Handle Leak

Question

Handle Leak

narinishi opened this issue 4 months ago · comments

narinishi commented 4 months ago

System Details

OS: Windows 8.1 (64-bit)
Thorium Version: 122.0.6261.132 (Official Build) (64-bit)

Problem
Process Hacker shows a very high handle count for one thorium.exe instance

Screenshots

Additional Notes

narinishi · Answer 1 · Thu Apr 04 2024 18:51:19 GMT+0800 (China Standard Time)

possibly related win32ss/supermium#372

Alex F. · Answer 2 · Thu Apr 04 2024 21:39:45 GMT+0800 (China Standard Time)

@narinishi @IDA-RE-things

Can one of y'all test by:

Downloading the portable release of the last M109, M119, and M122 version. (This way we can compare all three, and using a fresh, clean user data profile for reproducibility.) Also remember to download the same type for each (i.e. SSE3, AVX, etc.) to eliminate instruction set differences.
Test each, one at a time, by opening the same page (doesn't matter the page, as long as each test uses the same page), making sure that no other instances of Chromium/Thorium/Supermium are running.
Recording the max and/or average Handle count.

Goal of this is to test each release in an identical environment, to remove any other variables, and see if handle counts have truly increased, and if so, by how much compared to the baseline M109 release.

I will try to reproduce on my side, and try to see what handle might be being erroneously being repeatedly opened. That way we might track down the cause, although win32ss will probably have to be the ultimate fixer, since I don't modify or have much experience working with the Win7 specific code that he restored post-M110.

narinishi · Answer 3 · Fri Apr 05 2024 06:21:48 GMT+0800 (China Standard Time)

The handle count was taken with no tabs open. However, I had previously been using the instance to browse various sites. I still have it open and the handle count has slightly increased.

I am also using Supermium 122.0.6261.85 (Official Build) (64-bit) and the handle count is nowhere near as high.

Alex F. · Answer 4 · Tue Apr 09 2024 11:38:56 GMT+0800 (China Standard Time)

@narinishi Really? Because the handle leak in Thorium on my end on a Win 7 x64 machine is less than Supermium. Mine got to 11,000 after letting it sit for 3 days.

narinishi · Answer 5 · Tue Apr 09 2024 14:10:21 GMT+0800 (China Standard Time)

@narinishi Really? Because the handle leak in Thorium on my end on a Win 7 x64 machine is less than Supermium. Mine got to 11,000 after letting it sit for 3 days.

Yeah. I started a Thorium instance yesterday and it's already at 9,958 handles. Whereas Supermium instance running for two days is below 1,600. I did experience a memory leak with Supermium recently though, although its handles stayed normal.

EDIT: By the way, am using Thorium 122.0.6261.158 now.

narinishi · Answer 6 · Tue Apr 30 2024 04:41:28 GMT+0800 (China Standard Time)

Came across a guide for determining handle leaks https://randomascii.wordpress.com/2021/07/25/finding-windows-handle-leaks-in-chromium-and-others/

narinishi · Answer 7 · Wed May 01 2024 02:21:00 GMT+0800 (China Standard Time)

There are two types of handles that Thorium is leaking. I have a process with 7002 total handles, 1641 are of type WaitCompletionPacket and 3487 are of type Event.

Joachim Henze · Answer 8 · Sat May 11 2024 20:15:34 GMT+0800 (China Standard Time)

Progwrp 1.1.0.5010:
-A few function stubs added covering uxtheme and ole32, mostly for Windows 2000 targets
-Condition variable implementation rewritten, handle leak eliminated
progwrp.zip
Does that help you?

I do suggest that this version (or an even newer) should be bundled with next Thorium-legacy release.
Currently Thorium-legacy "Thorium_SSE3_122.0.6261.168_WINXP_x32.zip" still ships with outdated Progwrp 1.1.0.5002 which is known to massively leak handles (on XPSP3 at least).

Not sure whether that would affect Win8.1x64 too, or whether the dll is entirely unused then.

narinishi · Answer 9 · Sat May 11 2024 23:50:04 GMT+0800 (China Standard Time)

Not sure whether that would affect Win8.1x64 too, or whether the dll is entirely unused then.

Regular Thorium Legacy on 8.1 doesn't depend on progwrp, but I can try seeing if the XP version will run.

narinishi · Answer 10 · Sun May 12 2024 01:56:03 GMT+0800 (China Standard Time)

Thorium for XP with latest progwrp isn't any better behaved - only a couple of hours and already near 15k handles

Alex F. · Answer 11 · Sun May 12 2024 11:41:26 GMT+0800 (China Standard Time)

@JoachimHenze @narinishi He fixed this in latest progwrp. Wait until new builds come out tommorow, which will also have more bug fixes as well as FTP support!

The new builds will use the latest 1.1.0.5010 dll

narinishi · Answer 12 · Sun May 12 2024 16:46:19 GMT+0800 (China Standard Time)

@JoachimHenze @narinishi He fixed this in latest progwrp. Wait until new builds come out tommorow, which will also have more bug fixes as well as FTP support!

The new builds will use the latest 1.1.0.5010 dll

I was using the 1.1.0.5010 dll

Alex F. · Answer 13 · Mon Jun 10 2024 13:49:49 GMT+0800 (China Standard Time)

@narinishi @JoachimHenze Fixed in latest release > https://github.com/Alex313031/thorium-legacy/releases/tag/122.0.6261.171

narinishi · Answer 14 · Tue Jun 11 2024 13:05:30 GMT+0800 (China Standard Time)

Still seems to occur

IDA-RE-things · Answer 15 · Tue Jun 11 2024 16:01:34 GMT+0800 (China Standard Time)

you can make sure that this leak is not related to progwrp.dll at all, by using special version of progwrp for Win7+, which just redirects calls to system dll's :
https://github.com/IDA-RE-things/Chrome-xp-api-adapter/releases

@narinishi : the issue should be reopened to be visible by developer.