View previous topic :: View next topic |
Author |
Message |
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Tue Aug 24, 2021 10:55 pm Post subject: Some extensions don't work in Firefox [Workaround] |
|
|
General info:
System is ~amd64, built with gcc-11.2.0 and glibc-2.34.
Profile: default/linux/amd64/17.1/desktop/plasma/systemd (stable)
Proprietary nvidia drivers, old (but gold) GTX-1060 6gb.
Emerge --info here: https://pastebin.com/wFn6iQj7
ATM firefox is built with the following flags and options:
Code: | (clang dbus gmp-autoupdate hwaccel lto openh264 pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-webp wayland -debug -eme-free -geckodriver -hardened -jack -pgo -screencast -selinux -sndio -wifi CPU_FLAGS_ARM="-neon" KERNEL="linux" L10N="ru -ach -af -an -ar -ast -az -be -bg -bn -br -bs -ca -ca-valencia -cak -cs -cy -de -dsb -el -en-CA -en-GB -eo -es-AR -es-CL -es-ES -es-MX -et -eu -fa -ff -fi -fr -fy -ga -gd -gl -gn -gu -he -hi -hr -hsb -hu -hy -ia -id -is -it -ja -ka -kab -kk -km -kn -ko -lij -lt -lv -mk -mr -ms -my -nb -ne -nl -nn -oc -pa -pl -pt-BR -pt-PT -rm -ro -sco -si -sk -sl -son -sq -sr -sv -szl -ta -te -th -tl -tr -trs -uk -ur -uz -vi -xh -zh-CN -zh-TW") |
The problem:
So the thing is that suddenly some extensions like Ublock origin and Duplicate Tab Closer just stopped working. Whenever I press on the icon, tiny vertical bar appears and nothing else happens.
Same error happen both in firefox and firefox-bin.
And here's what I get in the log:
Code: | авг 25 00:57:49 pc kernel: WebExtensions[4923]: segfault at 0 ip 00007f36727c3399 sp 00007ffebe0d6f10 error 4 in libc.so.6[7f36726b6000+16f000]
авг 25 00:57:49 pc kernel: Code: ff e9 7f fd ff ff e8 96 66 fe ff 66 0f 1f 44 00 00 41 55 41 54 49 89 f5 49 89 d4 55 53 48 89 fb 48 89 cd 48 83 ec 08 48 8b 07 <48> 8b 38 48 85 ff 74 1f e8 4a 1f 00 00 48 89 45 00 48 85 c0 74 18
авг 25 00:57:49 pc systemd[1]: Started Process Core Dump (PID 4960/UID 0).
авг 25 00:57:49 pc systemd-coredump[4961]: Process 4923 (WebExtensions) of user 1000 dumped core.
авг 25 00:57:49 pc systemd[1]: systemd-coredump@38-4960-0.service: Deactivated successfully. |
OR:
Code: | авг 25 01:01:38 pc kernel: WebExtensions[6669]: segfault at 0 ip 00007f8deb431399 sp 00007ffc0ffd67f0 error 4 in libc.so.6[7f8deb324000+16f000]
авг 25 01:01:38 pc kernel: Code: ff e9 7f fd ff ff e8 96 66 fe ff 66 0f 1f 44 00 00 41 55 41 54 49 89 f5 49 89 d4 55 53 48 89 fb 48 89 cd 48 83 ec 08 48 8b 07 <48> 8b 38 48 85 ff 74 1f e8 4a 1f 00 00 48 89 45 00 48 85 c0 74 18
авг 25 01:01:38 pc systemd[1]: Started Process Core Dump (PID 6705/UID 0).
авг 25 01:01:39 pc systemd-coredump[6706]: Process 6669 (WebExtensions) of user 1000 dumped core.
авг 25 01:01:39 pc systemd[1]: systemd-coredump@39-6705-0.service: Deactivated successfully. |
And also Firefox tab will crash if I'll try to move picture on the page (e.g. just click on some picture and move cursor while holding LMB) with this in the log:
Code: | авг 25 01:02:15 pc kernel: Web Content[5422]: segfault at 0 ip 00007fcd6b0d8399 sp 00007ffd4b18b980 error 4 in libc.so.6[7fcd6afcb000+16f000]
авг 25 01:02:15 pc kernel: Code: ff e9 7f fd ff ff e8 96 66 fe ff 66 0f 1f 44 00 00 41 55 41 54 49 89 f5 49 89 d4 55 53 48 89 fb 48 89 cd 48 83 ec 08 48 8b 07 <48> 8b 38 48 85 ff 74 1f e8 4a 1f 00 00 48 89 45 00 48 85 c0 74 18
авг 25 01:02:15 pc systemd[1]: Started Process Core Dump (PID 7044/UID 0).
авг 25 01:02:15 pc systemd-coredump[7045]: Process 5422 (Web Content) of user 1000 dumped core.
авг 25 01:02:15 pc systemd[1]: systemd-coredump@41-7044-0.service: Deactivated successfully. |
Many other extensions stopped working too (I tried some other adblockers), but some others still work just fine (e.g. Session Boss)
Judging by the logs, I'm inclined to blame glibc-2.34.
But, this issue appeared about about 1 week ago while glibc-2.34 was merged about 3 weeks ago. So for 2 weeks everything was fine and then suddenly broke? Kinda strange.
Anyway, one cannot simply downgrade glibc, so I can't try it with v2.33.
What I tried:
- Using firefox-bin. Same issue.
- Downgrading firefox-bin. Even worse - both 90.0.2 and 78.13.0 ESR get tab crashes immediately.
- Trying new profile, "refreshing" firefox etc. No luck.
- Removing ~/.mozilla folder. Didn't help.
- Downloading binary nightly build. Same thing.
- Rebuilding firefox and whole @world. Nope, didn't help.
- Rebuilding firefox without pgo. All the same.
- Downgrading nvidia-drivers to 460.91. No luck so far.
- Run memtest: test completed with 0 errors.
Probably missing something obvious here. Any advices?
P.S.
It took me some time to get through "Error in posting"
In this case it was triggered by angled arrow symbol - this one https://www.compart.com/en/unicode/U+1F855 in the log's fragments
Last edited by pickd.mask on Sat Sep 04, 2021 11:33 pm; edited 1 time in total |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1462 Location: Earth
|
Posted: Tue Aug 24, 2021 11:24 pm Post subject: |
|
|
Quote: | Judging by the logs, I'm inclined to blame glibc-2.34. |
yep.
i had a similar problems with chromium - ah snap ... error.
have you tried clean mozilla start?
or only chance maybe to start mozilla with:
Code: | MOZ_DISABLE_CONTENT_SANDBOX=1 | or Code: | --no-sandbox option for Chrome |
for now. _________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Tue Aug 24, 2021 11:41 pm Post subject: |
|
|
Thanks for your reply.
CooSee wrote: |
have you tried clean mozilla start?
|
Not sure I understand it right.
I tried creating new profile, also tried removing whole ~/.mozilla folder and start firefox. Does this qualify as "clean"?
CooSee wrote: |
or only chance maybe to start mozilla with:
Code: | MOZ_DISABLE_CONTENT_SANDBOX=1 | or Code: | --no-sandbox option for Chrome |
for now. |
That worked for both chrome and firefox, thanks a lot |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1462 Location: Earth
|
Posted: Tue Aug 24, 2021 11:50 pm Post subject: |
|
|
you're welcome
this is odd, because it seems resolved:
https://bugs.gentoo.org/803950
try with another user, after a restart of your system. _________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Wed Aug 25, 2021 1:06 am Post subject: |
|
|
Using another user and fresh profile doesn't help, still same issue.
And the bug, as I understand, is only related to merging FF. And I remember that time when I had it, but that was fixed in upstream and for some time everything was fine. Until few days ago I found out that the whole "internet" changed for me: tons of ads everywhere -- because Ublock Origin stopped working.
Probably FF 92 will fix it for me, who knows. |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1462 Location: Earth
|
Posted: Thu Aug 26, 2021 4:39 pm Post subject: |
|
|
Quote: | tons of ads everywhere |
you should search for Ultimate.Hosts.Blacklist on github.
it'll change the speed of browsing profoundly _________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Sat Sep 04, 2021 11:33 pm Post subject: |
|
|
CooSee wrote: | Quote: | tons of ads everywhere |
you should search for Ultimate.Hosts.Blacklist on github.
it'll change the speed of browsing profoundly |
Thanks, not needed once I got UBlock Origin working with the solution you proposed |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Thu Nov 25, 2021 5:13 am Post subject: |
|
|
So, I struggled with this one as well. Although, I could not identify the exact extension that was failing because the behavior was very odd.
Now, the question is this: Is disabling the sandbox allowing the failing extension to break some security protocols? What's the risk with running firefox with MOZ_DISABLE_CONTENT_SANDBOX=1?
Is it related to glibc-2.34? Did anyone try lower versions of glibc to confirm? |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22446
|
Posted: Thu Nov 25, 2021 5:19 pm Post subject: |
|
|
Assuming the sandbox is the one I think it is, then it is a system call filter that automatically kills the calling process for making a disallowed system call. The theory is that the caller has an exhaustive list of all the calls it will make when operating "properly" and the disallowed calls would only occur if a security bug allowed unauthorized code to make system calls of its choosing. In that case, disabling the sandbox is much like driving around without wearing a seat belt: as long as you don't actually crash the car (or in the Firefox case, have a security bug running unauthorized code), it's fine. If you do crash the car, the seat belt would have greatly reduced the damage you suffer in the crash. The sandbox would cause the unauthorized code to die immediately, rather than running arbitrary code to read files, make network calls, etc. Based on that, if you were using the browser in a context where you had a high level of trust in the content it is processing (say, reading HTML documents you downloaded a year ago, and keep for local reference, such as things in /usr/share/doc), I wouldn't worry much about disabling the sandbox. On the other hand, if you're using the browser in a hostile environment, like browsing the open web with Javascript enabled, I would not disable the sandbox.
This could well be related to glibc-2.34, but it's not a glibc bug. As above, the sandbox has a theoretically exhaustive list of system calls. The new glibc uses a new system call that the old sandbox doesn't know about, so the sandbox panics and kills the process. As far as I know, the glibc project never documented that they would seek the permission and cooperation of every ad-hoc sandbox project before adding new system calls to regular operation, so designing a sandbox that requires such cooperation is inherently flawed. To fix this, you need to add the new system call(s) to the sandbox allow list. For extra fun, I'm not sure if Firefox actually has a way to do that without patching its source and recompiling. Nor do I know where in the Firefox source you would go to make such a patch, if you wished to do so. Nor do I know which system calls you need to put on the allow list. |
|
Back to top |
|
|
gruftie Apprentice
Joined: 24 Sep 2002 Posts: 184
|
Posted: Mon Nov 29, 2021 4:43 pm Post subject: |
|
|
CooSee wrote: | Quote: | Judging by the logs, I'm inclined to blame glibc-2.34. |
yep.
i had a similar problems with chromium - ah snap ... error.
have you tried clean mozilla start?
or only chance maybe to start mozilla with:
Code: | MOZ_DISABLE_CONTENT_SANDBOX=1 | or Code: | --no-sandbox option for Chrome |
for now. |
I had the same problem as the original poster and this helped, thank you!
Instead of disabling the sandbox completely, for me it works lowering the value for "security.sandbox.content.level" from 4 to 2 in about:config (found here) |
|
Back to top |
|
|
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Mon Nov 29, 2021 9:03 pm Post subject: |
|
|
gruftie wrote: |
Instead of disabling the sandbox completely, for me it works lowering the value for "security.sandbox.content.level" from 4 to 2 in about:config (found here) |
Worked for me too, thanks |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Mon Nov 29, 2021 11:37 pm Post subject: |
|
|
Something strange I can't explain...We got a glibc update today. On one system, I have the level set to 4 and it works. Made sure the env var is not set.
On another system, level has to be 2 for me to see umatrix drop down.
No idea what's going on! |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1893
|
Posted: Thu Dec 02, 2021 12:36 am Post subject: |
|
|
Yeah, I'd be interested in learning if -clone3 on glibc helps anyone experiencing this issue (please update bug 803950 if so). |
|
Back to top |
|
|
pickd.mask n00b
Joined: 02 Aug 2011 Posts: 28
|
Posted: Thu Dec 02, 2021 3:23 am Post subject: |
|
|
sam_ wrote: |
Yeah, I'd be interested in learning if -clone3 on glibc helps anyone experiencing this issue (please update bug 803950 if so). |
Didn't help on my system.
I had glibc and then whole toolchain rebuilt with -clone3 useflag. Upon that I also rebuilt Firefox.
And it didn't change much, I still have same issue when not using two aforementioned workarounds.
However this glibc revision update along with discord-bin revision update fixed discord. Now it works, thanks to developers. |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Sat Dec 04, 2021 2:30 am Post subject: This patch works to solve the issue with the FF extensions |
|
|
patch available at https://bugs.gentoo.org/803950
Trying it in a little bit...
Update: This works! |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1259 Location: Edinburgh, UK
|
Posted: Thu Jan 13, 2022 5:22 pm Post subject: |
|
|
Well this gave me a fun 3/4 day of confusion and searching
Thank you @Hu for the really good digestible synopsis of the issue above.
I picked the option of rebuilding dev-libs/glib with USE="-fam" as it seems to have least impact on anything else; better that than putting a config in firefox or an envvar that I'll only forget about by the time the issue is resolved
Even when either firefox or glibc has this ironed out (I'm not quite sure whose job that really ought to be from reading the above), it sounds like a category of problem that could easily occur again down the line |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Sun Feb 27, 2022 6:41 am Post subject: |
|
|
Looks like this is broken again with latest glibc and latest firefox-97.0.1. The patch does not seem to help anymore. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22446
|
Posted: Sun Feb 27, 2022 4:19 pm Post subject: |
|
|
In this context, what is the "latest" glibc? Latest stable (2.33), latest testing (2.34), latest no-keyword (2.35), or a -9999 ebuild? The patch was probably specific to the previous way in which the sandbox failed to account for new glibc syscalls. The latest glibc probably introduces use of yet another syscall that Firefox wrongly assumes will never be used. An strace of the dying process would likely tell us which syscall is causing problems this time. |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Sun Feb 27, 2022 4:50 pm Post subject: |
|
|
I meant ~amd64, which is 2.34 |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1259 Location: Edinburgh, UK
|
Posted: Mon Feb 28, 2022 1:49 am Post subject: |
|
|
For me the symptoms of breakage were different (tabs just not loading at all, instead of the more subtle breakages in bits of addon UIs) but the fix of rebuilding glib with USE="-fam" still resolves it. |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
Posted: Mon Feb 28, 2022 1:58 am Post subject: |
|
|
Havin_it wrote: | For me the symptoms of breakage were different (tabs just not loading at all, instead of the more subtle breakages in bits of addon UIs) but the fix of rebuilding glib with USE="-fam" still resolves it. | Where is this documented? Do you have a link?
The original issue was glibc but you are talking about dev-libs/glib, not glibc.
My symptoms are same: tabs don't load at all. |
|
Back to top |
|
|
devsk Advocate
Joined: 24 Oct 2003 Posts: 3003 Location: Bay Area, CA
|
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1259 Location: Edinburgh, UK
|
Posted: Mon Feb 28, 2022 11:25 pm Post subject: |
|
|
Yes that's it, sorry I thought it was in the bug you linked above, but forgot it was that other one that followed on from it. Glad to see you found it |
|
Back to top |
|
|
|