[Pkg-chromium-maint] Bug#823186: chromium: i386 build crashes on many websites with media
Vasily Galkin
galkin-vv at yandex.ru
Tue Aug 30 17:03:42 UTC 2016
Package: chromium
Version: 52.0.2743.116-2
After installing chromium-dbgsym_52.0.2743.116-2 and searching "define:donkey"
I found the following media/ffmeg-related "abort on memory corruption"
callstack, most of which is from huge
/usr/lib/chromium/chromium binary and core memory managing is from /lib/i386
-linux-gnu/libc.so.6
I think the most interesting part is:
#5 0xf4c43fa7 in malloc_printerr (action=<optimized out>, str=0xf4d3717c
"free(): invalid next size (fast)", ptr=<optimized out>, ar_ptr=0xf4d89780
<main_arena>) at malloc.c:5046
#6 0xf4c44766 in _int_free (av=0xf4d89780 <main_arena>, p=0x6108ece0,
have_lock=0) at malloc.c:3902
#7 0x56e980f8 in (anonymous
namespace)::GlibcFree(base::allocator::AllocatorDispatch const*, void*) ()
#8 0x56e980cb in free ()
#9 0x5b3cdfbb in
media::FFmpegDemuxer::OnReadFrameDone(std::unique_ptr<AVPacket,
media::ScopedPtrAVFreePacket>, int) [clone .part.197] [clone .constprop.199] ()
#10 0x5b3ca7cd in base::internal::Invoker<base::IndexSequence<0u, 1u>,
base::internal::BindState<base::internal::RunnableAdapter<void
(media::FFmpegDemuxer::*)(std::unique_ptr<AVPacket,
media::ScopedPtrAVFreePacket>, int)>, void (media::FFmpegDemuxer*,
std::unique_ptr<AVPacket, media::ScopedPtrAVFreePacket>, int),
base::WeakPtr<media::FFmpegDemuxer>,
base::internal::PassedWrapper<std::unique_ptr<AVPacket,
media::ScopedPtrAVFreePacket> > >, base::internal::InvokeHelper<true, void,
base::internal::RunnableAdapter<void
(media::FFmpegDemuxer::*)(std::unique_ptr<AVPacket,
media::ScopedPtrAVFreePacket>, int)> >, void
(int)>::Run(base::internal::BindStateBase*, int&&) ()
#11 0x56aacec3 in void base::internal::ReplyAdapter<int,
int>(base::Callback<void (int), (base::internal::CopyMode)1> const&, int*) ()
#12 0x56aacf31 in base::internal::Invoker<base::IndexSequence<0u, 1u>,
base::internal::BindState<base::internal::RunnableAdapter<void
(*)(base::Callback<void (int), (base::internal::CopyMode)1> const&, int*)>,
void (base::Callback<void (int), (base::internal::CopyMode)1> const&, int*),
base::Callback<void (int), (base::internal::CopyMode)1> const&,
base::internal::OwnedWrapper<int> >, base::internal::InvokeHelper<false, void,
base::internal::RunnableAdapter<void (*)(base::Callback<void (int),
(base::internal::CopyMode)1> const&, int*)> >, void
()>::Run(base::internal::BindStateBase*) ()
#13 0x56e57809 in base::(anonymous
namespace)::PostTaskAndReplyRelay::RunReplyAndSelfDestruct() ()
#14 0x56e57723 in base::internal::Invoker<base::IndexSequence<0u>,
base::internal::BindState<base::internal::RunnableAdapter<void
(base::(anonymous namespace)::PostTaskAndReplyRelay::*)()>, void
(base::(anonymous namespace)::PostTaskAndReplyRelay*),
base::internal::UnretainedWrapper<base::(anonymous
namespace)::PostTaskAndReplyRelay> >, base::internal::InvokeHelper<false, void,
base::internal::RunnableAdapter<void (base::(anonymous
namespace)::PostTaskAndReplyRelay::*)()> >, void
()>::Run(base::internal::BindStateBase*) ()
My libc6 is 2.24-0experimental0 but backports build 52.0.2743.116-1~deb8u1
works fine with it. Also I'm using the 64-bit kernel, but all userspace is
32-bit.
Attached file contains full gdb log with bt, thread apply all bt full and info
sharedlibrary.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.8.0-994-generic (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chromium depends on:
ii libasound2 1.1.2-1
ii libatk1.0-0 2.20.0-1
ii libavcodec57 7:3.1.1-4
ii libavformat57 7:3.1.1-4
ii libavutil55 7:3.1.1-4
ii libc6 2.24-0experimental0
ii libcairo2 1.14.6-1+b1
ii libcups2 2.0.3-10
ii libdbus-1-3 1.10.8-1
ii libexpat1 2.2.0-1
ii libfontconfig1 2.11.0-6.5
ii libfreetype6 2.6.3-3+b1
ii libgcc1 1:6.1.1-11
ii libgdk-pixbuf2.0-0 2.34.0-1
ii libglib2.0-0 2.48.1-2
ii libgnome-keyring0 3.12.0-1+b1
ii libgtk-3-0 3.20.9-1
ii libharfbuzz0b 1.2.7-1+b1
ii libjpeg62-turbo 1:1.5.0-1
ii libnettle6 3.2-1
ii libnspr4 2:4.12-2
ii libnss3 2:3.25-1
ii libpango-1.0-0 1.40.1-1
ii libpangocairo-1.0-0 1.40.1-1
ii libpci3 1:3.3.1-1.1
ii libpulse0 8.0-1
ii libspeechd2 0.8.4-2
ii libstdc++6 6.1.1-11
ii libx11-6 2:1.6.3-1
ii libxcomposite1 1:0.4.4-1
ii libxcursor1 1:1.1.14-1+b1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.2-1
ii libxi6 2:1.7.6-1
ii libxml2 2.9.4+dfsg1-1+b1
ii libxrandr2 2:1.5.0-1
ii libxrender1 1:0.9.9-2
ii libxslt1.1 1.1.28-4
ii libxss1 1:1.2.2-1
ii libxtst6 2:1.2.2-1+b1
ii x11-utils 7.7+3
ii xdg-utils 1.1.1-1
Versions of packages chromium recommends:
ii fonts-liberation 2.00.1-1
Versions of packages chromium suggests:
pn chromium-l10n <none>
-- no debconf information
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: chrome-media-ffmpeg-memory-corruption-abort.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20160830/0b8c211a/attachment-0001.txt>
More information about the Pkg-chromium-maint
mailing list