Bug 1190842

Summary:	Widevine broken in Tumbleweed 20210921 (affects chrome,chromenium,firefox,opera, teams and more)
Product:	[openSUSE] openSUSE Tumbleweed	Reporter:	Vidar Haugsvær <vidar.haugsvar>
Component:	Basesystem	Assignee:	Wolfgang Rosenauer <wolfgang>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Major
Priority:	P5 - None	CC:	davejplater, javispedro, martin.jedamzik, Michael.Zapf, miso, munix9, PVince81, robby.engelmann, suse.portal.2021, tux93, vliaskovitis
Version:	Current
Target Milestone:	---
Hardware:	x86-64
OS:	openSUSE Tumbleweed
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Vidar Haugsvær 2021-09-24 05:56:29 UTC

Widevine is broken. Using applications that uses widevine is causing coredump.

This affects all browsers and applications hooking to them makeing them unusable

Verified issues with google-chrome-stable,google-chrome-unstable, opera, opera-beta firefox, chromnium, Discord and microsoft teams

Comment 1 Michael Pujos 2021-09-24 08:48:57 UTC

Workaround is to launch Firefox with MOZ_DISABLE_GMP_SANDBOX=1

Comment 2 Vincent Petry 2021-09-25 18:37:10 UTC

Confirmed here as well, and workaround works.

The strange thing is that I tired to use snapper to rollback to the version I had before the zypper dup, but the widevine issue was still there. So not sure if that part is really part of the OS / main system or if it's in user-space and got upgraded in some way to a broken version.

Comment 3 Robby Engelmann 2021-09-26 10:24:38 UTC

Can confirm this issue too.

Comment 4 Andreas Stieger 2021-09-27 19:32:39 UTC

*** Bug 1190863 has been marked as a duplicate of this bug. ***

Comment 5 Michael Zapf 2021-09-28 17:41:47 UTC

Crashes here, too. The Widevine plugin works in the original Firefox 92 from mozilla.org.

Sandbox: attempt to open unexpected file /usr/lib64/firefox/libdl.so.2
Sandbox: attempt to open unexpected file /lib64/libdl.so.2
Sandbox: attempt to open unexpected file /lib64/glibc-hwcaps/x86-64-v3/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/glibc-hwcaps/x86-64-v2/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/tls/haswell/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/tls/haswell/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/tls/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/tls/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/haswell/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/haswell/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /lib64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/glibc-hwcaps/x86-64-v3/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/glibc-hwcaps/x86-64-v2/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/tls/haswell/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/tls/haswell/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/tls/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/tls/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/haswell/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/haswell/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/x86_64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.
Sandbox: attempt to open unexpected file /usr/lib64/libdl.so.2
Sandbox: seccomp sandbox violation: pid 7594, tid 7594, syscall 262, args 4294967196 140726849351856 140726849352032 0 4294967295 140726849351856.

###!!! [Parent][MessageChannel::Call] Error: Channel error: cannot send/recv

Comment 6 Chenzi Cao 2021-09-30 09:59:58 UTC

Hi Wolfgang, would you please take a look at this issue? I'm really not sure whether it is correct to assign it to you, please feel free to reassign whenever necessary, thanks.

Comment 7 Wolfgang Rosenauer 2021-09-30 10:11:36 UTC

We obviously cannot fix widevine as it's a closed component.

I'm a bit surprised that within upstream firefox it is reported to work on the same glibc.

The only workaround we would have is to add MOZ_DISABLE_GMP_SANDBOX for TW which at the same time is something I'm not happy about.

Comment 8 Javier de San Pedro 2021-09-30 10:17:08 UTC

Or just allow newfstatat (syscall 262) in the seccomp filter, which Firefox upstream is likely to do sooner or later anyway.

This is why I don't like syscall whitelists. Literally my number #1 source of issues on rolling distros.

Comment 9 Wolfgang Rosenauer 2021-09-30 10:27:41 UTC

Actually found an upstream hint and going to provide an updated build to test.

Comment 10 Wolfgang Rosenauer 2021-10-01 08:25:33 UTC

Firefox 92.0.1 builds updated in the mozilla project.
You can test packages from here:
http://download.opensuse.org/repositories/mozilla/

Comment 11 Javier de San Pedro 2021-10-01 08:45:25 UTC

Thanks a lot!  Works for me, MozillaFirefox-92.0.1-5.1.x86_64.rpm .

Mozilla upstream bug URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1725828

Comment 12 Wolfgang Rosenauer 2021-10-01 09:59:25 UTC

Thanks for the feedback.
Since Firefox 93 will be released next week I will not push the fixed version to Tumbleweed right now. A FF release to TW takes a few days and would arrive only after the upstream FF93 release.

Comment 13 Javier de San Pedro 2021-10-01 10:17:05 UTC

I am not entirely sure this will end up in 93, I'll ping if it's still broken :)

As for the other packages mentioned in this report (teams, discord, etc.), I don't think think there's anything that can be done. 
However, I use Teams and I don't see widevine being used? Maybe it's just for the live events?

Comment 14 Wolfgang Rosenauer 2021-10-01 11:34:49 UTC

It's not fixed in 93 but I'll obviously carry over the patch.

Comment 15 Vidar Haugsvær 2021-10-02 02:49:23 UTC

Thanks for the update on firefox.

google-chrome can be started with --no-sandbox to avoid the problem. That also applies to discord and microsoft teams

google-chrome-stable version 94.0.4606.61 doesn't have the problem.

Comment 16 Wolfgang Rosenauer 2021-10-02 08:15:10 UTC

*** Bug 1191243 has been marked as a duplicate of this bug. ***

Comment 17 Dave Plater 2021-10-02 09:35:46 UTC

MOZ_DISABLE_GMP_SANDBOX=1 inserted into /usr/bin/firefox didn't work for me but the patched firefox from mozilla/firefox92 does work.

Comment 18 Michael Zapf 2021-10-02 10:29:50 UTC

export MOZ_DISABLE_GMP_SANDBOX=1 in .bashrc works for me.

Comment 19 Wolfgang Rosenauer 2021-10-15 10:10:28 UTC

released