1773289 – After upgrade glibc to 2.30.9000-18 all tabs in Chromium-based browsers start crashing immediately after opening.

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1773289 - After upgrade glibc to 2.30.9000-18 all tabs in Chromium-based browsers start crashing immediately after opening.

Summary: After upgrade glibc to 2.30.9000-18 all tabs in Chromium-based browsers start...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	chromium
Sub Component:
Version:	32
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tom "spot" Callaway
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1773346 1774222 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-11-17 11:34 UTC by Mikhail
Modified:	2020-06-13 18:19 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-06-13 18:19:11 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mikhail 2019-11-17 11:34:53 UTC

Description of problem:

After upgrade glibc to 2.30.9000-18 all tabs in Chromium-based browsers start crashing immediately after opening.
Last good version is 2.30.9000-17


https://src.fedoraproject.org/rpms/glibc/c/9bd4f8ff4363ca22d850f6ba272aa3f591fc9237

I don't know it is problem codebase of Chromium browsers or glibc so I filled this bugreport.

../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0230
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0230
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 02300230

../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0230

Comment 1 Florian Weimer 2019-11-17 13:08:06 UTC

Assuming 0230 is decimal, this corresponds to clock_nanosleep. Presumably, the existing seccomp filters in chromium only allow nanosleep, but not clock_nanosleep. They need to be adjusted.

Comment 2 Tom "spot" Callaway 2019-11-17 21:54:24 UTC

*** Bug 1773346 has been marked as a duplicate of this bug. ***

Comment 3 Tom "spot" Callaway 2019-11-17 21:59:08 UTC

-2 has a patch to permit clock_nanosleep, it is building now. Once I confirm it resolves the issue, I'll send it upstream.

Comment 4 Tom "spot" Callaway 2019-11-18 15:18:44 UTC

Confirmed the patch fixes the issue, opened upstream bug report with patch:

https://bugs.chromium.org/p/chromium/issues/detail?id=1025739

Comment 5 Florian Weimer 2019-11-19 20:08:41 UTC

*** Bug 1774222 has been marked as a duplicate of this bug. ***

Comment 6 Valdis Kletnieks 2019-11-20 03:34:01 UTC

Mikhail:  For future reference, where was Chrome throwing those 'seccomp-bpf failure in syscall' messages?  To stdout, or elsewhere?

(I had already found the issue and backleveled glibc before I thought to run it from the command line...)

Comment 7 Mikhail 2019-11-21 08:01:59 UTC

(In reply to Valdis Kletnieks from comment #6)
> Mikhail:  For future reference, where was Chrome throwing those 'seccomp-bpf
> failure in syscall' messages?  To stdout, or elsewhere?

in stdout

Comment 8 Emilio Cobos Álvarez (:emilio) 2019-11-22 22:08:11 UTC

Heh, interestingly enough Firefox had a similar problem, but it seems only the profiler had the nanosleep call, otherwise I'd have noted sooner: https://bugzilla.mozilla.org/show_bug.cgi?id=1597792

Comment 9 Valdis Kletnieks 2019-11-23 02:58:03 UTC

So far, this glibc change has broken openssh, chrome, and firefox.

Talk about the gift that keeps on giving.

Comment 10 Yanko Kaneti 2019-12-04 10:52:42 UTC

FWIW the chrome dev build from yesterday (80.0.3983.2) contains the fix and works with glibc-2.30.9000

Comment 11 Valdis Kletnieks 2019-12-04 18:25:09 UTC

Confirming - Chrome 80.0.3983.2 just showed up, and plays nice with the new glibc. There's probably a few more programs that use seccomp sandboxing, but now that openssh and chrome are both OK, the major pain points are probably fixed....

Comment 12 Ben Cotton 2020-02-11 17:42:04 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.

Comment 13 Ankur Sinha (FranciscoD) 2020-03-25 11:24:27 UTC

Note: also affects chromium based software such as qt-webengine and all the browsers that use it (at least qutebrowser and falkon). There are fixes upstream at Qt based on the Chromium fixes, but they've not made it to Fedora yet: https://bugzilla.redhat.com/show_bug.cgi?id=1812482

Comment 14 Bernie Innocenti 2020-06-13 18:19:11 UTC

Chrome 83 has been updated to work with the current glibc.

Note You need to log in before you can comment on or make changes to this bug.