Bug 1778559

Summary: [abrt] firefox: __open64_nocancel(): firefox killed by SIGSYS
Product: [Fedora] Fedora Reporter: Ritesh Khadgaray <khadgaray>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: 0xalen+redhat, anto.trande, awilliam, gecko-bugs-nobody, jhorak, jld, john.j5live, kengert, pjasicek, rhughes, robatino, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/9b3bf00e201c9622ae69e5ed5f70d5223f24c174
Whiteboard: abrt_hash:27480b90a3580e26dee0eb3658249e1458bec3d2;VARIANT_ID=workstation; openqa
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-02 18:11:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1705303    
Attachments:
Description Flags
File: backtrace
none
File: core_backtrace
none
File: cpuinfo
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status none

Description Ritesh Khadgaray 2019-12-02 03:06:04 UTC 
Description of problem:
Load firefox, and tabs crash. Brand new rawhide install.

This is also seen with chrome. using  --disable-seccomp-filter-sandbox fixes this issue on google chrome.

probably - https://github.com/void-linux/void-packages/blob/master/srcpkgs/firefox/patches/fix-sandbox-membarrier.patch . Not yet tested

Version-Release number of selected component:
firefox-71.0-6.npgo.fc32

Additional info:
reporter:       libreport-2.11.3
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user/gnome-terminal-server.service
cmdline:        /usr/lib64/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6726 -prefMapSize 447970 -parentBuildID 20191128104533 -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr/lib64/firefox/browser 11391 tab
crash_function: __open64_nocancel
executable:     /usr/lib64/firefox/firefox
journald_cursor: s=7f97d50356c54300a414dfd26ce43fe5;i=18dc;b=7a7addb80436400f92559dd45275d782;m=90fff50e;t=598afab0c378d;x=5ee03dc6bfd63248
kernel:         5.4.0-2.fc32.x86_64
mountinfo:      
rootdir:        /proc/11518/fdinfo
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 1 Ritesh Khadgaray 2019-12-02 03:06:07 UTC 
Created attachment 1641249 [details]
File: backtrace
Comment 2 Ritesh Khadgaray 2019-12-02 03:06:08 UTC 
Created attachment 1641250 [details]
File: core_backtrace
Comment 3 Ritesh Khadgaray 2019-12-02 03:06:09 UTC 
Created attachment 1641251 [details]
File: cpuinfo
Comment 4 Ritesh Khadgaray 2019-12-02 03:06:10 UTC 
Created attachment 1641252 [details]
File: dso_list
Comment 5 Ritesh Khadgaray 2019-12-02 03:06:11 UTC 
Created attachment 1641253 [details]
File: environ
Comment 6 Ritesh Khadgaray 2019-12-02 03:06:12 UTC 
Created attachment 1641254 [details]
File: limits
Comment 7 Ritesh Khadgaray 2019-12-02 03:06:13 UTC 
Created attachment 1641255 [details]
File: maps
Comment 8 Ritesh Khadgaray 2019-12-02 03:06:14 UTC 
Created attachment 1641256 [details]
File: open_fds
Comment 9 Ritesh Khadgaray 2019-12-02 03:06:15 UTC 
Created attachment 1641257 [details]
File: proc_pid_status
Comment 10 Ritesh Khadgaray 2019-12-02 15:12:14 UTC 
Disabling sandbox works around this - https://wiki.mozilla.org/Security/Sandbox/Seccomp .

From firefox run
```
[New Thread 0x7fffd157d700 (LWP 98140)]
[New Thread 0x7fffd19bf700 (LWP 98157)]
[Parent 97968, Gecko_IOThread] WARNING: pipe error (76): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358
[Parent 97968, Gecko_IOThread] WARNING: pipe error (107): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358

###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv

[Parent 97968, Gecko_IOThread] WARNING: pipe error (116): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358

###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv

[Thread 0x7fffd4dbe700 (LWP 98053) exited]
[New Thread 0x7fffd4dbe700 (LWP 98181)]
[New Thread 0x7fffd1386700 (LWP 98183)]

```



For chrome : **CRASHING**:seccomp-bpf failure in syscall 0230
Comment 11 Adam Williamson 2019-12-02 17:26:38 UTC 
See also https://bugzilla.redhat.com/show_bug.cgi?id=1778555 - not sure if it's the same, though.

openQA is running into this too by the looks of it, e.g. https://openqa.fedoraproject.org/tests/491837# .

Proposing as an F32 Beta blocker per Basic criterion "It must be possible to run the default web browser and a terminal application from all release-blocking desktop environments...The web browser must be able to download files, load extensions (if applicable), and log into FAS."
Comment 12 Adam Williamson 2019-12-02 18:11:50 UTC 

*** This bug has been marked as a duplicate of bug 1778366 ***
Comment 13 Jed Davis 2019-12-03 23:59:37 UTC 
The Chrome failure mentioned in comment #10 is probably unrelated: amd64 syscall 230 is clock_nanosleep, and Chromium has a bug about it: https://crbug.com/1025739 (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1597792 for the Firefox equivalent)

In general, if the crashing process is able to print a log message, then it's not a problem with getting SECCOMP_RET_TRAP while blocking SIGSYS: in that case the kernel removes the signal handler and immediately kills the process itself.

As for bug 1778555, that looks like heap corruption and not anything sandbox-related.