[Bug 422928] [NEW] Crashes in libnss3.so or libnss3.so.1d around the nss package update on 2009-08-04

Wan-Teh Chang wtc at google.com
Wed Sep 2 00:54:15 UTC 2009 

Public bug reported:

Note: Please see Chromium issue 18706 (http://crbug.com/18706) for more
info.  Feel free to mark this bug "invalid" or "won't fix".  I just wanted to make
sure you know about this issue.

Shortly after the nss package in Hardy, Intrepid, and Jaunty was updated
on 2009-08-04 for bug 407549, we received several reports of Chromium
crashes in libnss3.so or libnss3.so.1d.  All of them have the word "deleted"
next to libnss3.so/libnss3.so.1d in the stack traces.  Here is an example
from Ubuntu 9.04 received on 2009-08-05:

Thread 3 *CRASHED* (SIGSEGV @0x00000004)
0xb782a7d2 	[libnss3.so (deleted) 	+ 0x0002a7d2] 	
0xb786fe4f 	[libnss3.so (deleted) 	+ 0x0006fe4f] 	
0xb786feef 	[libnss3.so (deleted) 	+ 0x0006feef] 	
0xb784914f 	[libnss3.so (deleted) 	+ 0x0004914f] 	
0x084c378f 	[chrome 	- nss_init.cc:49] 	base::EnsureNSSInit()
0x084add59 	[chrome 	- hmac_nss.cc:52] 	base::HMAC::Init(unsigned char const*, int)
0x0818f9b3 	[chrome 	- hmac.h:39] 	safe_browsing_util::VerifyMAC(std::string const&, std::string const&, char const*, int)
0x0832e2ec 	[chrome 	- protocol_parser.cc:71] 	SafeBrowsingProtocolParser::ParseGetHash(char const*, int, std::string const&, bool*, std::vector<SBFullHashResult, std::allocator<SBFullHashResult> >*)
0x0832b7bd 	[chrome 	- protocol_manager.cc:214] 	SafeBrowsingProtocolManager::OnURLFetchComplete(URLFetcher const*, GURL const&, URLRequestStatus const&, int, std::vector<std::string, std::allocator<std::string> > const&, std::string const&)
0x0813baa9 	[chrome 	- url_fetcher.cc:272] 	URLFetcher::Core::OnCompletedURLRequest(URLRequestStatus const&)
0x0813a5aa 	[chrome 	- tuple.h:422] 	RunnableMethod<URLFetcher::Core, void (URLFetcher::Core::*)(URLRequestStatus const&), Tuple1<URLRequestStatus> >::Run()
0x084b9c58 	[chrome 	- message_loop.cc:313] 	MessageLoop::RunTask(Task*)
0x084b9d35 	[chrome 	- message_loop.cc:321] 	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&)
0x084b9f59 	[chrome 	- message_loop.cc:428] 	MessageLoop::DoWork()
0x084bc4d7 	[chrome 	- message_pump_libevent.cc:224] 	base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
0x084ba4b1 	[chrome 	- message_loop.cc:198] 	MessageLoop::RunInternal()
0x084ba5a5 	[chrome 	- message_loop.cc:155] 	MessageLoop::Run()
0x084e000f 	[chrome 	- thread.cc:156] 	base::Thread::ThreadMain()
0x084c6b70 	[chrome 	- platform_thread_posix.cc:26] 	ThreadFunc(void*)
0xb773f4fe 	[libpthread-2.9.so 	+ 0x000064fe] 	
0xb73f649d 	[libc-2.9.so 	+ 0x000e449d] 

The distribution of the crashes over time is:
2009-08-05: 12
2009-08-06:   8
2009-08-07:   6
2009-08-08:   9
2009-08-09:   1
2009-08-10:   1
2009-08-11:   1
2009-08-12:   1
2009-08-13:   2
2009-08-14:   2
2009-08-15:   1
2009-08-19:   1
2009-08-20:   1
2009-08-23:   1
2009-08-24:   1
2009-08-26:   1
2009-08-29:   1

We are wondering if these crashes were caused by the nss
package being updated while Chromium was running.
Chromium initializes NSS lazily; it doesn't initialize NSS
until it needs to do SSL.  Perhaps some thing goes wrong
if libnss3.so is updated between Chromium starts up and
Chromium initializes NSS?  Just a wild guess.

Starting on 2009-08-08, some of the crashes also have the
word "deleted" next to "chrome" in the stack traces.  Here
is an example from Ubuntu 9.04 received on 2009-08-08:

Thread 3 *CRASHED* (SIGSEGV @0x00000004)
0xb773f7d2 	[libnss3.so (deleted) 	+ 0x0002a7d2] 	
0xb7784e4f 	[libnss3.so (deleted) 	+ 0x0006fe4f] 	
0xb7784eef 	[libnss3.so (deleted) 	+ 0x0006feef] 	
0xb775e14f 	[libnss3.so (deleted) 	+ 0x0004914f] 	
0x084c378f 	[chrome (deleted) 	+ 0x0047b78f] 	
0x084add59 	[chrome (deleted) 	+ 0x00465d59] 	
0x0818f9b3 	[chrome (deleted) 	+ 0x001479b3] 	
0x0832f939 	[chrome (deleted) 	+ 0x002e7939] 	
0x08328f07 	[chrome (deleted) 	+ 0x002e0f07] 	
0x0832ba41 	[chrome (deleted) 	+ 0x002e3a41] 	
0x0813baa9 	[chrome (deleted) 	+ 0x000f3aa9] 	
0x0813a5aa 	[chrome (deleted) 	+ 0x000f25aa] 	
0x084b9c58 	[chrome (deleted) 	+ 0x00471c58] 	
0x084b9d35 	[chrome (deleted) 	+ 0x00471d35] 	
0x084b9f59 	[chrome (deleted) 	+ 0x00471f59] 	
0x084bc4d7 	[chrome (deleted) 	+ 0x004744d7] 	
0x084ba4b1 	[chrome (deleted) 	+ 0x004724b1] 	
0x084ba5a5 	[chrome (deleted) 	+ 0x004725a5] 	
0x084e000f 	[chrome (deleted) 	+ 0x0049800f] 	
0x084c6b70 	[chrome (deleted) 	+ 0x0047eb70] 	
0xb76544fe 	[libpthread-2.9.so 	+ 0x000064fe] 	
0xb730b49d 	[libc-2.9.so 	+ 0x000e449d]

** Affects: nss (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Crashes in libnss3.so or libnss3.so.1d around the nss package update on 2009-08-04
https://bugs.launchpad.net/bugs/422928
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list