK: KERNEL handle 0x000006e0 and 2 similar handle(s) were opened but not closed:
# 0 system call NtDuplicateObject
# 1 KERNELBASE.dll!DuplicateHandle                                      +0x68     (0x75dbc4e7 <KERNELBASE.dll+0xc4e7>)
# 2 KERNEL32.dll!DuplicateHandle                                        +0x4b     (0x76f918b2 <KERNEL32.dll+0x118b2>)
# 3 sandbox::BrokerServicesBase::AddTargetPeer                           [sandbox\win\src\broker_services.cc:516]
# 4 content.dll!content::StartSandboxedProcess                           [content\common\sandbox_win.cc:697]
# 5 content.dll!content::`anonymous namespace'::LaunchOnLauncherThread   [content\browser\child_process_launcher.cc:151]
# 6 content.dll!base::internal::Invoker<>::Run                           [base\bind_internal.h:352]
# 7 base.dll!base::debug::TaskAnnotator::RunTask                         [base\debug\task_annotator.cc:51]
# 8 base.dll!base::MessageLoop::RunTask                                  [base\message_loop\message_loop.cc:476]
# 9 base.dll!base::MessageLoop::DeferOrRunPendingTask                    [base\message_loop\message_loop.cc:485]
#10 base.dll!base::MessageLoop::DoWork                                   [base\message_loop\message_loop.cc:597]
#11 base.dll!base::MessagePumpDefault::Run                               [base\message_loop\message_pump_default.cc:33]
#12 base.dll!base::MessageLoop::RunHandler                               [base\message_loop\message_loop.cc:440]
#13 base.dll!base::MessageLoop::Run                                      [base\message_loop\message_loop.cc:293]
#14 base.dll!base::Thread::Run                                           [base\threading\thread.cc:202]
#15 content.dll!content::BrowserThreadImpl::ProcessLauncherThreadRun     [content\browser\browser_thread_impl.cc:202]
#16 content.dll!content::BrowserThreadImpl::Run                          [content\browser\browser_thread_impl.cc:247]
#17 base.dll!base::Thread::ThreadMain                                    [base\threading\thread.cc:254]
#18 base.dll!base::`anonymous namespace'::ThreadFunc                     [base\threading\platform_thread_win.cc:84]
#19 KERNEL32.dll!BaseThreadInitThunk                                    +0x11     (0x76f9337a <KERNEL32.dll+0x1337a>)
Note: @0:05:06.564 in thread 404
Note: handles created with the same callstack are closed here:
Note: # 0 system call NtClose
Note: # 1 KERNELBASE.dll!CloseHandle                                      +0x2c     (0x75dbc463 <KERNELBASE.dll+0xc463>)
Note: # 2 KERNEL32.dll!CloseHandle                                        +0x27     (0x76f91418 <KERNEL32.dll+0x11418>)
Note: # 3 base.dll!`anonymous namespace'::CloseHandleWrapper               [base\win\scoped_handle.cc:116]
Note: # 4 base.dll!`anonymous namespace'::ActiveVerifier::CloseHandle      [base\win\scoped_handle.cc:178]
Note: # 5 base.dll!base::win::HandleTraits::CloseHandle                    [base\win\scoped_handle.cc:264]
Note: # 6 `anonymous namespace'::DeregisterPeerTracker                     [sandbox\win\src\broker_services.cc:107]
Note: # 7 sandbox::BrokerServicesBase::TargetEventsThread                  [sandbox\win\src\broker_services.cc:272]
Note: # 8 KERNEL32.dll!BaseThreadInitThunk                                +0x11     (0x76f9337a <KERNEL32.dll+0x1337a>)
The report came from the `RenderFrameHostManagerTest.BackForwardNotStale` test.

Project Member

Comment 1 by bugdroid1@chromium.org, Mar 15 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/75c4bdd3f2b3c24e96c9a42fb91157cfe5d832aa

commit 75c4bdd3f2b3c24e96c9a42fb91157cfe5d832aa
Author: reillyg <reillyg@chromium.org>
Date: Mon Mar 14 23:57:49 2016

Add suppressions for handle leaks in StartSandboxedProcess.

BUG=594829
TBR=thestig@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1796973005

Cr-Commit-Position: refs/heads/master@{#381122}

[modify] https://crrev.com/75c4bdd3f2b3c24e96c9a42fb91157cfe5d832aa/tools/valgrind/drmemory/suppressions_full.txt

Comment 2 by reillyg@chromium.org, Mar 16 2016

Cc: wfh@chromium.org

Comment 3 by cpu@chromium.org, May 18 2016

Cc: cpu@chromium.org

Comment 4 by roc...@chromium.org, Oct 17

Cc: -roc...@chromium.org rockot@google.com

►

Issue 594829 link

Issue metadata

Handle leaks in content::StartSandboxedProcess

Issue description

Comment 1 by bugdroid1@chromium.org, Mar 15 2016

Comment 1 Deleted

Comment 2 by reillyg@chromium.org, Mar 16 2016

Comment 2 Deleted

Comment 3 by cpu@chromium.org, May 18 2016

Comment 3 Deleted

Comment 4 by roc...@chromium.org, Oct 17

Comment 4 Deleted

Sign in to add a comment