Bugzilla – Bug 1227739
chromium 126 keeps dumping core
Last modified: 2024-07-20 10:47:21 UTC
After updating to TW 20240711, which includes chromium 126, the browser keeps dumping core, mostly on google.com pages. The application itself doesn't crash but single tabs do. Even deleting GPUCache, which worked in similar situations in the past, didn't help. Going back to chromium 125 fixed the problem. Some of the errors in the log: chromium-browser[2117]: [0713/071819.900244:ERROR:elf_dynamic_array_reader.h(64)] tag not found chromium-browser[2117]: [0713/071819.901422:ERROR:process_memory_range.cc(75)] read out of range chromium-browser[2117]: Received signal 11 SI_KERNEL000000000000 chromium-browser[2117]: Possibly a General Protection Fault, can be due to a non-canonical address dereference. See "Intel 64 and IA-32 Architectures Software Developer’s Manual", Volume 1, Section 3.3.7.1. chromium-browser[2117]: #0 0x5579c1de3212 base::debug::CollectStackTrace() chromium-browser[2117]: #1 0x5579c1dcf74e base::debug::StackTrace::StackTrace() chromium-browser[2117]: #2 0x5579c1de2c81 base::debug::(anonymous namespace)::StackDumpSignalHandler() chromium-browser[2117]: #3 0x7f8777041240 (/usr/lib64/libc.so.6+0x4123f) [...]
Same here, Received signal 11 SI_KERNEL000000000000 Possibly a General Protection Fault, can be due to a non-canonical address dereference. See "Intel 64 and IA-32 Architectures Software Developer’s Manual", Volume 1, Section 3.3.7.1. #0 0x559c295ed212 base::debug::CollectStackTrace() #1 0x559c295d974e base::debug::StackTrace::StackTrace() #2 0x559c295ecc81 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f6567641240 (/usr/lib64/libc.so.6+0x4123f) #4 0x559c29b04ea7 mojo::internal::SendMojoMessage() #5 0x559c2503dab3 network::mojom::URLLoaderProxy::ResumeReadingBodyFromNet() #6 0x559c25f9e92d content::mojom::ChildProcessStubDispatch::Accept() #7 0x559c29aeb39e mojo::InterfaceEndpointClient::HandleValidatedMessage() #8 0x559c29af29fd mojo::MessageDispatcher::Accept() #9 0x559c29aecc0c mojo::InterfaceEndpointClient::HandleIncomingMessage() #10 0x559c29af63c9 mojo::internal::MultiplexRouter::ProcessIncomingMessage() #11 0x559c29af5aa7 mojo::internal::MultiplexRouter::Accept() #12 0x559c29af29fd mojo::MessageDispatcher::Accept() #13 0x559c29ae9029 mojo::Connector::DispatchMessage() #14 0x559c29ae9800 mojo::Connector::ReadAllAvailableMessages() #15 0x559c29ae9652 mojo::Connector::OnWatcherHandleReady() #16 0x559c25435cf8 base::RepeatingCallback<>::Run() #17 0x559c24d6f290 base::RepeatingCallback<>::Run() #18 0x559c29b0a6a6 mojo::SimpleWatcher::OnHandleReady() #19 0x559c29b0a863 mojo::SimpleWatcher::Context::Notify() #20 0x559c29b09be0 mojo::SimpleWatcher::Context::CallNotify() #21 0x559c24db4e1e mojo::core::ipcz_driver::MojoTrap::DispatchOrQueueEvent() #22 0x559c24db575c mojo::core::ipcz_driver::MojoTrap::HandleEvent() #23 0x559c24e04406 ipcz::TrapEventDispatcher::~TrapEventDispatcher() #24 0x559c24dfc7da ipcz::Router::AcceptInboundParcel() #25 0x559c24deedfa ipcz::NodeLink::AcceptCompleteParcel() #26 0x559c24dee411 ipcz::NodeLink::OnAcceptParcel() #27 0x559c24df6c0b ipcz::msg::NodeMessageListener::OnTransportMessage() #28 0x559c24ddc8a4 ipcz::(anonymous namespace)::NotifyTransport() #29 0x559c24dba8c9 mojo::core::ipcz_driver::Transport::OnChannelMessage() #30 0x559c24d9e7a7 mojo::core::Channel::TryDispatchMessage() #31 0x559c24d9e586 mojo::core::Channel::OnReadComplete() #32 0x559c24dd3210 mojo::core::ChannelPosix::OnFileCanReadWithoutBlocking() #33 0x559c295fddf7 base::MessagePumpEpoll::HandleEvent() #34 0x559c295fdaa1 base::MessagePumpEpoll::OnEpollEvent() #35 0x559c295fd5c6 base::MessagePumpEpoll::WaitForEpollEvents() #36 0x559c295fd1da base::MessagePumpEpoll::Run() #37 0x559c295981cf base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run() #38 0x559c2955c22d base::RunLoop::Run() #39 0x559c295ba3e5 base::Thread::Run() #40 0x559c2c7467bd content::(anonymous namespace)::ChildIOThread::Run() #41 0x559c295ba5ff base::Thread::ThreadMain() #42 0x559c295cfb6a base::(anonymous namespace)::ThreadFunc() #43 0x7f6567692ba2 start_thread #44 0x7f6567713df4 __GI___clone r8: 0000000000000020 r9: 00007f65587fc134 r10: 3b8875623d7ec400 r11: 0000000000000000 r12: 00007f65587fc138 r13: 00007f65587fc148 r14: 0000000000000000 r15: 0000559c303ae368 di: 00007f65587fc1a0 si: 00007f65587fc1a0 bp: 00007f65587fc190 bx: bfa295ff00000001 dx: 0000000000000008 ax: 0000000000000000 cx: 00000000c21b7a2f sp: 00007f65587fc130 ip: 0000559c29b04ea7 efl: 0000000000010246 cgf: 002b000000000033 erf: 0000000000000000 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] ../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall nr=0x25 arg1=0x5 arg2=0x7f65587fad60 arg3=0x0 arg4=0x8 Sorry, no debug packages
[0713/170333.779615:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.779849:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.779973:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.781594:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.783543:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.789757:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.789961:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.791510:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.791924:ERROR:elf_dynamic_array_reader.h(64)] tag not found [0713/170333.793408:ERROR:process_memory_range.cc(75)] read out of range [0713/170333.793697:ERROR:process_memory_range.cc(75)] read out of range [0713/170333.809007:ERROR:process_memory_range.cc(75)] read out of range [0713/170333.809029:ERROR:process_memory_range.cc(75)] read out of range [0713/170333.809795:ERROR:process_memory_range.cc(75)] read out of range [0713/170333.809805:ERROR:process_memory_range.cc(75)] read out of range Received signal 11 SI_KERNEL000000000000 Possibly a General Protection Fault, can be due to a non-canonical address dereference. See "Intel 64 and IA-32 Architectures Software Developer’s Manual", Volume 1, Section 3.3.7.1. #0 0x5561d125c212 base::debug::CollectStackTrace() #1 0x5561d124874e base::debug::StackTrace::StackTrace() #2 0x5561d125bc81 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f7e4d841240 (/usr/lib64/libc.so.6+0x4123f) #4 0x5561d11a179d base::internal::WeakReference::IsValid() #5 0x5561cc9af2e9 std::__find_if<>() #6 0x5561cc9a9dba base::ObserverList<>::RemoveObserver() #7 0x5561d389ff17 autofill::AlternativeStateNameMapUpdater::~AlternativeStateNameMapUpdater() #8 0x5561d38a003e autofill::AlternativeStateNameMapUpdater::~AlternativeStateNameMapUpdater() #9 0x5561d38956d2 autofill::AddressDataManager::~AddressDataManager() #10 0x5561d3895aae autofill::AddressDataManager::~AddressDataManager() #11 0x5561d38029c2 autofill::PersonalDataManager::~PersonalDataManager() #12 0x5561d3802b0e autofill::PersonalDataManager::~PersonalDataManager() #13 0x5561d23d40e7 KeyedServiceFactory::Disassociate() #14 0x5561d23d4312 KeyedServiceFactory::ContextDestroyed() #15 0x5561d23d29dc DependencyManager::PerformInterlockedTwoPhaseShutdown() #16 0x5561d0dba96b ProfileImpl::~ProfileImpl() #17 0x5561d0dbabbe ProfileImpl::~ProfileImpl() #18 0x5561d0dbe407 ProfileDestroyer::DestroyOriginalProfileNow() #19 0x5561d0dbf114 OriginalProfileDestroyer::DoDestroyUnderlyingProfile() #20 0x5561d0dbdb6a ProfileDestroyer::Start() #21 0x5561d0dbd617 ProfileDestroyer::DestroyOriginalProfileWhenAppropriateWithTimeout() #22 0x5561d0dbd491 ProfileDestroyer::DestroyOriginalProfileWhenAppropriate() #23 0x5561d0dc9774 ProfileManager::ProfileInfo::~ProfileInfo() #24 0x5561d0dcbe32 std::_Rb_tree<>::_M_erase() #25 0x5561d0dcbbd7 ProfileManager::~ProfileManager() #26 0x5561d0dc2bae ProfileManager::~ProfileManager() #27 0x5561d0bd2029 BrowserProcessImpl::StartTearDown() #28 0x5561d0bd089c ChromeBrowserMainParts::PostMainMessageLoopRun() #29 0x5561d105ab59 ChromeBrowserMainPartsLinux::PostMainMessageLoopRun() #30 0x5561ceceba08 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() #31 0x5561ceced7d2 content::BrowserMainRunnerImpl::Shutdown() #32 0x5561cece8831 content::BrowserMain() #33 0x5561d05dea56 content::RunBrowserProcessMain() #34 0x5561d05dfec0 content::ContentMainRunnerImpl::RunBrowser() #35 0x5561d05dfcda content::ContentMainRunnerImpl::Run() #36 0x5561d05dd638 content::RunContentProcess() #37 0x5561d05ddc47 content::ContentMain() #38 0x5561cc7f34c4 ChromeMain #39 0x7f7e4d82a1f0 __libc_start_call_main #40 0x7f7e4d82a2b9 __libc_start_main_alias_2 #41 0x5561cc2b5025 _start r8: 000000000000041a r9: 00000dd4014ed188 r10: 0000000000000000 r11: 0000000000000000 r12: 00000dd4012f0b00 r13: 0000000000000000 r14: 00000dd4012f0af0 r15: fffffffc00000000 di: 00000dd4012f0af0 si: 00000dd4012f0b00 bp: 00007fff00c860e0 bx: 00000dd4015ab4f0 dx: 00007fff00c86140 ax: 100e2f01d40d0000 cx: 00007fff00c86160 sp: 00007fff00c860e0 ip: 00005561d11a179d efl: 0000000000010206 cgf: 002b000000000033 erf: 0000000000000000 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Speicherzugriffsfehler (Speicherabzug geschrieben)
I'm only getting the AlternativeStateNameMapUpdater::~AlternativeStateNameMapUpdater() one myself. https://issues.chromium.org/issues/40222690 may be relevant. In particular, the change made by https://chromium-review.googlesource.com/c/chromium/src/+/5590096 is indeed not present in the 126.0.6478.126 source that the OpenSUSE package is built from.
Same with 126.0.6478.182?
> Same with 126.0.6478.182? Yes, still dumping core.
Just FYI: The same happens on openSuSE Leap 15.5, after updating chromium from 125.0.6422.141-bp155.2.91.1 to 126.0.6478.126-bp155.2.94.1: - Videos would start playing for a a few seconds, then stop - The browser would say something about the page being stuck, "wait" or "leave" Downgrading chromium back to 125.0.6422.141-bp155.2.91.1, it plays the same videos without problems.
Confirm the same as comment 6 on Leap 15.6 after upgrade to Chromium 126.0.6478.126-bp156.2.6.1|x86_64. Downgraded back to 125.0.6422.141-bp155.2.91.1 and all is working again.