[Pkg-chromium-maint] Chromium 13 backport segfault

Fabien C. pv1rxfddtlqvk30 at jetable.org
Fri Sep 2 19:39:06 UTC 2011


Hello, 

For several months, I've been backporting chromium from sid to Squeeze nearly every time a new version was available. No problem until now. 

However, since the 13.x versions, I get a surprising segfault everytime I try to launch chromium, before any window could appear. I tried to investigate the problem without great success. 

The following tests were done with the 13.0.782.215~r97094-1 version. 


After launch segfault, dmesg is saying: 
 chromium[12194]: segfault at d8b010 ip 0000000000d8b010 sp 00007fff97aff0a8 error 14 in libtasn1.so.3.1.9[7f196d79b000+10000]


So I installed libtasn1-3 (2.9-4) from the Wheezy binary package. Yet it didn't solve the problem: 
 chromium[13383]: segfault at d8b010 ip 0000000000d8b010 sp 00007ffff1528328 error 14 in libtasn1.so.3.1.11[7f1135721000+10000]


I then ran gdb (without chromium-dbg installed), and I got this: 

Program received signal SIGSEGV, Segmentation fault.
~Environment (this=0x7ffff8544058, __in_chrg=<value optimized out>)
    at base/environment.cc:114
114     base/environment.cc: No such file or directory.
        in base/environment.cc


Then I installed chromium-dbg, and upgraded my gdb with Wheezy's 7.2-1 (because it handles PIE position independent executable and Squeeze's gdb doesn't). I got this backtrace (notice the d8b010 address which is coherent with the dmesg output): 

#0  0x0000000000d8b010 in ?? ()
#1  0x00007ffff56531a8 in ~scoped_ptr (result=0x7fffffffbe20)
    at ./base/memory/scoped_ptr.h:75
#2  chrome::GetDefaultUserDataDirectory (result=0x7fffffffbe20)
    at chrome/common/chrome_paths_linux.cc:38
#3  0x00007ffff5652c71 in chrome::PathProvider (key=<value optimized out>, 
    result=0x7fffffffc480) at chrome/common/chrome_paths.cc:115
#4  0x00007ffff5617256 in PathService::Get (key=1002, result=0x7fffffffcf20)
    at base/path_service.cc:193
#5  0x00007ffff5652622 in chrome::PathProvider (key=1001, 
    result=0x7fffffffcf20) at chrome/common/chrome_paths.cc:84
#6  0x00007ffff5617256 in PathService::Get (key=1001, result=0x7fffffffcf80)
    at base/path_service.cc:193
#7  0x00007ffff4d5306e in logging::GetLogFileName ()
    at chrome/common/logging_chrome.cc:403
#8  0x00007ffff4d533e3 in logging::InitChromeLogging (command_line=..., 
    delete_old_log_file=logging::DELETE_OLD_LOG_FILE)
    at chrome/common/logging_chrome.cc:275
#9  0x00007ffff4d4afcc in ChromeMain (argc=<value optimized out>, 
    argv=0x7fffffffe678) at chrome/app/chrome_main.cc:733
#10 0x00007ffff4d4be61 in main (argc=1, argv=0x7fffffffe678)
    at chrome/app/chrome_exe_main_gtk.cc:46


Finally, I tried a valgrind, and got this output: 

==13468== Memcheck, a memory error detector
==13468== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==13468== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==13468== Command: /usr/lib/chromium/chromium
==13468== 
==13468== Invalid read of size 8
==13468==    at 0xD8B017: PageLoadHistograms::Dump(WebKit::WebFrame*) (ostream:91)
==13468==    by 0x2200000022: ???
==13468==    by 0x7FEFFDD3F: ???
==13468==    by 0x7FEFFE39F: ???
==13468==  Address 0xe is not stack'd, malloc'd or (recently) free'd
==13468== 
==13468== 
==13468== Process terminating with default action of signal 11 (SIGSEGV)
==13468==  Access not within mapped region at address 0xE
==13468==    at 0xD8B017: PageLoadHistograms::Dump(WebKit::WebFrame*) (ostream:91)
==13468==    by 0x2200000022: ???
==13468==    by 0x7FEFFDD3F: ???
==13468==    by 0x7FEFFE39F: ???
==13468==  If you believe this happened as a result of a stack
==13468==  overflow in your program's main thread (unlikely but
==13468==  possible), you can try to increase the size of the
==13468==  main thread stack using the --main-stacksize= flag.
==13468==  The main thread stack size used in this run was 8388608.
==13468== 
==13468== HEAP SUMMARY:
==13468==     in use at exit: 0 bytes in 0 blocks
==13468==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==13468== 
==13468== All heap blocks were freed -- no leaks are possible
==13468== 
==13468== For counts of detected and suppressed errors, rerun with: -v
==13468== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 6)
zsh: segmentation fault  valgrind /usr/lib/chromium/chromium


I've been trying the official google-chrome release binary, and the latest chromium build from build.chromium.org and both were working properly. 

I am not a great expert but all these output are quite different and that's a bit confusing (multithreading's fault?). 

Could that be a linker (binutils-gold) related issue? 

Any idea about what is going wrong? 

Thanks! 
Fab 




More information about the Pkg-chromium-maint mailing list