Closed Bug 1760340 Opened 1 year ago Closed 11 months ago

"Hit fatal chromium sandbox condition" when running "mach reftest" on Windows.

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
101 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- unaffected
firefox99 --- wontfix
firefox100 --- wontfix
firefox101 --- fixed

People

(Reporter: emilio, Assigned: bobowen)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1760340: Re-allow forward slashes in windows sandbox file system policy rules. r=handyman!
48 bytes, text/x-phabricator-request
Details | Review 
$ mach reftest layout/reftests/high-contrast/background-transparent-form-control.html
REFTEST WARNING | runreftest.py | Failed to copy c:\moz\mozilla-unified\obj-x86_64-pc-mingw32\dist\plugins to profile
REFTEST INFO | Running with e10s: True
REFTEST INFO | Running with fission: True
REFTEST INFO | Application command: c:\moz\mozilla-unified\obj-x86_64-pc-mingw32\dist\bin\firefox.exe -marionette --wait-for-browser -profile C:\Users\emilio\AppData\Local\Temp\tmp0qv5ivuq.mozrunner
### XPCOM_MEM_BLOAT_LOG defined -- logging bloat/leaks to C:\Users\emilio\AppData\Local\Temp\tmp0qv5ivuq.mozrunner\runreftest_leaks.log
[13696, Main Thread] WARNING: XPCOM_MEM_BLOAT_LOG is set, disabling native allocations.: file c:/moz/mozilla-unified/tools/profiler/core/platform.cpp:282
[2022-03-18T18:35:45Z WARN  rkv::backend::impl_safe::environment] `load_ratio()` is irrelevant for this storage backend.
### XPCOM_MEM_BLOAT_LOG defined -- logging bloat/leaks to C:\Users\emilio\AppData\Local\Temp\tmp0qv5ivuq.mozrunner\runreftest_leaks_socket_pid14504.log
[14504, Main Thread] WARNING: XPCOM_MEM_BLOAT_LOG is set, disabling native allocations.: file c:/moz/mozilla-unified/tools/profiler/core/platform.cpp:282
[Socket 14504, Main Thread] WARNING: 'NS_FAILED(rv)', file c:/moz/mozilla-unified/netwerk/protocol/http/nsHttpHandler.cpp:339
[Socket 14504, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, kKnownEsrVersion) failed with result 0x80004002 (NS_NOINTERFACE): file c:/moz/mozilla-unified/toolkit/components/resistfingerprinting/nsRFPService.cpp:560
[Parent 13696, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520012 (NS_ERROR_FILE_NOT_FOUND): file c:/moz/mozilla-unified/layout/style/Loader.cpp:2039
### XPCOM_MEM_BLOAT_LOG defined -- logging bloat/leaks to C:\Users\emilio\AppData\Local\Temp\tmp0qv5ivuq.mozrunner\runreftest_leaks_gpu_pid4328.log
[4328, Main Thread] WARNING: XPCOM_MEM_BLOAT_LOG is set, disabling native allocations.: file c:/moz/mozilla-unified/tools/profiler/core/platform.cpp:282
1647628546076   Marionette      INFO    Marionette enabled
1647628546170   Marionette      TRACE   Received observer notification toplevel-window-ready
[GPU 4328, Renderer] WARNING: Failed to bind API to GL!: file c:/moz/mozilla-unified/gfx/gl/GLContextProviderEGL.cpp:622
[GPU 4328, Renderer] WARNING: Failed to create GLContext from PBuffer: file c:/moz/mozilla-unified/gfx/gl/GLContextProviderEGL.cpp:1159
[GPU 4328, Renderer] WARNING: Failed to create EGLContext with khr_rbab_attribs: file c:/moz/mozilla-unified/gfx/gl/GLContextProviderEGL.cpp:720
Initializing context 000001C24BC87000 surface 000001C24A06A430 on display 000001C24A0D3C00
GL_VENDOR: Google Inc. (AMD)
mVendor: Unknown
GL_RENDERER: ANGLE (AMD, AMD Radeon RX 5700 XT Direct3D11 vs_5_0 ps_5_0, D3D11-30.0.13023.3018)
mRenderer: Unknown
mIsMesa: 0
[GPU 4328, COM MTA] WARNING: NS_ENSURE_TRUE(actsNum > 0) failed: file c:/moz/mozilla-unified/dom/media/platforms/wmf/MFTDecoder.cpp:59
[GPU 4328, COM MTA] WARNING: NS_ENSURE_TRUE(actsNum > 0) failed: file c:/moz/mozilla-unified/dom/media/platforms/wmf/MFTDecoder.cpp:59
[GPU 4328, COM MTA] WARNING: NS_ENSURE_TRUE(actsNum > 0) failed: file c:/moz/mozilla-unified/dom/media/platforms/wmf/MFTDecoder.cpp:59
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Missing optimized shader source for gpu_cache_update
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Cropping texture upload Box2D((0, 0), (0, 1)) to None
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Cropping texture upload Box2D((0, 0), (0, 1)) to None
[Parent 13696, Main Thread] WARNING: NS_ENSURE_TRUE(rootFrame) failed: file c:/moz/mozilla-unified/dom/base/nsGlobalWindowOuter.cpp:4167
[Parent 13696, Main Thread] WARNING: NS_ENSURE_TRUE(rootFrame) failed: file c:/moz/mozilla-unified/dom/base/nsGlobalWindowOuter.cpp:4167
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Cropping texture upload Box2D((0, 0), (0, 1)) to None
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Cropping texture upload Box2D((0, 0), (0, 1)) to None
[Parent 13696, Main Thread] WARNING: Failed to retarget HTML data delivery to the parser thread.: file c:/moz/mozilla-unified/parser/html/nsHtml5StreamParser.cpp:1180
[2022-03-18T18:35:46Z WARN  webrender::device::gl] Missing optimized shader source for gpu_cache_update
[Parent 13696, Main Thread] WARNING: NS_ENSURE_TRUE(rootFrame) failed: file c:/moz/mozilla-unified/dom/base/nsGlobalWindowOuter.cpp:4167
Hit MOZ_CRASH(Hit fatal chromium sandbox condition.) at c:/moz/mozilla-unified/security/sandbox/chromium-shim/base/logging.cpp:111
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, Compositor] WARNING: IPC message 'PCompositorWidget::Msg_ObserveVsync' discarded: actor cannot send: file c:/moz/mozilla-unified/ipc/glue/ProtocolUtils.cpp:506
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, Compositor] WARNING: IPC message 'PCompositorWidget::Msg_UnobserveVsync' discarded: actor cannot send: file c:/moz/mozilla-unified/ipc/glue/ProtocolUtils.cpp:506
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, IPC I/O Child] WARNING: [EDEB036D7588DD91.20C8444B7ADC32B2]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file c:/moz/mozilla-unified/ipc/glue/NodeController.cpp:348
[GPU 4328, Main Thread] WARNING: Shutting down GPU process early due to a crash!: file c:/moz/mozilla-unified/gfx/ipc/GPUParent.cpp:646
Type: task → defect

MOZ_DISABLE_CONTENT_SANDBOX=1 helps.

Bug 1055227, filed in 2014, is still relevant.

IPC has a replacement for Chromium logging which does do actual logging; the one for sandboxing does not, but from a quick look at the code it looks like we are accumulating the message into the stream_ member (even though it's not used), so it might be simple to patch the destructor so that it prints something.

(This also means that, as far as the concerns about async signal safety in 1055227, we're already risking deadlock (or UB) from printing into the stringstream if these macros are used in a signal handler, unless I'm missing something. Not an issue on Windows, but suggests that adding a printf or NS_DebugBreak into the destructor wouldn't introduce a problem on Linux where we don't already have one.)

See Also: → 1055227
Severity: -- → S4
Priority: -- → P3

Bob said he was going to have a look.

Assignee: nobody → bobowencode
Priority: P3 → P1

Sorry forgot about this issue.
This isn't a problem with the sandbox logging, that is just what is used to force a crash (their CHECK and DCHECK).

This was actually regressed by bug 1635428, because these tests add in rules with forward slashes.
I could change all the test scripts, but I think it should be safe to change from a check to a replacement of / with \.

Status: NEW → ASSIGNED
Keywords: regression
Regressed by: 1635428

Set release status flags based on info from the regressing bug 1635428

status-firefox100: --- → unaffected
status-firefox101: --- → affected
status-firefox99: --- → unaffected
status-firefox-esr91: --- → unaffected

Whoops wrong regressing bug.

status-firefox100: unaffectedwontfix
status-firefox99: unaffectedwontfix
Regressed by: 1695556
No longer regressed by: 1635428
Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/3b57c0c8f967
Re-allow forward slashes in windows sandbox file system policy rules. r=handyman

https://hg.mozilla.org/mozilla-central/rev/3b57c0c8f967

Status: ASSIGNED → RESOLVED
Closed: 11 months ago
status-firefox101: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 101 Branch
You need to log in before you can comment on or make changes to this bug.