chromium 59.0.3071.86 crashes at startup on x86

Bug #1697496 reported by Olivier Tilloy on 2017-06-12
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Critical
Olivier Tilloy

Bug Description

Chromium 59.0.3071.86 was promoted to the stable release channel last week, and I have built packages for all supported ubuntu releases at https://launchpad.net/~osomon/+archive/ubuntu/chromium-stable.

The packages appear to work fine on 64bit versions of ubuntu, but the application crash when run on x86. This is what I’m seeing in an up-to-date xenial i386 VM:

ubuntu@xenialvm:~$ chromium-browser
Received signal 11 SEGV_MAPERR 0000031d9a20
#0 0x0000b75daee3 base::debug::StackTrace::StackTrace()
#1 0x0000b75da767 base::debug::StackTrace::StackTrace()
#2 0x0000b75db2fe <unknown>
#3 0x0000b7727cfc ([vdso]+0xcfb)
#4 0x00008113ac1c <unknown>
#5 0x00008113b9d8 <unknown>
#6 0x000080e432e8 <unknown>
#7 0x000080e3b5c3 <unknown>
#8 0x000080e3ea72 <unknown>
#9 0x0000b2bc499c BrowserContextKeyedServiceFactory::BuildServiceInstanceFor()
#10 0x0000b3282146 KeyedServiceFactory::GetServiceForContext()
#11 0x000080e3eb66 <unknown>
#12 0x000080d80e3e <unknown>
#13 0x000080d81738 <unknown>
#14 0x0000819fa25e <unknown>
#15 0x000080d6bdc6 <unknown>
#16 0x000080eed5e2 <unknown>
#17 0x000080eedac5 <unknown>
#18 0x0000b50adfcc content::StoragePartitionImplMap::Get()
#19 0x0000b4d47259 <unknown>
#20 0x0000b4d47ba7 content::BrowserContext::GetStoragePartition()
#21 0x0000b4d47dc7 content::BrowserContext::GetDefaultStoragePartition()
#22 0x000080eea99e <unknown>
#23 0x000080eeb284 <unknown>
#24 0x000080eeb641 <unknown>
#25 0x000080eec537 <unknown>
#26 0x000080eec7ab <unknown>
#27 0x000080d70ba3 <unknown>
#28 0x000080d764bd <unknown>
#29 0x000080d7678c <unknown>
#30 0x000081a49be0 <unknown>
#31 0x000080fb3148 <unknown>
#32 0x000080fb408c <unknown>
#33 0x0000b4d4b0d9 content::BrowserMainLoop::PreMainMessageLoopRun()
#34 0x0000b50a5657 content::StartupTaskRunner::RunAllTasksNow()
#35 0x0000b4d4c76e content::BrowserMainLoop::CreateStartupTasks()
#36 0x0000b4d517a3 <unknown>
#37 0x0000b4d4a252 content::BrowserMain()
#38 0x0000b54875ee <unknown>
#39 0x0000b01d3adb service_manager::Main()
#40 0x0000b5486140 content::ContentMain()
#41 0x0000808dbab7 <unknown>
#42 0x0000808da08b <unknown>
#43 0x0000b0323637 __libc_start_main
#44 0x0000808db8fe <unknown>
  gs: 00000033 fs: 00000000 es: 0000007b ds: 0000007b
 edi: 84f352bc esi: 84f35120 ebp: bfd54c08 esp: bfd54ad0
 ebx: 84f34f68 edx: 00000006 ecx: 00000026 eax: bfd54c20
 trp: 0000000e err: 00000004 ip: 8113ac1c cs: 00000073
 efl: 00210282 usp: bfd54ad0 ss: 0000007b
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Olivier Tilloy (osomon) wrote :

Stack trace with debug symbols installed:

#0 0x81130c1c in re2::RE2::Init ()
#1 0x811319d8 in re2::RE2::RE2 ()
#2 0x80e392e8 in SupervisedUserURLFilter::SupervisedUserURLFilter ()
#3 0x80e315c3 in SupervisedUserService::SupervisedUserService ()
#4 0x80e34a72 in SupervisedUserServiceFactory::BuildServiceInstanceFor ()
#5 0xb347699c in BrowserContextKeyedServiceFactory::BuildServiceInstanceFor ()
   from /usr/lib/chromium-browser/./libkeyed_service_content.so
#6 0xb3b34146 in KeyedServiceFactory::GetServiceForContext () from /usr/lib/chromium-browser/./libkeyed_service_core.so
#7 0x80e34b66 in SupervisedUserServiceFactory::GetForProfile ()
#8 0x80d76e3e in IsURLAllowedForSupervisedUser ()
#9 0x80d77738 in search::GetNewTabPageURL ()
#10 0x819f025e in NewTabPageInterceptorService::CreateInterceptor ()
#11 0x80d61dc6 in ProfileIOData::InitializeOnUIThread ()
#12 0x80ee35e2 in LazyInitialize ()
#13 0x80ee3ac5 in ProfileImplIOData::Handle::GetResourceContext ()
#14 0xb595ffcc in content::StoragePartitionImplMap::Get () from /usr/lib/chromium-browser/./libcontent.so
#15 0xb55f9259 in GetStoragePartitionFromConfig () from /usr/lib/chromium-browser/./libcontent.so
#16 0xb55f9ba7 in content::BrowserContext::GetStoragePartition () from /usr/lib/chromium-browser/./libcontent.so
#17 0xb55f9dc7 in content::BrowserContext::GetDefaultStoragePartition () from /usr/lib/chromium-browser/./libcontent.so
#18 0x80ee099e in ProfileImpl::DoFinalInit ()
#19 0x80ee1284 in ProfileImpl::OnLocaleReady ()
#20 0x80ee1641 in ProfileImpl::OnPrefsLoaded ()
#21 0x80ee2537 in ProfileImpl::ProfileImpl ()
#22 0x80ee27ab in Profile::CreateProfile ()
#23 0x80d66ba3 in ProfileManager::CreateProfileHelper ()
#24 0x80d6c4bd in ProfileManager::CreateAndInitializeProfile ()
#25 0x80d6c78c in ProfileManager::GetProfile ()
#26 0x81a3fbe0 in GetStartupProfile ()
#27 0x80fa9148 in ChromeBrowserMainParts::PreMainMessageLoopRunImpl ()
#28 0x80faa08c in ChromeBrowserMainParts::PreMainMessageLoopRun ()
#29 0xb55fd0d9 in content::BrowserMainLoop::PreMainMessageLoopRun () from /usr/lib/chromium-browser/./libcontent.so
#30 0xb5957657 in content::StartupTaskRunner::RunAllTasksNow () from /usr/lib/chromium-browser/./libcontent.so
#31 0xb55fe76e in content::BrowserMainLoop::CreateStartupTasks () from /usr/lib/chromium-browser/./libcontent.so
#32 0xb56037a3 in content::BrowserMainRunnerImpl::Initialize () from /usr/lib/chromium-browser/./libcontent.so
#33 0xb55fc252 in content::BrowserMain () from /usr/lib/chromium-browser/./libcontent.so
#34 0xb5d395ee in content::ContentMainRunnerImpl::Run () from /usr/lib/chromium-browser/./libcontent.so
#35 0xb0a85adb in service_manager::Main () from /usr/lib/chromium-browser/./libembedder.so
#36 0xb5d38140 in content::ContentMain () from /usr/lib/chromium-browser/./libcontent.so
#37 0x808d1ab7 in ChromeMain ()
#38 0x808d008b in main ()

Olivier Tilloy (osomon) wrote :

Version 58.0.3029.110 from the archive doesn't crash at startup, so this is a regression introduced in the chromium 59 packages.

zesty and artful are not affected (packages for those releases are built with clang). I'm starting to suspect http://bazaar.launchpad.net/~chromium-team/chromium-browser/xenial-beta/revision/1279 (verifying that now).
That patch could easily be gotten rid of in xenial and yakkety where gcc >= 5 is available, but not on trusty (where the default is 4.8 and 4.9 is available).

Olivier Tilloy (osomon) wrote :

That patch was added to fix the following build failure:

FAILED: g++-4.8 -MMD -MF obj/third_party/swiftshader/src/Common/swiftshader_common/CPUID.o.d -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DDISABLE_NACL -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DCOMPONENT_BUILD -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DLOG_TAG=\"swiftshader_common\" -I../.. -Igen -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -m32 -msse2 -mfpmath=sse -mmmx -pthread -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-missing-field-initializers -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -fomit-frame-pointer -g1 -fvisibility=hidden -msse2 -fvisibility-inlines-hidden -std=gnu++11 -Wno-narrowing -fno-rtti -fno-exceptions -c ../../third_party/swiftshader/src/Common/CPUID.cpp -o obj/third_party/swiftshader/src/Common/swiftshader_common/CPUID.o
../../third_party/swiftshader/src/Common/CPUID.cpp: In static member function ‘static bool sw::CPUID::detectMMX()’:
../../third_party/swiftshader/src/Common/CPUID.cpp:170:123: error: inconsistent operand constraints in an ‘asm’
    __asm volatile("cpuid": "=a" (registers[0]), "=b" (registers[1]), "=c" (registers[2]), "=d" (registers[3]): "a" (info));
                                                                                                                           ^

(full build log at https://launchpadlibrarian.net/316816355/buildlog_ubuntu-trusty-i386.chromium-browser_59.0.3071.15-0ubuntu0.14.04.1173_BUILDING.txt.gz)

On trusty we might need to revert https://chromium.googlesource.com/chromium/src/+/d85baf0b71c69bbd181aaefc8a803611e03c8eed. Or pass enabled_swiftshader=false as a build flag.

Olivier Tilloy (osomon) on 2017-06-14
Changed in chromium-browser (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
importance: Undecided → Critical
status: New → In Progress
Olivier Tilloy (osomon) wrote :

Fixed the issue by getting rid of no-fPIC.patch and building with gcc 5 on xenial, gcc 6 on yakkety, and disabling swiftshader on x86 on trusty.

Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 59.0.3071.109-0ubuntu0.16.10.1357

---------------
chromium-browser (59.0.3071.109-0ubuntu0.16.10.1357) yakkety; urgency=medium

  * Upstream release: 59.0.3071.109

 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:45:30 +0200

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 59.0.3071.109-0ubuntu0.16.04.1289

---------------
chromium-browser (59.0.3071.109-0ubuntu0.16.04.1289) xenial; urgency=medium

  * Upstream release: 59.0.3071.109

 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:47:10 +0200

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers