Closed
Bug 1918711
Opened 2 months ago
Closed 2 months ago
Firefox immediately crashes on the new tab page and blocks local WPT run
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
132 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox130 | --- | unaffected |
| firefox131 | --- | unaffected |
| firefox132 | --- | fixed |
People
(Reporter: saschanaz, Assigned: jschanck)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
git bisect says it's bug 1918484.
|
Reporter | |
Comment 1•2 months ago
•
|
||
The message: Exception thrown at 0x00007FFF1132DAC7 (freebl3.dll) in firefox.exe: 0xC00000FD: Stack overflow (parameters: 0x0000000000000001, 0x000000EE398A3000).
The stack:
freebl3.dll!__chkstk() Line 109 (d:\a\_work\1\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm:109)
freebl3.dll!generate_keypair_a2(Eurydice_slice key_generation_seed) Line 8381 (d:\gecko\security\nss\lib\freebl\verified\libcrux_mlkem_portable.c:8381)
freebl3.dll!libcrux_ml_kem_ind_cca_generate_keypair_f6(unsigned char * randomness) Line 8529 (d:\gecko\security\nss\lib\freebl\verified\libcrux_mlkem_portable.c:8529)
freebl3.dll!generate_keypair_87(unsigned char * randomness) Line 134 (d:\gecko\security\nss\lib\freebl\verified\libcrux_mlkem768_portable.c:134)
freebl3.dll!libcrux_ml_kem_mlkem768_portable_generate_key_pair(unsigned char * randomness) Line 146 (d:\gecko\security\nss\lib\freebl\verified\libcrux_mlkem768_portable.c:146)
freebl3.dll!Kyber_NewKey(<unnamed-tag> params, const SECItemStr * keypair_seed, SECItemStr * privkey, SECItemStr * pubkey) Line 165 (d:\gecko\security\nss\lib\freebl\kyber.c:165)
softokn3.dll!Kyber_NewKey(<unnamed-tag> params, const SECItemStr * seed, SECItemStr * privKey, SECItemStr * pubKey) Line 2839 (d:\gecko\security\nss\lib\freebl\loader.c:2839)
softokn3.dll!NSC_GenerateKeyPair(unsigned long hSession, CK_MECHANISM * pMechanism, CK_ATTRIBUTE * pPublicKeyTemplate, unsigned long ulPublicKeyAttributeCount, CK_ATTRIBUTE * pPrivateKeyTemplate, unsigned long ulPrivateKeyAttributeCount, unsigned long * phPublicKey, unsigned long * phPrivateKey) Line 5894 (d:\gecko\security\nss\lib\softoken\pkcs11c.c:5894)
nss3.dll!PK11_GenerateKeyPairWithOpFlags(PK11SlotInfoStr * slot, unsigned long type, void * param, SECKEYPublicKeyStr * * pubKey, unsigned int attrFlags, unsigned long opFlags, unsigned long opFlagsMask, void * wincx) Line 1727 (d:\gecko\security\nss\lib\pk11wrap\pk11akey.c:1727)
nss3.dll!tls13_CreateKEMKeyPair(sslSocketStr * ss, const sslNamedGroupDefStr * groupDef, sslKeyPairStr * * outKeyPair) Line 404 (d:\gecko\security\nss\lib\ssl\tls13con.c:404)
nss3.dll!tls13_CreateKeyShare(sslSocketStr * ss, const sslNamedGroupDefStr * groupDef, sslEphemeralKeyPairStr * * outKeyPair) Line 515 (d:\gecko\security\nss\lib\ssl\tls13con.c:515)
nss3.dll!tls13_AddKeyShare(sslSocketStr * ss, const sslNamedGroupDefStr * groupDef) Line 532 (d:\gecko\security\nss\lib\ssl\tls13con.c:532)
nss3.dll!tls13_SetupClientHello(sslSocketStr * ss, <unnamed-tag> chType) Line 595 (d:\gecko\security\nss\lib\ssl\tls13con.c:595)
nss3.dll!ssl3_SendClientHello(sslSocketStr * ss, <unnamed-tag> type) Line 5585 (d:\gecko\security\nss\lib\ssl\ssl3con.c:5585)
nss3.dll!ssl_BeginClientHandshake(sslSocketStr * ss) Line 189 (d:\gecko\security\nss\lib\ssl\sslcon.c:189)
nss3.dll!ssl_Do1stHandshake(sslSocketStr * ss) Line 43 (d:\gecko\security\nss\lib\ssl\sslsecur.c:43)
nss3.dll!ssl_SecureRecv(sslSocketStr * ss, unsigned char * buf, int len, int flags) Line 870 (d:\gecko\security\nss\lib\ssl\sslsecur.c:870)
nss3.dll!ssl_Recv(PRFileDesc * fd, void * buf, int len, int flags, unsigned int timeout) Line 3199 (d:\gecko\security\nss\lib\ssl\sslsock.c:3199)
xul.dll!PSMRecv(PRFileDesc * fd, void * buf, int amount, int flags, unsigned int timeout) Line 816 (d:\gecko\security\manager\ssl\nsNSSIOLayer.cpp:816)
nss3.dll!PR_Recv(PRFileDesc * fd, void * buf, int amount, int flags, unsigned int timeout) Line 188 (d:\gecko\nsprpub\pr\src\io\priometh.c:188)
|
||
Comment 2•2 months ago
|
||
Set release status flags based on info from the regressing bug 1918484
:jschanck, since you are the author of the regressor, bug 1918484, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
status-firefox130:
--- → unaffected
status-firefox131:
--- → unaffected
status-firefox-esr115:
--- → unaffected
status-firefox-esr128:
--- → unaffected
Flags: needinfo?(jschanck)
|
Assignee | |
Comment 3•2 months ago
|
||
|
||
Updated•2 months ago
|
Assignee: nobody → jschanck
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 4•2 months ago
|
||
This new code uses a fairly large amount of stack space. It's probably blowing the per-thread stack limit. I'll disable the code while we investigate.
Flags: needinfo?(jschanck)
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2ee93ca8899
disable mlkem. r=keeler
|
||
Comment 6•2 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•