Chromium crashes when visiting a site that includes euc-jp characters
Chromium renderer process on Alpine Linux 3.18.0 (chromium-114.0.5735.106-r0) crashes when visiting a site that includes euc-jp characters.
I tested the issue on Ubuntu 22.04 and it did not crash. I am reporting because it seems to be Alpine Linux specific.
Environment
- Alpine release version: 3.18.0
- Package: chromium-114.0.5735.106-r0
- Tested on: VirtualBox 7.0.8
- Processor architecture: x86_64
- Allocated RAM: 2048MB
Steps to reproduce the problem
- Setup a desktop environment on Alpine Linux 3.18 by referring to the Xfce page of the Alpine Linux Wiki: https://wiki.alpinelinux.org/wiki/Xfce
- Install chromium packages by running
apk add gdb chromium chromium-dbg font-noto-cjk
- Launch chromium by running
chromium-browser --disable-gpu https://wpt.live/encoding/legacy-mb-japanese/euc-jp/eucjp_chars.html
- The chromium renderer process will crash and display
Aw, snap!
Backtrace Information
Here is backtrace from gdb:
localhost:~$ cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.18.0
PRETTY_NAME="Alpine Linux v3.18"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
localhost:~$ chromium-browser --version
Chromium 114.0.5735.106
localhost:~$ gdb -q -p 2547
Attaching to process 2547
[New LWP 2548]
[New LWP 2549]
[New LWP 2550]
[New LWP 2551]
[New LWP 2555]
[New LWP 2559]
[New LWP 2560]
[New LWP 2561]
warning: Target and debugger are in different PID namespaces; thread lists and other data are likely unreliable. Connect to gdbserver inside the container.
0x00007fd429c5bfac in ?? () from /lib/ld-musl-x86_64.so.1
(gdb) c
Continuing.
Thread 8 "Compositor" received signal SIGSEGV, Segmentation fault.
[Switching to LWP 2560]
0x000056312eb13e50 in partition_alloc::internal::PartitionFreelistEntry::CheckFreeListForThreadCache(unsigned long) const ()
(gdb) info registers
rax 0x18aaaa0118aaaa 6943046580611754
rbx 0x6000 24576
rcx 0x3 3
rdx 0xaaaa1801aaaa1800 -6149075945783683072
rsi 0x6000 24576
rdi 0x3cc40315c000 66812563013632
rbp 0x7fd3a09d14e0 0x7fd3a09d14e0
rsp 0x7fd3a09d14b0 0x7fd3a09d14b0
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0x202 514
r12 0x563135ac66c0 94769353877184
r13 0x3cc400ce3560 66812524770656
r14 0x4b2 1202
r15 0x2 2
rip 0x56312eb13e50 0x56312eb13e50 <partition_alloc::internal::PartitionFreelistEntry::CheckFreeListForThreadCache(unsigned long) const+64>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) backtrace
#0 0x000056312eb13e50 in partition_alloc::internal::PartitionFreelistEntry::CheckFreeListForThreadCache(unsigned long) const ()
#1 0x000056312eb12694 in partition_alloc::ThreadCache::Purge() ()
#2 0x000056312e9b7581 in allocator_shim::internal::PartitionFree(allocator_shim::AllocatorDispatch const*, void*, void*) ()
#3 0x000056312e9debf6 in base::WaitableEvent::TimedWaitImpl(base::TimeDelta) ()
#4 0x000056312e953da7 in base::WaitableEvent::TimedWait(base::TimeDelta) ()
#5 0x000056312e90b208 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6 0x000056312e975fe8 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ()
#7 0x000056312e936c1e in base::RunLoop::Run(base::Location const&) ()
#8 0x000056312d96d56f in blink::scheduler::NonMainThreadImpl::SimpleThreadImpl::Run() ()
#9 0x000056312e9ab630 in base::(anonymous namespace)::ThreadFunc(void*) ()
#10 0x00007fd429c59c0b in ?? () from /lib/ld-musl-x86_64.so.1
#11 0x0000000000000000 in ?? ()
(gdb)
Additional information
I noticed that Chromium 99.0.4844.84 on Alpine Linux 3.15.8 renders the page normally:
On Chromium 102.0.5005.182 on Alpine Linux 3.16.5 has broken rendering, but it does not crash as follows:
Docker reproduction
The issue can be reproduced using Docker. Here is the Dockerfile:
FROM alpine:3.18
RUN apk add --no-cache gdb chromium chromium-dbg font-noto-cjk \
&& adduser -D user
USER user
WORKDIR /tmp
Save the Dockerfile and build the docker image as follows:
docker build -t chromium-crash .
Then, run the Docker container as follows:
docker run -it --rm --cap-add SYS_ADMIN chromium-crash chromium-browser --headless --disable-gpu --disable-dev-shm-usage --screenshot https://wpt.live/encoding/legacy-mb-japanese/euc-jp/eucjp_chars.html
The chromium main process does not crash, but the renderer crashes as indicated by dmesg
:
[102026.533212] chrome[6160]: segfault at 262400934000 ip 000055726fddf29f sp 00007fff276cccb0 error 6 in chrome[557269634000+b8a6000]
[102026.533225] Code: 45 d0 45 31 c9 48 8d 45 c8 50 6a 01 e8 ca 7c 0f 05 48 83 c4 10 0f b7 45 c6 66 83 f8 fd 74 ac 43 8d 0c 37 48 8b 15 21 d1 9f 05 <66> 42 89 0c a2 66 42 89 44 a2 02 49 ff c4 eb 91 48 8b 15 0a d1 9f
[102026.533232] potentially unexpected fatal signal 11.
[102026.533233] CPU: 0 PID: 6160 Comm: chrome Not tainted 5.15.90.1-microsoft-standard-WSL2 #1
[102026.533236] RIP: 0033:0x55726fddf29f
[102026.533239] Code: 45 d0 45 31 c9 48 8d 45 c8 50 6a 01 e8 ca 7c 0f 05 48 83 c4 10 0f b7 45 c6 66 83 f8 fd 74 ac 43 8d 0c 37 48 8b 15 21 d1 9f 05 <66> 42 89 0c a2 66 42 89 44 a2 02 49 ff c4 eb 91 48 8b 15 0a d1 9f
[102026.533241] RSP: 002b:00007fff276cccb0 EFLAGS: 00010293
[102026.533242] RAX: 000000000000aaaa RBX: 0000000000000000 RCX: 0000000000002000
[102026.533243] RDX: 000026240092c000 RSI: 00007fff276cccc8 RDI: 0000000000000000
[102026.533244] RBP: 00007fff276ccd10 R08: 00007fff276cccd8 R09: 0000000000000000
[102026.533244] R10: 00000000fffffffe R11: 0000000000000000 R12: 0000000000002000
[102026.533245] R13: 00000000fffffff8 R14: 000000000000000e R15: 0000000000001ff2
[102026.533246] FS: 00007ffbf3490200 GS: 0000000000000000