Launching on Bullseye give a Seg Fault

[alexgill]

agill@adar81:~$ chromium [56945:56945:1130/091831.548324:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process. Segmentation fault

Hello, I didn't get too far. Any thought welcome. Thanks.

[berkley4]

If you use the suid sandbox, then make sure it has the correct permissions of 4755 and is named correctly (with a hypen rather than an underscore).

If you rely on kernel namespaces, then you might need to set the 'user.max_user_namespaces' sysctl to something greater than zero and/or 'kernel.unprivileged_userns_clone' to 1.

The latter sysctl didn't seem to be necessary until recently, but beware that many security-minded people aren't a fan of enabling it, as it opens up a large attack surface and has been the subject of a few reported vulnerabilities. The suid method might well be the lesser of the two evils.

On a side note, I'm not entirely sure if the multiple threads error is serious or benign, but it might be avoided by running - MESA_GLSL_CACHE_DISABLE=true chromium

[alexgill]

Thanks for your good input!

Passing the --no-sandbox flag for testing didn't seem to make a difference other than a banner on chromium warning against running that way. After a few seconds, it crashed as before.

Checking the namespaces, the default values of these parameters match what you mentioned are needed.

Launching with the MESA environment variable did take care of the 'multiple threads in process gpu-process' error message, leaving the 'Segmentation fault' error. So checking journalctl, here's that output upon crashing for reference:

Dec 07 07:57:53 adar81 kernel: Chrome_IOThread[106164]: segfault at 50 ip 0000556e69b705b7 sp 00007f3ce9c10fc0 error 4 in chrome[556e64682000+8b8d000] Dec 07 07:57:53 adar81 kernel: Code: 85 c0 0f 84 f5 00 00 00 49 8b 8e 20 01 00 00 48 85 c9 0f 84 e5 00 00 00 41 c7 86 00 01 00 00 05 00 00 00 49 8b 9e 20 02 00 00 <48> 39 43 50 74 0e 48 39 4b 58 74 08 48 89 43 50 48 89 4b 58 c7 43

[berkley4]

Sorry for not responding earlier. I'm not sure what's going wrong there, but I'm guessing that you're running version 95 from either the unified or unportable branches. I've seen a couple of similar reports of problems with 95, eg here.

You might like to try my build of the latest UC release (version 96.0.4664.93). For some reason I can't link to it, so you'd have to click onto my profile and follow the links to the Releases section of my ungoogled-chromium-debian repo. It's built off my unified_pgo_hardened branch.

[alexgill]

Thanks for the input! So I just tried with your recently released v96 ...but with the same segfault after a few seconds. It outputted a new video driver error and have some more testing to do, but with my Ivybridge hardware, this makes sense, and a starting point for my troubleshooting (which you've helped along on :)

For reference, tried with passing various flags and options, and this is the vanilla output to launching chromium:

/usr/bin/chromium: 2: /etc/chromium.d/chromium-flags.conf: --show-component-extension-options: not found /usr/bin/chromium: 5: /etc/chromium.d/chromium-flags.conf: --enable-remote-extensions: not found /usr/bin/chromium: 8: /etc/chromium.d/chromium-flags.conf: --enable-gpu-rasterization: not found /usr/bin/chromium: 11: /etc/chromium.d/chromium-flags.conf: --no-default-browser-check: not found /usr/bin/chromium: 14: /etc/chromium.d/chromium-flags.conf: --disable-pings: not found /usr/bin/chromium: 17: /etc/chromium.d/chromium-flags.conf: --media-router=0: not found libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed [4034:4034:1210/115211.368988:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process. Segmentation fault

[berkley4]

My first impression is that on Ivybridge you should be using the i965-va-driver package instead of intel-media-va-driver. I believe you can have both installed and select for i965 by launching chromium with LIBVA_DRIVER_NAME=i965 chromium.

I'm afraid I completely stuffed up the flags and forgot to convert the format from the upstream version to the old debian one. You'll need to edit /etc/chromium.d/chromium-flags.conf to match the format in https://github.com/ungoogled-software/ungoogled-chromium-debian/blob/debian_sid/debian/etc/default-flags.

I'm not sure if either of the above relate to the crash, but you could try setting kernel.unprivileged_userns_clone to 0 (sysctl -w 'kernel.unprivileged_userns_clone=0') and relying on the suid sandbox. (As an aside, you can chmod /usr/lib/chromium/chrome-sandbox to 0755 if you're not going to be using it).

[alexgill]

Okay, default config replaced, driver param passed, kernel param modified, and launching like this: MESA_GLSL_CACHE_DISABLE=true LIBVA_DRIVER_NAME=i915 chromium

Yet again about 3.5 seconds in, no errors, just a: Segmentation fault -- a much cleaner error :)

For reference, Journalctl gave a similar:

Dec 10 14:10:49 adar81 kernel: Chrome_IOThread[5999]: segfault at 50 ip 00005605d9f08eb9 sp 00007fe971dd9e20 error 4 in chrome[5605d187d000+92b2000] Dec 10 14:10:49 adar81 kernel: Code: 45 e8 75 0c 48 81 c4 b0 01 00 00 5b 41 5e 5d c3 e8 ac 4b c2 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 53 50 48 89 fb <48> 39 77 50 74 0e 48 39 53 58 74 08 48 89 73 50 48 89 53 58 c7 43

Also, launching with --no-sandbox give the same outputs/result. Thanks for the tips! And unless you have some other suggestions, I'll plan to test on some other systems...

[berkley4]

The only thing I can think of is that there's something unusual about your system. Maybe try doing a dist-upgrade, which sometimes solves weird issues like this. Good luck anyway.

[alexgill]

Okay, I just tried on another identical laptop also running Bullseye and it worked out of the box (your v96 build too) without having to pass any flags or variables -- so there is something wrong with that first system...

...My guess is that having had uninstalled the Debian packaged version and then afterwards installing the 'ungoogled-chromium-debian' version was the differentiator. The happy ending is simply clearing out the ~/.config/chromium directory has gotten things to work. Thanks Again.