Bug 207298

Summary: kickstarter.com crashes www/chromium
Product: Ports & Packages Reporter: Lars Engels <lme>
Component: Individual Port(s)Assignee: freebsd-chromium (Nobody) <chromium>
Status: Closed FIXED    
Severity: Affects Some People CC: aksyom, chuckiels2011, cpm, emaste, gavin, jhyphenkeck, lme, meta, ori, ws, yonas
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://bugs.chromium.org/p/chromium/issues/detail?id=687726

Description Lars Engels freebsd_committer freebsd_triage 2016-02-18 06:29:13 UTC 
The latest version of Chromium crashes when http://kickstarter.com is opened.
Confirmed on two machines.
Comment 1 Wayne Sierke 2016-02-19 07:13:16 UTC 
For me this started after a "pkg upgrade chromium" to chromium-48.0.2564.103, which also upgraded various other dependencies. Starting chromium with an existing session tab for a kickstarter "project" page would crash it. Running chromium in a newly created user account exhibited the same behviour. My initial experience was that chromium would open the kickstarter.com home page, but going to a project page would crash. Subsequently, however, loading the home page also started crashing chromium.

Compiling www/chromium locally gave the same behaviour.

After reverting back to the previous version with "pkg delete chromium" and "pkg install chromium-48.0.2564.97.txz" the behaviour persisted, even though chromium had not been crashing prior to the upgrade. I attempted to determine which of the dependent ports had been upgraded and reverted those that I could identify to their previous versions but the crashing persisted.
Comment 2 Arto Pekkanen 2016-06-04 22:21:25 UTC 
I can also confirm that kickstarter.com crashes chromium-49.0.2623.112_1
Comment 3 nc 2016-08-18 22:23:52 UTC 
Can confirm that this is still an issue on Chrome 51.0.2704.106
Comment 4 Koichiro Iwao freebsd_committer freebsd_triage 2016-09-15 10:13:00 UTC 
crashes chromium-52.0.2743.116, too.
Comment 5 Ori Bernstein 2016-11-25 20:38:19 UTC 
]$ gdb ./out/Release/chrome chrome.core
GNU gdb (GDB) 7.11.1 [GDB v7.11.1 for FreeBSD]
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd11.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./out/Release/chrome...(no debugging symbols found)...done.
[New LWP 101425]
[New LWP 100638]
[New LWP 100719]
[New LWP 100729]
[New LWP 100969]
[New LWP 100971]
[New LWP 100980]
[New LWP 100990]
[New LWP 101002]
[New LWP 101006]
[New LWP 101007]
[New LWP 101133]
[New LWP 101137]
[New LWP 101170]
[New LWP 101214]
[New LWP 101215]
[New LWP 101246]
[New LWP 101253]
[New LWP 101254]
[New LWP 101255]
[New LWP 101257]
[New LWP 101258]
[New LWP 101259]
[New LWP 101260]
[New LWP 101261]
[New LWP 101323]
[New LWP 101324]
[New LWP 101325]
[New LWP 101346]
[New LWP 101347]
Core was generated by `chrome'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000035d579a in InstallableManager::OnDidCheckHasServiceWorker(bool) ()
[Current thread is 1 (LWP 101425)]
(gdb) bt
#0  0x00000000035d579a in InstallableManager::OnDidCheckHasServiceWorker(bool) ()
#1  0x00000000035d3537 in banners::AppBannerManager::RecordDidShowBanner(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) ()
#2  0x00000000035e0b70 in SiteDetails::CollectSiteInfo(content::WebContents*, SiteData*) ()
#3  0x00000000035e6c2d in ThreadWatcher::ActivateThreadWatching() ()
#4  0x00000000035e49a9 in MetricsMemoryDetails::UpdateHistograms() ()
#5  0x000000000371eb39 in printing::PrintJob::PrintJob() ()
#6  0x00000000054a3dfb in TDirectiveHandler::handlePragma(pp::SourceLocation const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool) ()
#7  0x0000000004864a9a in base::internal::Invoker<base::internal::BindState<void (storage::FileSystemOperationRunner::*)(storage::FileSystemOperationRunner::OperationHandle const&, base::Callback<void (storage::FileSystemOperation::CopyProgressType, storage::FileSystemURL const&, storage::FileSystemURL const&, long), (base::internal::CopyMode)1> const&, storage::FileSystemOperation::CopyProgressType, storage::FileSystemURL const&, storage::FileSystemURL const&, long), base::WeakPtr<storage::FileSystemOperationRunner>, storage::FileSystemOperationRunner::OperationHandle, base::Callback<void (storage::FileSystemOperation::CopyProgressType, storage::FileSystemURL const&, storage::FileSystemURL const&, long), (base::internal::CopyMode)1>, storage::FileSystemOperation::CopyProgressType, storage::FileSystemURL, storage::FileSystemURL, long>, void ()>::Run(base::internal::BindStateBase*) ()
#8  0x000000000486364c in storage::FileSystemOperationRunner::MoveFileLocal(storage::FileSystemURL const&, storage::FileSystemURL const&, storage::FileSystemOperation::CopyOrMoveOption, base::Callback<void (base::File::Error), (base::internal::CopyMode)1> const&) ()
#9  0x000000000486395c in storage::FileSystemOperationRunner::FinishOperation(int) ()
#10 0x0000000004863b83 in storage::FileSystemOperationRunner::FinishOperation(int) ()
#11 0x00000000048657df in storage::FileSystemQuotaClient::DeleteOriginData(GURL const&, storage::StorageType, base::Callback<void (storage::QuotaStatusCode), (base::internal::CopyMode)1> const&) ()
#12 0x0000000808769b75 in ?? ()
#13 0x0000000820556430 in ?? ()
#14 0x00000008170426c0 in ?? ()
#15 0x0000000000000000 in ?? ()
(gdb)
Comment 6 Ori Bernstein 2016-11-25 20:47:22 UTC 
Although, looking at it, the instruction that's faulting is a bit weird (in that it isn't touching memory):

	display/2i $rip
	2: x/2i $rip
	=> 0x35d579a <_ZN18InstallableManager26OnDidCheckHasServiceWorkerEb+10>:        mov    %rdi,%rbx
	   0x35d579d <_ZN18InstallableManager26OnDidCheckHasServiceWorkerEb+13>:        callq  0x23c4690 <srtp_get_user_data>
Comment 7 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-02-01 22:40:52 UTC 
This issue has been reported upstream:

https://bugs.chromium.org/p/chromium/issues/detail?id=687726
Comment 8 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-02-02 13:06:55 UTC 
*** Bug 214450 has been marked as a duplicate of this bug. ***
Comment 9 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-02-02 13:11:29 UTC 
Tip: to open kickstater.com webpage you should disable javascript on page via chrome setting.
Comment 10 commit-hook freebsd_committer freebsd_triage 2017-02-09 11:53:47 UTC 
A commit references this bug:

Author: cpm
Date: Thu Feb  9 11:52:51 UTC 2017
New revision: 433722
URL: https://svnweb.freebsd.org/changeset/ports/433722

Log:
  www/chromium: fix segfault which prevents to load some websites.

  PR:		207298
  MFH:		2017Q1 (blanket)

Changes:
  head/www/chromium/Makefile
  head/www/chromium/files/patch-apps_ui_views_app__window__frame__view.cc
  head/www/chromium/files/patch-chrome_browser_ui_startup_startup__browser__creator.cc
  head/www/chromium/files/patch-chrome_browser_ui_views_accelerator__table.cc
  head/www/chromium/files/patch-chrome_browser_ui_views_app__list_linux_app__list__linux.cc
  head/www/chromium/files/patch-content_browser_memory_memory__coordinator__impl.cc
  head/www/chromium/files/patch-device_bluetooth_BUILD.gn
  head/www/chromium/files/patch-device_gamepad_gamepad__provider.cc
  head/www/chromium/files/patch-device_media__transfer__protocol_media__transfer__protocol__daemon__client.h
  head/www/chromium/files/patch-services_ui_public_cpp_gles2__context.cc
  head/www/chromium/files/patch-services_ui_surfaces_surfaces__context__provider.cc
  head/www/chromium/files/patch-ui_gfx_font__fallback__linux.cc
  head/www/chromium/files/patch-v8_src_globals.h
Comment 11 commit-hook freebsd_committer freebsd_triage 2017-02-09 11:59:55 UTC 
A commit references this bug:

Author: cpm
Date: Thu Feb  9 11:59:08 UTC 2017
New revision: 433723
URL: https://svnweb.freebsd.org/changeset/ports/433723

Log:
  MFH: r433722

  www/chromium: fix segfault which prevents to load some websites.

  PR:		207298

  Approved by:	ports-secteam (blanket)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/chromium/Makefile
  branches/2017Q1/www/chromium/files/patch-apps_ui_views_app__window__frame__view.cc
  branches/2017Q1/www/chromium/files/patch-chrome_browser_ui_startup_startup__browser__creator.cc
  branches/2017Q1/www/chromium/files/patch-chrome_browser_ui_views_accelerator__table.cc
  branches/2017Q1/www/chromium/files/patch-chrome_browser_ui_views_app__list_linux_app__list__linux.cc
  branches/2017Q1/www/chromium/files/patch-content_browser_memory_memory__coordinator__impl.cc
  branches/2017Q1/www/chromium/files/patch-device_bluetooth_BUILD.gn
  branches/2017Q1/www/chromium/files/patch-device_gamepad_gamepad__provider.cc
  branches/2017Q1/www/chromium/files/patch-device_media__transfer__protocol_media__transfer__protocol__daemon__client.h
  branches/2017Q1/www/chromium/files/patch-services_ui_public_cpp_gles2__context.cc
  branches/2017Q1/www/chromium/files/patch-services_ui_surfaces_surfaces__context__provider.cc
  branches/2017Q1/www/chromium/files/patch-ui_gfx_font__fallback__linux.cc
  branches/2017Q1/www/chromium/files/patch-v8_src_globals.h
Comment 12 Yonas Yanfa 2017-02-11 23:53:47 UTC 
Thanks! kickstarter.com works for me as of chromium-56.0.2924.87_1