1404439 – [Crash] Firefox immediately crashes after startup if crypto-policies is set to FUTURE

Bug 1404439 - [Crash] Firefox immediately crashes after startup if crypto-policies is set to FUTURE

Summary: [Crash] Firefox immediately crashes after startup if crypto-policies is set t...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	26
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	nss-nspr-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1399812 (view as bug list)
Depends On:
Blocks:	fedora-crypto-policies
TreeView+	depends on / blocked

Reported:	2016-12-13 21:14 UTC by Christian Stadelmann
Modified:	2017-04-24 00:02 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-04-24 00:02:18 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Debug info per https://fedoraproject.org/wiki/Debugging_guidelines_for_Mozilla_products (287.21 KB, text/plain) 2016-12-13 21:14 UTC, Christian Stadelmann	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	1328318	0	None	None	None	2019-03-11 11:50:00 UTC

Description Christian Stadelmann 2016-12-13 21:14:35 UTC

Created attachment 1231333 [details]
Debug info per https://fedoraproject.org/wiki/Debugging_guidelines_for_Mozilla_products

Version-Release number of selected component (if applicable):
crypto-policies-20160921-2.git75b9b04.fc25.noarch
firefox-50.0.2-1.fc25.x86_64
nss-3.27.0-1.3.fc25.x86_64


How reproducible:
always


Steps to Reproduce:
1. run `update-crypto-policies --set FUTURE`
2. start firefox (works with a fresh profile)


Actual results:
Immediate crash when loading first tab. Without a debugger attached, I'm getting this message printed to syslog:

Assertion failure: NS_IsMainThread(), at /builddir/build/BUILD/firefox-50.0.2/firefox-50.0.2/security/manager/ssl/nsNSSComponent.cpp:259
#01: ???[/usr/lib64/firefox/libxul.so +0xa54ddb]
#02: ???[/usr/lib64/firefox/libxul.so +0xa562d6]
#03: ???[/usr/lib64/firefox/libxul.so +0xa7905e]
#04: ???[/usr/lib64/firefox/libxul.so +0xa72389]
#05: ???[/usr/lib64/firefox/libxul.so +0x2340860]
#06: ???[/usr/lib64/firefox/libxul.so +0x2340bf2]
#07: ???[/usr/lib64/firefox/libxul.so +0xa54ddb]
#08: ???[/usr/lib64/firefox/libxul.so +0xa562d6]
#09: ???[/usr/lib64/firefox/libxul.so +0xb090c1]
#10: ???[/usr/lib64/firefox/libxul.so +0xad9c04]
#11: ???[/usr/lib64/firefox/libxul.so +0xaeac7a]
#12: ???[/usr/lib64/firefox/libxul.so +0xbc46b9]
#13: ???[/usr/lib64/firefox/libxul.so +0xbc4ae6]
#14: ???[/usr/lib64/firefox/libxul.so +0xbd3e58]
#15: ???[/usr/lib64/firefox/libxul.so +0xbe6c43]
#16: ???[/usr/lib64/firefox/libxul.so +0xbb6a66]
#17: ???[/usr/lib64/firefox/libxul.so +0xa60101]
#18: ???[/usr/lib64/firefox/libxul.so +0xa7b057]
#19: ???[/usr/lib64/firefox/libxul.so +0xae8141]
#20: ???[/usr/lib64/firefox/libxul.so +0xa60101]
#21: ???[/usr/lib64/firefox/libxul.so +0xa7b057]
#22: ???[/usr/lib64/firefox/libxul.so +0xc89d7c]
#23: ???[/usr/lib64/firefox/libxul.so +0xc74bc2]
#24: ???[/usr/lib64/firefox/libxul.so +0xa62db5]
#25: ???[/lib64/libnspr4.so +0x295bc]
#26: ???[/lib64/libpthread.so.0 +0x76ca]
#27: clone[/lib64/libc.so.6 +0x107f6f]
#28: ??? (???:???)
Speicherzugriffsfehler (Speicherabzug geschrieben)

(Last line translates to "Segmentation violation (core dumped)".)


Expected results:
no crash


Additional info:
This bug is not present when crypto-policy is set to DEFAULT.
This bug crashes firefox, but it probably is a bug in nss. Feel free to reassign if necessary.

More crash info from gdb (full log is attached):

`print DumpJSStack()` doesn't show useful information, but this stuff instead:



Thread 41 "Socket Thread" received signal SIGSEGV, Segmentation fault.[Switching to Thread 0x7fffd5ff1700 (LWP 30766)]
nsNSSComponent::nsNSSComponent (this=<optimized out>)
    at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/security/manager/ssl/nsNSSComponent.cpp:259
259	  MOZ_RELEASE_ASSERT(NS_IsMainThread());
Missing separate debuginfos, use: dnf debuginfo-install GConf2-3.2.6-16.fc24.x86_64 PackageKit-gtk3-module-1.1.4-1.fc25.x86_64 gvfs-client-1.30.2-1.fc25.x86_64 nss-mdns-0.10-17.fc24.x86_64
#0  0x00007fffe96d3d24 in nsNSSComponent::nsNSSComponent() (this=<optimized out>)
    at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/security/manager/ssl/nsNSSComponent.cpp:259
#1  0x00007fffe96dec83 in nsNSSComponentConstructor(nsISupports*, nsIID const&, void**) (aOuter=<optimized out>, aIID=..., aResult=0x7fffd5ff05d0)
    at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/security/manager/ssl/nsNSSModule.cpp:174
#2  0x00007fffe7de7ddb in nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (this=<optimized out>, aContractID=<optimized out>, aDelegate=0x0, aIID=..., aResult=0x7fffd5ff05d0)
    at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/xpcom/components/nsComponentManager.cpp:1203
#3  0x00007fffe7de92d6 in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (this=
    0x7ffff6b4dde0, aContractID=0x7fffea31d8e6 "@mozilla.org/psm;1", aIID=..., aResult=aResult@entry=0x7fffd5ff0660) at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/xpcom/components/nsComponentManager.cpp:1560
#4  0x00007fffe7e0c04c in CallGetService(char const*, nsID const&, void**) (aContractID=<optimized out>, aIID=..., aResult=aResult@entry=0x7fffd5ff0660)
    at /usr/src/debug/firefox-50.0.2/firefox-50.0.2/xpcom/glue/nsComponentManagerUtils.cpp:69
#5  0x00007fffe7e0c05e in nsGetServiceByContractID::operator()(nsID const&, void**) const (this=<optimized out>, aIID=..., aInstancePtr=0x7fffd5ff0660)

Comment 1 Christian Stadelmann 2016-12-13 21:15:27 UTC

Suggested workaround: run `update-crypto-policies --set DEFAULT` as root or from sudo.

Comment 2 Kai Engert (:kaie) (inactive account) 2016-12-19 15:49:41 UTC

Debugging this is rather resource hungry, but with a 6 GB RAM VM and 4 CPUs it's bearable.

Firefox crashes with an assertion failure, because the firefox code that inits NSS wants to run on the main thread, but here it's executed on a secondary thread, when trying to construct an SSL socket.

I'm guessing the initial construction attempt on the main thread had failed (without assertion), and when the XPCom code attempts to do an on-demand construction of the missing component, it runs into the assertion.

So, debugging the state of the crash is insufficient, we must find out why the initial init attempt fails. I'm looking into it...

Comment 3 Kai Engert (:kaie) (inactive account) 2016-12-19 16:51:20 UTC

The reason for the failure is:

Firefox attempts to configure the allowed SSL/TLS protocol version range from minimum TLS 1.0 to maximum TLS 1.2.

That's rejected because the FUTURE crypto policy requires a minimum of TLS 1.2.

Consequently, the firefox application notices the failure to initialize NSS with the desired values, the init attempt fails, and we later into the assertion failure as described in comment 2.


The equivalent initial failure can be reproduced with the following command line tool:

/usr/lib64/nss/unsupported-tools/tstclnt  -D -b -V tls1.0:tls1.2 -h fedoraproject.org -p 443


It seems the implementation strategy for crypto policies needs some more thought.

Comment 4 Kai Engert (:kaie) (inactive account) 2017-01-04 10:52:26 UTC

We discussed a suggested solution, which will require an upstream fix to NSS.

Please refer to the upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1328318

Comment 5 Kai Engert (:kaie) (inactive account) 2017-02-20 16:14:47 UTC

*** Bug 1399812 has been marked as a duplicate of this bug. ***

Comment 6 Kai Engert (:kaie) (inactive account) 2017-03-22 19:27:44 UTC

Upstream bug has a patch v1, which I tested on Firefox 26, using a local build with the patch applied.

It allows Firefox to be started and load https pages, with system crypto policy set to future.

Comment 7 Fedora Update System 2017-03-29 18:55:07 UTC

nss-3.29.3-1.3.fc26 nss-softokn-3.29.3-1.0.fc26 nss-util-3.29.3-2.2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-938554ca21

Comment 8 Fedora Update System 2017-03-29 18:55:28 UTC

nss-3.29.3-1.3.fc26 nss-softokn-3.29.3-1.0.fc26 nss-util-3.29.3-2.2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-938554ca21

Comment 9 Fedora Update System 2017-03-30 18:52:00 UTC

nss-3.29.3-1.3.fc26, nss-softokn-3.29.3-1.0.fc26, nss-util-3.29.3-2.2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-938554ca21

Comment 10 Fedora Update System 2017-04-04 16:03:17 UTC

nss-3.29.3-1.3.fc26, nss-softokn-3.29.3-1.0.fc26, nss-util-3.29.3-2.2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Christian Stadelmann 2017-04-24 00:02:18 UTC

This bug is fixed on Fedora 26. Thank you!

Note You need to log in before you can comment on or make changes to this bug.