Environment: Fedora 43, kernel 6.18, glibc 2.42, Camoufox 0.4.x (Firefox 135)
Symptom: Camoufox crashes immediately with TargetClosedError: Page crashed on any navigation, including data: URIs. Console shows SIGSEGV in content/RDD/utility child processes.
Root cause: glibc 2.42 calls madvise(MADV_GUARD_INSTALL) (arg 102) and madvise(MADV_GUARD_REMOVE) (arg 103) during pthread_create for thread stack guard pages — a Linux 6.7 kernel feature. Camoufox's seccomp BPF filter was compiled before these values existed and does not allow them. Child browser processes receive SIGSYS and die.
Firefox installs the seccomp filter via two paths: prctl(PR_SET_SECCOMP) and syscall(SYS_seccomp). Both need to be handled.
Note: This is different from #551 (which was SIGABRT on an older glibc, and the fix there — binary patching — made things worse here).
Working fix — LD_PRELOAD shim:
// madvise_shim.c
#define _GNU_SOURCE
#include <sys/mman.h>
#include <sys/prctl.h>
#include <linux/seccomp.h>
#include <stdarg.h>
#include <syscall.h>
int madvise(void *addr, size_t length, int advice) {
if (advice == 102 || advice == 103) return 0;
return (int)syscall(SYS_madvise, addr, length, advice);
}
int prctl(int option, ...) {
va_list args;
va_start(args, option);
unsigned long a2 = va_arg(args, unsigned long);
unsigned long a3 = va_arg(args, unsigned long);
unsigned long a4 = va_arg(args, unsigned long);
unsigned long a5 = va_arg(args, unsigned long);
va_end(args);
if (option == PR_SET_SECCOMP) return 0;
return (int)syscall(SYS_prctl, option, a2, a3, a4, a5);
}gcc -shared -fPIC -O2 -o madvise_shim.so madvise_shim.c -ldl
LD_PRELOAD=/path/to/madvise_shim.so python3 -c "import camoufox; print('ok')"Also needed on headless machines:
- Xvfb running on
:99
glxtest binary copied from /usr/lib64/firefox/glxtest to ~/.cache/camoufox/LIBGL_ALWAYS_SOFTWARE=1 for Mesa software renderer
What does NOT work:
- Binary-patching
camoufox-bin or libxul.so (made it worse)
- Intercepting
madvise at the glibc wrapper level (glibc uses inline syscalls internally, so the wrapper is never called)
Tested on Fedora 43 with 25 real sites — zero crashes after applying the shim. Happy to provide the compiled .so or a Makefile if useful.
Environment: Fedora 43, kernel 6.18, glibc 2.42, Camoufox 0.4.x (Firefox 135)
Symptom: Camoufox crashes immediately with
TargetClosedError: Page crashedon any navigation, includingdata:URIs. Console shows SIGSEGV in content/RDD/utility child processes.Root cause: glibc 2.42 calls
madvise(MADV_GUARD_INSTALL)(arg 102) andmadvise(MADV_GUARD_REMOVE)(arg 103) duringpthread_createfor thread stack guard pages — a Linux 6.7 kernel feature. Camoufox's seccomp BPF filter was compiled before these values existed and does not allow them. Child browser processes receive SIGSYS and die.Firefox installs the seccomp filter via two paths:
prctl(PR_SET_SECCOMP)andsyscall(SYS_seccomp). Both need to be handled.Note: This is different from #551 (which was SIGABRT on an older glibc, and the fix there — binary patching — made things worse here).
Working fix — LD_PRELOAD shim:
gcc -shared -fPIC -O2 -o madvise_shim.so madvise_shim.c -ldl LD_PRELOAD=/path/to/madvise_shim.so python3 -c "import camoufox; print('ok')"Also needed on headless machines:
:99glxtestbinary copied from/usr/lib64/firefox/glxtestto~/.cache/camoufox/LIBGL_ALWAYS_SOFTWARE=1for Mesa software rendererWhat does NOT work:
camoufox-binorlibxul.so(made it worse)madviseat the glibc wrapper level (glibc uses inline syscalls internally, so the wrapper is never called)Tested on Fedora 43 with 25 real sites — zero crashes after applying the shim. Happy to provide the compiled
.soor a Makefile if useful.