Bug#977901: chromium: Inconsistent SEGV
Hello, Yes, I gave you the wrong file. Just uploaded the correct one under the same url. Michel Le Bihan Le mercredi 23 décembre 2020 à 23:01 -0600, Boyd Stephen Smith Jr. a écrit : > On Wednesday, December 23, 2020 4:16:19 PM CST Michel Le Bihan wrote: > > Could you please test if you are still getting > > this issue in https://lebihan.pl/files/chromium.tar.gz ? > > Chromium ran for several hours continuously with all my extensions > enabled, > but did eventually crash (attached), with a similar back trace: > ~ServiceWorkerRegistrationObjectHost ... std::_Rb_tree<>::_M_erase > ... > ~ServiceWorkerRegistrationObjectHost > > Note that I'm not sure the link you gave is correct and up-to-date, > as the > version of packages that I downloaded from there and installed (via > dpkg) is > less than the current version in sid: > > ---8<--- > % apt-cache policy chromium > chromium: > Installed: 87.0.4280.88-0.1 > Candidate: 87.0.4280.88-0.1 > Version table: > 87.0.4280.88-0.2 -1 > 500 http://deb.debian.org/debian sid/main amd64 Packages > *** 87.0.4280.88-0.1 100 > 100 /var/lib/dpkg/status > --->8--- > > Let me know what I can do to help.
Bug#977901: chromium: Inconsistent SEGV
Hello, My build just finished. Could you please test if you are still getting this issue in https://lebihan.pl/files/chromium.tar.gz ? Michel Le Bihan
Bug#977901: chromium: Inconsistent SEGV
Hello, I made https://salsa.debian.org/mimi8/chromium/-/commit/6d21c52698147ca072d223e4e6c2854053319531 and still am waiting for it to build. Is it OK? Michel Le Bihan Le mercredi 23 décembre 2020 à 14:13 -0600, Boyd Stephen Smith Jr. a écrit : > On Wednesday, December 23, 2020 4:30:48 AM CST Boyd Stephen Smith Jr. > wrote: > > On Wednesday, December 23, 2020 4:19:43 AM CST Michel Le Bihan > > wrote: > > > The Debian patch for #963548 > > > https://salsa.debian.org/mimi8/chromium/-/blob/ece23b4ca107cd968ac9a40 > > > 9f > > > 40eb11edf8a0266/debian/patches/fixes/serviceworker-double- > > > destruction.pat > > > ch is clearly in upstream 87.0.4280.88: > > > https://source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88 > > > :c > > > ontent/browser/service_worker/service_worker_container_host.cc;l= > > > 671-679 > > > > Different destructor. The old patch is for > > ServiceWorkerObjectHost, but we > > need a new patch for ServiceWorker*Registration*ObjectHost. > > In particular, just above where you linked to, at line 629 (https:// > source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88:co > ntent/ > browser/service_worker/service_worker_container_host.cc;l=629) is the > crashing > line. > > The fix for the back trace I finally got is to change that line like > so: > https://source.chromium.org/chromium/chromium/src/+/ > f27ad210062f61d06eb782214ee4fc8c19a1725b:content/browser/service_work > er/ > service_worker_container_host.cc;l=623-647 > > The f27ed21 commit does contain the fix for #963548, but lower down > at line > 689: https://source.chromium.org/chromium/chromium/src/+/ > f27ad210062f61d06eb782214ee4fc8c19a1725b:content/browser/service_work > er/ > service_worker_container_host.cc;l=689-697 >
Bug#977901: chromium: Inconsistent SEGV
On Wednesday, December 23, 2020 4:30:48 AM CST Boyd Stephen Smith Jr. wrote: > On Wednesday, December 23, 2020 4:19:43 AM CST Michel Le Bihan wrote: > > The Debian patch for #963548 > > https://salsa.debian.org/mimi8/chromium/-/blob/ece23b4ca107cd968ac9a40 > > 9f > > 40eb11edf8a0266/debian/patches/fixes/serviceworker-double-destruction.pat > > ch is clearly in upstream 87.0.4280.88: > > https://source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88 > > :c > > ontent/browser/service_worker/service_worker_container_host.cc;l=671-679 > > Different destructor. The old patch is for ServiceWorkerObjectHost, but we > need a new patch for ServiceWorker*Registration*ObjectHost. In particular, just above where you linked to, at line 629 (https:// source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88:content/ browser/service_worker/service_worker_container_host.cc;l=629) is the crashing line. The fix for the back trace I finally got is to change that line like so: https://source.chromium.org/chromium/chromium/src/+/ f27ad210062f61d06eb782214ee4fc8c19a1725b:content/browser/service_worker/ service_worker_container_host.cc;l=623-647 The f27ed21 commit does contain the fix for #963548, but lower down at line 689: https://source.chromium.org/chromium/chromium/src/+/ f27ad210062f61d06eb782214ee4fc8c19a1725b:content/browser/service_worker/ service_worker_container_host.cc;l=689-697 -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
On Wednesday, December 23, 2020 4:19:43 AM CST Michel Le Bihan wrote: > The Debian patch for #963548 > https://salsa.debian.org/mimi8/chromium/-/blob/ece23b4ca107cd968ac9a409f > 40eb11edf8a0266/debian/patches/fixes/serviceworker-double-destruction.patch > is clearly in upstream 87.0.4280.88: > https://source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88:c > ontent/browser/service_worker/service_worker_container_host.cc;l=671-679 Different destructor. The old patch is for ServiceWorkerObjectHost, but we need a new patch for ServiceWorker*Registration*ObjectHost. > I also think that it might be an upstream bug, but can't confirm unless > tested and reproducible in Google Chrome. https://bugs.chromium.org/p/chromium/issues/detail?id=1135070 is originally reported against *Chrome* 87.0.4278.0 -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
Hello, The Debian patch for #963548 https://salsa.debian.org/mimi8/chromium/-/blob/ece23b4ca107cd968ac9a409f40eb11edf8a0266/debian/patches/fixes/serviceworker-double-destruction.patch is clearly in upstream 87.0.4280.88: https://source.chromium.org/chromium/chromium/src/+/refs/tags/87.0.4280.88:content/browser/service_worker/service_worker_container_host.cc;l=671-679 I also think that it might be an upstream bug, but can't confirm unless tested and reproducible in Google Chrome. Michel Le Bihan Le mercredi 23 décembre 2020 à 04:10 -0600, Boyd Stephen Smith Jr. a écrit : > On Wednesday, December 23, 2020 3:49:06 AM CST Boyd Stephen Smith Jr. > wrote: > > On Wednesday, December 23, 2020 2:38:32 AM CST Boyd Stephen Smith > > Jr. wrote: > > > I got a crash (attached) > > > > Looks like > > https://bugs.chromium.org/p/chromium/issues/detail?id=1135070 to > > me, which has a fix, but I haven't yet figured out what release(s) > > the fix > > made it into. > > Doesn't look to me like it has made it into a release at all, but I'm > just > using the Git tools to navigate the repository, not all the depot > tools. > > ---8<--- > bss@monster % git tag -l --contains > f27ad210062f61d06eb782214ee4fc8c19a1725b > bss@monster % git branch -r --contains > f27ad210062f61d06eb782214ee4fc8c19a1725b --list > origin/HEAD -> origin/master > origin/lkgr > origin/lkgr-android-internal > origin/lkgr-ios-internal > origin/master > --->8--- > > So, I guess it's an "upstream" bug?
Bug#977901: chromium: Inconsistent SEGV
On Wednesday, December 23, 2020 3:49:06 AM CST Boyd Stephen Smith Jr. wrote: > On Wednesday, December 23, 2020 2:38:32 AM CST Boyd Stephen Smith Jr. wrote: > > I got a crash (attached) > > Looks like https://bugs.chromium.org/p/chromium/issues/detail?id=1135070 to > me, which has a fix, but I haven't yet figured out what release(s) the fix > made it into. Doesn't look to me like it has made it into a release at all, but I'm just using the Git tools to navigate the repository, not all the depot tools. ---8<--- bss@monster % git tag -l --contains f27ad210062f61d06eb782214ee4fc8c19a1725b bss@monster % git branch -r --contains f27ad210062f61d06eb782214ee4fc8c19a1725b --list origin/HEAD -> origin/master origin/lkgr origin/lkgr-android-internal origin/lkgr-ios-internal origin/master --->8--- So, I guess it's an "upstream" bug? -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
On Wednesday, December 23, 2020 2:38:32 AM CST Boyd Stephen Smith Jr. wrote: > I got a crash (attached) Looks like https://bugs.chromium.org/p/chromium/issues/detail?id=1135070 to me, which has a fix, but I haven't yet figured out what release(s) the fix made it into. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
On Tuesday, December 22, 2020 11:22:21 PM CST Boyd Stephen Smith Jr. wrote: > I'll have to play around with disabling extensions to see which one(s) cause > a crash within 30 minutes. Super annoying since I do use every one of them > literally every day. :( Looks like maybe Proxy SwitchyOmega (which is thankfully open source). Things had been going fine under the debugger for hours with no extensions, and then I got a crash (attached) within minutes of enabling it. Unfortunately, I need this extension enabled in order to access client network websites behind a proxy server behind a VPN. So, I'm not sure what I can do (or if I can even reproduce the error). -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ Thread 1 "chromium" received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x73857537 in __GI_abort () at abort.c:79 #2 0x5a982805 in base::debug::BreakDebugger() () #3 0x5a909ed6 in logging::LogMessage::~LogMessage() () #4 0x5a90a24e in logging::LogMessage::~LogMessage() () #5 0x5a90bc4a in base::subtle::RefCountedBase::ReleaseImpl() const () #6 0x5930078b in content::ServiceWorkerRegistrationObjectHost::~ServiceWorkerRegistrationObjectHost() () #7 0x593007ce in content::ServiceWorkerRegistrationObjectHost::~ServiceWorkerRegistrationObjectHost() () #8 0x58821ca7 in std::_Rb_tree > >, std::_Select1st > > >, std::less, std::allocator > > > >::_M_erase(std::_Rb_tree_node > > >*) () #9 0x592a97c3 in content::ServiceWorkerContainerHost::~ServiceWorkerContainerHost() () #10 0x592dfd99 in content::ServiceWorkerHost::~ServiceWorkerHost() () #11 0x5932f921 in content::ServiceWorkerVersion::~ServiceWorkerVersion() () #12 0x5932fbde in content::ServiceWorkerVersion::~ServiceWorkerVersion() () #13 0x592fc847 in content::ServiceWorkerRegistration::~ServiceWorkerRegistration() () #14 0x592fc89e in content::ServiceWorkerRegistration::~ServiceWorkerRegistration() () #15 0x593007a0 in content::ServiceWorkerRegistrationObjectHost::~ServiceWorkerRegistrationObjectHost() () #16 0x593007ce in content::ServiceWorkerRegistrationObjectHost::~ServiceWorkerRegistrationObjectHost() () #17 0x58821ca7 in std::_Rb_tree > >, std::_Select1st > > >, std::less, std::allocator > > > >::_M_erase(std::_Rb_tree_node > > >*) () #18 0x58b98403 in std::_Rb_tree > >, std::_Select1st > > >, std::less, std::allocator > > > >::_M_erase_aux(std::_Rb_tree_const_iterator > > >, std::_Rb_tree_const_iterator > > >) () #19 0x58f36e3c in mojo::ReceiverSetBase >, void>::OnDisconnect(unsigned long, unsigned int, std::__cxx11::basic_string, std::allocator > const&) () #20 0x5af13f9f in mojo::InterfaceEndpointClient::NotifyError(base::Optional const&) () #21 0x5af1a5a7 in mojo::internal::MultiplexRouter::ProcessNotifyErrorTask(mojo::internal::MultiplexRouter::Task*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) () #22 0x5af188b9 in mojo::internal::MultiplexRouter::ProcessTasks(mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) () #23 0x5af1770e in mojo::internal::MultiplexRouter::OnPipeConnectionError(bool) () #24 0x5af11128 in mojo::Connector::HandleError(bool, bool) () #25 0x5af2aebe in mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) () #26 0x5af2b336 in base::internal::Invoker, int, unsigned int, mojo::HandleSignalsState>, void ()>::RunOnce(base::internal::BindStateBase*) () #27 0x5a9497d4 in base::TaskAnnotator::RunTask(char const*, base::PendingTask*) () #28 0x5a959aa9 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*) () #29 0x5a9597ac in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() () #30 0x5a90d8da in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #31 0x5a95a10d in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) () #32 0x5a9301a0 in base::RunLoop::Run() () #33 0x5aae564c in ChromeBrowserMainParts::MainMessageLoopRun(int*) () #34 0x58ecb8a2 in content::BrowserMainLoop::RunMainMessageLoopParts() () #35 0x58ecd842 in content::BrowserMainRunnerImpl::Run() () #36 0x58ec87dd in content::BrowserMain(content::MainFunctionParams const&) () #37 0x5a8d3491 in content::ContentMainRu
Bug#977901: chromium: Inconsistent SEGV
On Tuesday, December 22, 2020 10:47:31 PM CST Boyd Stephen Smith Jr. wrote: > All my extensions were pulled down during the Google Sync and ran fine on 87 > for roughly an hour -- that's twice as long as my longest browser session > for version 87 on the old profile. > > I still convinced this is a bug -- nothing in my profile should cause a > SEGV, ref_count violation, or corrupted double-linked list. But, there's > at least a workaround, that I'm going to take advantage of, to create a > new, blank profile and either sync or manually import (or likely a > combination of both) all your settings into the new profile. So, it seems one of the _settings_ of one of my extensions is causing the problem. Restored my _settings_ (same list of extensions), and got a crash in 10 minutes. *That* is annoying, but not a chromium bug. Feel free to close this at your leisure. I'll have to play around with disabling extensions to see which one(s) cause a crash within 30 minutes. Super annoying since I do use every one of them literally every day. :( -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
On Tuesday, December 22, 2020 5:26:04 PM CST Boyd Stephen Smith Jr. wrote: > On Tue, 22 Dec 2020 23:43:23 +0100 Michel Le Bihan wrote: > > I was not able to reproduce those crashes. > > That's unfortunate. I'm up to 50 just today. I'm probably going to have to > downgrade to 83 at least until there's another update. Downgrading was a mixed bag (browser was stable, but audio/video stopped working (!)) . So, I tried again with 87. Rather than just disabling my extensions, I tried from a brand-new profile and an empty cache. So far, I'm not able to reproduce the crashing on the new profile. Unfortunately, I have about a half-dozen extensions that have at least some configuration that isn't synchronized anywhere else, so I need to go back to 83 and the old profile, dump/export/backup all their settings to a file (or take notes), then go back to 87 and the new profile and restore/import/apply all those settings in the new profile. All my extensions were pulled down during the Google Sync and ran fine on 87 for roughly an hour -- that's twice as long as my longest browser session for version 87 on the old profile. I still convinced this is a bug -- nothing in my profile should cause a SEGV, ref_count violation, or corrupted double-linked list. But, there's at least a workaround, that I'm going to take advantage of, to create a new, blank profile and either sync or manually import (or likely a combination of both) all your settings into the new profile. It's not going to be a kind experience for people upgrading from buster to bullseye, especially since the crashes make it hard to export settings from your old profile. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
I can confirm that this bug is affecting me since upgrading to 87.0.4280.88-0.2 in Testing today. David -- David Purton :email: dcpur...@marshwiggle.net :phone: 0413 626 862
Bug#977901: chromium: Inconsistent SEGV
On Tue, 22 Dec 2020 23:43:23 +0100 Michel Le Bihan wrote: > Installing `chromium-dbgsym` should be enough. Please run Chromium with > the `--debug` flag like: `chromium --debug`. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963711#10 Chromium crashes on startup if I use the "-g" or "--debug" options. After I issue a "run" at the "(gdb)" prompt, there's some time (a few seconds), but I never get a GUI window and then it crashes. I do get a usable back trace for the crash on startup, which I added to that bug. > I was not able to reproduce those crashes. That's unfortunate. I'm up to 50 just today. I'm probably going to have to downgrade to 83 at least until there's another update. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Bug#977901: chromium: Inconsistent SEGV
Hello, Installing `chromium-dbgsym` should be enough. Please run Chromium with the `--debug` flag like: `chromium --debug`. You can mix it with your other flags like `chromium --debug --incognito`. In the GDB shell, please enter `run`. Chromium should start then. You can then use Chromium, but it will be very slow. Once a crash occurs, please enter `bt` in the shell and attach the backtrace to this bug. I was not able to reproduce those crashes. Michel Le Bihan
