Bug 1778559 - [abrt] firefox: __open64_nocancel(): firefox killed by SIGSYS
Summary: [abrt] firefox: __open64_nocancel(): firefox killed by SIGSYS
Keywords:
Status: CLOSED DUPLICATE of bug 1778366
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: rawhide
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:27480b90a3580e26dee0eb36582...
Depends On:
Blocks: F32BetaBlocker
TreeView+ depends on / blocked
 
Reported: 2019-12-02 03:06 UTC by Ritesh Khadgaray
Modified: 2019-12-03 23:59 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-02 18:11:50 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (215.82 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: core_backtrace (92.30 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: cpuinfo (2.22 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: dso_list (9.40 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: environ (6.53 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: limits (1.29 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: maps (69.75 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: open_fds (7.03 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details
File: proc_pid_status (1.33 KB, text/plain)
2019-12-02 03:06 UTC, Ritesh Khadgaray
no flags Details

Description Ritesh Khadgaray 2019-12-02 03:06:04 UTC
Description of problem:
Load firefox, and tabs crash. Brand new rawhide install.

This is also seen with chrome. using  --disable-seccomp-filter-sandbox fixes this issue on google chrome.

probably - https://github.com/void-linux/void-packages/blob/master/srcpkgs/firefox/patches/fix-sandbox-membarrier.patch . Not yet tested

Version-Release number of selected component:
firefox-71.0-6.npgo.fc32

Additional info:
reporter:       libreport-2.11.3
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
cmdline:        /usr/lib64/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6726 -prefMapSize 447970 -parentBuildID 20191128104533 -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr/lib64/firefox/browser 11391 tab
crash_function: __open64_nocancel
executable:     /usr/lib64/firefox/firefox
journald_cursor: s=7f97d50356c54300a414dfd26ce43fe5;i=18dc;b=7a7addb80436400f92559dd45275d782;m=90fff50e;t=598afab0c378d;x=5ee03dc6bfd63248
kernel:         5.4.0-2.fc32.x86_64
mountinfo:      
rootdir:        /proc/11518/fdinfo
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 1 Ritesh Khadgaray 2019-12-02 03:06:07 UTC
Created attachment 1641249 [details]
File: backtrace

Comment 2 Ritesh Khadgaray 2019-12-02 03:06:08 UTC
Created attachment 1641250 [details]
File: core_backtrace

Comment 3 Ritesh Khadgaray 2019-12-02 03:06:09 UTC
Created attachment 1641251 [details]
File: cpuinfo

Comment 4 Ritesh Khadgaray 2019-12-02 03:06:10 UTC
Created attachment 1641252 [details]
File: dso_list

Comment 5 Ritesh Khadgaray 2019-12-02 03:06:11 UTC
Created attachment 1641253 [details]
File: environ

Comment 6 Ritesh Khadgaray 2019-12-02 03:06:12 UTC
Created attachment 1641254 [details]
File: limits

Comment 7 Ritesh Khadgaray 2019-12-02 03:06:13 UTC
Created attachment 1641255 [details]
File: maps

Comment 8 Ritesh Khadgaray 2019-12-02 03:06:14 UTC
Created attachment 1641256 [details]
File: open_fds

Comment 9 Ritesh Khadgaray 2019-12-02 03:06:15 UTC
Created attachment 1641257 [details]
File: proc_pid_status

Comment 10 Ritesh Khadgaray 2019-12-02 15:12:14 UTC
Disabling sandbox works around this - https://wiki.mozilla.org/Security/Sandbox/Seccomp .

From firefox run
```
[New Thread 0x7fffd157d700 (LWP 98140)]
[New Thread 0x7fffd19bf700 (LWP 98157)]
[Parent 97968, Gecko_IOThread] WARNING: pipe error (76): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358
[Parent 97968, Gecko_IOThread] WARNING: pipe error (107): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358

###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv

[Parent 97968, Gecko_IOThread] WARNING: pipe error (116): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358

###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv

[Thread 0x7fffd4dbe700 (LWP 98053) exited]
[New Thread 0x7fffd4dbe700 (LWP 98181)]
[New Thread 0x7fffd1386700 (LWP 98183)]

```



For chrome : **CRASHING**:seccomp-bpf failure in syscall 0230

Comment 11 Adam Williamson 2019-12-02 17:26:38 UTC
See also https://bugzilla.redhat.com/show_bug.cgi?id=1778555 - not sure if it's the same, though.

openQA is running into this too by the looks of it, e.g. https://openqa.fedoraproject.org/tests/491837# .

Proposing as an F32 Beta blocker per Basic criterion "It must be possible to run the default web browser and a terminal application from all release-blocking desktop environments...The web browser must be able to download files, load extensions (if applicable), and log into FAS."

Comment 12 Adam Williamson 2019-12-02 18:11:50 UTC

*** This bug has been marked as a duplicate of bug 1778366 ***

Comment 13 Jed Davis 2019-12-03 23:59:37 UTC
The Chrome failure mentioned in comment #10 is probably unrelated: amd64 syscall 230 is clock_nanosleep, and Chromium has a bug about it: https://crbug.com/1025739 (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1597792 for the Firefox equivalent)

In general, if the crashing process is able to print a log message, then it's not a problem with getting SECCOMP_RET_TRAP while blocking SIGSYS: in that case the kernel removes the signal handler and immediately kills the process itself.

As for bug 1778555, that looks like heap corruption and not anything sandbox-related.


Note You need to log in before you can comment on or make changes to this bug.