FS#29309 : [chromium] Segmentation faults when typing into Omnibox if Chromium is built with GCC 4.7

FS#29309 - [chromium] Segmentation faults when typing into Omnibox if Chromium is built with GCC 4.7

Attached to Project: Arch Linux
Opened by Dan Liew (delcypher) - Friday, 06 April 2012, 13:20 GMT
Last edited by Evangelos Foutras (foutrelis) - Wednesday, 09 May 2012, 10:02 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Evangelos Foutras (foutrelis)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	27 Paulin (popo01) (2012-08-09) Sudhir Khanger (donniezazen) (2012-08-05) Allen (allencch) (2012-04-10) Atsuya Kumano (Kumano) (2012-04-09) Jay Williams (ice9) (2012-04-08) Heinrich Witt (HeinzDo) (2012-04-08) Mantas Mikulėnas (grawity) (2012-04-08) Juan Donadio (LoKi) (2012-04-08) Marcin Orszulski (Nastirh) (2012-04-07) Vasyl Demin (zersaa) (2012-04-07) jonas (jonaias) (2012-04-07) Victor Santos (victorphb) (2012-04-07) Real Name (Lars) (2012-04-07) Johan Svensson (loxley) (2012-04-07) Mort Yao (soimort) (2012-04-07) Christoffer (twau) (2012-04-06) andy morton (carukia) (2012-04-06) Andrew Morton (ahjmorton) (2012-04-06) aurhe (aurhe) (2012-04-06) Lukasz (xorgx3) (2012-04-06) A (idainet) (2012-04-06) Bastian Beranek (totsilence) (2012-04-06) Sven-Hendrik Haase (Svenstaro) (2012-04-06) Green (The_Green_Arrow) (2012-04-06) arielp (ajp) (2012-04-06) João Vieira (Vieira) (2012-04-06) Andrea Scarpino (BaSh) (2012-04-06)
Private	No

Details

Description:
Using the the "omnibox" for search (during typing) sometimes causes a segfault.

Additional info:
* 18.0.1025.151

Steps to reproduce:
1. Start chromium
2. Keep using the search box by typing items in and searching. It eventually crashes. It can be along time before it crashes.

I ran a backtrace in gdb and the crash appears to happen in the "Chrome_HistoryT" thread. As my package has no debug symbols I cannot provide a useful backtrace.

I tried to build chromium from the PKGBUILD (by downloading from http://projects.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium) and patches so that I could build without stripping the debugging symbols.

I guessed that I should change the following the PKGBUILD

"make chrome chrome_sandbox BUILDTYPE=Release" to "make chrome chrome_sandbox"
and
"-Dlinux_strip_binary=1" to "-Dlinux_strip_binary=0"

however various issues arose when building ($ makepkg -s ).
1. The checksum fails on some of the patches (I got around this by using makepkg --skipchecksums).
2. The build fails. I'm not familiar at all with gyp but when trying to run some the commands in build() manually I get errors like this.

File "build/gyp_chromium", line 55
except SyntaxError, e:
^

If someone can instruct me how to build the Chromium pkg with debug symbols I'll be happy to provide a useful backtrace.

This task depends upon

Closed by Evangelos Foutras (foutrelis)
Wednesday, 09 May 2012, 10:02 GMT
Reason for closing: Fixed
Additional comments about closing: Hopefully fixed for good in chromium 18.0.1025.168-2.

Comment by Evangelos Foutras (foutrelis) - Friday, 06 April 2012, 18:18 GMT

The resulting chromium executable from a debug build is 1148M in size. The compressed package size is 252M.

Uploaded here (if you want to give it a try):

http://pkgbuild.com/~foutrelis/chromium-18.0.1025.151-1.debug-x86_64.pkg.tar.xz

Comment by Sven-Hendrik Haase (Svenstaro) - Friday, 06 April 2012, 18:42 GMT

I see the same problem. Will try the debug build and report results.

Comment by A (idainet) - Friday, 06 April 2012, 19:02 GMT

Not only 64-bits specific. Have the same problem on 32-bits

Comment by Daniele (Taylor001) - Friday, 06 April 2012, 19:40 GMT

Confirmed here: 32-bits.

Comment by Dan Liew (delcypher) - Friday, 06 April 2012, 20:18 GMT

Well I had a go with the debug build. I can't get it to crash in the same way. This debug build keeps throwing up "SIGTRAP" which I tell gdb to continue past. At start up I sometimes see

[0406/210559:FATAL:browser_child_process_host_impl.cc(212)] Check failed: data_.handle != base::kNullProcessHandle.

but the one that occurs frequently when using the omnibox is

[0406/204441:FATAL:autocomplete_match.cc(202)] Check failed: i->offset > last_offset. Classification unsorted

See the attached chromium-debug.txt file.

@ Evangelos Foutras
Is there a way to disable the in built "Debugger" in this build of chromium so that SIGTRAP isn't thrown ( "(gdb) handle SIGTRAP nostop" doesn't help)? Preferably would it be possible to build a release version of chromium but with Debugging symbols?

chromium-debug.txt (14.4 KiB)

Comment by Dan Liew (delcypher) - Friday, 06 April 2012, 20:20 GMT

Please ignore the line
(gdb) run

in chromium-debug.txt . I made a mistake when selectively taking parts out of the gdb log.

Comment by A (idainet) - Friday, 06 April 2012, 20:45 GMT

Chromium crashed with SIGSEGV. Strace in attachment

chromium.strace (28.7 KiB)

Comment by Evangelos Foutras (foutrelis) - Saturday, 07 April 2012, 04:23 GMT

@Dan Liew: Based on your backtrace, I think we're seeing this bug: http://code.google.com/p/chromium/issues/detail?id=107675

I have included the changes referred to from that issue page in the 18.0.1025.151-2 packages located here:

http://pkgbuild.com/~foutrelis/chromium-test-packages/ (Update: I have since removed the 18.0.1025.151-2 packages from here since they still crash.)

Are the crashes solved in these?

Comment by Kuba W (kuba) - Saturday, 07 April 2012, 10:24 GMT

still there...

Comment by Johan Svensson (loxley) - Saturday, 07 April 2012, 10:32 GMT

Also for me it's still there, just tested.

Comment by Evangelos Foutras (foutrelis) - Saturday, 07 April 2012, 15:11 GMT

I haven't been able to reproduce the crashes with 18.0.1025.151, but 19.0.1084.15 gives me very similar crashes.

I replied to the upstream bug report [1] opened by another Arch user and will continue researching the issue.

[1] http://code.google.com/p/chromium/issues/detail?id=122525

Comment by Jochen (Parzival) - Saturday, 07 April 2012, 16:09 GMT

This bug annoys me. Chromium was so stable. 64bit Chromium 18.0.1025.151

Comment by Victor Santos (victorphb) - Saturday, 07 April 2012, 18:28 GMT

I have the same problem here after upgrade to 18.0.1025.151 on Arch 64bit

Comment by jonas (jonaias) - Saturday, 07 April 2012, 18:40 GMT

Same problem here.
Arch 32 bits
Chromium 18.0.1025.151.

Comment by Dan Liew (delcypher) - Saturday, 07 April 2012, 19:08 GMT

I managed to build Chromium 18.0.1025.151 myself from ABS and keep the debugging symbols.

I reproduced the SEGFAULT again obtaining a useful backtrace this time. I've uploaded it upstream ( http://code.google.com/p/chromium/issues/detail?id=122525#c3 ).

@ Evangelos Foutras
Perhaps the Chromium package in the repositories could be downgraded back to 18.0.1025.142 for now until the issue is fixed upstream?

Comment by Evangelos Foutras (foutrelis) - Sunday, 08 April 2012, 07:19 GMT

Building 19.0.1084.15 with GCC 4.6 fixes the crashes for me.

Can you guys test the 18.0.1025.151-3 packages uploaded to http://pkgbuild.com/~foutrelis/chromium-test-packages/?

They are also built with GCC 4.6.

Comment by Dan Liew (delcypher) - Sunday, 08 April 2012, 09:40 GMT

I've been testing the new build for about 30 minutes. No segfaults so far. It "seems" fixed.

Comment by Evangelos Foutras (foutrelis) - Sunday, 08 April 2012, 09:47 GMT

Thanks for testing, I pushed it to [extra]. :)

A couple of extra confirmations, especially for i686, would be nice as well.

Comment by JV (jamson) - Sunday, 08 April 2012, 10:19 GMT

Confirmed working on i686.

Comment by Heinrich Witt (HeinzDo) - Sunday, 08 April 2012, 12:03 GMT

Chromium freezes here still totally.
Not always, but again and again. A letter in the omnibar is enough.
Also with the new version.

Same with version 19.0.1084.15-1.

Comment by Evangelos Foutras (foutrelis) - Sunday, 08 April 2012, 12:16 GMT

@Heinrich Witt: Freezes or triggers a segmentation fault and exits? And this didn't happen with 18.0.1025.142?

Comment by Heinrich Witt (HeinzDo) - Sunday, 08 April 2012, 12:24 GMT

Freezes.
I can still make Chromium/Chrome smaller then, but i can see the search results.. To be seen as in the picture here: http://wstaw.org/m/2012/03/22/Bildschirmfoto5.jpeg
It began with Chromium/Chrome 17.

I had startet chromium in console, and as chromium freezes, there a not a message about the this.

I must kill chromium then by htop or the KDE-Systemmonitor.

Comment by Heinrich Witt (HeinzDo) - Sunday, 08 April 2012, 12:35 GMT

I got only this: [18179:18188:28425679210:ERROR:object_proxy.cc(239)] Failed to call method: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files

Comment by Evangelos Foutras (foutrelis) - Sunday, 08 April 2012, 12:57 GMT

That seems to be a different issue than the one we're tracking here.

You could try the suggestion posted in the forums [1] [2] to remove libcanberra-pulse if you have it installed. Other than that, I'm not sure.

[1] https://bbs.archlinux.org/viewtopic.php?id=138285
[2] https://bbs.archlinux.org/viewtopic.php?id=136716

Comment by Victor Santos (victorphb) - Sunday, 08 April 2012, 19:31 GMT

3 hours using and no segfaults until now :)

Comment by JV (jamson) - Sunday, 08 April 2012, 20:26 GMT

So the problem was GCC? Using GCC 4.6 fixes omnibox segfaults?

Comment by Sven-Hendrik Haase (Svenstaro) - Sunday, 08 April 2012, 22:48 GMT

Problem seems fixed upstream.

Comment by Evangelos Foutras (foutrelis) - Monday, 09 April 2012, 01:47 GMT

@JV: That's my current guess. Soon, I'm going to try a new GCC snapshot Allan is preparing; maybe that will also help.

@Sven-Hendrik Haase: Got a link?

Comment by Sven-Hendrik Haase (Svenstaro) - Monday, 09 April 2012, 01:51 GMT

If it's this one [0] then it was fixed in a patch linked by that bug report. If not, then it's the other bug.

[0] http://code.google.com/p/chromium/issues/detail?id=107675

Comment by Evangelos Foutras (foutrelis) - Monday, 09 April 2012, 02:10 GMT

Nah, it's not that. We tried those changes in an earlier package; didn't help with the segfaults. :)

Comment by Sven-Hendrik Haase (Svenstaro) - Monday, 09 April 2012, 02:11 GMT

Well crap, I should learn to read then.

Comment by Dariusz Dwornikowski (tdi) - Monday, 09 April 2012, 11:18 GMT

I confirm on x86 system, package version 18.0.1025.151-1. I am using awesome wm, no libcanberra-pulse to remove..

[10363.285049] chromium[16400]: segfault at 0 ip b4a54053 sp bfe6dd60 error 4 in chromium[b3219000+456a000]
[10823.869082] Chrome_HistoryT[17009]: segfault at 0 ip b4895683 sp a8cc5d90 error 4 in chromium[b3242000+456a000]

Comment by Evangelos Foutras (foutrelis) - Monday, 09 April 2012, 12:30 GMT

@Dariusz Dwornikowski: Please upgrade to 18.0.1025.151-3. :)

Comment by Dariusz Dwornikowski (tdi) - Tuesday, 10 April 2012, 06:12 GMT

@Evangelos thanks, it does not crash anymore with the -3 version

Comment by Evangelos Foutras (foutrelis) - Tuesday, 08 May 2012, 20:54 GMT

Can you guys test the 18.0.1025.168-2 packages @ [1] and confirm that the segfaults
haven't reappeared? The packages are once again built with GCC 4.7, but contain a
patch to the embedded SQLite library.

[1] http://dev.archlinux.org/~foutrelis/test-pkgs/

Comment by Sven-Hendrik Haase (Svenstaro) - Wednesday, 09 May 2012, 03:23 GMT

Seems to work fine for me.

Comment by Evangelos Foutras (foutrelis) - Wednesday, 09 May 2012, 10:00 GMT

Thanks for the confirmation Sven.

Pushed to [extra]. :)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#29309 - [chromium] Segmentation faults when typing into Omnibox if Chromium is built with GCC 4.7

Details

Loading...