Closed Bug 1767922 Opened 3 years ago Closed 1 year ago

Crash in [@ sftk_ObjectFromHandle]

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Platform:
Unspecified
Windows
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: gsvelto, Unassigned)

References

(Blocks 3 open bugs, Regression)

Details

(Keywords: crash, regression, Whiteboard: [nss-monitor])

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/910a8fe4-2dbc-4345-83b8-a0ce50220505

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 softokn3.dll sftk_ObjectFromHandle security/nss/lib/softoken/pkcs11u.c:1219
1 softokn3.dll NSC_DestroyObject security/nss/lib/softoken/pkcs11c.c:200
2 nss3.dll PK11_FreeSymKey security/nss/lib/pk11wrap/pk11skey.c:197
3 nss3.dll ssl3_DestroySSL3Info security/nss/lib/ssl/ssl3con.c:13960
4 nss3.dll ssl_DestroySocketContents security/nss/lib/ssl/sslsock.c:465
5 nss3.dll ssl_FreeSocket security/nss/lib/ssl/sslsock.c:524
6 nss3.dll ssl_DefClose security/nss/lib/ssl/ssldef.c:221
7 xul.dll neqo_crypto::agent::SecretAgent::close third_party/rust/neqo-crypto/src/agent.rs:720
8 xul.dll core::ptr::drop_in_place<neqo_crypto::agent::SecretAgent> ../7737e0b5c4103216d6fd8cf941b7ab9bdbaace7c/library/core/src/ptr/mod.rs:188
9 xul.dll core::ptr::drop_in_place<neqo_http3::connection_client::Http3Client> ../7737e0b5c4103216d6fd8cf941b7ab9bdbaace7c/library/core/src/ptr/mod.rs:188

Another crash happening somewhere within NSS and in the socket thread. I think I saw at least three of these today, one being bug 1767921.

This looks like a NSS issue to me.

Assignee: nobody → nobody
Component: Networking → Libraries
Product: Core → NSS
Version: unspecified → other
Blocks: clouseau
Blocks: 1763237

Looks like this went away with the backout of bug 1754004.

Regressed by: 1754004

:nika, since you are the author of the regressor, bug 1754004, could you take a look?
For more information, please visit auto_nag documentation.

Flags: needinfo?(nika)
Has Regression Range: --- → yes

Hmm, I don't know exactly what the cause of this would be. I fixed a major issue which could lead to memory corruption since the backout of bug 1754004, so there's a chance that perhaps this is just side-effects of memory corruption, which could explain the surprising behaviour? I'm not entirely certain.

I don't see a super actionable way to figure out the specific causes here right now unfortunately, other than trying to re-land and hoping that the other fixes I've done happen to have also fixed this issue due to it being caused by the memory corruption issue.

Flags: needinfo?(nika)

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: S2 → S3
Priority: -- → P3
Whiteboard: [nss-monitor]

(In reply to BugBot [:suhaib / :marco/ :calixte] from comment #5)

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

It's now roughly two per year for newest esr Firefox. And only happening on esr versions.
https://crash-stats.mozilla.org/report/index/93617272-3a73-48d3-9a6d-03d180230905 115.1.0esr

Flags: needinfo?(bbeurdouche)

Thank you, we will keep an eye on it.

Flags: needinfo?(bbeurdouche)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.