Bug 1773289
Summary: | After upgrade glibc to 2.30.9000-18 all tabs in Chromium-based browsers start crashing immediately after opening. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> |
Component: | chromium | Assignee: | Tom "spot" Callaway <tcallawa> |
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 32 | CC: | aoliva, arjun.is, bernie+fedora, codonell, dj, emilio, fweimer, hubbardn95, law, mfabian, pfrankli, rth, sanjay.ankur, siddhesh, tcallawa, tpopela, valdis.kletnieks, yaneti |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-13 18:19:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mikhail
2019-11-17 11:34:53 UTC
Assuming 0230 is decimal, this corresponds to clock_nanosleep. Presumably, the existing seccomp filters in chromium only allow nanosleep, but not clock_nanosleep. They need to be adjusted. *** Bug 1773346 has been marked as a duplicate of this bug. *** -2 has a patch to permit clock_nanosleep, it is building now. Once I confirm it resolves the issue, I'll send it upstream. Confirmed the patch fixes the issue, opened upstream bug report with patch: https://bugs.chromium.org/p/chromium/issues/detail?id=1025739 *** Bug 1774222 has been marked as a duplicate of this bug. *** Mikhail: For future reference, where was Chrome throwing those 'seccomp-bpf failure in syscall' messages? To stdout, or elsewhere? (I had already found the issue and backleveled glibc before I thought to run it from the command line...) (In reply to Valdis Kletnieks from comment #6) > Mikhail: For future reference, where was Chrome throwing those 'seccomp-bpf > failure in syscall' messages? To stdout, or elsewhere? in stdout Heh, interestingly enough Firefox had a similar problem, but it seems only the profiler had the nanosleep call, otherwise I'd have noted sooner: https://bugzilla.mozilla.org/show_bug.cgi?id=1597792 So far, this glibc change has broken openssh, chrome, and firefox. Talk about the gift that keeps on giving. FWIW the chrome dev build from yesterday (80.0.3983.2) contains the fix and works with glibc-2.30.9000 Confirming - Chrome 80.0.3983.2 just showed up, and plays nice with the new glibc. There's probably a few more programs that use seccomp sandboxing, but now that openssh and chrome are both OK, the major pain points are probably fixed.... This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle. Changing version to 32. Note: also affects chromium based software such as qt-webengine and all the browsers that use it (at least qutebrowser and falkon). There are fixes upstream at Qt based on the Chromium fixes, but they've not made it to Fedora yet: https://bugzilla.redhat.com/show_bug.cgi?id=1812482 Chrome 83 has been updated to work with the current glibc. |