Crash ID?

Crash reason: SIGSEGV Crash address: 0x0 Thread 4 (crashed) 0 libmozglue.so!arena_dalloc [jemalloc.c : 4652 + 0x0] r4 = 0x00305dc8 r5 = 0x00005dc8 r6 = 0x00001a40 r7 = 0x00000000 r8 = 0x00300000 r9 = 0x4e6f8549 r10 = 0x00305dc8 fp = 0x00000004 sp = 0x4e103c18 lr = 0x4e6e9174 pc = 0x80c0a6f4 Found by: given as instruction pointer in context 1 libsoftokn3.so (deleted) + 0x1e172 r4 = 0x00305dc8 r5 = 0x4e6fd65c r6 = 0x00001a40 r7 = 0x000006c3 r8 = 0x00000001 r9 = 0x4e6f8549 r10 = 0x4e6f85f6 fp = 0x00000004 sp = 0x4e103c40 pc = 0x4e6e9174 Found by: call frame info 2 libsoftokn3.so (deleted) + 0x1da3e sp = 0x4e103c70 pc = 0x4e6e8a40 Found by: stack scanning 3 libsoftokn3.so (deleted) + 0x2d52a sp = 0x4e103c84 pc = 0x4e6f852c Found by: stack scanning 4 libsoftokn3.so (deleted) + 0x1e75a sp = 0x4e103ca8 pc = 0x4e6e975c Found by: stack scanning 5 libsoftokn3.so (deleted) + 0x22816 sp = 0x4e103ce8 pc = 0x4e6ed818 Found by: stack scanning 6 libsoftokn3.so (deleted) + 0xdf0e sp = 0x4e103d58 pc = 0x4e6d8f10 Found by: stack scanning 7 libsoftokn3.so (deleted) + 0xe166 sp = 0x4e103dc0 pc = 0x4e6d9168 Found by: stack scanning 8 libsoftokn3.so (deleted) + 0xe56a sp = 0x4e103df8 pc = 0x4e6d956c Found by: stack scanning 9 libsoftokn3.so (deleted) + 0xe646 sp = 0x4e103e50 pc = 0x4e6d9648 Found by: stack scanning 10 libnss3.so!secmodUnlockMutext [pk11load.c : 49 + 0x6] sp = 0x4e103e58 pc = 0x5116edf4 Found by: stack scanning 11 0x52c3560e r4 = 0x00000003 sp = 0x4e103e60 pc = 0x52c35610 Found by: call frame info 12 libnss3.so!secmod_ModuleInit [pk11load.c : 221 + 0xe] sp = 0x4e103e68 pc = 0x5116eb04 Found by: stack scanning 13 libnss3.so!secmod_LoadPKCS11Module [pk11load.c : 457 + 0xe] r4 = 0x52c35610 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x4e103f54 r8 = 0x00000000 r9 = 0x4e3363a8 r10 = 0x500fdd34 fp = 0x5009acd0 sp = 0x4e103ed8 pc = 0x5116f588 Found by: call frame info 14 libnss3.so!SECMOD_LoadModule [pk11pars.c : 1010 + 0xa] r4 = 0x52c35610 r5 = 0x52c35410 r6 = 0x500f0000 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x4e3363a8 r10 = 0x500fdd34 fp = 0x5009acd0 sp = 0x4e103f48 pc = 0x51180a00 Found by: call frame info 15 libnss3.so!SECMOD_LoadModule [pk11pars.c : 1045 + 0x2] r4 = 0x52c35410 r5 = 0x500fdd30 r6 = 0x500ef400 r7 = 0x500f0000 r8 = 0x00000000 r9 = 0x4e3363a8 r10 = 0x500fdd34 fp = 0x5009acd0 sp = 0x4e103f88 pc = 0x51180aa0 Found by: call frame info 16 libnss3.so!nss_Init [nssinit.c : 438 + 0xe] r4 = 0x5008dfb0 r5 = 0x00000000 r6 = 0x500ed920 r7 = 0x4e36d880 r8 = 0x4e3363a4 r9 = 0x4e3363a8 r10 = 0x500ef400 fp = 0x5009acd0 sp = 0x4e103fc8 pc = 0x51157488 Found by: call frame info 17 libnss3.so!NSS_Initialize [nssinit.c : 816 + 0x96] r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000001 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0x4e104048 pc = 0x51157c4c Found by: call frame info 18 libxul.so!nsNSSComponent::InitializeNSS(bool) [nsNSSComponent.cpp : 1687 + 0x1a] r4 = 0x52c01f00 r5 = 0x54a8e620 r6 = 0x54886b68 r7 = 0x54871dae r8 = 0x4e392030 r9 = 0x00000001 r10 = 0x548712c0 fp = 0x54ac14ec sp = 0x4e1040b8 pc = 0x53c24efc Found by: call frame info 19 libxul.so!nsNSSComponent::Init() [nsNSSComponent.cpp : 1922 + 0xa] r4 = 0x52c01f00 r5 = 0x4e10415c r6 = 0x00000000 r7 = 0x548712c0 r8 = 0x4e392030 r9 = 0x00000000 r10 = 0x548712c0 fp = 0x54ac14ec sp = 0x4e104150 pc = 0x53c25ec0 Found by: call frame info

Here's the (backed-out) landing of NSS_3_14_1_BETA1 on mozilla-inbound showing the crashes: https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=329da1081148 And here's the try run showing that reverting the patch for bug 578561 causes the crashes to go away: https://tbpl.mozilla.org/?tree=Try&rev=acc4056f832e I have backed out the patch for bug 578561 from NSS CVS: Checking in lib/softoken/sdb.c; /cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v <-- sdb.c new revision: 1.27; previous revision: 1.26 done

Since this bug is blocking the landing of NSS 3.14.1 into mozilla-central, and the backout resolves the issue, I am going to close this bug and reopen bug 578561.

FYI: tempnam is the culprit. This code crashes on Android: char *tn = tempnam(0,0); if (tn) free(tn); However, it crashes, only, when built as part of Mozilla's infrastructure to build Firefox for Android.