Issue metadata
Sign in to add a comment
|
Indirect-leak in base::WaitableEvent::WaitableEvent |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6215641246466048 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: base::WaitableEvent::WaitableEvent content::ChildProcess::ChildProcess content::GpuProcess::GpuProcess Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6215641246466048 Additional requirements: Requires HTTP Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 22 2018
Unable to find actual suspect through code search and also observing no related changes under regression range, hence adding appropriate label and requesting someone from gpu team to look in to this issue. Thanks!
,
Mar 23 2018
I'll investigate this.
,
Mar 23 2018
I'll investigate this.
,
May 21 2018
This crash occurs very frequently on linux platform and is likely preventing the fuzzer inferno_twister from making much progress. Fixing this will allow more bugs to be found. Marking this bug as a blocker for next Beta release. If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
,
May 22 2018
If I try to reproduce, both with original revision and ToT, I see the following leak in fontconfig instead:
"""
=================================================================
==27845==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 6400 byte(s) in 25 object(s) allocated from:
#0 0x55d3cb011143 in __interceptor_malloc _asan_rtl_:3
#1 0x55d3d465786c in FcPatternObjectInsertElt ./../../third_party/fontconfig/src/src/fcpat.c:470:24
#2 0x55d3d4658190 in FcPatternObjectAddWithBinding ./../../third_party/fontconfig/src/src/fcpat.c:655:9
#3 0x55d3d465a6b6 in FcPatternAppend ./../../third_party/fontconfig/src/src/fcpat.c:1187:11
#4 0x55d3d4669989 in FcParsePattern ./../../third_party/fontconfig/src/src/fcxml.c:2881:11
#5 0x55d3d4669989 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:3000:0
#6 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#7 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#8 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#9 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#10 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#11 0x55d3d4667601 in FcConfigParseAndLoadDir ./../../third_party/fontconfig/src/src/fcxml.c:3209:12
#12 0x55d3d4667601 in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3392:0
#13 0x55d3d4670f86 in FcParseInclude ./../../third_party/fontconfig/src/src/fcxml.c:2397:10
#14 0x55d3d4670f86 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:2928:0
#15 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#16 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#17 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#18 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#19 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#20 0x55d3d46450a0 in FcInitLoadOwnConfig ./../../third_party/fontconfig/src/src/fcinit.c:80:10
#21 0x55d3d4645628 in FcInitLoadOwnConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:160:14
#22 0x55d3d4645628 in IA__FcInitLoadConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:174:0
#23 0x55d3d461aa4c in FcConfigEnsure ./../../third_party/fontconfig/src/src/fccfg.c:46:11
#24 0x55d3d461aa4c in FcConfigInit ./../../third_party/fontconfig/src/src/fccfg.c:59:0
#25 0x55d3d2a8bde9 in ChromeBrowserMainPartsLinux::ToolkitInitialized() ./../../chrome/browser/chrome_browser_main_linux.cc:48:3
#26 0x55d3cddbb16a in content::BrowserMainLoop::InitializeToolkit() ./../../content/browser/browser_main_loop.cc:1487:13
#27 0x55d3cddbe316 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ./../../content/browser/browser_main_runner_impl.cc:123:24
#28 0x55d3cdda7d08 in content::BrowserMain(content::MainFunctionParams const&) ./../../content/browser/browser_main.cc:42:32
#29 0x55d3d29f8474 in content::ContentMainRunnerImpl::Run() ./../../content/app/content_main_runner_impl.cc:946:12
#30 0x55d3d2a1ba6b in service_manager::Main(service_manager::MainParams const&) ./../../services/service_manager/embedder/main.cc:452:29
#31 0x55d3d29f1d07 in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:19:10
#32 0x55d3cb040043 in ChromeMain ./../../chrome/app/chrome_main.cc:101:12
#33 0x7f9a29aeb2b0 in __libc_start_main ??:0:0
Indirect leak of 1600 byte(s) in 50 object(s) allocated from:
#0 0x55d3cb01132a in __interceptor_calloc _asan_rtl_:3
#1 0x55d3d46580c8 in FcValueListCreate ./../../third_party/fontconfig/src/src/fcpat.c:136:12
#2 0x55d3d46580c8 in FcPatternObjectAddWithBinding ./../../third_party/fontconfig/src/src/fcpat.c:630:0
#3 0x55d3d465a6b6 in FcPatternAppend ./../../third_party/fontconfig/src/src/fcpat.c:1187:11
#4 0x55d3d4669989 in FcParsePattern ./../../third_party/fontconfig/src/src/fcxml.c:2881:11
#5 0x55d3d4669989 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:3000:0
#6 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#7 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#8 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#9 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#10 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#11 0x55d3d4667601 in FcConfigParseAndLoadDir ./../../third_party/fontconfig/src/src/fcxml.c:3209:12
#12 0x55d3d4667601 in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3392:0
#13 0x55d3d4670f86 in FcParseInclude ./../../third_party/fontconfig/src/src/fcxml.c:2397:10
#14 0x55d3d4670f86 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:2928:0
#15 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#16 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#17 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#18 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#19 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#20 0x55d3d46450a0 in FcInitLoadOwnConfig ./../../third_party/fontconfig/src/src/fcinit.c:80:10
#21 0x55d3d4645628 in FcInitLoadOwnConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:160:14
#22 0x55d3d4645628 in IA__FcInitLoadConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:174:0
#23 0x55d3d461aa4c in FcConfigEnsure ./../../third_party/fontconfig/src/src/fccfg.c:46:11
#24 0x55d3d461aa4c in FcConfigInit ./../../third_party/fontconfig/src/src/fccfg.c:59:0
#25 0x55d3d2a8bde9 in ChromeBrowserMainPartsLinux::ToolkitInitialized() ./../../chrome/browser/chrome_browser_main_linux.cc:48:3
#26 0x55d3cddbb16a in content::BrowserMainLoop::InitializeToolkit() ./../../content/browser/browser_main_loop.cc:1487:13
#27 0x55d3cddbe316 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ./../../content/browser/browser_main_runner_impl.cc:123:24
#28 0x55d3cdda7d08 in content::BrowserMain(content::MainFunctionParams const&) ./../../content/browser/browser_main.cc:42:32
#29 0x55d3d29f8474 in content::ContentMainRunnerImpl::Run() ./../../content/app/content_main_runner_impl.cc:946:12
#30 0x55d3d2a1ba6b in service_manager::Main(service_manager::MainParams const&) ./../../services/service_manager/embedder/main.cc:452:29
#31 0x55d3d29f1d07 in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:19:10
#32 0x55d3cb040043 in ChromeMain ./../../chrome/app/chrome_main.cc:101:12
#33 0x7f9a29aeb2b0 in __libc_start_main ??:0:0
Indirect leak of 519 byte(s) in 50 object(s) allocated from:
#0 0x55d3caffbedd in __interceptor_strdup _asan_rtl_:3
#1 0x55d3d46560f3 in IA__FcValueSave ./../../third_party/fontconfig/src/src/fcpat.c:103:10
#2 0x55d3d46580e3 in FcPatternObjectAddWithBinding ./../../third_party/fontconfig/src/src/fcpat.c:634:13
#3 0x55d3d465a6b6 in FcPatternAppend ./../../third_party/fontconfig/src/src/fcpat.c:1187:11
#4 0x55d3d4669989 in FcParsePattern ./../../third_party/fontconfig/src/src/fcxml.c:2881:11
#5 0x55d3d4669989 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:3000:0
#6 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#7 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#8 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#9 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#10 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#11 0x55d3d4667601 in FcConfigParseAndLoadDir ./../../third_party/fontconfig/src/src/fcxml.c:3209:12
#12 0x55d3d4667601 in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3392:0
#13 0x55d3d4670f86 in FcParseInclude ./../../third_party/fontconfig/src/src/fcxml.c:2397:10
#14 0x55d3d4670f86 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:2928:0
#15 0x55d3d475cc1d in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
#16 0x55d3d4775f9d in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
#17 0x55d3d4772244 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
#18 0x55d3d4666bcf in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3306:6
#19 0x55d3d46672ce in IA__FcConfigParseAndLoad ./../../third_party/fontconfig/src/src/fcxml.c:3417:11
#20 0x55d3d46450a0 in FcInitLoadOwnConfig ./../../third_party/fontconfig/src/src/fcinit.c:80:10
New crash type: Direct-leak
New crash state:
FcPatternObjectInsertElt
FcPatternObjectAddWithBinding
FcPatternAppend
Original crash type: Indirect-leak
Original crash state:
base::WaitableEvent::WaitableEvent
content::ChildProcess::ChildProcess
content::GpuProcess::GpuProcess
The stacktrace doesn't match the original stacktrace.
"""
I tried fixing this by adding FcFini to ChromeBrowserMainPartsLinux::PostDestroyThreads(), but that didn't fix it :-(
->thomasanderson since this involves fontconfig on linux
,
May 22 2018
I've reissued the clusterfuzz task to see if it picks up the new leak now. Also I investigated the code around the original leak (WaitableEvent in ChildProcess), and I don't see how that could leak.
,
May 22 2018
This leak is intentional. We do not call FcFini() on shutdown. https://cs.chromium.org/chromium/src/base/test/test_suite.cc?rcl=4753267be8640779700dc46c4289cc1cc7e4eda5&l=464 For now, clusterfuzz should be using the lsan suppressions https://cs.chromium.org/chromium/src/build/sanitizers/lsan_suppressions.cc?rcl=956b32c065e79b9389ac392dea0cc6bc27df8ce2&l=98
,
Jul 14
ClusterFuzz testcase 6215641246466048 appears to be flaky, updating reproducibility label.
,
Jul 17
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Mar 22 2018Labels: Test-Predator-Auto-Components