peria@, can you PTAL?  I've bisected the build error down to your r496290

Interestingly, the build error doesn't repro in the gn configuration copied from the linux_chromium_asan_rel_ng bot:

$ cat out/bot/args.gn 
dcheck_always_on = true
is_asan = true
is_component_build = false
is_debug = false
is_lsan = true
strip_absolute_paths_from_debug_symbols = true
symbol_level = 1
use_goma = true

But it *does* repro after removing "is_lsan = true":

$ cat out/bot/args.gn 
dcheck_always_on = true
is_asan = true
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
symbol_level = 1
use_goma = true

Thank you for confirmation.
I'll investigate and fix it asap.

Could you put a link of the build, if you find this issue with bot errors?


Thank you in advance

So far I have only encountered this error locally, with the GN config shown in #c3 and in the original repro steps.  AFAICT the bots do not test this particular configuration.

 Issue 758079  has been merged into this issue.

That has broken AFL build: https://build.chromium.org/p/chromium.fyi/builders/Afl%20Upload%20Linux%20ASan/builds/4620

Yang, could you help me for this issue?
SnapshotCreator::CreateBlob seems to leak memory. Or is there anything we have to call to release memory in V8?

You need to release memory like this: https://cs.chromium.org/chromium/src/v8/test/cctest/test-serialize.cc?q=test-serialize&sq=package:chromium&l=2232

I think I do it... :S
https://cs.chromium.org/chromium/src/tools/v8_context_snapshot/v8_context_snapshot_generator.cc?l=66

Interesting. It rather looks like V8 is not being shut down properly. I'll try to reproduce.

I can reproduce. It looks like the destructor for SnapshotCreator is not called. That causes the isolate it creates to be not disposed.

Issue 759150 has been merged into this issue.

Raising the priority as per AFL builder breakage (see c#8 and issue 759150).

I'd argue it's not a P0 since this leak occurs during build, but not a run time for users.

Fair point, setting priority to P1, but please note that we don't have fresh fuzzer builds for almost 3 days. Due to that, we cannot verify bug fixes and cannot find new bugs. It would be great if we could at least revert the CL which introduced the regression.

I think peria@ is already working in this.

Thank you for your updates. I detected the root cause and creating a CL to fix it.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a304f7f0d92ca52824a35eb7ea5357edca82fac8

commit a304f7f0d92ca52824a35eb7ea5357edca82fac8
Author: Hitoshi Yoshida <peria@chromium.org>
Date: Mon Aug 28 14:25:36 2017

bindings: Exit v8_context_snapshot_creator without running sanitizers

v8::SnapshotCreator used in WebV8ContextSnapshot makes it complex how to
manage lifetime of v8::Isolate, gin::IsolateHolder, and
blink::V8PerIsolateData.
This CL make the process of v8_context_snapshot_generator exit just after
its task is done, and skip running sanitizers.


Bug:  757962 
Change-Id: I3fd49b135f0bb786603fa9b6ab3a56bba4460886
Reviewed-on: https://chromium-review.googlesource.com/637513
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Hitoshi Yoshida <peria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#497753}
[modify] https://crrev.com/a304f7f0d92ca52824a35eb7ea5357edca82fac8/tools/v8_context_snapshot/v8_context_snapshot_generator.cc

The builder is green: https://build.chromium.org/p/chromium.fyi/builders/Afl%20Upload%20Linux%20ASan?numbuilds=200

Thanks peria@!

Thank you for confirmation! :)