Ubuntu
chromium-browser package

[snap] chromium crashes when opening a URL from an external application

Bug #1838508 reported by Olivier Tilloy
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
Critical
Olivier Tilloy

Bug Description

This appears to be a rather recent regression. I started observing this about 3 weeks ago (around July 10), and it was recently reported by another user (https://discourse.ubuntu.com/t/call-for-testing-chromium-browser-deb-to-snap-transition/11179/95).

Steps to reproduce:

0) Make sure the chromium snap is your default browser
1) Open the chromium snap, and do your usual browsing activities
2) Open a terminal, and execute `xdg-open https://example.org`
2b) Repeat step 2 a few times until you get a notification that chromium crashed, offering to restore the previous session

When the crash happens, I'm seeing this relevant error:

[ERROR:process_singleton_posix.cc(207)] read() failed: Permission denied (13)

and the corresponding entries in journalctl:

juil. 31 09:53:07 bribon audit[25535]: AVC apparmor="DENIED" operation="file_perm" profile="snap.chromium.chromium" name="/run/user/1000/snap.chromium/.org.chromium.Chromium.LWcyoF/SingletonSocket" pid=25535 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
juil. 31 09:53:07 bribon audit[25535]: AVC apparmor="DENIED" operation="file_perm" profile="snap.chromium.chromium" name="/run/user/1000/snap.chromium/.org.chromium.Chromium.LWcyoF/SingletonSocket" pid=25535 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

See original description
Tags: snap
Revision history for this message
Olivier Tilloy (osomon) wrote :

From chrome/browser/process_singleton_posix.cc:

// When the second process sends the current directory and command line flags to
// the first process, it waits for an ACK message back from the first process
// for a certain time. If there is no ACK message back in time, then the first
// process will be considered as hung for some reason. The second process then
// retrieves the process id from the symbol link and kills it by sending
// SIGKILL. Then the second process starts as normal.

The "read() failed" error message suggests that reading from the socket fails for some reason, so the second process considers the first one hung, and it kills it. The timeout isn't reached, because the default built-in value is 20 seconds, and the problem happens much sooner than that.

Revision history for this message
Olivier Tilloy (osomon) wrote :

I'm bisecting, and it appears that revision 784 isn't affected, whereas revision 787 is.

Comparing the manifests, the most significant change between the two revisions is https://git.launchpad.net/~chromium-team/chromium-browser/+git/snap-from-source/commit/?id=d5604a3dfd6f1f85c93a733219105ad14267128e.

And indeed, if I rebuilt the latest stable snap without that change, the "crash" goes away. I am going to revert the change, and re-open the corresponding bug.

Changed in chromium-browser (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Olivier Tilloy (osomon) wrote :

Fixed with https://git.launchpad.net/~chromium-team/chromium-browser/+git/snap-from-source/commit/?id=fbec42aa8c3c25d51551cf8acea0d63b836d631f, I've triggered new builds for the stable channel.

Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Committed
Olivier Tilloy (osomon)
description: updated
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.