jbroman: I was pointed to you as owner of this fuzzer. 

What happens here is that we allocate side data structures for V8's GC. The doesn't gracefully tear down the Isolate though, so LSAN is unhappy about leaking memory. Jochen pointed me to the fuzzer-support.cc which should gracefully shutdown the Isolate in its atexit handler. I am not seeing the TearDown though.

Any chance this is already a known issue?

v8_ssv_fuzzer loads Blink. The advice given in efficient_fuzzer.md is not to free static resources at all:

"""
Fuzzers don't have to shutdown gracefully (we either kill them or they crash
because sanitizer has found a problem). You can skip freeing static resource.
"""

So at present we don't attempt to shut down the isolate (besides which, Blink doesn't
really support shutting down the main thread anymore for similar reasons), so
while we could try to shut down some stuff (like the isolate?), it's hard to guarantee
that it will work in the future.

Given that, I'd be okay with WontFix-ing bugs of this nature, but I don't have
a strong feeling.

I am also fine with WontFix. I was just surprised that this didn't hit anybody else before. Looking at the CF issue, there should be quite some outstanding bugs open because of shutdown.

And given that the intended behavior is actually not gracefully shutting down, I don't see how LSAN is really useful here. Did I miss something?

I don't see this issue happening with libFuzzer. I think the issue is being reported only with AFL, since it has some differences compared to libFuzzer that works fully in-process.

We have some plans late Q3-Q4 with regards to AFL, so I'll keep this issue assigned to me till then.

As of now, I think it makes sense to add "detect_leaks=0" to ASAN_OPTIONS for AFL job type. Other fuzzer may have similar issues.

Abhishek, Oliver, do you have any concerns regarding disabling leaks detection for AFL?

ClusterFuzz has detected this issue as fixed in range 480804:480889.

Detailed report: https://clusterfuzz.com/testcase?key=6628256416792576

Fuzzer: afl_v8_serialized_script_value_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  AllocateAndInitializeSlotSet
  v8::internal::SlotSet* v8::internal::MemoryChunk::AllocateSlotSet<
  Insert
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=476086:476151
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=480804:480889

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6628256416792576


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6628256416792576 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 735268  has been merged into this issue.