New issue
Advanced search Search tips

Issue 816434 link

Starred by 1 user
Status: WontFix
Owner:
leon....@intel.com
Closed: Mar 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in content::WebServiceWorkerRegistrationImpl::CreateForServiceWorkerGlobalScope

Project Member Reported by ClusterFuzz, Feb 26 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5152276105396224

Fuzzer: inferno_twister
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  content::WebServiceWorkerRegistrationImpl::CreateForServiceWorkerGlobalScope
  content::ServiceWorkerProviderContext::TakeRegistrationForServiceWorkerGlobalSco
  content::ServiceWorkerContextClient::WorkerContextStarted
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=514498:517698

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5152276105396224

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 26 2018

Components: Blink>ServiceWorker
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Feb 26 2018

Labels: Test-Predator-Auto-Owner
Owner: leon....@intel.com
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/86029dbfbf1c4927e12c8f8b09de04d706553472 ([ServiceWorker] Eliminate blink.mojom.ServiceWorkerRegistrationObjectInfo.handle_id).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by leon....@intel.com, Feb 28 2018

Status: Started (was: Assigned)

Comment 4 by leon....@intel.com, Feb 28 2018 

One possible scenario for this leak:
  The service worker thread has already stopped, then WebServiceWorkerRegistrationImpl::OnConnectionError() is invoked on IO thread, which tries to post a task to our stopped service worker thread to destroy WebServiceWorkerRegistrationImpl, the PostTask failed, so the WebServiceWorkerRegistrationImpl instance has no any other chance to be destroyed .

Comment 5 by falken@chromium.org, Mar 2 2018 

Hm, is this expected to go away once Mojo migration is done and we don't need to do the channel-associated interface anymore?

It's also possible the leak detector is just not waiting long enough for the worker-related stuff to be fully cleaned up.

Comment 6 by leon....@intel.com, Mar 2 2018 

Exactly, c#4 scenario is because we're using Channel-associated interface. So I think we can fix this easily after we decouple our interfaces from Channel-associated world later.

Comment 7 by falken@chromium.org, Mar 2 2018 

Thanks. Since we're getting close to full Mojo (right?), it's probably fine to ignore this bug until then.

Comment 8 by leon....@intel.com, Mar 2 2018 

Got it. #Yeah I assume our full Mojo would be achieved within Q1.
Project Member

Comment 9 by ClusterFuzz, Mar 12 2018

Status: WontFix (was: Started)
ClusterFuzz testcase 5152276105396224 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment