electron: [Bug]: Renderer Crash (SIGSEGV / SEGV_PKUERR) in 26.0.0, 26.1.0 and 26.2.0

Preflight Checklist

I have read the Contributing Guidelines for this project.
I agree to follow the Code of Conduct that this project adheres to.
I have searched the issue tracker for a bug report that matches the one I want to file, without success.

Electron Version

26.2.0

What operating system are you using?

Other Linux

Operating System Version

Arch Linux

What arch are you using?

x64

Last Known Working Electron version

25.8.0

Expected Behavior

The renderer should not crash.

Actual Behavior

An application I’m working on (which isn’t open source yet) crashes on start when using Electron 26.0.0, 26.1.0 or 26.2.0.

The crash dump is always identical. The crashing thread crashed in the function electron!partition_alloc::internal::PartitionBucket::MaintainActiveList().

Here are the top 4 calls in the stack trace:

Operating system: Linux
                  6.4.12 -arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 24 Aug 2023 00:38:14 +0000 x86_64
CPU: amd64
     family 25 model 33 stepping 0
     32 CPUs

Crash reason:  SIGSEGV / SEGV_PKUERR
Crash address: 0x2c0a30001048
Process uptime: 4 seconds

Thread 0 electron (crashed)
 0  electron!partition_alloc::internal::PartitionBucket::MaintainActiveList() [partition_bucket.cc : 1163 + 0x0]
     rax = 0x00002c0a30001040    rdx = 0x00002c0a30001040
     rcx = 0x0000000000000000    rbx = 0x00005629523020b0
     rsi = 0x0000000010600002    rdi = 0x00002c0a30008020
     rbp = 0x00007ffcda1f5c30    rsp = 0x00007ffcda1f5c20
      r8 = 0x0000000010600002     r9 = 0xf08f0100dc070000
     r10 = 0x0000000000000000    r11 = 0x0000000000000001
     r12 = 0x0000000000000000    r13 = 0x0000562952250008
     r14 = 0x0000000000000000    r15 = 0x00005629523020b0
     rip = 0x000056294dbd18c3
    Found by: given as instruction pointer in context
 1  electron!partition_alloc::PartitionRoot::PurgeMemory(int) [partition_root.cc : 1380 + 0x7]
     rbx = 0x0000000000000003    rbp = 0x00007ffcda1f60c0
     rsp = 0x00007ffcda1f5c40    r12 = 0x0000000000000000
     r13 = 0x0000562952250008    r14 = 0x0000562952303488
     r15 = 0x00005629523020b0    rip = 0x000056294dbd671c
    Found by: call frame info
 2  electron!partition_alloc::MemoryReclaimer::Reclaim(int) [memory_reclaimer.cc : 89 + 0x7]
     rbx = 0x0000562952250008    rbp = 0x00007ffcda1f60f0
     rsp = 0x00007ffcda1f60d0    r12 = 0x00000234002c34e0
     r13 = 0x0000562952250008    r14 = 0x0000000000000003
     r15 = 0x0000562952250018    rip = 0x000056294dbd01f4
    Found by: call frame info
 3  electron!base::allocator::(anonymous namespace)::RunMemoryReclaimer(scoped_refptr<base::SequencedTaskRunner>) [partition_alloc_support.cc : 227 + 0x7]
     rbx = 0x0000023400239740    rbp = 0x00007ffcda1f6160
     rsp = 0x00007ffcda1f6100    r12 = 0x0000000436d8d651
     r13 = 0x0000562952250008    r14 = 0xaaaaaaaaaaaaaaaa
     r15 = 0x00007ffcda1f6200    rip = 0x000056294daeb5d8
    Found by: call frame info

Here are two symbolicated crash dumps for 26.0.0 and 26.2.0:

With 25.8.0, everything works fine. Let me know if there’s any additional information I can provide!

Testcase Gist URL

No response

Additional Information

No response

About this issue

Original URL
State: closed
Created 10 months ago
Reactions: 7
Comments: 42 (26 by maintainers)

Commits related to this issue

fix(linux): downgrade electron to avoid renderer crashes Downgrade to electron 25 to avoid renderer crashes on Arch and Fedora. See upstream https://github.com/electron/electron/issues/39775 Fixes: ... — committed to jitsi/jitsi-meet-electron by csett86 10 months ago
Downgrade Electron from 26.2.1 to 25.8.1 to avoid renderer crash. https://github.com/electron/electron/issues/39775 Signed-off-by: Anders Kaseorg <anders@zulip.com> — committed to andersk/zulip-desktop by andersk 10 months ago
Downgrade Electron from 26.2.1 to 25.8.1 to avoid renderer crash. https://github.com/electron/electron/issues/39775 Fixes #1327. Signed-off-by: Anders Kaseorg <anders@zulip.com> — committed to andersk/zulip-desktop by andersk 10 months ago
downgrade to v25.8.4 to avoid renderer crash https://github.com/electron/electron/issues/39775 — committed to ente-io/photos-desktop by abhinavkgrd 9 months ago
Downgrades Electron to 25.9.0 to fix renderer crash issue: https://github.com/electron/electron/issues/39775 — committed to lVlyke/starfield-mod-loader by lVlyke 9 months ago

Most upvoted comments

Addressed in https://github.com/electron/electron/pull/40377, fix available with >= 26.4.3

deepak1556 on Nov 28, 2023

No longer an issue with the recently released 27.0.0

andrewheadricke on Oct 12, 2023

Sorry for the delay. I’ll give it a go tomorrow!

indutny-signal on Oct 3, 2023

FWIW, we (Jitsi) use neither but our users have experienced the crash too.

saghul on Sep 18, 2023

I did a small foray into it and found out that Debug build just crashes outside of partition allocator 😂 I can reproduce the crash consistently on Fedora Linux, but if I delete everything from our preload - it doesn’t seem to happen.

I suspect that it could be our Neon rust addons that cause the trouble. Will look more into it today!

indutny-signal on Sep 14, 2023

@deepak1556 Ah thank you for the tip on how to use the feature flag correctly! However, after following the steps I’m still getting the same crash and stacktrace in electron!partition_alloc::internal::PartitionBucket::MaintainActiveList().

To confirm the flag was passed to electron I used ps aux and observed electron was running with --disable-features=HardwareMediaKeyHandling,PartitionAllocBackupRefPtr,SpareRendererForSitePerProcess.

Regarding the other flag --enable-features=PartitionAllocBackupRefPtr:brp-mode/enabled I wasn’t sure how to use it. When adding app.commandLine.appendSwitch('enable-features', 'PartitionAllocBackupRefPtr:brp-mode/enabled') the switch seems to be discarded as observed with ps aux. (But using just 'enable-features', 'PartitionAllocBackupRefPtr works correctly.)

ayumi-signal on Sep 12, 2023