New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 601435 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Dec 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

LSAN leak in extensions_unittests:SerialApiTest.SetControlSignals

Project Member Reported by hablich@chromium.org, Apr 7 2016

Issue description

See https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/142216

SerialApiTest.SetControlSignals (run #1):
[ RUN      ] SerialApiTest.SetControlSignals
[16214:16214:0407/041450:41728261375:WARNING:console.cc(109)] Could not log "[SUCCESS] testSetControlSignals": no render frame found
[       OK ] SerialApiTest.SetControlSignals (1354 ms)
[----------] 1 test from SerialApiTest (1354 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (1355 ms total)
[  PASSED  ] 1 test.

=================================================================
==16214==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 640 byte(s) in 10 object(s) allocated from:
    #0 0x54d05b in operator new(unsigned long) (/tmp/runY50y7p/out/Release/extensions_unittests+0x54d05b)
    #1 0xe4a413 in Create mojo/edk/js/handle.h:30:39
    #2 0xe4a413 in gin::Converter<mojo::Handle, void>::ToV8(v8::Isolate*, mojo::Handle const&) mojo/edk/js/handle.cc:53
    #3 0xb49e9f in ConvertToV8<mojo::Handle> gin/converter.h:211:10
    #4 0xb49e9f in TryConvertToV8 gin/converter.h:239
    #5 0xb49e9f in TryConvertToV8<mojo::Handle> gin/converter.h:248
    #6 0xb49e9f in Return<mojo::Handle> gin/arguments.h:72
    #7 0xb49e9f in DispatchToCallback<mojo::Handle> gin/function_template.h:176
    #8 0xb49e9f in gin::internal::Dispatcher<mojo::Handle (extensions::TestServiceProvider*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)>::DispatchToCallback(v8::FunctionCallbackInfo<v8::Value> const&) gin/function_template.h:217
    #9 0x41603dd in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) v8/src/api-arguments.cc:16:3
    #10 0x3216f33 in v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) v8/src/builtins.cc:4344:29
    #11 0x32b1b25 in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>, v8::internal::Isolate*) v8/src/builtins.cc:4362:3
    #12 0x324834c in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) v8/src/builtins.cc:4359:1
    #13 0x7fddd5b09326  (<unknown module>)
    #14 0x7fddd5c5a3f5  (<unknown module>)
    #15 0x7fddd5b34a9a  (<unknown module>)
    #16 0x7fddd5c5a29a  (<unknown module>)
    #17 0x7fddd5c5a1af  (<unknown module>)
    #18 0x7fddd5c596a5  (<unknown module>)
    #19 0x7fddd5c59316  (<unknown module>)
    #20 0x7fddd5b3c2e2  (<unknown module>)
    #21 0x7fddd5b24cae  (<unknown module>)
    #22 0x3781ff1 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>) v8/src/execution.cc:97:13
    #23 0x3781664 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) v8/src/execution.cc:153:10
    #24 0x3782a3b in v8::internal::Execution::TryCall(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::MaybeHandle<v8::internal::Object>*) v8/src/execution.cc:191:20
    #25 0x3a020da in v8::internal::Isolate::RunMicrotasksInternal() v8/src/isolate.cc:2784:5
    #26 0x3a0083f in v8::internal::Isolate::RunMicrotasks() v8/src/isolate.cc:2769:3
    #27 0xb473be in extensions::ApiTestEnvironment::RunPromisesAgain() extensions/renderer/api_test_base.cc:217:3
    #28 0xc97091 in Run base/callback.h:397:12
    #29 0xc97091 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) base/debug/task_annotator.cc:51
    #30 0xbb52d3 in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:479:3
    #31 0xbb5ea5 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) base/message_loop/message_loop.cc:488:5
    #32 0xbb67fc in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:600:13
    #33 0xbbee8c in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:33:21
    #34 0xbb44d9 in base::MessageLoop::RunHandler() base/message_loop/message_loop.cc:443:3
    #35 0xbe9afa in base::RunLoop::Run() base/run_loop.cc:35:3
    #36 0xb46be7 in extensions::ApiTestEnvironment::RunTest(std::__1::basic_string<char, std::__1::char_traits<char>, s
 
This gets uncovered while rolling in a new V8 version. The leak is not in V8 but in Mojo.
Note that links to build logs are short lived. Here are some repro instructions:
In a chromium checkout:
git checkout e939d0314bc6ae82b04def09c58972ab121de51e
GYP_GENERATORS=ninja GYP_DEFINES='asan=1 clang=1 component=static_library
dcheck_always_on=1 fastbuild=1  lsan=1 target_arch=x64 test_isolation_mode=noop
use_goma=1' gclient sync --revision
src/v8@d2eb555ee11f54ca6b227839831ca5419cf2287e
ninja -C out/Release -j1000 extensions_unittests
testing/xvfb.py out/Release out/Release/extensions_unittests
--brave-new-test-launcher --test-launcher-bot-mode --asan=1
--test-launcher-print-test-stdio=always --test-launcher-batch-limit=1 --lsan=1
--gtest_filter=SerialApiTest.SetControlSignals
Labels: Stability-Memory-LeakSanitizer
Summary: LSAN leak in extensions_unittests:SerialApiTest.SetControlSignals (was: ASAN memory leak in extensions_unittests:SerialApiTest.SetControlSignals)
FYI: The v8-side commit that revealed the behavior:
https://chromium.googlesource.com/v8/v8/+/d2eb555ee11f54ca6b227839831ca5419cf2287e
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e80910d680dc22e174bd35ddbfae2c4e6843c53f

commit e80910d680dc22e174bd35ddbfae2c4e6843c53f
Author: hablich <hablich@chromium.org>
Date: Thu Apr 07 13:50:50 2016

Suppress a leak report in mojo's mojo/edk/js/handle.h

BUG= chromium:601435 

R=glider@chromium.org,machenbach@chromium.org

Review URL: https://codereview.chromium.org/1867003002

Cr-Commit-Position: refs/heads/master@{#385743}

[modify] https://crrev.com/e80910d680dc22e174bd35ddbfae2c4e6843c53f/build/sanitizers/lsan_suppressions.cc

Cc: yzshen@chromium.org
Owner: sa...@chromium.org
Hi, Sam.

Is this something that you are familiar with? Please feel free to reassign if you are not the right owner. Thanks!

Comment 8 by sa...@chromium.org, Jun 8 2016

Cc: jochen@chromium.org sa...@chromium.org
Owner: ----
Status: Available (was: Untriaged)
This seems to be caused by gin::Wrappable objects not being deleted. Oddly enough, storing the handles that were lost somewhere (https://codereview.chromium.org/2044183004/diff/1/mojo/public/js/connector.js and https://codereview.chromium.org/2044183004/diff/1/extensions/renderer/resources/keep_alive.js) causes them to be cleaned up properly and makes this leak go away.

On the other hand, if a handle is created and becomes eligible for cleanup too early (https://codereview.chromium.org/2044183004/diff/1/extensions/renderer/resources/serial_service.js with the 7 changed into a 6), those don't get cleaned up when the GC runs at the end of the test.

I don't see anything specific to mojo here.

Comment 9 by roc...@chromium.org, May 29 2017

Components: -Internals>Mojo
Status: WontFix (was: Available)
The old JS bindings is no longer used.

Sign in to add a comment