Closed Bug 1837242 Opened 2 years ago Closed 2 years ago

Crash in [@ kisfdpro64.dll]

Categories

(External Software Affecting Firefox :: Other, defect, P2)

Product:
External Software Affecting Firefox
Component:
Other
Version:
Firefox 115
Platform:
Unspecified
Windows 7
Type:
defect

Tracking

(firefox-esr102 unaffected, firefox-esr115115+ verified, firefox115blocking verified, firefox116 verified, firefox117 fixed)

Status:
VERIFIED FIXED
Milestone:
116 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 115+ verified
firefox115 blocking verified
firefox116 --- verified
firefox117 --- fixed

People

(Reporter: dmeehan, Assigned: gstoll)

References

Details

(Keywords: crash, topcrash, topcrash-startup)

Crash Data

Attachments

(6 files)

Bug 1837242 - block Kingsoft DLL (kisfdpro64.dll) to avoid crashes r=gsvelto
48 bytes, text/x-phabricator-request
Details | Review
Bug 1837242 - block Kingsoft DLL (kisfdpro64.dll) to avoid crashes
48 bytes, text/x-phabricator-request
Details | Review
Bug 1837242: Block Kingsoft DLL (kisfdpro64.dll) in all versions to avoid crashes r=gsvelto
48 bytes, text/x-phabricator-request
Details | Review
Bug 1837242: Block Kingsoft DLL (kisfdpro64.dll) in all versions to avoid crashes r=gsvelto
48 bytes, text/x-phabricator-request
Details | Review
Bug 1837242 - Fix the DLL blocklist code for older versions of Windows. r=gstoll
48 bytes, text/x-phabricator-request
diannaS
: approval-mozilla-beta+
dmeehan
: approval-mozilla-release+
dmeehan
: approval-mozilla-esr115+
Details | Review
blocklist.release.patch
2.12 KB, patch
Details | Diff | Splinter Review

Crash report: https://crash-stats.mozilla.org/report/index/1fcd6ab6-9f28-40ed-ab0b-fbcfb0230607

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 4 frames of crashing thread:

0  kisfdpro64.dll  kisfdpro64.dll@0x1348c8  
1  kisfdpro64.dll  kisfdpro64.dll@0xca9cb  
2  kisfdpro64.dll  kisfdpro64.dll@0x1f66e8  
3  kisfdpro64.dll  kisfdpro64.dll@0xccceb

:gstoll unsure if this is in the correct Product/Component for triage
It's new in 115.0 beta builds

status-firefox115: --- → affected
tracking-firefox115: --- → +
Flags: needinfo?(gstoll)

This is the right place - thanks! I'll take a look.

Flags: needinfo?(gstoll)

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 20 desktop browser crashes on beta (startup)

For more information, please visit BugBot documentation.

Keywords: topcrash, topcrash-startup

The bug is marked as tracked for firefox115 (beta). However, the bug still isn't assigned.

:gcp, could you please find an assignee for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(gpascutto)
Assignee: nobody → gstoll
Status: NEW → ASSIGNED
Flags: needinfo?(gpascutto)

This is interesting because the call stacks for the crashes are entirely inside kisfdpro64.dll, but since this only started showing up in 115 beta builds it seems like something must have changed in Firefox to trigger this. (see also bug 1837246, which is also published by Kingsoft and started in 115 beta)

I think we will have to block this unless we can get a contact at Kingsoft.

Windows DLLBlocklist request form

  1. How were we aware of the problem?
    Topcrasher

  2. What is a suspicious product causing the problem?
    Kingsoft Internet Security

  3. Is the product downloadable? If so, do we have a local repro?
    Yes, it can be downloaded at https://www.ijinshan.com/ - I am able to reproduce the DLL getting loaded into Firefox but not the crash.

  4. Which OS versions does the problem occur on?
    Windows 7, 10, 11

  5. Which process types does the problem occur on?
    Only in the browser process.

  6. What is the maximum version of the module in the crash reports?
    2023.5.31.209

  7. Is the issue fixed by a newer version of the product?
    According to telemetry, 2023.5.31.209 is the newest version of the module we've seen.

  8. Do we have data about the module in the third-party-module ping?
    Yes

  9. Do we know how the module is loaded?
    The DLL gets loaded from a new thread (presumably injected by an outside process). There is a risk that blocking the DLL will make something bad happen, but in practice this seems to not happen. Firefox seems to run fine when blocking the DLL locally.

  10. Describe your conclusion.
    We should block kisfdpro64.dll versions 2023.5.31.209 and earlier in the browser process only.

Severity: -- → S2
Priority: -- → P2
Pushed by gstoll@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a4378236e581 block Kingsoft DLL (kisfdpro64.dll) to avoid crashes r=gsvelto

https://hg.mozilla.org/mozilla-central/rev/a4378236e581

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox116: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 116 Branch

The patch landed in nightly and beta is affected.
:gstoll, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox115 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(gstoll)

Uplift Approval Request

  • String changes made/needed: no
  • Is Android affected?: no
  • Fix verified in Nightly: yes
  • User impact if declined: users won't get a fix for a topcrasher
  • Risk associated with taking this patch: low
  • Needs manual QE test: no
  • Explanation of risk level: just adding a blocklist entry
  • Code covered by automated testing: no
  • Steps to reproduce for manual QE testing: n/a
Flags: needinfo?(gstoll)

A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)

:gstoll could you take another look at this?
The patch was uplfted for 115.0b6 but there are still crashes

Flags: needinfo?(gstoll)

Sigh, in the meantime a newer version of this DLL has been released, and we didn't block that so it's still crashing. Maybe we should block all versions...

Flags: needinfo?(gstoll)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Pushed by gstoll@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b736ef0e08a1 Block Kingsoft DLL (kisfdpro64.dll) in all versions to avoid crashes r=gsvelto

Uplift Approval Request

  • Steps to reproduce for manual QE testing: n/a
  • Code covered by automated testing: no
  • String changes made/needed: no
  • Is Android affected?: no
  • User impact if declined: users won't get a fix for a topcrasher
  • Risk associated with taking this patch: low
  • Explanation of risk level: just extended a blocklist entry to block all versions
  • Fix verified in Nightly: yes
  • Needs manual QE test: no

https://hg.mozilla.org/mozilla-central/rev/b736ef0e08a1

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

Contacted a public address for Kingsoft in the hopes they'll be able to take a look at this.

(In reply to Greg Stoll from comment #22)

Contacted a public address for Kingsoft in the hopes they'll be able to take a look at this.

:gstoll users on 115.0 are hitting this. Any response from Kingsoft?

Flags: needinfo?(gstoll)
Crash Signature: [@ kisfdpro64.dll] → [@ kisfdpro64.dll] [@ kisfdpro64.dll | RtlFreeHeap]

This crash occurs while kisfdpro64.dll is reading xul.dll entirely in memory, to search for patterns in it. When it hits the .retplne section, it crashes because of its access rights, as it is not allowed to read these pages. In 114, xul.dll did not have a .retplne section; probably because we were using a different SDK version (bug 1832467, thanks [:RyanVM]). See also the bugs I am attaching.

We may have a different problem that our blocklist code fails to setup properly on Windows 7 (and Windows 10 1809), which would also explain our problems in bug 1833793. The crash spike with 115.0 release is mostly Windows 7 users, and a bit of Windows 10 1809 (10.0.17763) users. Windows 10 22H2 (10.0.19045) users do not seem impacted even though it was a high proportion of the crashes in beta, before we blocked the DLLs; so the blocking seems to work for them.

See Also: → 1546498, 1833793, 1841751

(In reply to Donal Meehan [:dmeehan] from comment #23)

(In reply to Greg Stoll from comment #22)

Contacted a public address for Kingsoft in the hopes they'll be able to take a look at this.

:gstoll users on 115.0 are hitting this. Any response from Kingsoft?

I have not gotten any response from Kingsoft. Yannis and I are looking at why the block isn't working. (as per comment 24)

Flags: needinfo?(gstoll)

I can confirm that DLL blocking and about:third-party are broken when testing on a Windows 10 1803 physical machine and a 1809 VM, starting with Firefox 112 release:

  • In Firefox 111, third-party DLLs are listed, I can block kisfdpro64.dll, and it works (if I attach to the main process, the DLL is not loaded).
  • If I update to 112, third-party DLLs are not listed, kisfdpro64.dll appears as blocked (because I blocked it while in 111) but in fact the DLL is nonetheless loaded into the main process.

I believe that my patch in bug 1733532 has broken the blocklist for old versions on Windows and will work on fixing that.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Thanks. Yannis for the heads up, marking 115 as affected as we are still crashing, also marking it as a release blocker as this is a high volume of crashes for a release just shipped, we will want a fix in a dot release.

status-firefox115: fixedaffected
tracking-firefox115: +blocking
Blocks: 1826392

While fixing a crash in bug 1733532, we accidentally broke the DLL
blocklist on older versions of Windows (Windows 7, some versions
of Windows 10, and possibly Windows 8 and 8.1). This is currently
preventing us from mitigating crashes with third-party injected DLLs, in
particular the crash incident from bug 1837242. Considering the volumes
involved, let's temporarily reintroduce bug 1733532 to ensure everyone
has a working blocklist, and deal with bug 1733532 later.

Flags: qe-verify+

Comment on attachment 9342598 [details]
Bug 1837242 - Fix the DLL blocklist code for older versions of Windows. r=gstoll

Beta/Release Uplift Approval Request

  • User impact if declined: The blocklist will not work for Windows 7 users (and some Windows 10 users, and potentially 8 and 8.1 users). These users will experiment crashes which we are trying to mitigate, in particular the crash incident with Kingsoft.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: Expected behavior:
  • On Windows 7 64-bit
  • With Kingsoft Security installed
  • Install and launch Firefox 64-bit
  • Navigate to about:third-party
  • 2 DLLs are listed: kwsui64.dll and kisfdpro64.dll
  • Expand the information for kisfdpro64.dll by clicking the “v” icon
  • It shows Status: Blocked for the Main process
  • Restart Firefox, repeat the steps, the same result is expected
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The patch does not introduce new logic. It just removes the problematic path that was introduced in bug 1733532, and adds simple sanity checks to avoid a crash.
  • String changes made/needed:
  • Is Android affected?: No

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: This patch is especially important for Windows 7 users who will be redirected to ESR 115 after end of support.
  • User impact if declined: The blocklist will not work for Windows 7 users (and some Windows 10 users, and potentially 8 and 8.1 users). These users will experiment crashes which we are trying to mitigate, in particular the crash incident with Kingsoft.
  • Fix Landed on Version: 115
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The patch does not introduce new logic. It just removes the problematic path that was introduced in bug 1733532, and adds simple sanity checks to avoid a crash.
Attachment #9342598 - Flags: approval-mozilla-release?
Attachment #9342598 - Flags: approval-mozilla-esr115?
Attachment #9342598 - Flags: approval-mozilla-beta?
Attachment #9342601 - Flags: approval-mozilla-release?
Attachment #9342601 - Flags: approval-mozilla-esr115?
Attachment #9342601 - Flags: approval-mozilla-beta?
Pushed by yjuglaret@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0b14fb1500cc Fix the DLL blocklist code for older versions of Windows. r=gstoll

Comment on attachment 9342598 [details]
Bug 1837242 - Fix the DLL blocklist code for older versions of Windows. r=gstoll

Approved for 116.0b2

Attachment #9342598 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment on attachment 9342598 [details]
Bug 1837242 - Fix the DLL blocklist code for older versions of Windows. r=gstoll

Approved for 115.0.1

Approved for 115.0.1esr

Attachment #9342598 - Flags: approval-mozilla-release?
Attachment #9342598 - Flags: approval-mozilla-release+
Attachment #9342598 - Flags: approval-mozilla-esr115?
Attachment #9342598 - Flags: approval-mozilla-esr115+

https://hg.mozilla.org/mozilla-central/rev/0b14fb1500cc

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
status-firefox117: affectedfixed
Resolution: --- → FIXED

Verified the fix on Firefox 115.0.1, 115.0.1esr and 116.0b2 on both Windows 7 and Windows 10 and everything is working as expected.

Status: RESOLVED → VERIFIED
status-firefox115: fixedverified
status-firefox116: fixedverified
status-firefox-esr115: fixedverified
Flags: qe-verify+
See Also: → 1842368
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: