search

blueboxd / chromium-legacy

Latest Chromium (≒Chrome Canary/Stable) for Mac OS X 10.7+
BSD 3-Clause "New" or "Revised" License
302 stars 17 forks source link

[CRASH] All versions above v120 are crashing #242

Open gpsvisualizer opened 3 hours ago

gpsvisualizer commented 3 hours ago

Describe the bug Starting this afternoon (2024-10-25), Chromium is crashing whenever I visit a Web site that has any complexity at all; usually, the problem occurs when I try to login to a Web site. (For example, https://github.com/)

I tried clearing my cache, and I even tried deleting the entire Chromium folder from "~/Library/Application Support/". Things would start out normal and then immediately crash when I tried to visit a Web site that was more than simple HTML.

Sometimes logging in via an Incognito Window works, but not always. (Somehow I wonder if syncing and/or authenticating on google.com might be part of the problem.)

The following versions are all crashing: v121.0.6167.139.1 v123.0.6303.0 v124.0.6367.207.1 v127.0.6494.0

This one does not crash: v120.0.6099.199.1.zip

Desktop (please complete the following information):

Logs I'm happy to provide logs if someone can tell me how.

Anyone else seeing anything weird today?

gpsvisualizer commented 3 hours ago

Update: exactly the same result when I boot up into Mojave instead of Yosemite!

Wowfunhappy commented 3 hours ago

I am actually also getting this. Totally strange since nothing in Chromium Legacy changed.

It doesn't need to be a particularly advanced website, e.g. it happened on Hacker News which is fairly basic.

Crash log attached. I'm seeing lots of TfLiteTensor stuff in the crashed thread. Some sort of Artificial Intelligence thing? Maybe some experiment Google is testing that got activated... _Chromium_2024-10-25-210538_Jonathans-Mac-Pro.crash.zip

gpsvisualizer commented 3 hours ago

Is it under a thread called "ThreadPoolUtilityWorker"? I figured out how to view my crash logs, and this is what it shows under the crashed thread:

Thread 32 Crashed:: ThreadPoolUtilityWorker
0   org.chromium.Chromium.framework 0x000000011be3aebc autofill::AutofillModelExecutor::Preprocess(std::__Cr::vector<TfLiteTensor*, std::__Cr::allocator<TfLiteTensor*> > const&, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 1036
1   org.chromium.Chromium.framework 0x000000011be3aed9 non-virtual thunk to autofill::AutofillModelExecutor::Preprocess(std::__Cr::vector<TfLiteTensor*, std::__Cr::allocator<TfLiteTensor*> > const&, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 9
2   org.chromium.Chromium.framework 0x000000011be3e908 optimization_guide::GenericModelExecutionTask<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&>::Preprocess(std::__Cr::vector<TfLiteTensor*, std::__Cr::allocator<TfLiteTensor*> > const&, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 24
3   org.chromium.Chromium.framework 0x000000011be3e420 tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&>::Infer(std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 64
4   org.chromium.Chromium.framework 0x000000011be3e277 optimization_guide::GenericModelExecutionTask<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&>::Execute(optimization_guide::ExecutionStatus*, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 71
5   org.chromium.Chromium.framework 0x000000011be3b4a7 optimization_guide::BaseModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&>::Execute(tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&>*, optimization_guide::ExecutionStatus*, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 23
6   org.chromium.Chromium.framework 0x000000011be3d078 optimization_guide::TFLiteModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&, tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&> >::BatchExecuteLoadedModel(std::__Cr::vector<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > >, std::__Cr::allocator<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > > > const&, std::__Cr::vector<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> >, std::__Cr::allocator<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> > > >*) + 552
7   org.chromium.Chromium.framework 0x000000011be3c88e optimization_guide::TFLiteModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&, tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&> >::BatchExecuteLoadedModelAndRunCallback(base::OnceCallback<void (std::__Cr::vector<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> >, std::__Cr::allocator<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> > > > const&)>, std::__Cr::vector<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > >, std::__Cr::allocator<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > > > const&, optimization_guide::ExecutionStatus) + 110
8   org.chromium.Chromium.framework 0x000000011be3c70a optimization_guide::TFLiteModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&, tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&> >::LoadModelFileAndBatchExecute(base::OnceCallback<void (std::__Cr::vector<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> >, std::__Cr::allocator<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> > > > const&)>, std::__Cr::vector<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > >, std::__Cr::allocator<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > > > const&) + 42
9   org.chromium.Chromium.framework 0x000000011be3c69f optimization_guide::TFLiteModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&, tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&> >::SendForBatchExecution(base::OnceCallback<void (std::__Cr::vector<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> >, std::__Cr::allocator<std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> > > > const&)>, base::TimeTicks, std::__Cr::vector<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > >, std::__Cr::allocator<std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > > > const&) + 175
10  org.chromium.Chromium.framework 0x000000011be3c44f optimization_guide::TFLiteModelExecutor<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&, tflite::task::core::BaseTaskApi<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul>, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&> >::SendForExecution(base::OnceCallback<void (std::__Cr::optional<std::__Cr::array<std::__Cr::vector<float, std::__Cr::allocator<float> >, 20ul> > const&)>, base::TimeTicks, std::__Cr::vector<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul>, std::__Cr::allocator<std::__Cr::array<base::StrongAlias<autofill::TokenIdTag, unsigned int>, 5ul> > > const&) + 415
11  org.chromium.Chromium.framework 0x000000011912b257 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) + 263
12  org.chromium.Chromium.framework 0x0000000119155aeb base::internal::TaskTracker::RunTaskImpl(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&) + 123
13  org.chromium.Chromium.framework 0x0000000119155b91 base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&) + 65
14  org.chromium.Chromium.framework 0x0000000119155892 base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&) + 498
15  org.chromium.Chromium.framework 0x00000001191554cc base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource) + 620
16  org.chromium.Chromium.framework 0x000000011915f56e base::internal::WorkerThread::RunWorker() + 974
17  org.chromium.Chromium.framework 0x000000011915f11d base::internal::WorkerThread::RunPooledWorker() + 13
18  org.chromium.Chromium.framework 0x000000011915f010 base::internal::WorkerThread::ThreadMain() + 128
19  org.chromium.Chromium.framework 0x000000011917ede9 base::(anonymous namespace)::ThreadFunc(void*) + 105
20  libsystem_pthread.dylib         0x00007fff686b72eb _pthread_body + 126
21  libsystem_pthread.dylib         0x00007fff686ba249 _pthread_start + 66
22  libsystem_pthread.dylib         0x00007fff686b640d thread_start + 13
Wowfunhappy commented 3 hours ago

Interesting, for me the crashed thread is ThreadPoolForegroundWorker.

But your crash log is also implicating something ot do with TensorFlow (TFLiteModelExecutor).

blueboxd commented 3 hours ago

Confirmed, and currently investigating. Since the canary branch is still in the process of being merged, it may be necessary to create a patch for the current stable if this feature cannot be disabled by the switch.

Sorry for the inconvenience as always.

gpsvisualizer commented 3 hours ago

Interesting, for me the crashed thread is ThreadPoolForegroundWorker.

Maybe it's a difference between Mac operating systems? It looks like you're on 10.9. I get ThreadPoolUtilityWorker in both 10.10 and 10.14.

(I'm just relieved that it's not my old MacBook Pro suddenly freaking out.)

RJVB commented 2 hours ago

Add me to the "me too" list... on 10.9 and indeed the ThreadPoolForegroundWorker thread.

v120.0.6099.199.1 indeed seems to work

blueboxd commented 1 hour ago

Got it, we now need --disable-features=OptimizationHints switch to avoid this.

This should be fixed in the next canary/stable (maybe within a couple weeks).

Anthony-B-Russo10 commented 1 hour ago

I have also experienced the same issue with the the same crashed thread (ThreadPoolUtilityWorker) under 10.7 with version 127.0.6494.0, but I have not seen this issue with the same version of Chromium on 10.11. I attached one of many crash logs I got for Chromium under 10.7. chromium crash log.txt

gpsvisualizer commented 52 minutes ago

Got it, we now need --disable-features=OptimizationHints switch to avoid this.

I can confirm that I was able to get v127 to run without crashing, using the following shell command:

nohup /Applications/Chromium.app/Contents/MacOS/Chromium --disable-features=OptimizationHints > /dev/null &

Is this a sensible workaround, or is there a better way to do it until a new release comes out?