Ubuntu
firefox package

firefox will not start after it crashed unexpectedly

Bug #1917191 reported by John F. Godfrey
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
Unknown
firefox (Ubuntu)
Fix Released
High
Olivier Tilloy

Bug Description

firefox crashed unexpectedly, and it will not start or restart. I am running the latest ubuntu-20.04.2 LTS, all updates applied. firefox 86.0+build3
---
ProblemType: Bug
AddonCompatCheckDisabled: False
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
 /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
BuildID: 20210222142601
CasperMD5CheckResult: skip
Channel: Unavailable
CurrentDesktop: ubuntu:GNOME
DefaultProfileExtensions: extensions.sqlite corrupt or missing
DefaultProfileIncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
DefaultProfileLocales: extensions.sqlite corrupt or missing
DefaultProfilePrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
DefaultProfilePrefSources: prefs.js
DefaultProfileThemes: extensions.sqlite corrupt or missing
DistroRelease: Ubuntu 20.04
ForcedLayersAccel: False
InstallationDate: Installed on 2020-02-22 (371 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
IpRoute:
 default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
 10.8.0.0/24 via 10.8.0.17 dev tun0
 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
 169.254.0.0/16 dev wlp10s0 scope link metric 1000
 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8 metric 600
NonfreeKernelModules: openafs
Package: firefox 86.0+build3-0ubuntu0.20.04.1
PackageArchitecture: amd64
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
Profile0Extensions: extensions.sqlite corrupt or missing
Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
Profile0Locales: extensions.sqlite corrupt or missing
Profile0PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
Profile0PrefSources: prefs.js
Profile0Themes: extensions.sqlite corrupt or missing
Profiles:
 Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date)
 Profile0 - LastVersion=86.0/20210222142601
RunningIncompatibleAddons: False
Tags: focal
Uname: Linux 5.4.0-66-generic x86_64
UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 07/05/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: V4.00L12
dmi.board.asset.tag: No Asset Tag
dmi.board.name: CF52-4
dmi.board.vendor: Panasonic Corporation
dmi.board.version: 1
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: Panasonic Corporation
dmi.chassis.version: 001
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrV4.00L12:bd07/05/2011:svnPanasonicCorporation:pnCF-52SLGDD1M:pvr004:rvnPanasonicCorporation:rnCF52-4:rvr1:cvnPanasonicCorporation:ct10:cvr001:
dmi.product.family: CF52-4
dmi.product.name: CF-52SLGDD1M
dmi.product.sku: CF-52SLGDD1M
dmi.product.version: 004
dmi.sys.vendor: Panasonic Corporation

See original description
Revision history for this message
In , Aryx-bugmail (aryx-bugmail) wrote :

90 crashes with various Linux distributions in the last 6 weeks, some have beta 0 as version (distros testing?).

Crash report: https://crash-stats.mozilla.org/report/index/2a7dee73-3a4d-490a-96fd-4af7f0210224

MOZ_CRASH Reason: ```OOB```

Top 10 frames of crashing thread:
```
0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 libxul.so core::ops::function::Fn::call /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70
3 libxul.so std::panicking::rust_panic_with_hook library/std/src/panicking.rs:595
4 libxul.so std::panicking::begin_panic::{{closure}} /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:520
5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:141
6 libxul.so std::panicking::begin_panic /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:519
7 libxul.so qcms_data_create_rgb_with_gamma gfx/qcms/src/c_bindings.rs:287
8 libxul.so gfxPlatformGtk::GetPlatformCMSOutputProfileData gfx/thebes/gfxPlatformGtk.cpp:483
9 libxul.so gfxPlatform::Init gfx/thebes/gfxPlatform.cpp:1005
```

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

It doesn't seem like this should be a security bug as it is just a rust panic on startup.

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

Created attachment 9205116
Bug 1694670 - Fix qcms_data_create_rgb_with_gamma.

This fixes a number of problems:

1. The check around get_rgb_colorants was inverted. This caused us to
   only continue if the colorants were wrong.

2. get_rgb_colorants can just return the Matrix instead of taking
   a reference to it.

3. The OOBs checks in write_u32 and write_u16 had their conditions
   inverted.

4. No tests

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

We should just fix the reversed OOB checks here and do the other stuff elsewhere.

Revision history for this message
In , Dveditz (dveditz) wrote :

So these particular crashes may not be scary, but `qcms_data_create_rgb_with_gamma` is a very large unsafe function so are we sure there aren't potentially vulnerable crashes if we've reversed the conditions?

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

`qcms_data_create_rgb_with_gamma` is only called on system local data (i.e information from the user's window server). There shouldn't be any way to exploit it. Further, the out of bounds checks were only added recently, previously there was no check at all.

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

Created attachment 9205268
Bug 1694670. Fix the OOB check in write_u32/u16.

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

Comment on attachment 9205268
Bug 1694670. Fix the OOB check in write_u32/u16.

### Beta/Release Uplift Approval Request
* **User impact if declined**: This fixes a startup crash that happens when users have an invalid color profile on Linux
* **Is this code covered by automated tests?**: No
* **Has the fix been verified in Nightly?**: No
* **Needs manual test from QE?**: No
* **If yes, steps to reproduce**:
* **List of other uplifts needed**: None
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: This code path is very rare as evidenced by the low crash rate. This patch restores the behaviour to what it was prior to being regressed by bug 1684095
* **String changes made/needed**:

Revision history for this message
In , Pulsebot (pulsebot) wrote :

Pushed by <email address hidden>:
https://hg.mozilla.org/integration/autoland/rev/95fc70920b71
Fix the OOB check in write_u32/u16. r=aosmond

Revision history for this message
In , Ryanvm (ryanvm) wrote :

Comment on attachment 9205268
Bug 1694670. Fix the OOB check in write_u32/u16.

Approved for 87.0b3 so we can get feedback on this ASAP.

Revision history for this message
In , Ryanvm (ryanvm) wrote :

https://hg.mozilla.org/releases/mozilla-beta/rev/e24e2d039a0317d0d66bdb041df65792ae69f555

Revision history for this message
In , Csabou (csabou) wrote :

https://hg.mozilla.org/mozilla-central/rev/95fc70920b71

Revision history for this message
In , Jmuizelaar (jmuizelaar) wrote :

*** Bug 1694891 has been marked as a duplicate of this bug. ***

Revision history for this message
Chris Guiver (guiverc) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:

apport-collect 1917191

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Revision history for this message
John F. Godfrey (johnfg) wrote : Re: [Bug 1917191] Re: foxfire will not start

I can't send as it needs browser.

On Sat, Feb 27, 2021, 8:15 PM Chris Guiver <email address hidden>
wrote:

> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. Please execute the following command only once, as it
> will automatically gather debugging information, in a terminal:
>
> apport-collect 1917191
>
> When reporting bugs in the future please use apport by using 'ubuntu-
> bug' and the name of the package affected. You can learn more about this
> functionality at https://wiki.ubuntu.com/ReportingBugs.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> foxfire will not start
>
> Status in firefox package in Ubuntu:
> New
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/+subscriptions
>

Revision history for this message
John F. Godfrey (johnfg) wrote : AlsaInfo.txt

apport information

tags: added: apport-collected focal
description: updated
Revision history for this message
John F. Godfrey (johnfg) wrote : CurrentDmesg.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : DefaultProfilePrefs.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : Dependencies.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : IpAddr.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : Lspci.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : PciNetwork.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : Profile0Prefs.txt

apport information

Revision history for this message
John F. Godfrey (johnfg) wrote : PulseList.txt

apport information

Revision history for this message
Olivier Tilloy (osomon) wrote :

Can you open a terminal, type "firefox --safe-mode" followed by Enter, and let us know whether the application starts? If not, what is displayed in the terminal window?

summary: - foxfire will not start
+ firefox will not start after it crashed unexpectedly
Changed in firefox (Ubuntu):
status: New → Incomplete
Revision history for this message
Olivier Tilloy (osomon) wrote :

This sounds similar to bug #1917147.

Revision history for this message
John F. Godfrey (johnfg) wrote : Re: [Bug 1917191] Re: firefox will not start after it crashed unexpectedly
Download full text (4.3 KiB)

 I tried that already. It does not start and very little in the way of
feedback.

On Mon, Mar 1, 2021, 8:15 AM Olivier Tilloy <email address hidden>
wrote:

> Can you open a terminal, type "firefox --safe-mode" followed by Enter,
> and let us know whether the application starts? If not, what is
> displayed in the terminal window?
>
> ** Summary changed:
>
> - foxfire will not start
> + firefox will not start after it crashed unexpectedly
>
> ** Changed in: firefox (Ubuntu)
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> firefox will not start after it crashed unexpectedly
>
> Status in firefox package in Ubuntu:
> Incomplete
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
> ---
> ProblemType: Bug
> AddonCompatCheckDisabled: False
> ApportVersion: 2.20.11-0ubuntu27.16
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
> /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
> BuildID: 20210222142601
> CasperMD5CheckResult: skip
> Channel: Unavailable
> CurrentDesktop: ubuntu:GNOME
> DefaultProfileExtensions: extensions.sqlite corrupt or missing
> DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
> DefaultProfileLocales: extensions.sqlite corrupt or missing
> DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
> DefaultProfilePrefSources: prefs.js
> DefaultProfileThemes: extensions.sqlite corrupt or missing
> DistroRelease: Ubuntu 20.04
> ForcedLayersAccel: False
> InstallationDate: Installed on 2020-02-22 (371 days ago)
> InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
> IpRoute:
> default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
> 10.8.0.0/24 via 10.8.0.17 dev tun0
> 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
> 169.254.0.0/16 dev wlp10s0 scope link metric 1000
> 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
> NonfreeKernelModules: openafs
> Package: firefox 86.0+build3-0ubuntu0.20.04.1
> PackageArchitecture: amd64
> ProcEnviron:
> TERM=xterm-256color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
> Profile0Extensions: extensions.sqlite corrupt or missing
> Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
> Profile0Locales: extensions.sqlite corrupt or missing
> Profile0PrefErrors: Unexpected character ',' before close parenthesis @
> /usr/lib/firefox/omni.ja:greprefs.js:348
> Profile0PrefSources: prefs.js
> Profile0Themes: extensions.sqlite corrupt or missing
> Profiles:
> Profile1 (Default) - LastVersion=80.0/202008...

Read more...

Revision history for this message
John F. Godfrey (johnfg) wrote :

johnfg@ubuntuhome:~$ firefox --safemode
ExceptionHandler::GenerateDump cloned child 31708
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...

--
John F. Godfrey, Pastor
Belgrade Christian Assembly
Belgrade, MT 59714 USA
"Jesus said to him, 'I am the Way, and the Truth, and the Life; no one
comes to the Father but through Me'" (John 14:6).

Revision history for this message
Olivier Tilloy (osomon) wrote :

If you don't mind installing debug packages that use a substantial amount of space, could you do the following:

    sudo apt install firefox-dbg
    firefox -g

At the (gdb) prompt, type "r" then return. When the crash happens, you should be getting another (gdb) prompt, type "t a a bt" then return, press the return key until there is no more of the backtrace to display, then copy-paste the contents of the terminal to a text file and attach it here.

This would be very helpful to understand where the crash is occuring.
Many thanks in advance!

Revision history for this message
Olivier Tilloy (osomon) wrote :

Note: once you've done all the above, you can remove the debug packages to reclaim disk space with the following command:

    sudo apt remove firefox-dbg

Revision history for this message
John F. Godfrey (johnfg) wrote :
Download full text (114.0 KiB)

Thread 43 (Thread 0x7fffda6bd700 (LWP 48369)):
#0 futex_wait_cancelable (private=<optimized out>, expected=0,
futex_word=0x7fffec3dd63c) at ../sysdeps/nptl/futex-internal.h:183
#1 __pthread_cond_wait_common (abstime=0x0, clockid=0,
mutex=0x7fffec3dd5e0, cond=0x7fffec3dd610) at pthread_cond_wait.c:508
#2 __pthread_cond_wait (cond=0x7fffec3dd610, mutex=0x7fffec3dd5e0) at
pthread_cond_wait.c:638
#3 0x00005555555a8e67 in
mozilla::detail::ConditionVariableImpl::wait(mozilla::detail::MutexImpl&)
(this=0x7fffec3dd63c, lock=...) at
/build/firefox-ZHFUPw/firefox-86.0+build3/mozglue/misc/ConditionVariable_posix.cpp:108
#4 0x00007fffed6aec4a in mozilla::OffTheBooksCondVar::Wait()
(this=0x7fffec3dd608) at
/build/firefox-ZHFUPw/firefox-86.0+build3/obj-x86_64-linux-gnu/dist/include/mozilla/CondVar.h:58
#5 mozilla::ThreadEventQueue::GetEvent(bool,
mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*)
(this=<optimized out>, aMayWait=<optimized out>,
aLastEventDelay=0x7fffe49bfb58) at
/build/firefox-ZHFUPw/firefox-86.0+build3/xpcom/threads/ThreadEventQueue.cpp:161
#6 0x00007fffed6b6480 in nsThread::ProcessNextEvent(bool, bool*)
(this=0x7fffe49bfac0, aMayWait=true, aResult=0x7fffda6bcc07) at
/build/firefox-ZHFUPw/firefox-86.0+build3/xpcom/threads/nsThread.cpp:1144
#7 0x00007fffed6b9a16 in NS_ProcessNextEvent(nsIThread*, bool)
(aThread=0x7fffec3dd63c, aMayWait=true) at
/build/firefox-ZHFUPw/firefox-86.0+build3/xpcom/threads/nsThreadUtils.cpp:548
#8 0x00007fffedc1f0ea in
mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)
(this=0x7fffdaaceb80, aDelegate=0x7fffda6bcc90) at
/build/firefox-ZHFUPw/firefox-86.0+build3/ipc/glue/MessagePump.cpp:332
#9 0x00007fffedbdf5d8 in MessageLoop::RunInternal() (this=0x80) at
/build/firefox-ZHFUPw/firefox-86.0+build3/ipc/chromium/src/base/message_loop.cc:334
#10 MessageLoop::RunHandler() (this=0x80) at
/build/firefox-ZHFUPw/firefox-86.0+build3/ipc/chromium/src/base/message_loop.cc:327
#11 MessageLoop::Run() (this=0x80) at
/build/firefox-ZHFUPw/firefox-86.0+build3/ipc/chromium/src/base/message_loop.cc:309
#12 0x00007fffed6b483f in nsThread::ThreadFunc(void*) (aArg=<optimized
out>) at
/build/firefox-ZHFUPw/firefox-86.0+build3/xpcom/threads/nsThread.cpp:441
#13 0x00007ffff7a35c89 in _pt_root (arg=0x7fffe485d940) at
/build/firefox-ZHFUPw/firefox-86.0+build3/nsprpub/pr/src/pthreads/ptthread.c:201
#14 0x00007ffff7f98609 in start_thread (arg=<optimized out>) at
pthread_create.c:477
#15 0x00007ffff7b6e293 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 42 (Thread 0x7fffd8dff700 (LWP 48368)):
#0 futex_wait_cancelable (private=<optimized out>, expected=0,
futex_word=0x7fffda9f42d8) at ../sysdeps/nptl/futex-internal.h:183
#1 __pthread_cond_wait_common (abstime=0x0, clockid=0,
mutex=0x7fffda9f4400, cond=0x7fffda9f42b0) at pthread_cond_wait.c:508
#2 __pthread_cond_wait (cond=0x7fffda9f42b0, mutex=0x7fffda9f4400) at
pthread_cond_wait.c:638
#3 0x00007ffff1c8ab25 in std::sys::unix::condvar::Condvar::wait () at
/build/rustc-n7HJ8w/rustc-1.47.0+dfsg1+llvm/library/std/src/sys/unix/
condvar.rs:69
#4 std::sys_common::condvar::Condvar::wait () at
/build/rustc-n7HJ8w/rustc-1.47.0+d...

Revision history for this message
John F. Godfrey (johnfg) wrote :
Download full text (4.7 KiB)

Oliver,
I did what you said and sent the terminal output. Hope it helps you fix
the bug!

john

On Mon, Mar 1, 2021 at 10:35 AM Olivier Tilloy <email address hidden>
wrote:

> If you don't mind installing debug packages that use a substantial
> amount of space, could you do the following:
>
> sudo apt install firefox-dbg
> firefox -g
>
> At the (gdb) prompt, type "r" then return. When the crash happens, you
> should be getting another (gdb) prompt, type "t a a bt" then return,
> press the return key until there is no more of the backtrace to display,
> then copy-paste the contents of the terminal to a text file and attach
> it here.
>
> This would be very helpful to understand where the crash is occuring.
> Many thanks in advance!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> firefox will not start after it crashed unexpectedly
>
> Status in firefox package in Ubuntu:
> Incomplete
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
> ---
> ProblemType: Bug
> AddonCompatCheckDisabled: False
> ApportVersion: 2.20.11-0ubuntu27.16
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
> /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
> BuildID: 20210222142601
> CasperMD5CheckResult: skip
> Channel: Unavailable
> CurrentDesktop: ubuntu:GNOME
> DefaultProfileExtensions: extensions.sqlite corrupt or missing
> DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
> DefaultProfileLocales: extensions.sqlite corrupt or missing
> DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
> DefaultProfilePrefSources: prefs.js
> DefaultProfileThemes: extensions.sqlite corrupt or missing
> DistroRelease: Ubuntu 20.04
> ForcedLayersAccel: False
> InstallationDate: Installed on 2020-02-22 (371 days ago)
> InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
> IpRoute:
> default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
> 10.8.0.0/24 via 10.8.0.17 dev tun0
> 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
> 169.254.0.0/16 dev wlp10s0 scope link metric 1000
> 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
> NonfreeKernelModules: openafs
> Package: firefox 86.0+build3-0ubuntu0.20.04.1
> PackageArchitecture: amd64
> ProcEnviron:
> TERM=xterm-256color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
> Profile0Extensions: extensions.sqlite corrupt or missing
> Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
> Profile0Locales: extensions.sqlite corrupt or missing
> Profile0PrefErrors: Unexpected ch...

Read more...

Revision history for this message
Olivier Tilloy (osomon) wrote :

Thanks John, that's very useful indeed. The backtrace points to a known upstream bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1694670), which is fixed in the upcoming firefox
87.0 (currently beta).
I'll consider cherry-picking the upstream patch for an Ubuntu update.

Changed in firefox (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → High
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → Fix Released
Revision history for this message
John F. Godfrey (johnfg) wrote : Re: [Bug 1917191] Re: firefox will not start after it crashed unexpectedly
Download full text (10.9 KiB)

Is there a bug fix out there?

On Tue, Mar 2, 2021, 8:10 PM Bug Watch Updater <email address hidden>
wrote:

> Launchpad has imported 13 comments from the remote bug at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1694670.
>
> If you reply to an imported comment from within Launchpad, your comment
> will be sent to the remote bug automatically. Read more about
> Launchpad's inter-bugtracker facilities at
> https://help.launchpad.net/InterBugTracking.
>
> ------------------------------------------------------------------------
> On 2021-02-24T14:51:58+00:00 Aryx-bugmail wrote:
>
> 90 crashes with various Linux distributions in the last 6 weeks, some
> have beta 0 as version (distros testing?).
>
> Crash report: https://crash-stats.mozilla.org/report/index/2a7dee73
> -3a4d-490a-96fd-4af7f0210224
> <https://crash-stats.mozilla.org/report/index/2a7dee73-3a4d-490a-96fd-4af7f0210224>
>
> MOZ_CRASH Reason: ```OOB```
>
> Top 10 frames of crashing thread:
> ```
> 0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
> 1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
> 2 libxul.so core::ops::function::Fn::call
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/
> function.rs:70
> 3 libxul.so std::panicking::rust_panic_with_hook library/std/src/
> panicking.rs:595
> 4 libxul.so std::panicking::begin_panic::{{closure}}
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/
> panicking.rs:520
> 5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/
> backtrace.rs:141
> 6 libxul.so std::panicking::begin_panic
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/
> panicking.rs:519
> 7 libxul.so qcms_data_create_rgb_with_gamma gfx/qcms/src/c_bindings.rs:287
> 8 libxul.so gfxPlatformGtk::GetPlatformCMSOutputProfileData
> gfx/thebes/gfxPlatformGtk.cpp:483
> 9 libxul.so gfxPlatform::Init gfx/thebes/gfxPlatform.cpp:1005
> ```
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/0
>
> ------------------------------------------------------------------------
> On 2021-02-24T14:55:19+00:00 Jmuizelaar wrote:
>
> It doesn't seem like this should be a security bug as it is just a rust
> panic on startup.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/1
>
> ------------------------------------------------------------------------
> On 2021-02-24T15:37:38+00:00 Jmuizelaar wrote:
>
> Created attachment 9205116
> Bug 1694670 - Fix qcms_data_create_rgb_with_gamma.
>
> This fixes a number of problems:
>
> 1. The check around get_rgb_colorants was inverted. This caused us to
> only continue if the colorants were wrong.
>
> 2. get_rgb_colorants can just return the Matrix instead of taking
> a reference to it.
>
> 3. The OOBs checks in write_u32 and write_u16 had their conditions
> inverted.
>
> 4. No tests
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/2
>
> ------------------------------------------------------------------------
> On 2021-02-24T15:42:48+00:00 Jmuizelaar wrote:
...

Revision history for this message
Olivier Tilloy (osomon) wrote :

> Is there a bug fix out there?

The beta builds (for the upcoming 87.0 release) contain the fix, if you're comfortable with adding a PPA and installing a beta version, you could try that (your confirmation that the bug is indeed fixed would be very valuable). The PPA is https://launchpad.net/~mozillateam/+archive/ubuntu/firefox-next/, and I'd recommend disabling it after you get a chance to test and confirm, because it's not recommended for normal use.

Revision history for this message
John F. Godfrey (johnfg) wrote :
Download full text (4.4 KiB)

Thanks for the update.

On Wed, Mar 3, 2021, 7:20 AM Olivier Tilloy <email address hidden>
wrote:

> > Is there a bug fix out there?
>
> The beta builds (for the upcoming 87.0 release) contain the fix, if
> you're comfortable with adding a PPA and installing a beta version, you
> could try that (your confirmation that the bug is indeed fixed would be
> very valuable). The PPA is
> https://launchpad.net/~mozillateam/+archive/ubuntu/firefox-next/, and
> I'd recommend disabling it after you get a chance to test and confirm,
> because it's not recommended for normal use.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> firefox will not start after it crashed unexpectedly
>
> Status in Mozilla Firefox:
> Fix Released
> Status in firefox package in Ubuntu:
> Confirmed
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
> ---
> ProblemType: Bug
> AddonCompatCheckDisabled: False
> ApportVersion: 2.20.11-0ubuntu27.16
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
> /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
> BuildID: 20210222142601
> CasperMD5CheckResult: skip
> Channel: Unavailable
> CurrentDesktop: ubuntu:GNOME
> DefaultProfileExtensions: extensions.sqlite corrupt or missing
> DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
> DefaultProfileLocales: extensions.sqlite corrupt or missing
> DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
> DefaultProfilePrefSources: prefs.js
> DefaultProfileThemes: extensions.sqlite corrupt or missing
> DistroRelease: Ubuntu 20.04
> ForcedLayersAccel: False
> InstallationDate: Installed on 2020-02-22 (371 days ago)
> InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
> IpRoute:
> default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
> 10.8.0.0/24 via 10.8.0.17 dev tun0
> 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
> 169.254.0.0/16 dev wlp10s0 scope link metric 1000
> 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
> NonfreeKernelModules: openafs
> Package: firefox 86.0+build3-0ubuntu0.20.04.1
> PackageArchitecture: amd64
> ProcEnviron:
> TERM=xterm-256color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
> Profile0Extensions: extensions.sqlite corrupt or missing
> Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
> Profile0Locales: extensions.sqlite corrupt or missing
> Profile0PrefErrors: Unexpected character ',' before close parenthesis @
> /usr/lib/firefox/omni.ja:greprefs.js:348
> Profile0PrefSources: prefs.js
> Profile0The...

Read more...

Revision history for this message
In , Gabriele Svelto (gsvelto) wrote :

Ugh, this bug is affecting Linux users real badly on 86. Do we have a way to reach out to distro maintainers to try and help them roll out a local fix for their 86 builds?

Revision history for this message
In , Julien Cristau (jcristau-mozilla) wrote :

(In reply to Gabriele Svelto [:gsvelto] from comment #13)
> Ugh, this bug is affecting Linux users real badly on 86. Do we have a way to reach out to distro maintainers to try and help them roll out a local fix for their 86 builds?

adding a few of them here.

Revision history for this message
In , Stransky (stransky) wrote :

I shipped Fedora Firefox updates yesterday, Thanks.

Revision history for this message
In , Olivier Tilloy (osomon) wrote :

This was also reported in Ubuntu (https://launchpad.net/bugs/1917191), by only 2 different users so far since the update to 86.0 was pushed to all supported Ubuntu releases. According to comment 7, this affects only users with an invalid color profile on Linux, which presumably/hopefully isn't such a large number of users.

I'm okay with distro-patching (the patch is trivial enough), but then why isn't the change being uplifted to the 86 branch?

Revision history for this message
In , Robert Mader (robert.posteo) wrote :

Jan, this might be important for you as well (archlinux).

Revision history for this message
In , Jan Steffens (heftig) wrote :

I've already backported this fix; thanks.

Revision history for this message
In , Petruta-rasa-z (petruta-rasa-z) wrote :

*** Bug 1696411 has been marked as a duplicate of this bug. ***

Revision history for this message
In , John F. Godfrey (johnfg) wrote : Re: [Bug 1917191]
Download full text (4.2 KiB)

Good morning!
Are we any closer to getting this bug fixed?
Thanks!
john

On Mon, Mar 8, 2021 at 2:05 PM Petruta-rasa-z <email address hidden>
wrote:

> *** Bug 1696411 has been marked as a duplicate of this bug. ***
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> firefox will not start after it crashed unexpectedly
>
> Status in Mozilla Firefox:
> Fix Released
> Status in firefox package in Ubuntu:
> Confirmed
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
> ---
> ProblemType: Bug
> AddonCompatCheckDisabled: False
> ApportVersion: 2.20.11-0ubuntu27.16
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
> /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
> BuildID: 20210222142601
> CasperMD5CheckResult: skip
> Channel: Unavailable
> CurrentDesktop: ubuntu:GNOME
> DefaultProfileExtensions: extensions.sqlite corrupt or missing
> DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
> DefaultProfileLocales: extensions.sqlite corrupt or missing
> DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
> DefaultProfilePrefSources: prefs.js
> DefaultProfileThemes: extensions.sqlite corrupt or missing
> DistroRelease: Ubuntu 20.04
> ForcedLayersAccel: False
> InstallationDate: Installed on 2020-02-22 (371 days ago)
> InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
> IpRoute:
> default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
> 10.8.0.0/24 via 10.8.0.17 dev tun0
> 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
> 169.254.0.0/16 dev wlp10s0 scope link metric 1000
> 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
> NonfreeKernelModules: openafs
> Package: firefox 86.0+build3-0ubuntu0.20.04.1
> PackageArchitecture: amd64
> ProcEnviron:
> TERM=xterm-256color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
> Profile0Extensions: extensions.sqlite corrupt or missing
> Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
> Profile0Locales: extensions.sqlite corrupt or missing
> Profile0PrefErrors: Unexpected character ',' before close parenthesis @
> /usr/lib/firefox/omni.ja:greprefs.js:348
> Profile0PrefSources: prefs.js
> Profile0Themes: extensions.sqlite corrupt or missing
> Profiles:
> Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date)
> Profile0 - LastVersion=86.0/20210222142601
> RunningIncompatibleAddons: False
> Tags: focal
> Uname: Linux 5.4.0-66-generic x86_64
> UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago)
> UserGroups: adm c...

Read more...

Revision history for this message
In , Pascalc (pascalc) wrote :

Comment on attachment 9205268
Bug 1694670. Fix the OOB check in write_u32/u16.

Approved for 86.0.1, thanks.

Revision history for this message
Olivier Tilloy (osomon) wrote :

A comment on the upstream bug says the fix was approved for 86.0.1, as soon as this is out the update will be reflected in Ubuntu.

Revision history for this message
In , Ryanvm (ryanvm) wrote :

https://hg.mozilla.org/releases/mozilla-release/rev/fdc6e37202db

Mathew Hodson (mhodson)
tags: added: regression-update
Revision history for this message
John F. Godfrey (johnfg) wrote : Re: [Bug 1917191] Re: firefox will not start after it crashed unexpectedly
Download full text (4.0 KiB)

Should I uninstall then reinstall firefox? It's not in updates.

On Wed, Mar 10, 2021, 1:20 PM Mathew Hodson <email address hidden>
wrote:

> ** Tags added: regression-update
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
> firefox will not start after it crashed unexpectedly
>
> Status in Mozilla Firefox:
> Fix Released
> Status in firefox package in Ubuntu:
> Confirmed
>
> Bug description:
> firefox crashed unexpectedly, and it will not start or restart. I am
> running the latest ubuntu-20.04.2 LTS, all updates applied. firefox
> 86.0+build3
> ---
> ProblemType: Bug
> AddonCompatCheckDisabled: False
> ApportVersion: 2.20.11-0ubuntu27.16
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: johnfg 1725 F.... pulseaudio
> /dev/snd/controlC1: johnfg 1725 F.... pulseaudio
> BuildID: 20210222142601
> CasperMD5CheckResult: skip
> Channel: Unavailable
> CurrentDesktop: ubuntu:GNOME
> DefaultProfileExtensions: extensions.sqlite corrupt or missing
> DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
> DefaultProfileLocales: extensions.sqlite corrupt or missing
> DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
> DefaultProfilePrefSources: prefs.js
> DefaultProfileThemes: extensions.sqlite corrupt or missing
> DistroRelease: Ubuntu 20.04
> ForcedLayersAccel: False
> InstallationDate: Installed on 2020-02-22 (371 days ago)
> InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
> IpRoute:
> default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
> 10.8.0.0/24 via 10.8.0.17 dev tun0
> 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
> 169.254.0.0/16 dev wlp10s0 scope link metric 1000
> 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
> NonfreeKernelModules: openafs
> Package: firefox 86.0+build3-0ubuntu0.20.04.1
> PackageArchitecture: amd64
> ProcEnviron:
> TERM=xterm-256color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
> Profile0Extensions: extensions.sqlite corrupt or missing
> Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
> Profile0Locales: extensions.sqlite corrupt or missing
> Profile0PrefErrors: Unexpected character ',' before close parenthesis @
> /usr/lib/firefox/omni.ja:greprefs.js:348
> Profile0PrefSources: prefs.js
> Profile0Themes: extensions.sqlite corrupt or missing
> Profiles:
> Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date)
> Profile0 - LastVersion=86.0/20210222142601
> RunningIncompatibleAddons: False
> Tags: focal
> Uname: Linux 5.4.0-66-generic x86_64
> UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago)
> UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare s...

Read more...

Revision history for this message
Olivier Tilloy (osomon) wrote :

No need to uninstall and reinstall. The update for 86.0.1 is being prepared, you will get it through the normal updates channel as soon as it's available.

Changed in firefox (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Olivier Tilloy (osomon)
Revision history for this message
In , Ryanvm (ryanvm) wrote :

Added to the 86.0.1 relnotes:
> Fixed a frequent Linux crash on browser launch

Revision history for this message
In , Stransky (stransky) wrote :

*** Bug 1696339 has been marked as a duplicate of this bug. ***

Olivier Tilloy (osomon)
Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.