Bug 2084588

Summary:	glibc: NSS crash after stat failure
Product:	[Fedora] Fedora	Reporter:	Ondrej Mosnacek <omosnace>
Component:	glibc	Assignee:	DJ Delorie <dj>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	36	CC:	aoliva, arjun.is, ashankar, codonell, dj, erack, fweimer, gecko-bugs-nobody, jhorak, kai-engert-fedora, klaas, ku33ma, law, liam.raymond, mcermak, mfabian, pfrankli, pjasicek, rhughes, rstrode, rth, sam, sandmann, sipoyare
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	glibc-2.34-38.fc35 glibc-2.35-12.fc36	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-06-26 01:19:22 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ondrej Mosnacek 2022-05-12 13:26:01 UTC

Description of problem:
When I have opencryptoki-libs installed alongside firefox, the content and extension processes crash randomly due to SEGFAULT. After `dnf remove opencryptoki-libs` firefox works fine again. This started to happen after upgrade F35->F36 (I had opencryptoki-libs installed before as well).

Version-Release number of selected component (if applicable):
firefox-100.0-4.fc36.x86_64
glibc-2.35-5.fc36.x86_64
nss-3.77.0-1.fc36.x86_64
opencryptoki-libs-3.17.0-7.fc36.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install firefox and opencryptoki-libs.
2. Start firefox.

Actual results:
firefox processes crash with SIGSGEV

Expected results:
No crashes.

Additional info:
I use KDE with Plasma X11 session, in case that matters.

Sample backtrace:
#0  0x00007fecde5f081d in __nss_lookup () at /lib64/libc.so.6
#1  0x00007fecde591302 in getgrnam_r@@GLIBC_2.2.5 () at /lib64/libc.so.6
#2  0x00007fecde5909c8 in getgrnam () at /lib64/libc.so.6
#3  0x00007fecbce22757 in C_Initialize () at /usr/lib64/pkcs11/libopencryptoki.so
#4  0x00007fecbce94db0 in initialize_module_inlock_reentrant () at /lib64/p11-kit-proxy.so
#5  0x00007fecbce94f73 in managed_C_Initialize () at /lib64/p11-kit-proxy.so
#6  0x00007fecbce9b6b5 in p11_kit_modules_initialize () at /lib64/p11-kit-proxy.so
#7  0x00007fecbce9bb67 in proxy_C_Initialize () at /lib64/p11-kit-proxy.so
#8  0x00007fecd1938dd7 in secmod_ModuleInit () at /lib64/libnss3.so
#9  0x00007fecd193953b in secmod_LoadPKCS11Module () at /lib64/libnss3.so
#10 0x00007fecd19468dc in SECMOD_LoadModule () at /lib64/libnss3.so
#11 0x00007fecd1946a30 in SECMOD_LoadModule () at /lib64/libnss3.so
#12 0x00007fecd190cf9d in nss_Init () at /lib64/libnss3.so
#13 0x00007fecd190d6fc in NSS_NoDB_Init () at /lib64/libnss3.so
#14 0x00007fecd581e2a2 in EnsureNSSInitializedChromeOrContent() () at /usr/lib64/firefox/libxul.so
#15 0x00007fecd5820fd1 in nsresult mozilla::psm::NSSConstructor<nsRandomGenerator>(nsISupports*, nsID const&, void**) () at /usr/lib64/firefox/libxul.so
#16 0x00007fecd4894c1a in nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor> >&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) ()
    at /usr/lib64/firefox/libxul.so
#17 0x00007fecd48948f6 in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) () at /usr/lib64/firefox/libxul.so
#18 0x00007fecd4aac5cb in nsGetServiceByContractIDWithError::operator()(nsID const&, void**) const () at /usr/lib64/firefox/libxul.so
#19 0x00007fecd4a7b5fa in nsCOMPtr_base::assign_from_gs_contractid_with_error(nsGetServiceByContractIDWithError const&, nsID const&) () at /usr/lib64/firefox/libxul.so
#20 0x00007fecd58700c3 in mozilla::RelativeTimeline::GetRandomTimelineSeed() () at /usr/lib64/firefox/libxul.so
#21 0x00007fecd5403645 in mozilla::dom::Performance::Now() () at /usr/lib64/firefox/libxul.so
#22 0x00007fecd4fb185c in mozilla::dom::Performance_Binding::now(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) () at /usr/lib64/firefox/libxul.so
#23 0x00007fecd505e38d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) ()
    at /usr/lib64/firefox/libxul.so
#24 0x00007fecd499dcc8 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#25 0x00007fecd499a5b8 in Interpret(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#26 0x00007fecd499377b in js::RunScript(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#27 0x00007fecd58d67c8 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) ()
    at /usr/lib64/firefox/libxul.so
#28 0x00007fecd5908e7c in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#29 0x00007fecd4cb6c2e in mozJSSubScriptLoader::DoLoadSubScriptWithOptions(nsTSubstring<char16_t> const&, LoadSubScriptOptions&, JSContext*, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#30 0x00007fecd4cb64ba in mozJSSubScriptLoader::LoadSubScript(nsTSubstring<char16_t> const&, JS::Handle<JS::Value>, JSContext*, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#31 0x00007fecd4ac8d12 in NS_InvokeByIndex () at /usr/lib64/firefox/libxul.so
#32 0x00007fecd48ba3cd in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) () at /usr/lib64/firefox/libxul.so
#33 0x00007fecd48bba19 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) () at /usr/lib64/firefox/libxul.so
#34 0x00007fecd499dcc8 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#35 0x00007fecd499a5b8 in Interpret(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#36 0x00007fecd4993808 in js::RunScript(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#37 0x00007fecd499deac in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#38 0x00007fecd499e6c9 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /usr/lib64/firefox/libxul.so
#39 0x00007fecd49ac930 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#40 0x00007fecd503b3be in mozilla::dom::EventListener::HandleEvent(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) () at /usr/lib64/firefox/libxul.so
#41 0x00007fecd53ba10b in mozilla::dom::JSWindowActorProtocol::HandleEvent(mozilla::dom::Event*) () at /usr/lib64/firefox/libxul.so
#42 0x00007fecd490a790 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) () at /usr/lib64/firefox/libxul.so
#43 0x00007fecd490a472 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) ()
    at /usr/lib64/firefox/libxul.so
#44 0x00007fecd49086f3 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) () at /usr/lib64/firefox/libxul.so
#45 0x00007fecd49070b9 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) () at /usr/lib64/firefox/libxul.so
#46 0x00007fecd50e5e0e in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) () at /usr/lib64/firefox/libxul.so
#47 0x00007fecd4f6128e in nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) () at /usr/lib64/firefox/libxul.so
#48 0x00007fecd4eb6967 in nsContentUtils::DispatchEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, mozilla::Trusted, bool*, mozilla::ChromeOnlyDispatch) () at /usr/lib64/firefox/libxul.so
#49 0x00007fecd4eb7355 in nsContentUtils::DispatchTrustedEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, bool*) ()
    at /usr/lib64/firefox/libxul.so
#50 0x00007fecd4f04c42 in mozilla::dom::Document::DispatchContentLoadedEvents() () at /usr/lib64/firefox/libxul.so
#51 0x00007fecd4f04b50 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() () at /usr/lib64/firefox/libxul.so
#52 0x00007fecd4ab2c4a in mozilla::SchedulerGroup::Runnable::Run() () at /usr/lib64/firefox/libxul.so
#53 0x00007fecd489933c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) () at /usr/lib64/firefox/libxul.so
#54 0x00007fecd4898b92 in mozilla::TaskController::ProcessPendingMTTask(bool) () at /usr/lib64/firefox/libxul.so
#55 0x00007fecd4897873 in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib64/firefox/libxul.so
#56 0x00007fecd48973c3 in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib64/firefox/libxul.so
#57 0x00007fecd48b084a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () at /usr/lib64/firefox/libxul.so
#58 0x00007fecd4c5c8ab in MessageLoop::Run() () at /usr/lib64/firefox/libxul.so
#59 0x00007fecd546dfbd in nsBaseAppShell::Run() () at /usr/lib64/firefox/libxul.so
#60 0x00007fecd58b4608 in XRE_RunAppShell() () at /usr/lib64/firefox/libxul.so
#61 0x00007fecd4c5c8ab in MessageLoop::Run() () at /usr/lib64/firefox/libxul.so
#62 0x00007fecd58b4343 in XRE_InitChildProcess(int, char**, XREChildData const*) () at /usr/lib64/firefox/libxul.so
#63 0x000056089f3a9ede in content_process_main(mozilla::Bootstrap*, int, char**) ()
#64 0x000056089f39caa8 in main ()

Comment 1 Jan Horak 2022-05-13 07:15:16 UTC

Hm, this could be some sandbox issue. The getgrnam is trying to obtain the /etc/group or similar and this seems not to be allowed from the content process. You can try to set env variable MOZ_SANDBOX_LOGGING=1 first if that output something, or disable sandbox temporarily by MOZ_DISABLE_CONTENT_SANDBOX=1 env variable.

Comment 2 Ondrej Mosnacek 2022-05-13 09:50:33 UTC

Indeed the issue doesn't reproduce when I run firefox with MOZ_DISABLE_CONTENT_SANDBOX=1. Still, I guess there is a bug also in glibc or opencryptoki since a failed syscall shouldn't lead to a segfault.

Comment 3 Jan Horak 2022-05-19 12:24:00 UTC

Yes, you're right. The SEGFAULT is most likely from the libc's __nss_lookup where it does not check the failed syscall.

Comment 5 Fedora Update System 2022-06-21 13:23:20 UTC

FEDORA-2022-d243bd1823 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-d243bd1823

Comment 6 Fedora Update System 2022-06-21 13:23:22 UTC

FEDORA-2022-ae2b0a7c72 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae2b0a7c72

Comment 7 Fedora Update System 2022-06-22 02:01:25 UTC

FEDORA-2022-d243bd1823 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-d243bd1823`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-d243bd1823

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-06-22 02:20:47 UTC

FEDORA-2022-ae2b0a7c72 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-ae2b0a7c72`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae2b0a7c72

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Jan Horak 2022-06-22 08:10:08 UTC

*** Bug 2093750 has been marked as a duplicate of this bug. ***

Comment 10 Jan Horak 2022-06-22 08:10:13 UTC

*** Bug 2089629 has been marked as a duplicate of this bug. ***

Comment 11 Fedora Update System 2022-06-26 01:19:22 UTC

FEDORA-2022-d243bd1823 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2022-07-06 01:53:17 UTC

FEDORA-2022-ae2b0a7c72 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.