See https://build.chromium.org/p/chromium.memory.full/builders/Linux%20TSan%20Tests/builds/651/steps/content_browsertests%20on%20Ubuntu-12.04/logs/stdio:
[ RUN ] WebUIMojoTest.EndToEndPing
[29236:29236:0817/232035:13259965238:WARNING:audio_manager.cc(317)] Multiple instances of AudioManager detected
[29236:29236:0817/232035:13259965476:WARNING:audio_manager.cc(278)] Multiple instances of AudioManager detected
Xlib: extension "RANDR" missing on display ":9".
[29281:29281:0817/232037:13262085594:WARNING:ipc_message_attachment_set.cc(57)] MessageAttachmentSet destroyed with unconsumed descriptors: 0/1
==================
WARNING: ThreadSanitizer: heap-use-after-free (pid=29298)
Read of size 8 at 0x7d940000c840 by main thread:
#0 New v8/include/v8.h:7764:54 (content_browsertests+0x0000024b1370)
#1 New v8/include/v8.h:7754 (content_browsertests+0x0000024b1370)
#2 context gin/public/context_holder.h:37 (content_browsertests+0x0000024b1370)
#3 gin::Runner::Scope::Scope(gin::Runner*) gin/runner.cc:18 (content_browsertests+0x0000024b1370)
#4 mojo::edk::js::WaitingCallback::OnHandleReady(unsigned int) mojo/edk/js/waiting_callback.cc:72:22 (content_browsertests+0x00000196f2f7)
#5 Invoke<mojo::edk::js::WaitingCallback *, unsigned int> base/bind_internal.h:214:12 (content_browsertests+0x00000196fa44)
#6 MakeItSo<void (mojo::edk::js::WaitingCallback::*const &)(unsigned int), mojo::edk::js::WaitingCallback *, unsigned int> base/bind_internal.h:283 (content_browsertests+0x00000196fa44)
#7 RunImpl<void (mojo::edk::js::WaitingCallback::*const &)(unsigned int), const std::__1::tuple<base::internal::UnretainedWrapper<mojo::edk::js::WaitingCallback> > &, 0> base/bind_internal.h:346 (content_browsertests+0x00000196fa44)
#8 base::internal::Invoker<base::internal::BindState<void (mojo::edk::js::WaitingCallback::*)(unsigned int), base::internal::UnretainedWrapper<mojo::edk::js::WaitingCallback> >, void (unsigned int)>::Run(base::internal::BindStateBase*, unsigned int&&) base/bind_internal.h:324 (content_browsertests+0x00000196fa44)
#9 Run base/callback.h:388:12 (content_browsertests+0x000000af2ff5)
#10 OnHandleReady mojo/public/cpp/system/watcher.cc:122 (content_browsertests+0x000000af2ff5)
#11 mojo::Watcher::MessageLoopObserver::WillDestroyCurrentMessageLoop() mojo/public/cpp/system/watcher.cc:32 (content_browsertests+0x000000af2ff5)
#12 base::MessageLoop::~MessageLoop() base/message_loop/message_loop.cc:174:3 (content_browsertests+0x0000027e63fe)
#13 base::MessageLoop::~MessageLoop() base/message_loop/message_loop.cc:139:29 (content_browsertests+0x0000027e3c99)
#14 operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 (content_browsertests+0x000003b5ccf0)
#15 reset buildtools/third_party/libc++/trunk/include/memory:2735 (content_browsertests+0x000003b5ccf0)
#16 content::RenderThreadImpl::Shutdown() content/renderer/render_thread_impl.cc:993 (content_browsertests+0x000003b5ccf0)
#17 non-virtual thunk to content::RenderThreadImpl::Shutdown() content/renderer/render_thread_impl.cc:870:24 (content_browsertests+0x000003b5cdcd)
#18 content::ChildProcess::~ChildProcess() content/child/child_process.cc:73:19 (content_browsertests+0x000003a61ad7)
#19 content::RenderProcessImpl::~RenderProcessImpl() content/renderer/render_process_impl.cc:113:1 (content_browsertests+0x000003b5667f)
#20 content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:207:3 (content_browsertests+0x000003b9e18b)
#21 content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:343:14 (content_browsertests+0x000001cf42fd)
#22 content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:426:12 (content_browsertests+0x000001cf4e87)
#23 content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:785:12 (content_browsertests+0x000001cf5b5d)
#24 content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:20:28 (content_browsertests+0x000001cecbee)
#25 content::LaunchTests(content::TestLauncherDelegate*, int, int, char**) content/public/test/test_launcher.cc:523:12 (content_browsertests+0x00000240ef0a)
#26 main content/test/content_test_launcher.cc:131:10 (content_browsertests+0x0000023f5e02)
Previous write of size 8 at 0x7d940000c840 by main thread:
#0 operator delete(void*) <null> (content_browsertests+0x00000050f54d)
#1 v8::internal::GlobalHandles::~GlobalHandles() v8/src/global-handles.cc:586:5 (content_browsertests+0x00000130c82a)
#2 v8::internal::Isolate::~Isolate() v8/src/isolate.cc:2235:3 (content_browsertests+0x00000144646a)
#3 v8::internal::Isolate::TearDown() v8/src/isolate.cc:2075:3 (content_browsertests+0x000001445510)
#4 v8::Isolate::Dispose() v8/src/api.cc:7503:12 (content_browsertests+0x000000ddf608)
#5 gin::IsolateHolder::~IsolateHolder() gin/isolate_holder.cc:75:13 (content_browsertests+0x000005c0ffd2)
#6 operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 (content_browsertests+0x0000040ab74e)
#7 reset buildtools/third_party/libc++/trunk/include/memory:2735 (content_browsertests+0x0000040ab74e)
#8 ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2703 (content_browsertests+0x0000040ab74e)
#9 blink::V8PerIsolateData::~V8PerIsolateData() third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp:79 (content_browsertests+0x0000040ab74e)
#10 blink::V8PerIsolateData::destroy(v8::Isolate*) third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp:258:5 (content_browsertests+0x0000040abdd7)
#11 blink::V8Initializer::shutdownMainThread() third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp:402:5 (content_browsertests+0x0000040a6306)
#12 blink::shutdown() third_party/WebKit/Source/web/WebKit.cpp:113:5 (content_browsertests+0x000003fbb6f9)
#13 content::RenderThreadImpl::Shutdown() content/renderer/render_thread_impl.cc:982:5 (content_browsertests+0x000003b5ccbe)
#14 non-virtual thunk to content::RenderThreadImpl::Shutdown() content/renderer/render_thread_impl.cc:870:24 (content_browsertests+0x000003b5cdcd)
#15 content::ChildProcess::~ChildProcess() content/child/child_process.cc:73:19 (content_browsertests+0x000003a61ad7)
#16 content::RenderProcessImpl::~RenderProcessImpl() content/renderer/render_process_impl.cc:113:1 (content_browsertests+0x000003b5667f)
#17 content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:207:3 (content_browsertests+0x000003b9e18b)
#18 content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:343:14 (content_browsertests+0x000001cf42fd)
#19 content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:426:12 (content_browsertests+0x000001cf4e87)
#20 content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:785:12 (content_browsertests+0x000001cf5b5d)
#21 content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:20:28 (content_browsertests+0x000001cecbee)
#22 content::LaunchTests(content::TestLauncherDelegate*, int, int, char**) content/public/test/test_launcher.cc:523:12 (content_browsertests+0x00000240ef0a)
#23 main content/test/content_test_launcher.cc:131:10 (content_browsertests+0x0000023f5e02)
SUMMARY: ThreadSanitizer: heap-use-after-free v8/include/v8.h:7764:54 in New
==================
Jochen, can you please take a look?
Comment 1 by glider@chromium.org
, Aug 18 2016