Package: firefox-esr
Version: 68.8.0esr-1~deb10u1
Severity: important
Firefox ESR (i386) crashes on pre-SSE2 CPUs when visiting certain
websites such as xfce-look.org.
As far as I understand Debian stretch/buster firefox-esr package should
support processors without SSE2.
Older versions of the firefox-esr package had similar issues and were
(apparently) fixed.
If this issue/bug is unfixable (I hope not!) package should depend on
package sse2-support (i386 only).
Upstream doesn't support pre-SSE2 processors anymore, some parts of the
source code assume SSE2 unconditionally.
Versions tested:
- 68.8.0esr-1~deb10u1 (buster): crashes: SIGSEGV due to SSE2 instruction
MOVQ
- 68.8.0esr-1~deb9u1 (stretch): crashes: SIGSEGV due to SSE instruction
LDMXCSR (weird, SSE is supported by CPU)
- 60.9.0esr-1~deb9u1 (stretch): crashes: SIGILL (Illegal instruction)
due to SSE2 instruction MOVQ
- 60.6.3esr-1~deb9u1 (stretch): crashes: SIGILL (Illegal instruction)
due to SSE2 instruction MOVQ
- 60.2.0esr-1~deb9u2.2 (stretch, from #908449): SIGILL (Illegal
instruction) due to SSE2 instruction MOVQ
References:
- #908449 (no subject):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908449
- #877445 Certain sites crash Firefox on pre-SSE2 CPUs:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877445
- #908396 firefox-esr: stopped working after upgrade from 59 to 60:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908396
Info:
$ firefox -v
Mozilla Firefox 68.8.0esr
$ firefox
[Parent 4798, Gecko_IOThread] WARNING: pipe error (84): Connection reset
by peer: file
/build/firefox-esr-lGgo0c/firefox-esr-68.8.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc,
line 358
[Parent 4798, Gecko_IOThread] WARNING: pipe error (82): Connection reset
by peer: file
/build/firefox-esr-lGgo0c/firefox-esr-68.8.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc,
line 358
###!!! [Parent][MessageChannel] Error:
(msgtype=0x1E008F,name=PBrowser::Msg_Destroy) Channel error: cannot
send/recv
###!!! [Parent][MessageChannel] Error:
(msgtype=0x1E0074,name=PBrowser::Msg_StopIMEStateManagement) Channel
error: cannot send/recv
###!!! [Parent][MessageChannel] Error:
(msgtype=0x1E008F,name=PBrowser::Msg_Destroy) Channel error: cannot
send/recv
$ dmesg | tail -n2
[ 361.271646] Web Content[4868]: segfault at b5aae898 ip b0666938 sp
bfc45dec error 7 in libxul.so[aebb4000+439f000]
[ 361.271669] Code: 10 89 74 24 14 83 c3 18 89 5c 24 10 5b 5e 5f e9 0e
3c 02 00 66 90 66 90 66 90 66 90 66 90 66 90 66 90 8b 44 24 04 8b 54 24
0c <f3> 0f 7e 02 66 0f d6 00 8b 54 24 08 8b 12 89 50 08 c7 40 0c 00 00
$ export MOZ_FORCE_DISABLE_E10S=1
$ gdb /usr/lib/firefox-esr/firefox-esr
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
<snip>
(gdb) run
Starting program: /usr/lib/firefox-esr/firefox-esr
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
<snip>
[Thread 0x9cf6ab40 (LWP 7037) exited]
Thread 1 "firefox-esr" received signal SIGSEGV, Segmentation fault.
0xb072d938 in ?? () from /usr/lib/firefox-esr/libxul.so
(gdb) bt full
<snip: useless, no debugging symbols available>
(gdb) x/i $eip
=> 0xb072d938: movq (%edx),%xmm0
(gdb) set disassembly-flavor intel
(gdb) x/i 0xb072d938
=> 0xb072d938: movq xmm0,QWORD PTR [edx]
$ cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 10
model name : AMD Athlon(tm) XP 2400+
stepping : 0
cpu MHz : 2067.256
cache size : 256 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow cpuid 3dnowprefetch
vmmcall
bugs : fxsave_leak sysret_ss_attrs spectre_v1 spectre_v2
spec_store_bypass
bogomips : 4134.51
clflush size : 32
cache_alignment : 32
address sizes : 34 bits physical, 32 bits virtual
power management: ts
