Closed Bug 1829447 Opened 2 years ago Closed 2 years ago

Firefox nightly crashes in Ubuntu 23.04 on new version tab: " Sandbox: seccomp sandbox violation: pid 227392, tid 227392, syscall 332, args 0 0 0 4095 0 51. Killing process."

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1829652

People

(Reporter: 6dnail, Unassigned)

References

(Regression)

Details

(Keywords: crash, regression)

Steps to reproduce:

Referenced my main release level profile starting Firefox Nightly.
My new system is running Xubuntu 24.03.

Actual results:

The screen displayed says "Gah. Your tab just crashed". The URL line is
https://www.mozilla.org/en-US/firefox/110.0a1/whatsnew/?oldversion=111.0.1
No url will be successful however, about: items will work

Expected results:

Firefox (nightly) should have come up to my home page as well as a special page saying firefox has been upgraded to 114 (The profile is my active profile used with production (111) firefox.

According to mozregression runs, it is good through 20221225190734
it fails beginning with 20221225215226
This specific failure is only happening with Ubuntu 23.04. It does not happen with Ubuntu 22.04.

typo in my initial description - that should be XUbuntu 23.04 as in the April 2023 release of XUbuntu

The Bugbug bot thinks this bug should belong to the 'Firefox::New Tab Page' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → New Tab Page

Ran another mozregression - same result. This time I noticed, when it fails, these lines are on the noted from one of the failures:
Sandbox: seccomp sandbox violation: pid 227392, tid 227392, syscall 332, args 0 0 0 4095 0 51. Killing process.
[Parent 227260, IPC I/O Parent] WARNING: process 227392 exited on signal 31: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:256
Sandbox: seccomp sandbox violation: pid 227408, tid 227408, syscall 332, args 0 0 0 4095 0 51. Killing process.
[Parent 227260, IPC I/O Parent] WARNING: process 227408 exited on signal 31: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:256

Also noticed some comments when running the GUI for mozregresssion:
PROBABLY THE LAST GOOD RUN:
app_name: firefox
build_date: 2022-12-25 10:08:00.150000
build_file: /home/woola/.mozilla/mozregression/persist/3efccb84d800-pgo--autoland--target.tar.bz2
build_type: integration
build_url: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/a3EubPDmRXuGOnd06XY2ZQ/runs/0/artifacts/public%2Fbuild%2Ftarget.tar.bz2
changeset: 3efccb84d8000e115f56638e9685b9562672abe5
pushlog_url: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=3efccb84d8000e115f56638e9685b9562672abe5&tochange=fa56acd185ad9852ed290e675f5910b9850f5b15
repo_name: autoland
repo_url: https://hg.mozilla.org/integration/autoland
task_id: a3EubPDmRXuGOnd06XY2ZQ

PROBABLY THE FIRST BAD RUN:
app_name: firefox
build_date: 2022-12-25 22:25:35.411000
build_file: /home/woola/.mozilla/mozregression/persist/b57a7a0be0d0--autoland--target.tar.bz2
build_type: integration
build_url: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/a8c3fN2tS_2RlkJD3L6yvw/runs/0/artifacts/public%2Fbuild%2Ftarget.tar.bz2
changeset: b57a7a0be0d049b5412ab8a01394429e6924c896
pushlog_url: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=3efccb84d8000e115f56638e9685b9562672abe5&tochange=b57a7a0be0d049b5412ab8a01394429e6924c896
repo_name: autoland
repo_url: https://hg.mozilla.org/integration/autoland
task_id: a8c3fN2tS_2RlkJD3L6yvw

Component: New Tab Page → Security: Process Sandboxing
Keywords: crash, regression
OS: Unspecified → Linux
Product: Firefox → Core
Regressed by: 1806766
Hardware: Unspecified → x86_64
Summary: Firefox nightly crashes in Ubuntu 23.04 on new version tab → Firefox nightly crashes in Ubuntu 23.04 on new version tab: " Sandbox: seccomp sandbox violation: pid 227392, tid 227392, syscall 332, args 0 0 0 4095 0 51. Killing process."
Version: other → unspecified
See Also: → 1828757

Is this the Snap Nightly or the tar.gz Nightly?

Do you have a crash report from about:crashes? A stack for the crash would be useful.

Given that num_cpus was changed in that regression range, I wonder if this is the same issue as bug 1829652, which I just filed.

Flags: needinfo?(6dnail)
See Also: → 1829652

So syscall 332, this is statx indeed https://searchfox.org/mozilla-central/rev/26790fecfcda622dab234b28859da721b80f3a35/security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h#1346-1348

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1829652
Resolution: --- → DUPLICATE

(In reply to Darkspirit from comment #5)

Is this the Snap Nightly or the tar.gz Nightly?
I know nothing about Snap Nightly, It's probably the tar.gz. I did use mozregression to determine the first failure.

Flags: needinfo?(6dnail)

(In reply to Andrew McCreight [:mccr8] from comment #6)

Do you have a crash report from about:crashes? A stack for the crash would be useful.

Given that num_cpus was changed in that regression range, I wonder if this is the same issue as bug 1829652, which I just filed.

Using the latest nightly build, I've crashed again resulting in two crash reports:
bp-bcee46d6-36ee-4a68-8df7-de68a0230424
bp-67a57788-e6ba-4424-8c0d-2fae90230424

The first is here,

Mozilla Crash Reports
Search
Sign up
|
Log in
Quick Navigation

Select Product

Select Version:
Report:

Documentation | File a bug | Super Search
Firefox 114.0a1 Crash Report [@ statx ]

Search Mozilla Support for this signature How to read this crash report

You are seeing public data only. See protected data access documentation for more information.
Crash ID: bcee46d6-36ee-4a68-8df7-de68a0230424
Signature: [@ statx ]

Details
Crash Annotations
Bugzilla
Modules
Raw Data and Minidumps
Extensions
Telemetry Environment
Correlations
Debug

Signature statx More Reports Search
UUID bcee46d6-36ee-4a68-8df7-de68a0230424
Date Processed 2023-04-24 14:39:57 UTC
Uptime 1 seconds
Install Age 163 seconds since version was first installed (2 minutes and 43 seconds)
Install Time 2023-04-24 14:30:53
Product Firefox
Release Channel nightly
Version 114.0a1
Build ID 20230424095046 (2023-04-24) Buildhub data
OS Ubuntu 23.04
OS Version 6.2.0-20-generic #20-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 6 07:48:48 UTC 2023
Build Architecture amd64
CPU Info family 6 model 60 stepping 3
CPU Count 8
Adapter Vendor ID

Mesa

Adapter Device ID

llvmpipe (LLVM 15.0.7, 256 bits)

Startup Crash

False

Process Type content
Crash Reason SIGSYS / SYS_SECCOMP
Crash Address 0x000000000000014c
Available Virtual Memory 31,812,104,192 bytes (31.81 GB)
Available Page File 13,209,899,008 bytes (13.21 GB)
Available Physical Memory 30,094,352,384 bytes (30.09 GB)
EMCheckCompatibility

True

App Notes

FP(D00-L1000-W0000000-T010) WR? WR+

Crashing Thread (0), Name: Isolated Web Co
Frame Module Signature Source Trust
0 libc.so.6 statx sysdeps/unix/sysv/linux/statx.c:28 context
1 libxul.so std::sys::unix::fs::try_statx::statx library/std/src/sys/unix/weak.rs:166 inlined
1 libxul.so std::sys::unix::fs::try_statx library/std/src/sys/unix/fs.rs:177 cfi
2 libxul.so std::sys::unix::fs::File::file_attr library/std/src/sys/unix/fs.rs:1044 inlined
2 libxul.so std::fs::File::metadata library/std/src/fs.rs:568 inlined
2 libxul.so std::fs::buffer_capacity_required library/std/src/fs.rs:736 cfi
3 libxul.so <std::fs::File as std::io::Read>::read_to_string library/std/src/fs.rs:770 cfi
4 libxul.so num_cpus::linux::Cgroup::raw_param third_party/rust/num_cpus/src/linux.rs:246 cfi
5 libxul.so num_cpus::linux::Cgroup::max third_party/rust/num_cpus/src/linux.rs:227 inlined
5 libxul.so num_cpus::linux::Cgroup::cpu_quota third_party/rust/num_cpus/src/linux.rs:204 inlined
5 libxul.so num_cpus::linux::load_cgroups third_party/rust/num_cpus/src/linux.rs:154 inlined
5 libxul.so num_cpus::linux::init_cgroups third_party/rust/num_cpus/src/linux.rs:134 inlined
5 libxul.so core::ops::function::FnOnce::call_once library/core/src/ops/function.rs:250 inlined
5 libxul.so std::sync::once::Once::call_once::{{closure}} library/std/src/sync/once.rs:149 inlined
5 libxul.so std::sys_common::once::futex::Once::call library/std/src/sys_common/once/futex.rs:124 inlined
5 libxul.so std::sync::once::Once::call_once library/std/src/sync/once.rs:149 inlined
5 libxul.so num_cpus::linux::cgroups_num_cpus third_party/rust/num_cpus/src/linux.rs:114 inlined
5 libxul.so num_cpus::linux::get_num_cpus third_party/rust/num_cpus/src/linux.rs:33 cfi
6 libxul.so num_cpus::get third_party/rust/num_cpus/src/lib.rs:74 inlined
6 libxul.so <style::global_style_data::STYLE_THREAD_POOL as core::ops::deref::Deref>::deref::__static_ref_initialize servo/components/style/global_style_data.rs:141 inlined
6 libxul.so core::ops::function::FnOnce::call_once library/core/src/ops/function.rs:250 inlined
6 libxul.so lazy_static::lazy::Lazy<T>::get::{{closure}} third_party/rust/lazy_static/src/inline_lazy.rs:31 inlined
6 libxul.so std::sync::once::Once::call_once::{{closure}} library/std/src/sync/once.rs:149 inlined
6 libxul.so std::sys_common::once::futex::Once::call library/std/src/sys_common/once/futex.rs:124 inlined
6 libxul.so std::sync::once::Once::call_once library/std/src/sync/once.rs:149 inlined
6 libxul.so lazy_static::lazy::Lazy<T>::get third_party/rust/lazy_static/src/inline_lazy.rs:30 inlined
6 libxul.so <style::global_style_data::STYLE_THREAD_POOL as core::ops::deref::Deref>::deref::__stability third_party/rust/lazy_static/src/lib.rs:142 inlined
6 libxul.so <style::global_style_data::STYLE_THREAD_POOL as core::ops::deref::Deref>::deref third_party/rust/lazy_static/src/lib.rs:144 cfi
7 libxul.so Servo_StyleSheet_FromUTF8BytesAsync servo/ports/geckolib/glue.rs:1654 cfi
8 libxul.so mozilla::StyleSheet::ParseSheet(mozilla::css::Loader&, nsTSubstring<char> const&, mozilla::css::SheetLoadData&) layout/style/StyleSheet.cpp:1229 cfi
9 libxul.so mozilla::css::Loader::ParseSheet(nsTSubstring<char> const&, mozilla::css::SheetLoadData&, mozilla::css::Loader::AllowAsyncParse) layout/style/Loader.cpp:1598 cfi
10 libxul.so mozilla::css::StreamLoader::OnStopRequest(nsIRequest*, nsresult) layout/style/StreamLoader.cpp:133 cfi
11 libxul.so mozilla::net::nsHTTPCompressConv::OnStopRequest(nsIRequest*, nsresult) netwerk/streamconv/converters/nsHTTPCompressConv.cpp:180 cfi
12 libxul.so mozilla::net::HttpChannelChild::DoOnStopRequest(nsIRequest*, nsresult) netwerk/protocol/http/HttpChannelChild.cpp:1064 inlined
12 libxul.so mozilla::net::HttpChannelChild::OnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&) netwerk/protocol/http/HttpChannelChild.cpp:941 inlined
12 libxul.so mozilla::net::HttpChannelChild::ProcessOnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&, nsTArray<mozilla::net::ConsoleReportCollected>&&, bool)::$_0::operator()() netwerk/protocol/http/HttpChannelChild.cpp:812 inlined
12 libxul.so std::_Function_handler<void (), mozilla::net::HttpChannelChild::ProcessOnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&, nsTArray<mozilla::net::ConsoleReportCollected>&&, bool)::$_0>::_M_invoke(std::_Any_data const&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/7/bits/std_function.h:316 cfi
13 libxul.so mozilla::net::ChannelEventQueue::FlushQueue() netwerk/ipc/ChannelEventQueue.cpp:94 cfi
14 libxul.so mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() netwerk/ipc/ChannelEventQueue.cpp:152 cfi
15 libxul.so mozilla::SchedulerGroup::Runnable::Run() xpcom/threads/SchedulerGroup.cpp:114 inlined
15 libxul.so mozilla::RunnableTask::Run() xpcom/threads/TaskController.cpp:555 inlined
15 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) xpcom/threads/TaskController.cpp:879 cfi
16 libxul.so mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) xpcom/threads/TaskController.cpp:702 inlined
16 libxul.so mozilla::TaskController::ProcessPendingMTTask(bool) xpcom/threads/TaskController.cpp:491 inlined
16 libxul.so mozilla::TaskController::TaskController()::$_0::operator()() const xpcom/threads/TaskController.cpp:218 inlined
16 libxul.so mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() xpcom/threads/nsThreadUtils.h:548 cfi
17 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1239 cfi
18 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/threads/nsThreadUtils.cpp:479 inlined
18 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:85 cfi
19 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc:369 inlined
19 libxul.so MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:362 inlined
19 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:344 cfi
20 libxul.so nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:148 cfi
21 libxul.so XRE_RunAppShell() toolkit/xre/nsEmbedFunctions.cpp:738 cfi
22 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc:369 inlined
22 libxul.so MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:362 inlined
22 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:344 cfi
23 libxul.so XRE_InitChildProcess(int, char**, XREChildData const*) toolkit/xre/nsEmbedFunctions.cpp:673 cfi
24 firefox-bin content_process_main(mozilla::Bootstrap*, int, char**) ipc/contentproc/plugin-container.cpp:57 inlined
24 firefox-bin main browser/app/nsBrowserApp.cpp:375 cfi
25 libc.so.6 __libc_start_call_main sysdeps/nptl/libc_start_call_main.h:58 cfi
26 libc.so.6 __libc_start_main_alias_2 csu/libc-start.c:360 cfi
27 firefox-bin _start cfi

Thanks, this is just confirming what I already mentionned earlier, you are just hitting statx in the sandbox

You need to log in before you can comment on or make changes to this bug.