Memory leak caused by using SVG in UA stylesheet
138 views
Skip to first unread message
Alex Keng
Aug 23, 2019, 2:58:35 PM8/23/19
to memory-dev
Hi!
My CL [1], which is using background-image:url(data:image/svg+xml) in UA stylesheet, is causing a memory leak detected by chromium.memory/WebKit Linux Leak [2] (The leak can be repro'ed on Windows too)
I have tried using LSan but it didn't really help. When I run LSan with content_shell, it outputs some leaks that don't make much sense [3].
I have also tried comparing the implementations of <input type=password> and <video>, since <video> is also using same pattern to render svg on buttons but it seems to have no leaks. But I couldn't find anything suspicious.
So I am wondering
1) Does anyone know what could possibly cause the leak?
2) Is there any tool that can help debugging leaks detected by --enable-leak-detection? ex. something that can detect reference cycles, etc.
Thanks!
Alex
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1708748 (controls_refresh.css)
[2] related issue: https://bugs.chromium.org/p/chromium/issues/detail?id=988232
Example leak log: (virtual/controls-refresh/fast/forms/controls-new-ui/password/password-losing-focus.html)
({"numberOfLiveDocuments":[1,3],"numberOfLiveFrames":[1,3],"numberOfLiveLayoutObjects":[3,10],"numberOfLiveNodes":[4,16],"numberOfLiveResourceFetchers":[1,3]})
[3]
alexkeng@alexkeng-Virtual-Machine:~/chromium/src/out/lsan$ ASAN_OPTIONS="detect_leaks=1 symbolize=1 external_symbolizer_path=$SRC/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer" ./content_shell --enable-features=FormControlsRefresh --single-process http://ak-z240.ntdev.corp.microsoft.com/controls/password-simple.html
DevTools listening on ws://127.0.0.1:45619/devtools/browser/49e878d9-884c-4a24-a192-4faab6f25998
Xlib: sequence lost (0x10138 > 0x13b) in reply type 0x0!
[30713:30743:0812/105634.611957:ERROR:command_buffer_proxy_impl.cc(124)] ContextResult::kTransientFailure: Failed to send GpuChannelMsg_CreateCommandBuffer.
=================================================================
==30713==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x55d875a14c0d in malloc /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:145:3
#1 0x55d87e49bca6 in FcPatternObjectInsertElt third_party/fontconfig/src/src/fcpat.c:545:24
#2 0x55d87e49c744 in FcPatternObjectAddWithBinding third_party/fontconfig/src/src/fcpat.c:732:9
#3 0x55d87e49e7bc in FcPatternAppend third_party/fontconfig/src/src/fcpat.c:1269:11
#4 0x55d87e4ac6a4 in FcParsePattern third_party/fontconfig/src/src/fcxml.c:2924:11
#5 0x55d87e4ac6a4 in FcEndElement third_party/fontconfig/src/src/fcxml.c:3043
#6 0x55d87e525468 in xmlParseEndTag1 third_party/libxml/src/parser.c:8637:9
#7 0x55d87e53ae9a in xmlParseTryOrFinish third_party/libxml/src/parser.c:11537:7
#8 0x55d87e536c3d in xmlParseChunk third_party/libxml/src/parser.c
#9 0x55d87e4a9d53 in FcConfigParseAndLoadFromMemoryInternal third_party/fontconfig/src/src/fcxml.c:3356:6
#10 0x55d87e4a94ca in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3491:11
#11 0x55d87e4a95e2 in FcConfigParseAndLoadDir third_party/fontconfig/src/src/fcxml.c:3256:12
#12 0x55d87e4a95e2 in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3454
#13 0x55d87e4b0802 in FcParseInclude third_party/fontconfig/src/src/fcxml.c:2421:10
#14 0x55d87e4b0802 in FcEndElement third_party/fontconfig/src/src/fcxml.c:2971
#15 0x55d87e525468 in xmlParseEndTag1 third_party/libxml/src/parser.c:8637:9
#16 0x55d87e53ae9a in xmlParseTryOrFinish third_party/libxml/src/parser.c:11537:7
#17 0x55d87e536c3d in xmlParseChunk third_party/libxml/src/parser.c
#18 0x55d87e4a9d53 in FcConfigParseAndLoadFromMemoryInternal third_party/fontconfig/src/src/fcxml.c:3356:6
#19 0x55d87e4a94ca in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3491:11
#20 0x55d87e48d0ba in FcInitLoadOwnConfig third_party/fontconfig/src/src/fcinit.c:88:10
#21 0x55d87e48d480 in FcInitLoadOwnConfigAndFonts third_party/fontconfig/src/src/fcinit.c:169:14
#22 0x55d87e48d480 in IA__FcInitLoadConfigAndFonts third_party/fontconfig/src/src/fcinit.c:183
#23 0x55d87e46b904 in FcConfigEnsure third_party/fontconfig/src/src/fccfg.c:45:11
#24 0x55d87e46b904 in IA__FcConfigGetCurrent third_party/fontconfig/src/src/fccfg.c:524
#25 0x55d87e46b904 in IA__FcConfigSubstituteWithPat third_party/fontconfig/src/src/fccfg.c:1575
#26 0x55d87f5424c2 in QueryFontconfig ui/gfx/font_render_params_linux.cc:161:3
#27 0x55d87f5424c2 in gfx::GetFontRenderParams(gfx::FontRenderParamsQuery const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) ui/gfx/font_render_params_linux.cc:278
#28 0x55d87b1da2af in content::BrowserMainLoop::BrowserThreadsStarted() content/browser/browser_main_loop.cc:1222:33
#29 0x55d87c122395 in Run base/callback.h:132:12
#30 0x55d87c122395 in content::StartupTaskRunner::RunAllTasksNow() content/browser/startup_task_runner.cc:41
#31 0x55d87b1d92a1 in content::BrowserMainLoop::CreateStartupTasks() content/browser/browser_main_loop.cc:891:25
#32 0x55d87b1e1d0d in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) content/browser/browser_main_runner_impl.cc:128:15
#33 0x55d87b1d4512 in content::BrowserMain(content::MainFunctionParams const&) content/browser/browser_main.cc:43:32
#34 0x55d87adcda2d in RunBrowserProcessMain content/app/content_main_runner_impl.cc:553:10
#35 0x55d87adcda2d in content::ContentMainRunnerImpl::RunServiceManager(content::MainFunctionParams&, bool) content/app/content_main_runner_impl.cc:980
#36 0x55d87adcce94 in content::ContentMainRunnerImpl::Run(bool) content/app/content_main_runner_impl.cc:868:12
#37 0x55d8821b84ab in service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:423:29
#38 0x55d878071564 in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10
Direct leak of 176 byte(s) in 1 object(s) allocated from:
#0 0x55d875a14f29 in realloc /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:164:3
#1 0x7f65393b01eb (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x381eb)
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x55d875a14d82 in calloc /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:154:3
#1 0x55d87e49c686 in FcValueListCreate third_party/fontconfig/src/src/fcpat.c:136:12
#2 0x55d87e49c686 in FcPatternObjectAddWithBinding third_party/fontconfig/src/src/fcpat.c:707
#3 0x55d87e49e7bc in FcPatternAppend third_party/fontconfig/src/src/fcpat.c:1269:11
#4 0x55d87e4ac6a4 in FcParsePattern third_party/fontconfig/src/src/fcxml.c:2924:11
#5 0x55d87e4ac6a4 in FcEndElement third_party/fontconfig/src/src/fcxml.c:3043
#6 0x55d87e525468 in xmlParseEndTag1 third_party/libxml/src/parser.c:8637:9
#7 0x55d87e53ae9a in xmlParseTryOrFinish third_party/libxml/src/parser.c:11537:7
#8 0x55d87e536c3d in xmlParseChunk third_party/libxml/src/parser.c
#9 0x55d87e4a9d53 in FcConfigParseAndLoadFromMemoryInternal third_party/fontconfig/src/src/fcxml.c:3356:6
#10 0x55d87e4a94ca in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3491:11
#11 0x55d87e4a95e2 in FcConfigParseAndLoadDir third_party/fontconfig/src/src/fcxml.c:3256:12
#12 0x55d87e4a95e2 in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3454
#13 0x55d87e4b0802 in FcParseInclude third_party/fontconfig/src/src/fcxml.c:2421:10
#14 0x55d87e4b0802 in FcEndElement third_party/fontconfig/src/src/fcxml.c:2971
#15 0x55d87e525468 in xmlParseEndTag1 third_party/libxml/src/parser.c:8637:9
#16 0x55d87e53ae9a in xmlParseTryOrFinish third_party/libxml/src/parser.c:11537:7
#17 0x55d87e536c3d in xmlParseChunk third_party/libxml/src/parser.c
#18 0x55d87e4a9d53 in FcConfigParseAndLoadFromMemoryInternal third_party/fontconfig/src/src/fcxml.c:3356:6
#19 0x55d87e4a94ca in _FcConfigParse third_party/fontconfig/src/src/fcxml.c:3491:11
#20 0x55d87e48d0ba in FcInitLoadOwnConfig third_party/fontconfig/src/src/fcinit.c:88:10
#21 0x55d87e48d480 in FcInitLoadOwnConfigAndFonts third_party/fontconfig/src/src/fcinit.c:169:14
#22 0x55d87e48d480 in IA__FcInitLoadConfigAndFonts third_party/fontconfig/src/src/fcinit.c:183
#23 0x55d87e46b904 in FcConfigEnsure third_party/fontconfig/src/src/fccfg.c:45:11
#24 0x55d87e46b904 in IA__FcConfigGetCurrent third_party/fontconfig/src/src/fccfg.c:524
#25 0x55d87e46b904 in IA__FcConfigSubstituteWithPat third_party/fontconfig/src/src/fccfg.c:1575
#26 0x55d87f5424c2 in QueryFontconfig ui/gfx/font_render_params_linux.cc:161:3
#27 0x55d87f5424c2 in gfx::GetFontRenderParams(gfx::FontRenderParamsQuery const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) ui/gfx/font_render_params_linux.cc:278
#28 0x55d87b1da2af in content::BrowserMainLoop::BrowserThreadsStarted() content/browser/browser_main_loop.cc:1222:33
#29 0x55d87c122395 in Run base/callback.h:132:12
#30 0x55d87c122395 in content::StartupTaskRunner::RunAllTasksNow() content/browser/startup_task_runner.cc:41
#31 0x55d87b1d92a1 in content::BrowserMainLoop::CreateStartupTasks() content/browser/browser_main_loop.cc:891:25
#32 0x55d87b1e1d0d in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) content/browser/browser_main_runner_impl.cc:128:15
#33 0x55d87b1d4512 in content::BrowserMain(content::MainFunctionParams const&) content/browser/browser_main.cc:43:32
#34 0x55d87adcda2d in RunBrowserProcessMain content/app/content_main_runner_impl.cc:553:10
#35 0x55d87adcda2d in content::ContentMainRunnerImpl::RunServiceManager(content::MainFunctionParams&, bool) content/app/content_main_runner_impl.cc:980
#36 0x55d87adcce94 in content::ContentMainRunnerImpl::Run(bool) content/app/content_main_runner_impl.cc:868:12
#37 0x55d8821b84ab in service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:423:29
#38 0x55d878071564 in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10
#39 0x55d875a40d5b in main content/shell/app/shell_main.cc:43:10
SUMMARY: AddressSanitizer: 464 byte(s) leaked in 3 allocation(s).
alexkeng@alexkeng-Virtual-Machine:~/chromium/src/out/lsan$
Erik Chen
Aug 23, 2019, 3:20:04 PM8/23/19
to Alex Keng, Kentaro Hara, Keishi Hattori, memory-dev
One of +Kentaro Hara or +Keishi Hattori should be able to help with Renderer leaks. :)
I would guess that the LSAN issue is unrelated
--
You received this message because you are subscribed to the Google Groups "memory-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to memory-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/b024fdd2-7806-4bfd-b725-aca7ee020b7e%40chromium.org.
Kentaro Hara
Aug 24, 2019, 10:33:25 PM8/24/19
to Erik Chen, Takashi Sakamoto, Bartek Nowierski, Alex Keng, Keishi Hattori, memory-dev
Takashi Sakamoto
Aug 26, 2019, 2:54:59 AM8/26/19
to Kentaro Hara, Erik Chen, Bartek Nowierski, Alex Keng, Keishi Hattori, memory-dev
As far as I understand, UserAgentStyleSheet (c.f. https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/css/css_default_style_sheets.cc) is DEFINE_STATIC_LOCAL.
I heard that SVG creates SVG document for rendering (I have to check whether this is true or not...).
So if the above 2 are true, created SVG documents owned by UserAgentStyleSheet will be never free-ed while a renderer is alive. Leak detector will say "leak detected".
Best regards,
tasak
2019年8月25日(日) 11:33 Kentaro Hara <har...@chromium.org>:
Fredrik Söderquist
Aug 26, 2019, 6:10:36 AM8/26/19
to Takashi Sakamoto, Kentaro Hara, Erik Chen, Bartek Nowierski, Alex Keng, Keishi Hattori, memory-dev
On Mon, Aug 26, 2019 at 8:55 AM 'Takashi Sakamoto' via memory-dev <memor...@chromium.org> wrote:
As far as I understand, UserAgentStyleSheet (c.f. https://cs.chromium.org/chromium/src/third_party/blicrbug.com/874442crbug.com/874442nk/renderer/core/css/css_default_style_sheets.cc) is DEFINE_STATIC_LOCAL.
I heard that SVG creates SVG document for rendering (I have to check whether this is true or not...).So if the above 2 are true, created SVG documents owned by UserAgentStyleSheet will be never free-ed while a renderer is alive. Leak detector will say "leak detected".
Yes, that's correct.
The (somewhat compacted) object graph will be something like:
CSSDefaultStyleSheets -> StyleSheetContents -> { here be "CSS cloud" / RuleSet / RuleData } -> CSSImageSetValue -> StyleFetchedImageSet -> ImageResourceContent -**ref-counted**-> SVGImage -> Page
So the SVG image will be retained by the UA stylesheet (at least if the UA rule has ever applied to something), and thus the "leak" is expected as tasak said. To make it go away we'd need to relax the caching in CSSImage(Set)Value (and likely other similiar CSSValues). A simple s/Member/WeakMember/ would probably work fine for the mentioned two CSSValues (although, at least in theory, it would change the request pattern for some cases).
And since you mentioned <video>, I think the difference there is that the leak detector takes that into account by clearing "lazily loaded UA style sheets" (see CSSDefaultStyleSheets::PrepareForLeakDetection), of which the media controls style sheet is one.
/fs
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/CAKp9wxehw-30zx4oAXjAp5L7WgRVCTczTFJ2KnzpwGaahJnQ0g%40mail.gmail.com.
Keishi Hattori
Aug 26, 2019, 8:59:48 AM8/26/19
to Fredrik Söderquist, Takashi Sakamoto, Kentaro Hara, Erik Chen, Bartek Nowierski, Alex Keng, memory-dev
Hi
Regarding tooling, we have v8_enable_raw_heap_snapshots builds flag which can show the V8/BlinkGC object graph but it is quite hard to read so I would just try to minimize the change first.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/CAHediLRPMZfFr6VCk_x0-ag21KFVFSMvVnxMnOPamuSh-dwH%3DA%40mail.gmail.com.
- Keishi
Alex Keng
Aug 27, 2019, 12:54:01 AM8/27/19
to memory-dev, f...@opera.com, ta...@google.com, har...@chromium.org, erik...@chromium.org, bar...@google.com, shi...@microsoft.com
Thank you all for the quick responses! I have confirmed re-creating default_style_sheet_ in PrepareForLeakDetection can address the issue.
Please take a look at the CL: https://chromium-review.googlesource.com/c/chromium/src/+/1772657
Thanks!
Alex
Best regards,tasak
To unsubscribe from this group and stop receiving emails from it, send an email to memor...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/b024fdd2-7806-4bfd-b725-aca7ee020b7e%40chromium.org.
--Kentaro Hara, Tokyo, Japan
--
You received this message because you are subscribed to the Google Groups "memory-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to memor...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/CAKp9wxehw-30zx4oAXjAp5L7WgRVCTczTFJ2KnzpwGaahJnQ0g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "memory-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to memor...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/memory-dev/CAHediLRPMZfFr6VCk_x0-ag21KFVFSMvVnxMnOPamuSh-dwH%3DA%40mail.gmail.com.
--- Keishi
Reply all
Reply to author
Forward
0 new messages