Direct-leak in content::ResourceDispatcher::StartAsync |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4718143210258432 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: content::ResourceDispatcher::StartAsync content::WebURLLoaderImpl::Context::Start content::WebURLLoaderImpl::LoadAsynchronously Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=512182:512192 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4718143210258432 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Feb 22 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/04f27c37974050559508833241e11258fb8c1a4a (Replace base::MakeUnique with std::make_unique in content/.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Feb 22 2018
Also reproduces at the beginning of the blame range.
,
Feb 22 2018
It looks like this does actually get collected if the worker runs GC.
,
Feb 22 2018
So it looks like this object gets deleted in (through a number of layers of indirection) ~BytesConsumerForDataConsumerHandle. That finalizer only runs when GC occurs on the worker, but in this test there is never enough memory pressure to trigger a GC.
,
Feb 22 2018
WontFix-ing as this does not appear to be a real leak cc glider, eugenis, in case there's something we could do to about detecting leaks like this. The process does a leak check and then dies in SuicideOnChannelErrorFilter, so we don't seem to ever go and GC the various Oilpan/V8 heaps we might have.
,
Feb 22 2018
,
Mar 1 2018
Issue 817661 has been merged into this issue.
,
Mar 1 2018
ClusterFuzz testcase 4718143210258432 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Mar 1 2018
,
Apr 10 2018
,
Jun 12 2018
ClusterFuzz has detected this issue as fixed in range 566300:566302. Detailed report: https://clusterfuzz.com/testcase?key=4718143210258432 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: content::ResourceDispatcher::StartAsync content::WebURLLoaderImpl::Context::Start content::WebURLLoaderImpl::LoadAsynchronously Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=512182:512192 Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=566300:566302 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4718143210258432 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Feb 22 2018Labels: Test-Predator-Auto-Components