Illegal instruction in chromium on startup on armel

Bug #735877 reported by Ramana Radhakrishnan on 2011-03-16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

I tried installing a new version of chromium on my AC100 and noticed that it refused to start.

Installing debug info and look at the backtrace it appears as though something is using the d16 register where it shouldn't . This is either a compiler bug or there is some code that explicitly uses d16 in inline assembly both of which are wrong or the package overrides default build flags and adds it's own -mfpu=neon or -mfpu=vfpv3 flags. The build logs don't seem to help with this info very much because the actual flags don't seem to show up in the logs.

The function appears to be a C++ function and hence should be compiled code.

Program received signal SIGILL, Illegal instruction.
enterprise_management::GenericValue::SharedCtor (this=0x2301da0)
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
142 out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/ No such file or directory.
 in out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
(gdb) bt
#0 enterprise_management::GenericValue::SharedCtor (this=0x2301da0)
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#1 0x00474da2 in enterprise_management::GenericValue::GenericValue (this=0x2301da0)
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#2 0x00475344 in enterprise_management::protobuf_AddDesc_device_5fmanagement_5fbackend_2eproto ()
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#3 0x004755ea in StaticDescriptorInitializer_device_5fmanagement_5fbackend_2eproto ()
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#4 __static_initialization_and_destruction_0 ()
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#5 global constructors keyed to ()
    at out/Release/obj/gen/protoc_out/chrome/browser/policy/proto/
#6 0x013b20fa in __libc_csu_init ()
#7 0x013b20fa in __libc_csu_init ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) x /i $pc
=> 0x474d0c <enterprise_management::GenericValue::SharedCtor()+12>:
    vldr d16, [pc, #40] ; 0x474d38 <enterprise_management::GenericValue::SharedCtor()+56>

If someone can help in rebuilding chromium and/or getting a reduced testcase pre-processed file concerned in case this is a compiler bug then I'm happy to look into it further.

Version number is 10.0.648.133~r77742-0ubuntu0.10.10.1


ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: chromium-browser 10.0.648.133~r77742-0ubuntu0.10.10.1
Uname: Linux 2.6.29-arm2-ac100 armv7l
Architecture: armel
ChromiumPrefs: can't open profile /home/ramana/.config/chromium/Default/Preferences
Date: Wed Mar 16 02:17:46 2011
 GNOME_DESKTOP_SESSION_ID = this-is-deprecated
 XDG_CONFIG_DIRS = /etc/xdg/xdg-une-efl:/etc/xdg
 XDG_DATA_DIRS = /usr/share/une-efl:/usr/share/gnome:/usr/local/share/:/usr/share/
SourcePackage: chromium-browser
chromium-default: CHROMIUM_FLAGS=""

Ramana Radhakrishnan (ramana) wrote :
Ramana Radhakrishnan (ramana) wrote :

Just in case - the AC100 is vfpv3-d16 hardware only.

tags: added: arm-porting-queue

Well the smoking gun in the source seems to be:

    # Set ARM fpu compilation flags (only meaningful if armv7==1 and
    # arm_neon==0).
    'arm_fpu%': 'vfpv3',

and the build logs to show arm_neon=0 and armv7=1 - it's not clear to me how the .gypi files work, but that needs to be vfpv3-d16


Ramana Radhakrishnan (ramana) wrote : seems relevant. See #c8 in that thread.

I think it's definitely not a compiler error but more of a package configuration issue. Either ubuntu had a local patch to change this to vfpv3-d16 or chromium did and someone dropped this patch ?


Fabien Tassin (fta) wrote :

So the fix is to set arm_fpu=vfpv3-d16 at build time.

Committed in the branch, I will land it downward in the channels and in the next stable update

Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → Medium
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.204~r79063-0ubuntu1

chromium-browser (10.0.648.204~r79063-0ubuntu1) natty; urgency=high

  * New upstream minor release from the Stable Channel (LP: #742118)
    This release fixes the following security issues:
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
 -- Fabien Tassin <email address hidden> Thu, 24 Mar 2011 23:05:14 +0100

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.