1783163 - Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size

Status: UNCONFIRMED

(Core :: Security: Process Sandboxing, defect, P1)

Description

[Vikram Vincent]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0

Steps to reproduce:

use Firefox Beta and launch it from the terminal. While watching
Netflix on Firefox, I get the following messages on my terminal:

Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Sandbox: attempt to open unexpected file /sys/devices/system/cpu
Sandbox: Unexpected EOF, op 0 flags 00 path /proc/cpuinfo

Comment 1

[Gian-Carlo Pascutto [:gcp]]

Just a warning, but unexpected, so we want to have a look at some point.

Comment 2

[Vikram Vincent]

I am able to reproduce the messages by hovering over various programme titles in Netflix and then refreshing the page.
I get:

libva info: va_openDriver() returns 0
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Sandbox: attempt to open unexpected file /sys/devices/system/cpu
libva info: VA-API version 1.14.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/radeonsi_drv_video.so
libva info: Found init function __vaDriverInit_1_14
ATTENTION: default value of option mesa_glthread overridden by environment.
libva info: va_openDriver() returns 0
username@hostname:~$ libva info: VA-API version 1.14.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/radeonsi_drv_video.so
libva info: Found init function __vaDriverInit_1_14
ATTENTION: default value of option mesa_glthread overridden by environment.
libva info: va_openDriver() returns 0
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Sandbox: attempt to open unexpected file /sys/devices/system/cpu
libva info: VA-API version 1.14.0

Comment 3

[u657957]

Also encountered on Firefox 102.3.0 while listening to music using Spotify's web portal ( https://open.spotify.com/ ).

Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Sandbox: attempt to open unexpected file /sys/devices/system/cpu
Sandbox: unexpected multiple open of file /proc/cpuinfo

Around the same time, the browser tab became graphically unresponsive (blank contents).

Comment 4

[Gian-Carlo Pascutto [:gcp]]

Also encountered on Firefox 102.3.0 while listening to music using Spotify's web portal

Hi James, as explained above the messages are just warnings, so something else must be going wrong. We'll need more details about your configuration, e.g. which distribution are you running? What graphics hardware and drivers do you have?

Could you try to run Firefox with MOZ_DISABLE_GMP_SANDBOX=1 set in the environment and see if the issue reproduces?

Comment 5

[u657957]

Hi Gian-Carlo - this is on Debian 11 (bullseye), using the Intel i965 VA-API driver (and media.ffmpeg.vaapi.enabled=false in Firefox, if that's relevant).

I'm not super keen to attempt repro without the sandboxing in place at the moment but I'll add details if & when I do.

Comment 6

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

I've failed to reproduce this with Nightly and Debian unstable; I get the warnings about /sys/devices/system/cpu but nothing about /proc/cpuinfo. It's possible that that line is related to the error (i.e., whatever is trying to open /proc/cpuinfo for the second time causes media decoding to fail when it returns an error), but it could also be coincidence.

The browser tab locking up is unexpected, though — even if the media plugin process crashes or hangs, the media subsystem is pretty good about doing everything asynchronously. If try playing something and then kill the gmplugin process, it stops playing and I get an in-content error that “something went wrong with playback”, and then it won't play anything until I reload the tab; that's all more or less what I'd expect. If I SIGSTOP the process, a few seconds later the audio stops but the time in the UI keeps advancing (and if I SIGCONT it, it will resume playing where it left off, which is no longer where the UI says it's playing from; that's an interesting bug but it might be Spotify's and not ours). But, no sign of the content process locking up or crashing.

Comment 7

[u657957]

The tab doesn't completely lock up in this case - media continues to play audibly, and keyboard input is possible within the browser -- although invisible -- until the window and tab are visually obscured and then re-opened.

In other words: after the issue appears, switching to a separate application and back again permits a single frame of the browser contents to render, but after that point they remain visually static (until the next manual refresh occurs).

Comment 8

[u657957]

Ok, this happened to me again a few moments ago while browsing GitHub, and this time Spotify web player was not open (so my apologies for mistaking that as the possible cause).

Comment 9

[BugBot [:suhaib / :marco/ :calixte]]

Clear a needinfo that is pending on an inactive user.

Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE.

For more information, please visit BugBot documentation.

Comment 10

[Sagar Timalsina]

I am getting this bug on manjaro on watching videos on coursera. I am using Mozilla Firefox 117.0.1 .
.[18813] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
[18813] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
[18813] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
[18813] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible

Comment 12

[Maddi]

I can reproduce it on the following page: https://plus.rtl.de/video-tv/shows/team-wallraff-reporter-undercover-242031/2024-4-993984/episode-1-schmutz-und-gier-undercover-in-der-reinigungsbranche-973676

Click on play(German "Abspielen").

Debian Stable Gnome Wayland with enabled Mozilla APT repository. Firefox 124.0.2.

Apr 06 17:12:09 user firefox.desktop[12712]: [12712] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Apr 06 17:12:09 user firefox.desktop[12712]: [12712] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Apr 06 17:12:09 user firefox.desktop[12712]: [12712] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Apr 06 17:12:09 user firefox.desktop[12712]: [12712] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
Apr 06 17:12:13 user firefox.desktop[12716]: [12716] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
Apr 06 17:12:13 user firefox.desktop[12716]: [12716] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
Apr 06 17:12:13 user firefox.desktop[12716]: [12716] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
Apr 06 17:12:13 user firefox.desktop[12716]: [12716] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible

No entries can be seen in the journal-logs with these parameters.
MOZ_DISABLE_GMP_SANDBOX=1 firefox -p
libva info: VA-API version 1.17.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so
libva info: Found init function __vaDriverInit_1_17
libva info: va_openDriver() returns 0
[Parent 15764, IPC I/O Parent] WARNING: waitid failed pid:16098 errno:10: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:244
[Parent 15764, IPC I/O Parent] WARNING: waitid failed pid:16091 errno:10: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:244
[Parent 15764, IPC I/O Parent] WARNING: waitid failed pid:15980 errno:10: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:244
[Parent 15764, IPC I/O Parent] WARNING: waitid failed pid:15954 errno:10: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:244

Comment 13

[Marcos H. Alano]

I got this error a lot on https://feedly.com. I have to close the browser and reopen so I can use Firefox again.

Comment 14

[Marcos H. Alano]

BTW, I'm using Firefox 125.0.2 on Ubuntu 24.04 LTS with .deb packages, not Snap.

Comment 15

[Mr. Beedell, Roke Julian Lockhart (RJLB) [:RokeJulianLockhart]]

firefox

[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/core_cpus
[377365] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/thread_siblings
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/core_cpus
[377696] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/thread_siblings

Using https://kojipkgs.fedoraproject.org//packages/firefox/128.0/2.fc40/x86_64/firefox-128.0-2.fc40.x86_64.rpm from https://koji.fedoraproject.org/koji/rpminfo?rpmID=39142926.

Comment 16

[forums]

Same issue. Firefox 129.0.1 Ubuntu 24.04
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/core_cpus
firefox.desktop[1910918]: [1910918] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/thread_siblings
firefox.desktop[1897583]: [Parent 1897583, IPC I/O Parent] WARNING: process 1899313 is a zombie: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:245
firefox.desktop[1897583]: [Parent 1897583, IPC I/O Parent] WARNING: process 1899879 is a zombie: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:245
firefox.desktop[1897583]: [Parent 1897583, IPC I/O Parent] WARNING: process 1905217 is a zombie: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:245
firefox.desktop[1897583]: [Parent 1897583, IPC I/O Parent] WARNING: process 1899310 is a zombie: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:245
firefox.desktop[1897583]: [Parent 1897583, IPC I/O Parent] WARNING: process 1898347 is a zombie: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:245

Comment 17

[linottejustin+AST.bugzilla]

i'm on debian 12, i have Firefox 115.14.0esr (64-bit) already installed, i just installed firefox 129.0.2-1 from snap
i tried to launch from my root account and got this and didn't worked:
root@myname-debian:~# snap run firefox
mkdir: cannot create directory ‘/run/user/0’: Permission denied
Error: no DISPLAY environment variable specified

when switched back to my normal user account, it worked for the first time from the terminal, but i got this (changed my real name) :

myname@myname-debian:~$ snap run firefox
Importing existing firefox profiles from /home/myname/.mozilla/firefox
Found default profile: 4qwx9y8h.default-esr
Import done in 0.510 s
Gtk-Message: 17:16:58.323: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/core_cpus
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/thread_siblings

Comment 18

[linottejustin+AST.bugzilla]

(In reply to linottejustin from comment #17)

i'm on debian 12, i have Firefox 115.14.0esr (64-bit) already installed, i just installed firefox 129.0.2-1 from snap
i tried to launch from my root account and got this and didn't worked:
root@myname-debian:~# snap run firefox
mkdir: cannot create directory ‘/run/user/0’: Permission denied
Error: no DISPLAY environment variable specified

when switched back to my normal user account, it worked for the first time from the terminal, but i got this (changed my real name) :

myname@myname-debian:~$ snap run firefox
Importing existing firefox profiles from /home/myname/.mozilla/firefox
Found default profile: 4qwx9y8h.default-esr
Import done in 0.510 s
Gtk-Message: 17:16:58.323: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/possible
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/core_cpus
[10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/topology/thread_siblings

and now when i retry to launch it i only get that :
myname@myname-debian:~$ snap run firefox
Gtk-Message: 17:40:30.719: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.

Comment 21

[Gian-Carlo Pascutto [:gcp]]

jld, you said you had a patch for the warnings, and this is getting a lot of dupes, so I'm increasing severity/priority.

This will be just about stopping the warnings which are confusing people: it's basically some video decoder external to Firefox poking around to know the exact CPU configuration in the machine, which we block, but it's essentially harmless.

If you have an actual issue with video decoding, please file a separate bug.

Comment 22

[Mr. Beedell, Roke Julian Lockhart (RJLB) [:RokeJulianLockhart]]

#c21

gpascutto@mozilla.com, would it not be better to merely supplement the logs with the undermentioned?

The undermentioned access denials are posted by an external video decoder that is deliberately blocked by Firefox for privacy reasons:

You could then indent all logs from the decoder to demonstrate which this applies to:

The undermentioned access denials are posted by an external video decoder that is deliberately blocked by Firefox for privacy reasons:
  [10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
  [10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index3/size
  [10965] Sandbox: attempt to open unexpected file /sys/devices/system/cpu/present

I don't know whether that's simpler, but it seems like it'd be more versatile.

Comment 23

[linottejustin+AST.bugzilla]

hello, i'm not into firefox dev, but i think that its better to print a notice that say what it is than to just block the displaying of such logs? and isn't it possible to just not execute this video decoder? because if it tries to open "unexpected" files, its that its been executed?
Btw, i don't want to be boring with my messages.

Comment 24

[Gian-Carlo Pascutto [:gcp]]

Well, clearly keeping those warning messages just means people keep posting bugs like this. I'm not convinced including a bit more explanation will change anything about that. Also, if it's the relatively harmless operation of probing at the cache config or potential NUMA config of a system, what good is it to display the warning in the first place?

We'd want to keep the warnings in general because they can be very useful if for example a video driver gets changed and suddenly tries to access new files.

I don't know whether that's simpler

There's no obvious way to do this, as the conclusion that it's an encoder poking around the CPU/NUMA config is what I infer from seeing the combination of all messages, but the sandbox has to make the determination about the accesses one by one. Therefore, what you put as the first line of output is what you can conclude after having seen all output after it - there's a causality issue here. So it's not simpler, it's orders of magnitude more complicated than adding a rule that says /sys/devices/system/cpu accesses are benign/harmless, don't warn for them.

isn't it possible to just not execute this video decoder?

This is only viable if you don't mind random videos on the internet not working in Firefox. We don't ship patented codecs in Firefox because we want to keep the application free, but a lot of videos on the internet use patented codecs, so something needs to decode them. In Ubuntu, they are contained in ubuntu-restricted-extras and Firefox will defer decoding work to them if installed, but sandbox and isolate them because we don't know what exact code is in there.

Comment 25

[Gian-Carlo Pascutto [:gcp]]

To correct myself: according to https://bugzilla.mozilla.org/show_bug.cgi?id=1639531#c14 at least H264 video should now work even without installing those packages, but you do get better performance with them installed, as ffmpeg is more optimized than OpenH264.