Recent Chromium and ubuntu-bug segfaults: kernel bug?

Marius Gedminas marius at
Tue Apr 3 20:32:31 UTC 2012

Ubuntu 11.04, x86.  I've upgraded chromium-browser from oneiric-updates
and a few other packages today (kernel ->, aptdaemon)
today and rebooted.  Now I can't launch chromium-browser:

    $ chromium-browser 
    [] write: Broken pipe
    Segmentation fault

    $ dmesg | tail -n 1
    [ 1611.746612] chromium-browse[7032] general protection ip:438a1c sp:bfb66cdc error:0 in[42b000+17000]

I also cannot launch ubuntu-bug:

    $ ubuntu-bug chromium-browser
    Segmentation fault

    $ dmesg | tail -n 1
    [ 1641.176913] apport-gtk[7091] general protection ip:5f3284 sp:bfcbd7fc error:0 in[527000+178000]

strace -f ubuntu-bug chromium-browser tells me that it spawns a subprocess to
run dpkg --print-architecture, and then the parent process dies.

Under gdb (after figuring out what process this is):

    $ file --dereference $(which ubuntu-bug)
    /usr/bin/ubuntu-bug: POSIX shell script text executable

    $ sh -x /usr/bin/ubuntu-bug chromium-browser
    + export APPORT_INVOKED_AS=/usr/bin/ubuntu-bug
    + /usr/share/apport/apport-gtk chromium-browser
    Segmentation fault

    $ file /usr/share/apport/apport-gtk
    /usr/share/apport/apport-gtk: a /usr/bin/python script text executable

    $ gdb --args python /usr/share/apport/apport-gtk chromium-browser
    (gdb) run
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0xadf9fb70 (LWP 5591)]
    0x003e5343 in _IO_fread (buf=0x8b19f9c, size=1, count=8192, fp=0x8b17a30)
        at iofread.c:47
    (gdb) bt
    #0  0x003e5343 in _IO_fread (buf=0x8b19f9c, size=1, count=8192, fp=0x8b17a30)
        at iofread.c:47
    #1  0x08085ea5 in file_read (f=0xb7677860, args=())
        at ../Objects/fileobject.c:1082
    #2  0x080fade1 in ext_do_call (nk=0, na=142098760, flags=<optimized out>, 
        pp_stack=0xadf9e524, func=
        <built-in method read of file object at remote 0xb7677860>)
        at ../Python/ceval.c:4331
    #3  PyEval_EvalFrameEx (f=
        Frame 0x85c7284, for file /usr/lib/python2.7/, line 478, in _eintr_retry_call (func=<built-in method read of file object at remote 0xb7677860>, args=()), throwflag=0) at ../Python/ceval.c:2705

When I run chromium-browser under strace it doesn't segfault, but halts in
poll().  The GUI window never shows up.  Under gdb, though:
    $ file $(which chromium-browser)
    /usr/bin/chromium-browser: POSIX shell script text executable

    $ sh -x /usr/bin/chromium-browser
    + LD_LIBRARY_PATH=/usr/lib/chromium-browser
    + export LD_LIBRARY_PATH
    + export CHROME_WRAPPER=/usr/bin/chromium-browser
    + export CHROME_DESKTOP=chromium-browser.desktop
    + export CHROME_VERSION_EXTRA=Ubuntu 11.10
    + exec /usr/lib/chromium-browser/chromium-browser
    [] write: Broken pipe
    Segmentation fault

    $ CHROME_VERSION_EXTRA=Ubuntu\ 11.10 CHROME_WRAPPER=/usr/bin/chromium-browser CHROME_DESKTOP=chromium-browser.desktop LD_LIBRARY_PATH=/usr/lib/chromium-browser gdb --args /usr/lib/chromium-browser/chromium-browser
    (gdb) run
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0xb7c15b70 (LWP 5795)]
    syscall () at ../sysdeps/unix/sysv/linux/i386/syscall.S:35
    (gdb) bt
    #0  syscall () at ../sysdeps/unix/sysv/linux/i386/syscall.S:35
    #1  0x80bbd1ab in epoll_wait ()
    #2  0x80bbcb50 in epoll_dispatch ()
    #3  0x80bbaca2 in event_base_loop ()
    #4  0x80b56c51 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
    #5  0x80b79492 in MessageLoop::RunInternal() ()
    #6  0x80b794f1 in MessageLoop::Run() ()
    #7  0x80b9c58b in base::Thread::Run(MessageLoop*) ()
    #8  0x80b9c4f2 in base::Thread::ThreadMain() ()
    #9  0x80b99dcc in base::(anonymous namespace)::ThreadFunc(void*) ()
    #10 0x00cd8d31 in start_thread (arg=0xb7c15b70) at pthread_create.c:304
    #11 0x011c446e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
    Backtrace stopped: Not enough registers or memory available to unwind further

I find it extremely suspicious that two unrelated applications have started
segfaulting suddenly deep in system libraries.  So... kernel bug?

Rebooting back into 3.0.0-17 to see what happens there.

    $ grep -- -17 /boot/grub/grub.cfg
    $ sudo grub-reboot 'Ubuntu, su Linux 3.0.0-17-generic'
    $ sudo reboot

** later ** 'sudo grub-reboot' did not do anything; I got the -18 kernel
and had to reboot again, then select the older one manually from the
grub menu.

I cannot reproduce either segfault with the -17 kernel.  I'll file a
kernel bug now in launchpad.

Marius Gedminas
If you are good, you will be assigned all the work.  If you are real
good, you will get out of it.

Marius Gedminas
   TCP_SeqNum - The 32-bit Sequence Number, encoded as an ASCII string
      representing the hex value of the Sequence number.  This field
      MUST be sent as lower case because it is not urgent.
                -- RFC 3093
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <>

More information about the ubuntu-users mailing list