Bug 2084588 - glibc: NSS crash after stat failure
Summary: glibc: NSS crash after stat failure
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 36
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: DJ Delorie
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 2089629 2093750 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-12 13:26 UTC by Ondrej Mosnacek
Modified: 2022-07-06 01:53 UTC (History)
24 users (show)

Fixed In Version: glibc-2.34-38.fc35 glibc-2.35-12.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-06-26 01:19:22 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Sourceware 28752 0 P2 NEW Segfault in getpwuid when stat fails 2022-05-19 12:33:32 UTC

Description Ondrej Mosnacek 2022-05-12 13:26:01 UTC
Description of problem:
When I have opencryptoki-libs installed alongside firefox, the content and extension processes crash randomly due to SEGFAULT. After `dnf remove opencryptoki-libs` firefox works fine again. This started to happen after upgrade F35->F36 (I had opencryptoki-libs installed before as well).

Version-Release number of selected component (if applicable):
firefox-100.0-4.fc36.x86_64
glibc-2.35-5.fc36.x86_64
nss-3.77.0-1.fc36.x86_64
opencryptoki-libs-3.17.0-7.fc36.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install firefox and opencryptoki-libs.
2. Start firefox.

Actual results:
firefox processes crash with SIGSGEV

Expected results:
No crashes.

Additional info:
I use KDE with Plasma X11 session, in case that matters.

Sample backtrace:
#0  0x00007fecde5f081d in __nss_lookup () at /lib64/libc.so.6
#1  0x00007fecde591302 in getgrnam_r@@GLIBC_2.2.5 () at /lib64/libc.so.6
#2  0x00007fecde5909c8 in getgrnam () at /lib64/libc.so.6
#3  0x00007fecbce22757 in C_Initialize () at /usr/lib64/pkcs11/libopencryptoki.so
#4  0x00007fecbce94db0 in initialize_module_inlock_reentrant () at /lib64/p11-kit-proxy.so
#5  0x00007fecbce94f73 in managed_C_Initialize () at /lib64/p11-kit-proxy.so
#6  0x00007fecbce9b6b5 in p11_kit_modules_initialize () at /lib64/p11-kit-proxy.so
#7  0x00007fecbce9bb67 in proxy_C_Initialize () at /lib64/p11-kit-proxy.so
#8  0x00007fecd1938dd7 in secmod_ModuleInit () at /lib64/libnss3.so
#9  0x00007fecd193953b in secmod_LoadPKCS11Module () at /lib64/libnss3.so
#10 0x00007fecd19468dc in SECMOD_LoadModule () at /lib64/libnss3.so
#11 0x00007fecd1946a30 in SECMOD_LoadModule () at /lib64/libnss3.so
#12 0x00007fecd190cf9d in nss_Init () at /lib64/libnss3.so
#13 0x00007fecd190d6fc in NSS_NoDB_Init () at /lib64/libnss3.so
#14 0x00007fecd581e2a2 in EnsureNSSInitializedChromeOrContent() () at /usr/lib64/firefox/libxul.so
#15 0x00007fecd5820fd1 in nsresult mozilla::psm::NSSConstructor<nsRandomGenerator>(nsISupports*, nsID const&, void**) () at /usr/lib64/firefox/libxul.so
#16 0x00007fecd4894c1a in nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor> >&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) ()
    at /usr/lib64/firefox/libxul.so
#17 0x00007fecd48948f6 in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) () at /usr/lib64/firefox/libxul.so
#18 0x00007fecd4aac5cb in nsGetServiceByContractIDWithError::operator()(nsID const&, void**) const () at /usr/lib64/firefox/libxul.so
#19 0x00007fecd4a7b5fa in nsCOMPtr_base::assign_from_gs_contractid_with_error(nsGetServiceByContractIDWithError const&, nsID const&) () at /usr/lib64/firefox/libxul.so
#20 0x00007fecd58700c3 in mozilla::RelativeTimeline::GetRandomTimelineSeed() () at /usr/lib64/firefox/libxul.so
#21 0x00007fecd5403645 in mozilla::dom::Performance::Now() () at /usr/lib64/firefox/libxul.so
#22 0x00007fecd4fb185c in mozilla::dom::Performance_Binding::now(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) () at /usr/lib64/firefox/libxul.so
#23 0x00007fecd505e38d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) ()
    at /usr/lib64/firefox/libxul.so
#24 0x00007fecd499dcc8 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#25 0x00007fecd499a5b8 in Interpret(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#26 0x00007fecd499377b in js::RunScript(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#27 0x00007fecd58d67c8 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) ()
    at /usr/lib64/firefox/libxul.so
#28 0x00007fecd5908e7c in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#29 0x00007fecd4cb6c2e in mozJSSubScriptLoader::DoLoadSubScriptWithOptions(nsTSubstring<char16_t> const&, LoadSubScriptOptions&, JSContext*, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#30 0x00007fecd4cb64ba in mozJSSubScriptLoader::LoadSubScript(nsTSubstring<char16_t> const&, JS::Handle<JS::Value>, JSContext*, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#31 0x00007fecd4ac8d12 in NS_InvokeByIndex () at /usr/lib64/firefox/libxul.so
#32 0x00007fecd48ba3cd in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) () at /usr/lib64/firefox/libxul.so
#33 0x00007fecd48bba19 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) () at /usr/lib64/firefox/libxul.so
#34 0x00007fecd499dcc8 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#35 0x00007fecd499a5b8 in Interpret(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#36 0x00007fecd4993808 in js::RunScript(JSContext*, js::RunState&) () at /usr/lib64/firefox/libxul.so
#37 0x00007fecd499deac in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib64/firefox/libxul.so
#38 0x00007fecd499e6c9 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /usr/lib64/firefox/libxul.so
#39 0x00007fecd49ac930 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /usr/lib64/firefox/libxul.so
#40 0x00007fecd503b3be in mozilla::dom::EventListener::HandleEvent(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) () at /usr/lib64/firefox/libxul.so
#41 0x00007fecd53ba10b in mozilla::dom::JSWindowActorProtocol::HandleEvent(mozilla::dom::Event*) () at /usr/lib64/firefox/libxul.so
#42 0x00007fecd490a790 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) () at /usr/lib64/firefox/libxul.so
#43 0x00007fecd490a472 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) ()
    at /usr/lib64/firefox/libxul.so
#44 0x00007fecd49086f3 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) () at /usr/lib64/firefox/libxul.so
#45 0x00007fecd49070b9 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) () at /usr/lib64/firefox/libxul.so
#46 0x00007fecd50e5e0e in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) () at /usr/lib64/firefox/libxul.so
#47 0x00007fecd4f6128e in nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) () at /usr/lib64/firefox/libxul.so
#48 0x00007fecd4eb6967 in nsContentUtils::DispatchEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, mozilla::Trusted, bool*, mozilla::ChromeOnlyDispatch) () at /usr/lib64/firefox/libxul.so
#49 0x00007fecd4eb7355 in nsContentUtils::DispatchTrustedEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, bool*) ()
    at /usr/lib64/firefox/libxul.so
#50 0x00007fecd4f04c42 in mozilla::dom::Document::DispatchContentLoadedEvents() () at /usr/lib64/firefox/libxul.so
#51 0x00007fecd4f04b50 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() () at /usr/lib64/firefox/libxul.so
#52 0x00007fecd4ab2c4a in mozilla::SchedulerGroup::Runnable::Run() () at /usr/lib64/firefox/libxul.so
#53 0x00007fecd489933c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) () at /usr/lib64/firefox/libxul.so
#54 0x00007fecd4898b92 in mozilla::TaskController::ProcessPendingMTTask(bool) () at /usr/lib64/firefox/libxul.so
#55 0x00007fecd4897873 in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib64/firefox/libxul.so
#56 0x00007fecd48973c3 in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib64/firefox/libxul.so
#57 0x00007fecd48b084a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () at /usr/lib64/firefox/libxul.so
#58 0x00007fecd4c5c8ab in MessageLoop::Run() () at /usr/lib64/firefox/libxul.so
#59 0x00007fecd546dfbd in nsBaseAppShell::Run() () at /usr/lib64/firefox/libxul.so
#60 0x00007fecd58b4608 in XRE_RunAppShell() () at /usr/lib64/firefox/libxul.so
#61 0x00007fecd4c5c8ab in MessageLoop::Run() () at /usr/lib64/firefox/libxul.so
#62 0x00007fecd58b4343 in XRE_InitChildProcess(int, char**, XREChildData const*) () at /usr/lib64/firefox/libxul.so
#63 0x000056089f3a9ede in content_process_main(mozilla::Bootstrap*, int, char**) ()
#64 0x000056089f39caa8 in main ()

Comment 1 Jan Horak 2022-05-13 07:15:16 UTC
Hm, this could be some sandbox issue. The getgrnam is trying to obtain the /etc/group or similar and this seems not to be allowed from the content process. You can try to set env variable MOZ_SANDBOX_LOGGING=1 first if that output something, or disable sandbox temporarily by MOZ_DISABLE_CONTENT_SANDBOX=1 env variable.

Comment 2 Ondrej Mosnacek 2022-05-13 09:50:33 UTC
Indeed the issue doesn't reproduce when I run firefox with MOZ_DISABLE_CONTENT_SANDBOX=1. Still, I guess there is a bug also in glibc or opencryptoki since a failed syscall shouldn't lead to a segfault.

Comment 3 Jan Horak 2022-05-19 12:24:00 UTC
Yes, you're right. The SEGFAULT is most likely from the libc's __nss_lookup where it does not check the failed syscall.

Comment 5 Fedora Update System 2022-06-21 13:23:20 UTC
FEDORA-2022-d243bd1823 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-d243bd1823

Comment 6 Fedora Update System 2022-06-21 13:23:22 UTC
FEDORA-2022-ae2b0a7c72 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae2b0a7c72

Comment 7 Fedora Update System 2022-06-22 02:01:25 UTC
FEDORA-2022-d243bd1823 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-d243bd1823`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-d243bd1823

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-06-22 02:20:47 UTC
FEDORA-2022-ae2b0a7c72 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-ae2b0a7c72`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae2b0a7c72

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Jan Horak 2022-06-22 08:10:08 UTC
*** Bug 2093750 has been marked as a duplicate of this bug. ***

Comment 10 Jan Horak 2022-06-22 08:10:13 UTC
*** Bug 2089629 has been marked as a duplicate of this bug. ***

Comment 11 Fedora Update System 2022-06-26 01:19:22 UTC
FEDORA-2022-d243bd1823 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2022-07-06 01:53:17 UTC
FEDORA-2022-ae2b0a7c72 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.