The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ca7995981ed26436f021d3d5468561f6dde9b98

commit 7ca7995981ed26436f021d3d5468561f6dde9b98
Author: oshima <oshima@chromium.org>
Date: Fri Apr 29 22:43:07 2016

Exclude BckgroundApplictionlistModelTest that are failing due to invalid memory access on DrMemory

BUG= 608064 
TBR=raymes@chromium.org

Review-Url: https://codereview.chromium.org/1933993002
Cr-Commit-Position: refs/heads/master@{#390789}

[modify] https://crrev.com/7ca7995981ed26436f021d3d5468561f6dde9b98/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

There are more failures:

https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%20full%29%20%282%29/builds/10593/steps/memory%20test%3A%20unit_1/logs/DFF5DE493430D63F

UNADDRESSABLE ACCESS: reading 0x746e6fc2-0x746e6fc6 4 byte(s)
# 0 ExtensionService::NotifyExtensionLoaded                                [chrome\browser\extensions\extension_service.cc:1035]
# 1 ExtensionService::AddExtension                                         [chrome\browser\extensions\extension_service.cc:1521]
# 2 extensions::TestExtensionEnvironment::MakeExtension                    [chrome\browser\extensions\test_extension_environment.cc:148]
# 3 SavedFilesServiceUnitTest::SetUp                                       [apps\saved_files_service_unittest.cc:40]
# 4 testing::internal::HandleExceptionsInMethodIfSupported<>               [testing\gtest\src\gtest.cc:2458]
Note: @0:08:22.468 in thread 4124
Note: instruction: call   0x5c(%edx) %esp -> %esp 0xfffffffc(%esp)
Suppression (error hash=#DFF5DE493430D63F#):
For more info on using suppressions see http://dev.chromium.org/developers/how-tos/using-drmemory#TOC-Suppressing-error-reports-from-the-
{
UNADDRESSABLE ACCESS
name=<insert_a_suppression_name_here>
*!ExtensionService::NotifyExtensionLoaded
*!ExtensionService::AddExtension
*!extensions::TestExtensionEnvironment::MakeExtension
*!SavedFilesServiceUnitTest::SetUp
*!testing::internal::HandleExceptionsInMethodIfSupported<>
}

https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%20full%29%20%283%29/builds/10190/steps/memory%20test%3A%20unit_1/logs/E3F8A0103F1FC97CUNADDRESSABLE ACCESS beyond heap bounds: reading 0x4adb3eb8-0x4adb3ebc 4 byte(s)
# 0 ExtensionService::NotifyExtensionLoaded                                    [chrome\browser\extensions\extension_service.cc:1035]
# 1 ExtensionService::AddExtension                                             [chrome\browser\extensions\extension_service.cc:1521]
# 2 extensions::ExtensionContextMenuModelTest::AddExtensionWithHostPermission  [chrome\browser\extensions\extension_context_menu_model_unittest.cc:174]
# 3 extensions::ExtensionContextMenuModelTest::AddExtension                    [chrome\browser\extensions\extension_context_menu_model_unittest.cc:150]
# 4 extensions::ExtensionContextMenuModelTest_ExtensionContextUninstall_Test::TestBody [chrome\browser\extensions\extension_context_menu_model_unittest.cc:471]
# 5 testing::internal::HandleExceptionsInMethodIfSupported<>                   [testing\gtest\src\gtest.cc:2458]
Note: @0:10:47.365 in thread 4272
Note: next higher malloc: 0x4adb3f30-0x4adb3f50
Note: prev lower malloc:  0x4adb3e60-0x4adb3e90
Note: instruction: mov    (%edi) -> %edx
Suppression (error hash=#E3F8A0103F1FC97C#):
For more info on using suppressions see http://dev.chromium.org/developers/how-tos/using-drmemory#TOC-Suppressing-error-reports-from-the-
{
UNADDRESSABLE ACCESS
name=<insert_a_suppression_name_here>
*!ExtensionService::NotifyExtensionLoaded
*!ExtensionService::AddExtension
*!extensions::ExtensionContextMenuModelTest::AddExtensionWithHostPermission
*!extensions::ExtensionContextMenuModelTest::AddExtension
*!extensions::ExtensionContextMenuModelTest_ExtensionContextUninstall_Test::TestBody
*!testing::internal::HandleExceptionsInMethodIfSupported<>
}

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a0ce90e64da66f1a3297ddfdfd9d3f88236b26d

commit 1a0ce90e64da66f1a3297ddfdfd9d3f88236b26d
Author: oshima <oshima@chromium.org>
Date: Sat Apr 30 04:02:19 2016

Exclude more tests that are failing in ExtensionService::AddExtension

BUG= 608064 
TBR=raymes@chromium.org

Review-Url: https://codereview.chromium.org/1925383004
Cr-Commit-Position: refs/heads/master@{#390845}

[modify] https://crrev.com/1a0ce90e64da66f1a3297ddfdfd9d3f88236b26d/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

+bruening@

More tests are failing now. Maybe all tests that calls AddExtension are failing.

I run the test on Valgrind but couldn't reproduce similar error. I wonder if this is false positive. bruening@, can you look into if this is real?

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aef1ed933a6802ad898cc4cf7b1f3eaa54b97bb4

commit aef1ed933a6802ad898cc4cf7b1f3eaa54b97bb4
Author: oshima <oshima@chromium.org>
Date: Sat Apr 30 07:30:19 2016

Exclude more tests due to crash in AddExtension

BUG= 608064 
TBR=bruening@chromium.org

Review-Url: https://codereview.chromium.org/1934873002
Cr-Commit-Position: refs/heads/master@{#390848}

[modify] https://crrev.com/aef1ed933a6802ad898cc4cf7b1f3eaa54b97bb4/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

At first glance at the reports on the bots it looks like a serious bug: a use-after-free access that results in an app crash.

I can't reproduce it running just the sub-tests.  Trying with the full set.

Have the devs who own this code analyzed it?  This one has the most information, including the callstack of the free:

[----------] 1 test from BackgroundApplicationListModelTest
[ RUN      ] BackgroundApplicationListModelTest.RandomTest
~~Dr.M~~ 
~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS of freed memory: reading 0x0f7ee8d8-0x0f7ee8dc 4 byte(s)
~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded                                    [chrome\browser\extensions\extension_service.cc:1035]
~~Dr.M~~ # 1 ExtensionService::AddExtension                                             [chrome\browser\extensions\extension_service.cc:1521]
~~Dr.M~~ # 2 `anonymous namespace'::AddExtension                                        [chrome\browser\background\background_application_list_model_unittest.cc:290]
~~Dr.M~~ # 3 BackgroundApplicationListModelTest_RandomTest_Test::TestBody               [chrome\browser\background\background_application_list_model_unittest.cc:390]
~~Dr.M~~ # 4 testing::internal::HandleExceptionsInMethodIfSupported<>                   [testing\gtest\src\gtest.cc:2458]
~~Dr.M~~ Note: @0:08:19.777 in thread 1412
~~Dr.M~~ Note: next higher malloc: 0x0f7ee920-0x0f7ee964
~~Dr.M~~ Note: prev lower malloc:  0x0f7ee880-0x0f7ee8b0
~~Dr.M~~ Note: 0x0f7ee8d8-0x0f7ee8dc overlaps memory 0x0f7ee8d0-0x0f7ee900 that was freed here:
~~Dr.M~~ Note: # 0 replace_operator_delete_nothrow                                       [d:\drmemory_package\common\alloc_replace.c:2974]
~~Dr.M~~ Note: # 1 prefs.dll!std::_Deallocate                                            [c:\b\depot_tools\win_toolchain\vs_files\95ddda401ec5678f15eeed01d2bee08fcbc5ee97\vc\include\xmemory0:132]
~~Dr.M~~ Note: # 2 prefs.dll!std::pair<>::~pair<>
~~Dr.M~~ Note: # 3 prefs.dll!PrefService::GetUserPrefValue                               [components\prefs\pref_service.cc:302]
~~Dr.M~~ Note: # 4 `anonymous namespace'::GetBooleanUserOrDefaultPrefValue               [components\password_manager\sync\browser\password_manager_setting_migrator_service.cc:21]
~~Dr.M~~ Note: # 5 `anonymous namespace'::SaveCurrentPrefState                           [components\password_manager\sync\browser\password_manager_setting_migrator_service.cc:53]
~~Dr.M~~ Note: instruction: mov    (%edi) -> %edx
~~Dr.M~~ 
~~Dr.M~~ Error #2: UNADDRESSABLE ACCESS: reading 0x737361cc-0x737361d0 4 byte(s)
~~Dr.M~~ # 0 ExtensionService::NotifyExtensionLoaded                                    [chrome\browser\extensions\extension_service.cc:1035]
~~Dr.M~~ # 1 ExtensionService::AddExtension                                             [chrome\browser\extensions\extension_service.cc:1521]
~~Dr.M~~ # 2 `anonymous namespace'::AddExtension                                        [chrome\browser\background\background_application_list_model_unittest.cc:290]
~~Dr.M~~ # 3 BackgroundApplicationListModelTest_RandomTest_Test::TestBody               [chrome\browser\background\background_application_list_model_unittest.cc:390]
~~Dr.M~~ # 4 testing::internal::HandleExceptionsInMethodIfSupported<>                   [testing\gtest\src\gtest.cc:2458]
~~Dr.M~~ Note: @0:08:19.839 in thread 1412
~~Dr.M~~ Note: instruction: call   0x5c(%edx) %esp -> %esp 0xfffffffc(%esp)
Backtrace:
	ExtensionService::NotifyExtensionLoaded [0x0499C20F+319] (c:\b\build\slave\drm-cr\build\src\chrome\browser\extensions\extension_service.cc:1035)
	ExtensionService::AddExtension [0x0499889C+972] (c:\b\build\slave\drm-cr\build\src\chrome\browser\extensions\extension_service.cc:1521)
	`anonymous namespace'::AddExtension [0x02079331+289] (c:\b\build\slave\drm-cr\build\src\chrome\browser\background\background_application_list_model_unittest.cc:291)
	BackgroundApplicationListModelTest_RandomTest_Test::TestBody [0x0207D586+358] (c:\b\build\slave\drm-cr\build\src\chrome\browser\background\background_application_list_model_unittest.cc:390)
	testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,void> [0x03549870+32] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:2460)
	testing::Test::Run [0x0355BE4D+93] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:2474)
	testing::TestInfo::Run [0x0355C045+133] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:2660)
	testing::TestCase::Run [0x0355BF2F+143] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:2774)
	testing::internal::UnitTestImpl::RunAllTests [0x0355C3BE+462] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:4647)
	testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,bool> [0x03549900+32] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:2460)
	testing::UnitTest::Run [0x0355C18E+190] (c:\b\build\slave\drm-cr\build\src\testing\gtest\src\gtest.cc:4255)
	base::TestSuite::Run [0x03397873+163] (c:\b\build\slave\drm-cr\build\src\base\test\test_suite.cc:230)
	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<int (__thiscall content::UnitTestTestSuite::*)(void)>,int __cdecl(content::UnitTestTestSuite *),base::internal::UnretainedWrapper<content::UnitTestTes [0x035A5099+25] (c:\b\build\slave\drm-cr\build\src\base\bind_internal.h:372)
	base::`anonymous namespace'::LaunchUnitTestsInternal [0x03384D8F+751] (c:\b\build\slave\drm-cr\build\src\base\test\launcher\unit_test_launcher.cc:244)
	base::LaunchUnitTests [0x033849E6+70] (c:\b\build\slave\drm-cr\build\src\base\test\launcher\unit_test_launcher.cc:445)
	main [0x035A5146+150] (c:\b\build\slave\drm-cr\build\src\chrome\test\base\run_all_unittests.cc:21)
	__scrt_common_main_seh [0x05A192DE+255] (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:255)
	BaseThreadInitThunk [0x7589337A+18]
	RtlInitializeExceptionChain [0x770392B2+99]
	RtlInitializeExceptionChain [0x77039285+54]
~~Dr.M~~ WARNING: application exited with abnormal code 0xc0000005

+today's memory sheriff, a couple of extensions owner, and dcheng@ who did unique_ptr conversion on the same day.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/177293e05b9ca513af66dd2b2c22df19b94638a5

commit 177293e05b9ca513af66dd2b2c22df19b94638a5
Author: reillyg <reillyg@chromium.org>
Date: Mon May 02 21:22:48 2016

Add suppressions for issues  608053  and  608064 .

This should be more effective than disabling individual tests as these
errors have been seen across many tests.

BUG= 608053 , 608064 
TBR=oshima@chromium.org
NOTRY=True

Review-Url: https://codereview.chromium.org/1937403002
Cr-Commit-Position: refs/heads/master@{#391053}

[modify] https://crrev.com/177293e05b9ca513af66dd2b2c22df19b94638a5/tools/valgrind/drmemory/suppressions.txt

Note that tests are crashing, so suppression won't help.

I can reproduce this with MSan on Linux by running the full unit_tests suite with --single-process-tests so it's likely a bad interaction between tests:

[ RUN      ] BackgroundApplicationListModelTest.AddRemovePermissionsTest
==13434==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x139d00e8 in NotifyExtensionLoaded ./out/MSan/../../chrome/browser/extensions/extension_service.cc:1035:11
    #1 0x139dc344 in AddExtension ./out/MSan/../../chrome/browser/extensions/extension_service.cc:1521:5
    #2 0x2ba2a66 in TestBody ./out/MSan/../../chrome/browser/background/background_application_list_model_unittest.cc:237:3
    #3 0x1dde2992 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
    #4 0x1dde2992 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2474:0
    #5 0x1dde5d49 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2656:5
    #6 0x1dde757b in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2774:5
    #7 0x1de04eb1 in RunAllTests ./out/MSan/../../testing/gtest/src/gtest.cc:4647:11
    #8 0x1de03eb1 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
    #9 0x1de03eb1 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:4255:0
    #10 0x6291414 in RUN_ALL_TESTS ./out/MSan/../../testing/gtest/include/gtest/gtest.h:2237:10
    #11 0x6291414 in Run ./out/MSan/../../base/test/test_suite.cc:230:0
    #12 0x62ca2c2 in Run ./out/MSan/../../base/callback.h:397:12
    #13 0x62ca2c2 in LaunchUnitTestsInternal ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:206:0
    #14 0x62c9af7 in LaunchUnitTests ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:445:10
    #15 0x6270a5c in main ./out/MSan/../../chrome/test/base/run_all_unittests.cc:21:10
    #16 0x7f2f387d7ec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287:0
    #17 0x7a8fd4 in _start ??:?

  Uninitialized value was created by a heap allocation
    #0 0x7cdb22 in __interceptor_malloc ??:?
    #1 0x7f2f3fcd9eaf in ?? /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-libnspr4.gen/libnspr4/nspr-4.10.10/pr/src/malloc/prmem.c:435:55
    #2 0x7f2f405d370a in PORT_Alloc_Util /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/util/secport.c:86:7
    #3 0x7f2f408c7cbc in ?? /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/pk11wrap/pk11slot.c:345:28
    #4 0x7f2f408da1f6 in ?? /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/pk11wrap/pk11util.c:968:13
    #5 0x7f2f408dbca9 in ?? /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/pk11wrap/pk11util.c:1289:12
    #6 0x7f2f408db8c5 in SECMOD_OpenNewSlot /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/pk11wrap/pk11util.c:1388:10
    #7 0x7f2f408dbd56 in SECMOD_OpenUserDB /mnt/b/chromium/src/out-msan-no-origins-trusty/Release/obj/third_party/instrumented_libraries/msan-nss.gen/nss/nss-3.19.2.1/nss/lib/pk11wrap/pk11util.c:1474:12
    #8 0x2038c2c1 in Init ./out/MSan/../../chrome/utility/importer/nss_decryptor_system_nss.cc:37:14
    #9 0x2b1954b in DecryptorInit ./out/MSan/../../chrome/utility/importer/firefox_importer_unittest_utils.h:87:10
    #10 0x2b1954b in TestBody ./out/MSan/../../chrome/utility/importer/firefox_importer_unittest.cc:41:0
    #11 0x1dde2992 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
    #12 0x1dde2992 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2474:0
    #13 0x1dde5d49 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2656:5
    #14 0x1dde757b in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2774:5
    #15 0x1de04eb1 in RunAllTests ./out/MSan/../../testing/gtest/src/gtest.cc:4647:11
    #16 0x1de03eb1 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
    #17 0x1de03eb1 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:4255:0
    #18 0x6291414 in RUN_ALL_TESTS ./out/MSan/../../testing/gtest/include/gtest/gtest.h:2237:10
    #19 0x6291414 in Run ./out/MSan/../../base/test/test_suite.cc:230:0
    #20 0x62ca2c2 in Run ./out/MSan/../../base/callback.h:397:12
    #21 0x62ca2c2 in LaunchUnitTestsInternal ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:206:0
    #22 0x62c9af7 in LaunchUnitTests ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:445:10
    #23 0x6270a5c in main ./out/MSan/../../chrome/test/base/run_all_unittests.cc:21:10
    #24 0x7f2f387d7ec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287:0

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/src/chromium/src/out/MSan/unit_tests+0x139d00e8)

I can reproduce a problem under Dr. Memory with just two tests:

% RUNNING_ON_VALGRIND=yes tools/valgrind/chrome_tests.sh -b out/Release -t unit --tool drmemory_light --gtest_filter=BookmarkA*:ChromeR*

[==========] Running 17 tests from 4 test cases.
[----------] Global test environment set-up.
[----------] 1 test from ChromeRuntimeAPIDelegateTest
[ RUN      ] ChromeRuntimeAPIDelegateTest.RequestUpdateCheck
[       OK ] ChromeRuntimeAPIDelegateTest.RequestUpdateCheck (2398 ms)
[----------] 1 test from ChromeRuntimeAPIDelegateTest (2437 ms total)

[----------] 6 tests from BookmarkAppHelperExtensionServiceTest
[ RUN      ] BookmarkAppHelperExtensionServiceTest.CreateBookmarkApp
~~Dr.M~~ 
~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS of freed memory: reading 0x09bb18c0-0x09bb18c4 4 byte(s)
~~Dr.M~~ # 0 extensions::ChromeExtensionsBrowserClient::GetOriginalContext              [chrome\browser\extensi

The key is that ChromeRuntimeAPIDelegateTest.RequestUpdateCheck runs
before BookmarkAppHelperExtensionServiceTest.CreateBookmarkApp?  Though
some of the other crashes when running the whole suite do not involve these two tests, so there must be other conditions that trigger it as well.

However, given the variety of errors reported by DrMem (use-after-free, null deref, heap overflow), and how there is typically an app crash afterward, and that I cannot get the app to crash running it natively or under DrMem with its heap allocator tracking disabled, it is possible it's a DrMem bug.  Given the msan uninit report -- perhaps best to try and fix that and then we'll see if the DrMem reports remain?

Those two tests trigger a crash under MSan as well but not the same one.

Setting g_run_renderer_in_process_ breaks RenderProcessHostImpl::IsSuitableHost because we first check:

if (run_renderer_in_process())
  return true;

before checking,

if (host->GetBrowserContext() != browser_context)
  return false;

This means we end up with a RenderProcessHost created with the previous test's BrowserContext, which has been destroyed. I'm guessing this render process should have been destroyed when the test shut down so I'm investigating that next.

> Those two tests trigger a crash under MSan as well but not the same one.

Ah, that is good to hear (from my perspective :)): so it is almost certainly an application bug (or bugs) that shows up under the replacement allocators of both MSan and Dr. Memory.  So the various Dr. Memory error reports should all be considered real app bugs.

I also run full tests on Valgrind and could reproduce this, so this must be a real bug.

Invalid read of size 8
  ExtensionService::NotifyExtensionLoaded(extensions::Extension const*) (/out/Release.chromeos_valgrind/../../chrome/browser/extensions/extension_service.cc:1035)
  ExtensionService::AddExtension(extensions::Extension const*) (/out/Release.chromeos_valgrind/../../chrome/browser/extensions/extension_service.cc:1521)
  BackgroundApplicationListModelTest_AddRemovePermissionsTest_Test::TestBody() (/out/Release.chromeos_valgrind/../../chrome/browser/background/background_application_list_model_unittest.cc:237)
Address 0x23c157f8 is 42 bytes after a block of size 62 free'd
  operator delete(void*) (m_replacemalloc/vg_replace_malloc.c:1149)
  std::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
  (anonymous namespace)::RegisterFontFamilyPrefs(user_prefs::PrefRegistrySyncable*, std::set<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/out/Release.chromeos_valgrind/../../chrome/browser/ui/prefs/prefs_tab_helper.cc:131)
  PrefsTabHelper::RegisterProfilePrefs(user_prefs::PrefRegistrySyncable*) (/out/Release.chromeos_valgrind/../../chrome/browser/ui/prefs/prefs_tab_helper.cc:590)
  chrome::RegisterProfilePrefs(user_prefs::PrefRegistrySyncable*) (/out/Release.chromeos_valgrind/../../chrome/browser/prefs/browser_prefs.cc:443)
  chrome::RegisterUserProfilePrefs(user_prefs::PrefRegistrySyncable*) (/out/Release.chromeos_valgrind/../../chrome/browser/prefs/browser_prefs.cc:608)
  TestingProfile::CreateTestingPrefService() (/out/Release.chromeos_valgrind/../../chrome/test/base/testing_profile.cc:748)
  TestingProfile::Init() (/out/Release.chromeos_valgrind/../../chrome/test/base/testing_profile.cc:427)
  TestingProfile::TestingProfile(base::FilePath const&, Profile::Delegate*, scoped_refptr<ExtensionSpecialStoragePolicy>, std::unique_ptr<syncable_prefs::PrefServiceSyncable, std::default_delete<syncable_prefs::PrefServiceSyncable> >, TestingProfile*, bool, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<policy::PolicyService, std::default_delete<policy::PolicyService> >, std::vector<std::pair<BrowserContextKeyedServiceFactory*, std::unique_ptr<KeyedService, std::default_delete<KeyedService> > (*)(content::BrowserContext*)>, std::allocator<std::pair<BrowserContextKeyedServiceFactory*, std::unique_ptr<KeyedService, std::default_delete<KeyedService> > (*)(content::BrowserContext*)> > > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/out/Release.chromeos_valgrind/../../chrome/test/base/testing_profile.cc:359)
  TestingProfile::Builder::Build() (/usr/local/google2/home/oshima/chrome-git/src/out/Release.chromeos_valgrind/unit_tests)
  ChromeRenderViewHostTestHarness::CreateBrowserContext() (/out/Release.chromeos_valgrind/../../chrome/test/base/chrome_render_view_host_test_harness.cc:74)
  content::RenderViewHostTestHarness::SetUp() (/out/Release.chromeos_valgrind/../../content/public/test/test_renderer_host.cc:208)

reillyg@chromium.org,  DrMemory x64 bots is still failing although it marked as green. Just FYI.

Talked to Antony offline and assigning this to him as this is a real bug. It looks like ChromeRuntimeAPIDelegateTest is causing a real WebContentImpl to be created in order to deliver extension loaded events. In this stack trace I tried adding a RenderViewHostTestEnabler and put a breakpoint in MockRenderProcessHostFactory::CreateRenderProcessHost see why the process was being created:

#0  content::MockRenderProcessHostFactory::CreateRenderProcessHost (this=0x2bc83ea51d20, browser_context=0x2bc83ea1e020, site_instance=0x2bc83eaa1160) at ../../content/public/test/mock_render_process_host.cc:358
#1  0x00007ffff088a86d in content::SiteInstanceImpl::GetProcess (this=0x2bc83eaa1160) at ../../content/browser/site_instance_impl.cc:122
#2  0x00007ffff0941906 in content::WebContentsImpl::Init (this=0x2bc83f401620, params=...) at ../../content/browser/web_contents/web_contents_impl.cc:1500
#3  0x00007ffff0936b73 in content::WebContentsImpl::CreateWithOpener (params=..., opener=0x0) at ../../content/browser/web_contents/web_contents_impl.cc:563
#4  0x00007ffff0936953 in content::WebContents::Create (params=...) at ../../content/browser/web_contents/web_contents_impl.cc:249
#5  0x0000000004364b0a in extensions::ExtensionHost::ExtensionHost (this=0x2bc83f1e9260, extension=0x2bc83f1e9020, site_instance=0x2bc83eaa1160, url=..., host_type=extensions::VIEW_TYPE_EXTENSION_BACKGROUND_PAGE) at ../../extensions/browser/extension_host.cc:72
#6  0x000000000441eeae in extensions::ProcessManager::CreateBackgroundHost (this=0x2bc83f420620, extension=0x2bc83f1e9020, url=...) at ../../extensions/browser/process_manager.cc:383
#7  0x0000000004421a86 in extensions::(anonymous namespace)::CreateBackgroundHostForExtensionLoad (manager=0x2bc83f420620, extension=0x2bc83f1e9020) at ../../extensions/browser/process_manager.cc:110
#8  0x0000000004421926 in extensions::ProcessManager::OnExtensionLoaded (this=0x2bc83f420620, browser_context=0x2bc83ea1e020, extension=0x2bc83f1e9020) at ../../extensions/browser/process_manager.cc:674
#9  0x000000000439d8e3 in extensions::ExtensionRegistry::TriggerOnLoaded (this=0x2bc83eb840a0, extension=0x2bc83f1e9020) at ../../extensions/browser/extension_registry.cc:54
#10 0x0000000003b20767 in ExtensionService::NotifyExtensionLoaded (this=0x2bc83ed55020, extension=0x2bc83f1e9020) at ../../chrome/browser/extensions/extension_service.cc:1056
#11 0x0000000003b203b4 in ExtensionService::EnableExtension (this=0x2bc83ed55020, extension_id="ogjcoiohnmldgjemafoockdghcjciccf") at ../../chrome/browser/extensions/extension_service.cc:852
#12 0x0000000003b23c1e in ExtensionService::AddExtension (this=0x2bc83ed55020, extension=0x2bc83f1e9020) at ../../chrome/browser/extensions/extension_service.cc:1506
#13 0x0000000003b26079 in ExtensionService::FinishInstallation (this=0x2bc83ed55020, extension=0x2bc83f1e9020) at ../../chrome/browser/extensions/extension_service.cc:1913
#14 0x0000000003b264f7 in ExtensionService::FinishDelayedInstallation (this=0x2bc83ed55020, extension_id="ogjcoiohnmldgjemafoockdghcjciccf") at ../../chrome/browser/extensions/extension_service.cc:1890
#15 0x0000000003b1ee03 in ExtensionService::ReloadExtensionImpl (this=0x2bc83ed55020, transient_extension_id="ogjcoiohnmldgjemafoockdghcjciccf", be_noisy=true) at ../../chrome/browser/extensions/extension_service.cc:664
#16 0x0000000003b1f082 in ExtensionService::ReloadExtension (this=0x2bc83ed55020, extension_id="ogjcoiohnmldgjemafoockdghcjciccf") at ../../chrome/browser/extensions/extension_service.cc:695
#17 0x00000000013f1a0b in extensions::(anonymous namespace)::ChromeRuntimeAPIDelegateTest_RequestUpdateCheck_Test::TestBody (this=0x2bc83e9d7420) at ../../chrome/browser/extensions/api/runtime/chrome_runtime_api_delegate_unittest.cc:299
#18 0x00000000018913da in testing::internal::InvokeHelper<sync_file_system::RemoteServiceState, std::tr1::tuple<> >::InvokeMethod<sync_file_system::MockRemoteFileSyncService, sync_file_system::RemoteServiceState (sync_file_system::MockRemoteFileSyncService::*)() const>(sync_file_system::MockRemoteFileSyncService*, sync_file_system::RemoteServiceState (sync_file_system::MockRemoteFileSyncService::*)() const, std::tr1::tuple<> const&) (obj_ptr=0x2bc83e9d7420, 
    method_ptr=&virtual sync_file_system::MockRemoteFileSyncService::RegisterOrigin(GURL const&, base::Callback<void (sync_file_system::SyncStatusCode), (base::internal::CopyMode)1> const&)) at ../../testing/gmock/include/gmock/gmock-generated-actions.h:65
#19 0x0000000006599b1e in testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x2bc83e9d7420, method=&virtual testing::Test::TestBody(), location=0x7e68bd7 <.L.str.104> "the test body") at ../../testing/gtest/src/gtest.cc:2455
#20 0x000000000658eb45 in testing::Test::Run (this=0x2bc83e9d7420) at ../../testing/gtest/src/gtest.cc:2474
#21 0x000000000658f2e8 in testing::TestInfo::Run (this=0x2bc83e6c3520) at ../../testing/gtest/src/gtest.cc:2656
#22 0x000000000658f88a in testing::TestCase::Run (this=0x2bc83e6ba560) at ../../testing/gtest/src/gtest.cc:2774
#23 0x0000000006594bdc in testing::internal::UnitTestImpl::RunAllTests (this=0x2bc83e2f3b20) at ../../testing/gtest/src/gtest.cc:4647
#24 0x0000000001d06d0a in testing::internal::InvokeHelper<bool, std::tr1::tuple<> >::InvokeMethod<MockServiceProcessControl, bool (MockServiceProcessControl::*)()>(MockServiceProcessControl*, bool (MockServiceProcessControl::*)(), std::tr1::tuple<> const&) (
    obj_ptr=0x2bc83e2f3b20, method_ptr=(bool (MockServiceProcessControl::*)(MockServiceProcessControl * const)) 0x65948b0 <testing::internal::UnitTestImpl::RunAllTests()>) at ../../testing/gmock/include/gmock/gmock-generated-actions.h:65
#25 0x000000000659b0ee in testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (object=0x2bc83e2f3b20, 
    method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x65948b0 <testing::internal::UnitTestImpl::RunAllTests()>, location=0x7e69248 <.L.str.228> "auxiliary test code (environments or event listeners)")
    at ../../testing/gtest/src/gtest.cc:2455
#26 0x000000000659487f in testing::UnitTest::Run (this=0xa363320 <testing::UnitTest::GetInstance()::instance>) at ../../testing/gtest/src/gtest.cc:4255
#27 0x0000000002036d51 in RUN_ALL_TESTS () at ../../testing/gtest/include/gtest/gtest.h:2237
#28 0x0000000002035d88 in base::TestSuite::Run (this=0x2bc83e951800) at ../../base/test/test_suite.cc:230
#29 0x0000000002152f4d in content::UnitTestTestSuite::Run (this=0x7fffffffdbb0) at ../../content/public/test/unittest_test_suite.cc:45
#30 0x000000000085bdd9 in base::internal::RunnableAdapter<void (base::RunLoop::*)()>::Run<>(base::RunLoop*) (this=0x7fffffffd2d0, object=0x7fffffffdbb0) at ../../base/bind_internal.h:181
#31 0x000000000085bd29 in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (base::RunLoop::*)()> >::MakeItSo<base::RunLoop*>(base::internal::RunnableAdapter<void (base::RunLoop::*)()>, base::RunLoop*&&) (runnable=..., 
    args=<unknown type in /src/chromium/src/out/Default/unit_tests, CU 0x0, DIE 0x14fc3>) at ../../base/bind_internal.h:321
#32 0x000000000201275d in base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<int (content::UnitTestTestSuite::*)()>, int (content::UnitTestTestSuite*), base::internal::UnretainedWrapper<content::UnitTestTestSuite> >, base::internal::InvokeHelper<false, int, base::internal::RunnableAdapter<int (content::UnitTestTestSuite::*)()> >, int ()>::Run(base::internal::BindStateBase*) (base=0x2bc83eaf7200) at ../../base/bind_internal.h:372
#33 0x000000000085a1be in base::Callback<void (), (base::internal::CopyMode)1>::Run() const (this=0x7fffffffdb58) at ../../base/callback.h:397
#34 0x00000000020735a6 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1> const&) (run_test_suite=..., default_jobs=40, 
    default_batch_limit=10, use_job_objects=true, gtest_init=...) at ../../base/test/launcher/unit_test_launcher.cc:206
#35 0x000000000207340c in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1> const&) (argc=3, argv=0x7fffffffdd78, run_test_suite=...) at ../../base/test/launcher/unit_test_launcher.cc:445
#36 0x000000000201245b in main (argc=3, argv=0x7fffffffdd78) at ../../chrome/test/base/run_all_unittests.cc:21

It looks like the combination of real WebContentsImpls and TestRenderProcessHosts is not workable:

#0 0x7f18bb13649e base::debug::StackTrace::StackTrace()
#1 0x7f18bb135fdf base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f18a84d8340 <unknown>
#3 0x7f18b62b0664 content::RenderFrameHostImpl::~RenderFrameHostImpl()
#4 0x0000021769ae content::TestRenderFrameHost::~TestRenderFrameHost()
#5 0x000002176a39 content::TestRenderFrameHost::~TestRenderFrameHost()
#6 0x7f18b576b8ff std::default_delete<>::operator()()
#7 0x7f18b62e72ac std::unique_ptr<>::reset()
#8 0x7f18b62e6949 std::unique_ptr<>::~unique_ptr()
#9 0x7f18b62d99f5 content::RenderFrameHostManager::~RenderFrameHostManager()
#10 0x7f18b62686a5 content::FrameTreeNode::~FrameTreeNode()
#11 0x7f18b626124f content::FrameTree::~FrameTree()
#12 0x7f18b6aa0978 content::WebContentsImpl::~WebContentsImpl()
#13 0x7f18b6aa0c99 content::WebContentsImpl::~WebContentsImpl()
#14 0x000000895eff std::default_delete<>::operator()()
#15 0x000000ab310c std::unique_ptr<>::reset()
#16 0x000000aad959 std::unique_ptr<>::~unique_ptr()
#17 0x0000043650f8 extensions::ExtensionHost::~ExtensionHost()
#18 0x000004365249 extensions::ExtensionHost::~ExtensionHost()
#19 0x00000442c95b STLDeleteContainerPointers<>()
#20 0x000004423b43 STLDeleteElements<>()
#21 0x00000441e0dc extensions::ProcessManager::CloseBackgroundHosts()
#22 0x000003a93de4 extensions::ChromeProcessManagerDelegate::OnProfileDestroyed()
#23 0x000003a937ed extensions::ChromeProcessManagerDelegate::Observe()
#24 0x7f18b66122c6 content::NotificationServiceImpl::Notify()
#25 0x000002bea180 Profile::MaybeSendDestroyedNotification()
#26 0x000002001906 TestingProfile::~TestingProfile()
#27 0x000002001cd9 TestingProfile::~TestingProfile()
#28 0x000000895eff std::default_delete<>::operator()()
#29 0x0000008d8d9c std::unique_ptr<>::reset()
#30 0x0000015b8b44 extensions::ExtensionServiceTestBase::~ExtensionServiceTestBase()
#31 0x0000015bba77 extensions::ExtensionServiceTestWithInstall::~ExtensionServiceTestWithInstall()
#32 0x0000013f2095 extensions::(anonymous namespace)::ChromeRuntimeAPIDelegateTest::~ChromeRuntimeAPIDelegateTest()
#33 0x0000013f1165 extensions::(anonymous namespace)::ChromeRuntimeAPIDelegateTest_RequestUpdateCheck_Test::~ChromeRuntimeAPIDelegateTest_RequestUpdateCheck_Test()
#34 0x0000013f1189 extensions::(anonymous namespace)::ChromeRuntimeAPIDelegateTest_RequestUpdateCheck_Test::~ChromeRuntimeAPIDelegateTest_RequestUpdateCheck_Test()
#35 0x0000008a017b base::RefCountedThreadSafe<>::DeleteInternal()
#36 0x0000018913da _ZN7testing8internal12InvokeHelperIN16sync_file_system18RemoteServiceStateENSt3tr15tupleIJEEEE12InvokeMethodINS2_25MockRemoteFileSyncServiceEMS9_KFS3_vEEES3_PT_T0_RKS6_
#37 0x000006599b1e testing::internal::HandleExceptionsInMethodIfSupported<>()
#38 0x00000658f330 testing::TestInfo::Run()
#39 0x00000658f88a testing::TestCase::Run()
#40 0x000006594bdc testing::internal::UnitTestImpl::RunAllTests()
#41 0x000001d06d0a _ZN7testing8internal12InvokeHelperIbNSt3tr15tupleIJEEEE12InvokeMethodI25MockServiceProcessControlMS7_FbvEEEbPT_T0_RKS4_
#42 0x00000659b0ee testing::internal::HandleExceptionsInMethodIfSupported<>()
#43 0x00000659487f testing::UnitTest::Run()
#44 0x000002036d51 RUN_ALL_TESTS()
#45 0x000002035d88 base::TestSuite::Run()
#46 0x000002152f4d content::UnitTestTestSuite::Run()
#47 0x00000085bdd9 _ZN4base8internal15RunnableAdapterIMNS_7RunLoopEFvvEE3RunIJEEEvPS2_DpOT_
#48 0x00000085bd29 _ZN4base8internal12InvokeHelperILb0EvNS0_15RunnableAdapterIMNS_7RunLoopEFvvEEEE8MakeItSoIJPS3_EEEvS6_DpOT_
#49 0x00000201275d _ZN4base8internal7InvokerINS_13IndexSequenceIJLm0EEEENS0_9BindStateINS0_15RunnableAdapterIMN7content17UnitTestTestSuiteEFivEEEFiPS7_EJNS0_17UnretainedWrapperIS7_EEEEENS0_12InvokeHelperILb0EiSA_EEFivEE3RunEPNS0_13BindStateBaseE
#50 0x00000085a1be base::Callback<>::Run()
#51 0x0000020735a6 base::(anonymous namespace)::LaunchUnitTestsInternal()
#52 0x00000207340c base::LaunchUnitTests()
#53 0x00000201245b main
#54 0x7f18a5c01ec5 __libc_start_main
#55 0x000000848015 <unknown>

This may simply need to become a browsertest.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/549717e6295bc71dcffb84ac7bf6952bcdd92115

commit 549717e6295bc71dcffb84ac7bf6952bcdd92115
Author: reillyg <reillyg@chromium.org>
Date: Tue May 03 22:17:52 2016

Disable ChromeRuntimeAPIDelegateTest.RequestUpdateCheck.

This test leaves behind a RenderProcessHost that breaks other tests. Now
that the culprit has been found we can re-enable the tests this one was
breaking.

BUG= 608064 
TBR=oshima@chromium.org
NOTRY=True

Review-Url: https://codereview.chromium.org/1942383003
Cr-Commit-Position: refs/heads/master@{#391376}

[modify] https://crrev.com/549717e6295bc71dcffb84ac7bf6952bcdd92115/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d49993d2c1a4a26f9f35dfe41c32b17e09d79ae0

commit d49993d2c1a4a26f9f35dfe41c32b17e09d79ae0
Author: reillyg <reillyg@chromium.org>
Date: Thu May 05 17:55:20 2016

Prevent leaking RenderProcessHosts from PasswordManagerHandlerTest.

PasswordManagerHandlerTest should extend ChromeRenderViewHostTestHarness
so that it can create a TestWebContents without accidentally creating a
real RenderProcessHost. If this happens it is leaked to later tests
running in the same process and results in all kinds of nasty and hard
to track down use-after-frees.

BUG= 608064 

Review-Url: https://codereview.chromium.org/1951053004
Cr-Commit-Position: refs/heads/master@{#391839}

[modify] https://crrev.com/d49993d2c1a4a26f9f35dfe41c32b17e09d79ae0/chrome/browser/ui/webui/options/password_manager_handler_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7b5641ee5ec1f5517924b020ad6265d4ffcaeabd

commit 7b5641ee5ec1f5517924b020ad6265d4ffcaeabd
Author: reillyg <reillyg@chromium.org>
Date: Thu May 05 19:17:50 2016

Add DCHECK to detect when a RPH is reused with a different context.

When running in single-process mode (as happens in tests) we always
attempt to reuse an existing render process host. If a previous test
does not clean up properly then this render process host will be
associated with a (now invalid) BrowserContext.

This DCHECK assists in discovering test cases where this happens without
running the tests under a memory error detector such as MSan.

BUG= 608064 

Review-Url: https://codereview.chromium.org/1943403003
Cr-Commit-Position: refs/heads/master@{#391865}

[modify] https://crrev.com/7b5641ee5ec1f5517924b020ad6265d4ffcaeabd/content/browser/renderer_host/render_process_host_impl.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/123aab602d256ce1aa4337972be162164953da6e

commit 123aab602d256ce1aa4337972be162164953da6e
Author: reillyg <reillyg@chromium.org>
Date: Fri May 06 21:32:34 2016

Add test renderer host support to ExtensionServiceTestBase.

ExtensionService tests may (even inadvertently) cause the creation of
RenderProcessHosts. For example, ExtensionService::AddExtension causes
the chrome.runtime.oninstalled event to be fired inside extensions which
requires a WebContents to be created.

ExtensionServiceTestBase should include a RenderViewHostTestEnabler so
that real render hosts are not created which may leak out into other
tests and cause difficult to diagnose use-after-free errors.

BUG= 608064 

Review-Url: https://codereview.chromium.org/1947683005
Cr-Commit-Position: refs/heads/master@{#392163}

[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/api/developer_private/developer_private_api_unittest.cc
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/api/tabs/tabs_api_unittest.cc
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/bookmark_app_helper_unittest.cc
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/extension_context_menu_model_unittest.cc
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/extension_install_prompt_unittest.cc
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/chrome/browser/extensions/extension_service_test_base.h
[modify] https://crrev.com/123aab602d256ce1aa4337972be162164953da6e/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

 Issue 606779  has been merged into this issue.