Description of problem: Load firefox, and tabs crash. Brand new rawhide install. This is also seen with chrome. using --disable-seccomp-filter-sandbox fixes this issue on google chrome. probably - https://github.com/void-linux/void-packages/blob/master/srcpkgs/firefox/patches/fix-sandbox-membarrier.patch . Not yet tested Version-Release number of selected component: firefox-71.0-6.npgo.fc32 Additional info: reporter: libreport-2.11.3 backtrace_rating: 4 cgroup: 0::/user.slice/user-1000.slice/user/gnome-terminal-server.service cmdline: /usr/lib64/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6726 -prefMapSize 447970 -parentBuildID 20191128104533 -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr/lib64/firefox/browser 11391 tab crash_function: __open64_nocancel executable: /usr/lib64/firefox/firefox journald_cursor: s=7f97d50356c54300a414dfd26ce43fe5;i=18dc;b=7a7addb80436400f92559dd45275d782;m=90fff50e;t=598afab0c378d;x=5ee03dc6bfd63248 kernel: 5.4.0-2.fc32.x86_64 mountinfo: rootdir: /proc/11518/fdinfo runlevel: N 5 type: CCpp uid: 1000
Created attachment 1641249 [details] File: backtrace
Created attachment 1641250 [details] File: core_backtrace
Created attachment 1641251 [details] File: cpuinfo
Created attachment 1641252 [details] File: dso_list
Created attachment 1641253 [details] File: environ
Created attachment 1641254 [details] File: limits
Created attachment 1641255 [details] File: maps
Created attachment 1641256 [details] File: open_fds
Created attachment 1641257 [details] File: proc_pid_status
Disabling sandbox works around this - https://wiki.mozilla.org/Security/Sandbox/Seccomp . From firefox run ``` [New Thread 0x7fffd157d700 (LWP 98140)] [New Thread 0x7fffd19bf700 (LWP 98157)] [Parent 97968, Gecko_IOThread] WARNING: pipe error (76): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358 [Parent 97968, Gecko_IOThread] WARNING: pipe error (107): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358 ###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv [Parent 97968, Gecko_IOThread] WARNING: pipe error (116): Connection reset by peer: file /builddir/build/BUILD/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 358 ###!!! [Parent][MessageChannel] Error: (msgtype=0x59001A,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv [Thread 0x7fffd4dbe700 (LWP 98053) exited] [New Thread 0x7fffd4dbe700 (LWP 98181)] [New Thread 0x7fffd1386700 (LWP 98183)] ``` For chrome : **CRASHING**:seccomp-bpf failure in syscall 0230
See also https://bugzilla.redhat.com/show_bug.cgi?id=1778555 - not sure if it's the same, though. openQA is running into this too by the looks of it, e.g. https://openqa.fedoraproject.org/tests/491837# . Proposing as an F32 Beta blocker per Basic criterion "It must be possible to run the default web browser and a terminal application from all release-blocking desktop environments...The web browser must be able to download files, load extensions (if applicable), and log into FAS."
*** This bug has been marked as a duplicate of bug 1778366 ***
The Chrome failure mentioned in comment #10 is probably unrelated: amd64 syscall 230 is clock_nanosleep, and Chromium has a bug about it: https://crbug.com/1025739 (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1597792 for the Firefox equivalent) In general, if the crashing process is able to print a log message, then it's not a problem with getting SECCOMP_RET_TRAP while blocking SIGSYS: in that case the kernel removes the signal handler and immediately kills the process itself. As for bug 1778555, that looks like heap corruption and not anything sandbox-related.