Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 374983

Summary: www-client/chromium: random crashes on hardened environment
Product: Gentoo Linux Reporter: Agostino Sarubbo <ago>
Component: Current packagesAssignee: Chromium Project <chromium>
Status: RESOLVED UPSTREAM    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: http://code.google.com/p/chromium/issues/detail?id=94472
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-07-12 16:54:08 UTC 
I missed version because this problem is since 11 to 13, i didn't try 14. So the browser crashes at random time with the following message in dmesg:

grsec: Invalid alignment/Bus error occurred at 3a874000 in /usr/lib/chromium-browser/chrome[chrome:15941] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/kdeinit4[kdeinit4:2016] uid/euid:1000/1000 gid/egid:1000/1000

Portage 2.1.10.3 (hardened/linux/x86, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39-gentoo  i686)
=================================================================
System uname: Linux-2.6.39-gentoo-i686-Intel-R-_Celeron-R-_M_CPU_430_@_1.73GHz-with-gentoo-2.0.2
Timestamp of tree: Sun, 10 Jul 2011 16:00:01 +0000
app-shells/bash:          4.1_p9
dev-lang/python:          2.7.1-r1, 3.1.3-r1
dev-util/cmake:           2.8.4-r1
dev-util/pkgconfig:       0.25-r2
sys-apps/baselayout:      2.0.2
sys-apps/openrc:          0.8.3-r1
sys-apps/sandbox:         2.4
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.9.6-r3, 1.11.1
sys-devel/binutils:       2.20.1-r1
sys-devel/gcc:            4.4.5
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.2.10
sys-devel/make:           3.82
sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers)
sys-libs/glibc:           2.12.2
Repositories: gentoo x-portage
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="*"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -g0 -w"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=prescott -g0 -w"
DISTDIR="/media/sources"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="assume-digests binpkg-logs collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="it_IT.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
LINGUAS="en en_GB"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl acpi alsa apic bash-completion berkdb bzip2 cairo cli consolekit cracklib crypt custom-cflags custom-optimization cxx dbus dri dvd extras ffmpeg gdbm gpm gtk hardened iconv jpeg jpeg2k kde lame lm_sensors mad mmx modules mp3 mudflap ncurses networkmanager nls nptl nptlonly nsplugin opengl openmp pam pcre perl pic png policykit pppd python qt3support qt4 readline semantic-desktop session sse sse2 ssl svg symlink sysfs tcpd threads tiff udev urandom x264 x86 xorg zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" 
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Emerge --info reportes custom name of kernel, but the real version is:
linux-2.6.39-hardened-r4
Same thing with .38-hardened
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-07-18 00:16:39 UTC 
Okay, could you please get a stacktrace? (http://code.google.com/p/chromium/wiki/LinuxDebugging may be helpful, and I can give you more assistance if needed)

Also, are there some specific steps to reliably reproduce the issue? I noticed you wrote it happens totally randomly in the report, but I'd just like to make sure there is no obvious correlation.
Comment 2 Agostino Sarubbo gentoo-dev 2011-07-18 19:28:16 UTC 
(In reply to comment #1)
> Also, are there some specific steps to reliably reproduce the issue?
no

Atm, I have modified chromium ebuild, so filtering flag like -fomit-frame-pointer and replace -O3 with -O2 so, -O3 should be a cause of crashing on hardened.

After using my custom ebuild I didn't see other crashes, so I test it for another days.

To do a correct backtrace I must recompile with the original ebuild, I'll do also it.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-08 17:41:23 UTC 
(In reply to comment #2)
> Atm, I have modified chromium ebuild, so filtering flag like
> -fomit-frame-pointer and replace -O3 with -O2 so, -O3 should be a cause of
> crashing on hardened.

Okay, so does it mean -O3 is causing the crashes?
Comment 4 Agostino Sarubbo gentoo-dev 2011-08-08 18:57:21 UTC 
No, also with -O3 dropped there is also a problem. Anyway i didn't see anything with gdb and the problem is not reproducible every time. It is probably related to flash interaction.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-08 19:24:03 UTC 
That's not enough to fix anything. It'd be interesting if you could get a core dump file.
Comment 6 Agostino Sarubbo gentoo-dev 2011-08-29 00:15:36 UTC 
If can be interesting, I see this error from gdb:

V8 error: V8 is no longer usable (v8::V8::SetGlobalGCPrologueCallback()).  Current memory usage: 0 MB

When it crashes i see always this warning
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-29 03:03:43 UTC 
(In reply to comment #6)
> V8 error: V8 is no longer usable (v8::V8::SetGlobalGCPrologueCallback()). 

Sorry, this is still not enough. Could you obtain a stack trace or something?
Comment 8 Agostino Sarubbo gentoo-dev 2011-11-15 12:56:21 UTC 
(gdb) bt
#0  0x4b8fa416 in __kernel_vsyscall ()
#1  0x492e7556 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x49a3c6a2 in epoll_dispatch (base=0x135d2480, tv=0x0) at epoll.c:404
#3  0x49a2885a in event_base_loop (base=0x135d2480, flags=1) at event.c:1562
#4  0x112932d1 in base::MessagePumpLibevent::Run (this=0x13600440, delegate=0x47fd8008)
    at base/message_pump_libevent.cc:260
#5  0x112c1f4b in MessageLoop::RunInternal (this=0x47fd8008) at base/message_loop.cc:443
#6  0x112c2149 in RunHandler (this=0xfffffffc) at base/message_loop.cc:416
#7  MessageLoop::Run (this=0xfffffffc) at base/message_loop.cc:340
#8  0x112f9d99 in base::Thread::Run (this=0x135adc30, message_loop=0x47fd8008)
    at base/threading/thread.cc:128
#9  0x112f9b8e in base::Thread::ThreadMain (this=0x135adc30) at base/threading/thread.cc:163
#10 0x112f9815 in base::(anonymous namespace)::ThreadFunc (params=0x135aadb0)
    at base/threading/platform_thread_posix.cc:58
#11 0x4b8cdb4c in start_thread (arg=0x47fd8b70) at pthread_create.c:301
#12 0x492e6b6e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133



(gdb) bt
#0  0x4ac21416 in __kernel_vsyscall ()                                                                                                                                              
#1  0x48603bbc in __poll (fds=0x48690e4c, nfds=4, timeout=1677) at ../sysdeps/unix/sysv/linux/poll.c:87                                                                             
#2  0x48dd22c7 in g_poll (fds=0x16b99600, nfds=4, timeout=1677) at gpoll.c:132                                                                                                      
#3  0x48dc45d0 in g_main_context_poll (context=0x141262d0, block=<value optimized out>, dispatch=1,                                                                                 
    self=0x1411f4e0) at gmain.c:3405                                                                                                                                                
#4  g_main_context_iterate (context=0x141262d0, block=<value optimized out>, dispatch=1, self=0x1411f4e0)                                                                           
    at gmain.c:3087                                                                                                                                                                 
#5  0x48dc48d1 in g_main_context_iteration (context=0x141262d0, may_block=1) at gmain.c:3155                                                                                        
#6  0x11e5a9b7 in base::MessagePumpGtk::RunOnce (this=0x14158180, context=0x141262d0,                                                                                               
    block=<value optimized out>) at base/message_pump_gtk.cc:41                                                                                                                     
#7  0x11e59aee in base::MessagePumpGlib::RunWithDispatcher (this=0x14158180, delegate=0x14115b00,                                                                                   
    dispatcher=0x0) at base/message_pump_glib.cc:206                                                                                                                                
#8  0x11e59c6c in base::MessagePumpGlib::Run (this=0x14158180, delegate=0x14115b00)                                                                                                 
    at base/message_pump_glib.cc:298                                                                                                                                                
#9  0x11e16f4b in MessageLoop::RunInternal (this=0x14115b00) at base/message_loop.cc:443                                                                                            
#10 0x11e17048 in RunHandler (this=0xfffffdfc, dispatcher=0x4) at base/message_loop.cc:416                                                                                          
#11 MessageLoopForUI::Run (this=0xfffffdfc, dispatcher=0x4) at base/message_loop.cc:823                                                                                             
#12 0x11abd8a2 in RunUIMessageLoop (this=0x1411f0f0) at chrome/browser/browser_main.cc:245                                                                                          
#13 ChromeBrowserMainParts::TemporaryContinue (this=0x1411f0f0) at chrome/browser/browser_main.cc:1840                                                                              
#14 0x13397c86 in BrowserMain (parameters=...) at content/browser/browser_main.cc:311                                                                                               
#15 0x11d6675b in RunNamedProcessTypeMain (argc=1, argv=0x5a94a8f4, delegate=0x5a94a7d0)                                                                                            
    at content/app/content_main.cc:292                                                                                                                                              
#16 content::ContentMain (argc=1, argv=0x5a94a8f4, delegate=0x5a94a7d0) at content/app/content_main.cc:482 


@Pawel, are them enough?
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-15 16:00:18 UTC 
(In reply to comment #8)
> @Pawel, are them enough?

Yes, they're good. I noticed you've reported that upstream, which is good (however, you really should try to reproduce the crashes with Google Chrome).

I replied in the upstream bug report.
Comment 10 Agostino Sarubbo gentoo-dev 2011-11-15 16:06:09 UTC 
(In reply to comment #9)
> (however, you really should try to reproduce the crashes with Google Chrome).
Is not possible, the problem is chromium compiled with hardened gcc and there aren't sources of google chrome, so, imho is no-sense try it
Comment 11 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-15 16:15:37 UTC 
(In reply to comment #10)
> (In reply to comment #9)
> > (however, you really should try to reproduce the crashes with Google Chrome).
> Is not possible, the problem is chromium compiled with hardened gcc and there
> aren't sources of google chrome, so, imho is no-sense try it

It makes no sense to argue with people trying to do something with your bug reports. Please go install www-client/google-chrome and see if it crashes, just as asked. If it doesn't after *trying* it, it's still very valuable information. Please Just Do It, it'll make it easier for upstream to further process the bug report.
Comment 12 Agostino Sarubbo gentoo-dev 2011-11-15 16:37:54 UTC 
(In reply to comment #11)
> It makes no sense to argue with people trying to do something with your bug
> reports. Please go install www-client/google-chrome and see if it crashes, just
> as asked. If it doesn't after *trying* it, it's still very valuable
> information. Please Just Do It, it'll make it easier for upstream to further
> process the bug report.

Before do unnecessary and vague attempts you should take a look on what causes this problem. 
So, for me, chromium in not hardened environment works perfectly as for all I guess. The problem is there when I compile with hardened gcc, so, flags like: -fno-strict-overflow -fPIE -fstack-protector-all can annoying in some way.

Now, imho, google-chrome is not compiled with that flags and cannot reproduce this issue.


Anyway, as I said, after have tried it, google-chrome works without a problem(s).