Closed Bug 1590495 Opened 5 years ago Closed 5 years ago

Crash in [@ PK11_MakeCertFromHandle]

Categories

(NSS :: Libraries, defect, P1)

Unspecified
Linux
defect

Tracking

(firefox-esr68 unaffected, firefox70 unaffected, firefox71 fixed, firefox72 fixed)

RESOLVED FIXED
Tracking Status
firefox-esr68 --- unaffected
firefox70 --- unaffected
firefox71 --- fixed
firefox72 --- fixed

People

(Reporter: marcia, Assigned: marcus.apb)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug is for crash report bp-a82744f7-8030-45ef-892b-fc9d80191022.

Small volume Linux and macOS crash which started in 20190919094654: https://bit.ly/2MAPwGX

Comments:

  • Crashes when restarting :(
  • I'm trying to access a corp site, which uses certificates to authenticate me.

Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a15ba287ac6fd84643d248ace00bf18c18382ada&tochange=014c61389f0bd8982f45be269a761fb0d027a6d2

Bug 1580315 landed in that timeframe. ni on assignee in case it is related

Top 10 frames of crashing thread:

0 libnss3.so PK11_MakeCertFromHandle security/nss/lib/pk11wrap/pk11cert.c:310
1 libnss3.so PK11_GetCertsMatchingPrivateKey security/nss/lib/pk11wrap/pk11cert.c:482
2 libxul.so mozilla::psm::FindNonCACertificatesWithPrivateKeys security/manager/ssl/nsNSSComponent.cpp:2214
3 libxul.so ClientAuthDataRunnable::RunOnTargetThread security/manager/ssl/nsNSSIOLayer.cpp:1796
4 libxul.so mozilla::psm::SyncRunnableBase::Run security/manager/ssl/PSMRunnable.cpp:31
5 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1225
6 libxul.so <name omitted> xpcom/threads/nsThreadUtils.cpp:486
7 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
8 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290
9 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137

Flags: needinfo?(sefeng)

Bug 1581962 probably introduced this - it added that code path. This may be an issue with the way Firefox is using NSS, but it's more likely that there's an underlying flaw in NSS.

Assignee: nobody → nobody
Component: Security: PSM → Libraries
Flags: needinfo?(sefeng)
Product: Core → NSS
QA Contact: jjones
Version: Trunk → trunk

Marcus, can you take a look at triaging this?

Flags: needinfo?(marcus.apb)

Sure.

Flags: needinfo?(marcus.apb)
Regressed by: 1581962

Marcus, can you please triage this bug? Thanks

Flags: needinfo?(marcus.apb)

I don't have an environment where I can try to reproduce that, but I investigated the involved flow and couldn't find any clear problem.
However, I inserted an extra control to validate the slot and handle in that function that may be useful for troubleshooting.

Marcia, could you try to test again with this patch, please?
Set to P2 for now.

Flags: needinfo?(marcus.apb) → needinfo?(mozillamarcia.knous)
Priority: -- → P2
Assignee: nobody → marcus.apb
Status: NEW → ASSIGNED
Priority: P2 → P1

(In reply to Marcus Burghardt from comment #6)

I don't have an environment where I can try to reproduce that, but I investigated the involved flow and couldn't find any clear problem.
However, I inserted an extra control to validate the slot and handle in that function that may be useful for troubleshooting.

Marcia, could you try to test again with this patch, please?
Set to P2 for now.

Hello Marcus - I filed it from crash stats - I wasn't ever able to reproduce the crash on my machine.

Flags: needinfo?(mozillamarcia.knous)

Hi Marcia,

I updated the patch some hours ago to solve this problem.

Thanks

I am consistently hitting this bug on startup (tab restore). Is there a way I could test this patch?

We'll want to take this in NSS 3.47.1 for Firefox 71 (currently Beta).

Blocks: 1588559
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.48

(In reply to jeremysalwen from comment #9)

I am consistently hitting this bug on startup (tab restore). Is there a way I could test this patch?

It's probably easiest for me to just get this into Nightly as soon as possible. Are you currently using Beta or Nightly?

See Also: → 1593943

Currently using Beta.

Mmm. I should have it in tomorrow's Nightly, but currently not looking to have it in Beta until approximately the 21st due to our NSS uplift schedule.

Would it be possible for you to verify the fix in Nightly for us when it's ready?

Sure, I can try using nightly until then.

I just downloaded nightly and tried it, still encountering the same crash.

Unfortunately, our uplift failed, so it didn't get into Nightly. We're working on it...

Tried nightly again just now, no dice.

Again tried the nightly, it's still crashing. Should this bug be reopened?

Still crashing from nightly.

Firefox hasn't received the fix yet. Please check https://phabricator.services.mozilla.com/D51858 for the "uplift" that will land this fix into Firefox, which is blocked on a separate commit https://phabricator.services.mozilla.com/D52212 - I've added two more potential reviewers to the latter today to hopefully find someone soon with bandwidth to approve it.

I am sorry for the inconvenience. It's also a hassle to me that we can't test any of the last two weeks of updates of NSS in Firefox yet, but I can't unilaterally edit the Firefox testing infrastructure.

If you like, I can email you when it's ready for testing, or needinfo you here.

Thanks for this update J.C.

Great! Nightly isn't crashing for me any more. Where should I check to see when this fix gets into Beta?

Awesome, glad to hear it!

So this will now be pulled into Firefox 71 as part of Bug 1588559. I'll go ahead and land into the suitable NSS branch right now.

Currently aiming to have this in the current beta, Firefox 71 Beta, approximately Friday next week (22 Nov), in 71.0b12.

71 fixed by the uplift in bug 1588559

Can confirm Beta isn't crashing for me any more.

Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: