Recent Chromium and ubuntu-bug segfaults: kernel bug?

Marius Gedminas marius at pov.lt
Tue Apr 3 20:32:31 UTC 2012 

Ubuntu 11.04, x86.  I've upgraded chromium-browser from oneiric-updates
and a few other packages today (kernel 3.0.0.17.20 -> 3.0.0.18.22, aptdaemon)
today and rebooted.  Now I can't launch chromium-browser:

    $ chromium-browser 
    [2:2:1611770310:ERROR:zygote_main_linux.cc(520)] write: Broken pipe
    Segmentation fault

    $ dmesg | tail -n 1
    [ 1611.746612] chromium-browse[7032] general protection ip:438a1c sp:bfb66cdc error:0 in libpthread-2.13.so[42b000+17000]

I also cannot launch ubuntu-bug:

    $ ubuntu-bug chromium-browser
    Segmentation fault

    $ dmesg | tail -n 1
    [ 1641.176913] apport-gtk[7091] general protection ip:5f3284 sp:bfcbd7fc error:0 in libc-2.13.so[527000+178000]

strace -f ubuntu-bug chromium-browser tells me that it spawns a subprocess to
run dpkg --print-architecture, and then the parent process dies.

Under gdb (after figuring out what process this is):

    $ file --dereference $(which ubuntu-bug)
    /usr/bin/ubuntu-bug: POSIX shell script text executable

    $ sh -x /usr/bin/ubuntu-bug chromium-browser
    ...
    + export APPORT_INVOKED_AS=/usr/bin/ubuntu-bug
    ...
    + /usr/share/apport/apport-gtk chromium-browser
    Segmentation fault

    $ file /usr/share/apport/apport-gtk
    /usr/share/apport/apport-gtk: a /usr/bin/python script text executable

    $ gdb --args python /usr/share/apport/apport-gtk chromium-browser
    (gdb) run
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0xadf9fb70 (LWP 5591)]
    0x003e5343 in _IO_fread (buf=0x8b19f9c, size=1, count=8192, fp=0x8b17a30)
        at iofread.c:47
    (gdb) bt
    #0  0x003e5343 in _IO_fread (buf=0x8b19f9c, size=1, count=8192, fp=0x8b17a30)
        at iofread.c:47
    #1  0x08085ea5 in file_read (f=0xb7677860, args=())
        at ../Objects/fileobject.c:1082
    #2  0x080fade1 in ext_do_call (nk=0, na=142098760, flags=<optimized out>, 
        pp_stack=0xadf9e524, func=
        <built-in method read of file object at remote 0xb7677860>)
        at ../Python/ceval.c:4331
    #3  PyEval_EvalFrameEx (f=
        Frame 0x85c7284, for file /usr/lib/python2.7/subprocess.py, line 478, in _eintr_retry_call (func=<built-in method read of file object at remote 0xb7677860>, args=()), throwflag=0) at ../Python/ceval.c:2705
    ...

When I run chromium-browser under strace it doesn't segfault, but halts in
poll().  The GUI window never shows up.  Under gdb, though:
 
    $ file $(which chromium-browser)
    /usr/bin/chromium-browser: POSIX shell script text executable

    $ sh -x /usr/bin/chromium-browser
    ...
    + LD_LIBRARY_PATH=/usr/lib/chromium-browser
    + export LD_LIBRARY_PATH
    ...
    + export CHROME_WRAPPER=/usr/bin/chromium-browser
    + export CHROME_DESKTOP=chromium-browser.desktop
    ...
    + export CHROME_VERSION_EXTRA=Ubuntu 11.10
    ...
    + exec /usr/lib/chromium-browser/chromium-browser
    [2:2:2361106329:ERROR:zygote_main_linux.cc(520)] write: Broken pipe
    Segmentation fault

    $ CHROME_VERSION_EXTRA=Ubuntu\ 11.10 CHROME_WRAPPER=/usr/bin/chromium-browser CHROME_DESKTOP=chromium-browser.desktop LD_LIBRARY_PATH=/usr/lib/chromium-browser gdb --args /usr/lib/chromium-browser/chromium-browser
    (gdb) run
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0xb7c15b70 (LWP 5795)]
    syscall () at ../sysdeps/unix/sysv/linux/i386/syscall.S:35
    (gdb) bt
    #0  syscall () at ../sysdeps/unix/sysv/linux/i386/syscall.S:35
    #1  0x80bbd1ab in epoll_wait ()
    #2  0x80bbcb50 in epoll_dispatch ()
    #3  0x80bbaca2 in event_base_loop ()
    #4  0x80b56c51 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
        ()
    #5  0x80b79492 in MessageLoop::RunInternal() ()
    #6  0x80b794f1 in MessageLoop::Run() ()
    #7  0x80b9c58b in base::Thread::Run(MessageLoop*) ()
    #8  0x80b9c4f2 in base::Thread::ThreadMain() ()
    #9  0x80b99dcc in base::(anonymous namespace)::ThreadFunc(void*) ()
    #10 0x00cd8d31 in start_thread (arg=0xb7c15b70) at pthread_create.c:304
    #11 0x011c446e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
    Backtrace stopped: Not enough registers or memory available to unwind further

I find it extremely suspicious that two unrelated applications have started
segfaulting suddenly deep in system libraries.  So... kernel bug?

Rebooting back into 3.0.0-17 to see what happens there.

    $ grep -- -17 /boot/grub/grub.cfg
    $ sudo grub-reboot 'Ubuntu, su Linux 3.0.0-17-generic'
    $ sudo reboot

** later ** 'sudo grub-reboot' did not do anything; I got the -18 kernel
and had to reboot again, then select the older one manually from the
grub menu.

I cannot reproduce either segfault with the -17 kernel.  I'll file a
kernel bug now in launchpad.

Marius Gedminas
-- 
If you are good, you will be assigned all the work.  If you are real
good, you will get out of it.

Marius Gedminas
-- 
   TCP_SeqNum - The 32-bit Sequence Number, encoded as an ASCII string
      representing the hex value of the Sequence number.  This field
      MUST be sent as lower case because it is not urgent.
                -- RFC 3093
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20120403/9634f419/attachment.sig>

More information about the ubuntu-users mailing list