1764096 - Crash in [@ intel_aes_gcmDEC]

Status: NEW

(NSS :: Libraries, defect, P3)

Description

[Calixte Denizet (:calixte)]

Crash report: https://crash-stats.mozilla.org/report/index/b7381077-0b96-41c7-a977-88ff20220408

Reason: EXCEPTION_ILLEGAL_INSTRUCTION

Top 10 frames of crashing thread:

0 freebl3.dll intel_aes_gcmDEC 
1 freebl3.dll intel_AES_GCM_DecryptAEAD security/nss/lib/freebl/intel-gcm-wrap.c:451
2 freebl3.dll AES_AEAD security/nss/lib/freebl/rijndael.c:1260
3 softokn3.dll NSC_DecryptMessage security/nss/lib/softoken/sftkmessage.c:264
4 nss3.dll PK11_AEADOp security/nss/lib/pk11wrap/pk11cxt.c:1397
5 nss3.dll tls13_UnprotectRecord security/nss/lib/ssl/tls13con.c:5865
6 nss3.dll ssl3_HandleRecord security/nss/lib/ssl/ssl3con.c:13370
7 nss3.dll ssl3_GatherCompleteHandshake security/nss/lib/ssl/ssl3gthr.c:523
8 nss3.dll SSL_ForceHandshake security/nss/lib/ssl/sslsecur.c:382
9 xul.dll nsNSSSocketInfo::DriveHandshake security/manager/ssl/nsNSSIOLayer.cpp:329

There is 1 crash in nightly 101 with buildid 20220407092959. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1754744.

[1] https://hg.mozilla.org/mozilla-central/rev?node=926e2d800cbe

Comment 1

[Kershaw Chang [:kershaw]]

I don't think this is regressed bug 1754744, since the crash signature already existed 6 months ago.

Comment 2

[Kershaw Chang [:kershaw]]

Found this crash report has a similar backtrace.

0 	freebl3.dll 	intel_aes_gcmDEC 		context
1 	freebl3.dll 	intel_AES_GCM_DecryptAEAD(intel_AES_GCMContextStr*, unsigned char*, unsigned int*, unsigned int, unsigned char const*, unsigned int, void*, unsigned int, unsigned char const*, unsigned int, unsigned int) 	security/nss/lib/freebl/intel-gcm-wrap.c:451 	scan
2 	freebl3.dll 	AES_AEAD(AESContextStr*, unsigned char*, unsigned int*, unsigned int, unsigned char const*, unsigned int, void*, unsigned int, unsigned char const*, unsigned int) 	security/nss/lib/freebl/rijndael.c:1260 	cfi
3 	softokn3.dll 	NSC_DecryptMessage(unsigned long, void*, unsigned long, unsigned char*, unsigned long, unsigned char*, unsigned long, unsigned char*, unsigned long*) 	security/nss/lib/softoken/sftkmessage.c:264 	cfi
4 	nss3.dll 	PK11_AEADOp(PK11ContextStr*, unsigned long, int, unsigned char*, int, unsigned char const*, int, unsigned char*, int*, int, unsigned char*, int, unsigned char const*, int) 	security/nss/lib/pk11wrap/pk11cxt.c:1397 	cfi
5 	nss3.dll 	tls13_AEAD(PK11ContextStr*, int, unsigned long, unsigned int, unsigned char const*, unsigned char*, unsigned int, unsigned char const*, unsigned int, unsigned char const*, unsigned int, unsigned char*, unsigned int*, unsigned int, unsigned int, unsigned char const*, unsigned int) 	security/nss/lib/ssl/tls13con.c:4186 	cfi
6 	nss3.dll 	ssl3_HandleRecord(sslSocketStr*, SSL3Ciphertext*) 	security/nss/lib/ssl/ssl3con.c:13340 	cfi
7 	nss3.dll 	ssl3_GatherCompleteHandshake(sslSocketStr*, int) 	security/nss/lib/ssl/ssl3gthr.c:523 	cfi
8 	nss3.dll 	ssl_SecureRecv(sslSocketStr*, unsigned char*, int, int) 	security/nss/lib/ssl/sslsecur.c:840 	cfi
9 	nss3.dll 	ssl_Recv(PRFileDesc*, void*, int, int, unsigned int) 	security/nss/lib/ssl/sslsock.c:3186 	cfi
10 	xul.dll 	PSMRecv(PRFileDesc*, void*, int, int, unsigned int) 	security/manager/ssl/nsNSSIOLayer.cpp:1303 	cfi
11 	xul.dll 	nsSSLIOLayerRead(PRFileDesc*, void*, int) 	security/manager/ssl/nsNSSIOLayer.cpp:1410 	cfi
12 	xul.dll 	mozilla::net::nsSocketInputStream::Read(char*, unsigned int, unsigned int*) 	netwerk/base/nsSocketTransport2.cpp:379 	cfi
13 	xul.dll 	mozilla::net::nsHttpConnection::OnWriteSegment(char*, unsigned int, unsigned int*) 	netwerk/protocol/http/nsHttpConnection.cpp:1937 	cfi

Looks like this is more related to NSS.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.