Bug 5904 - libnss_wins causes SIGABRT while servicing getaddrinfo() request
Summary: libnss_wins causes SIGABRT while servicing getaddrinfo() request
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 3.2.3
Hardware: x86 Linux
: P3 regression
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-11-15 12:55 UTC by Mark Aiken
Modified: 2009-05-13 04:25 UTC (History)
4 users (show)

See Also:

gdb full backtraces from crash (33.03 KB, text/plain)
2008-11-15 12:56 UTC, Mark Aiken
no flags Details
Quick patch for 3.2.x. (3.51 KB, patch)
2008-11-17 19:40 UTC, Jeremy Allison
no flags Details
Replacement patch (3.37 KB, patch)
2008-11-19 13:20 UTC, Jeremy Allison
no flags Details
another similar trace of same issue (28.73 KB, text/plain)
2008-12-16 16:07 UTC, Ivan Kelly
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Aiken 2008-11-15 12:55:17 UTC
I'm not sure who owns libnss_wins, exactly, so if you guys aren't the owners, please point me in the right direction. I've also almost certainly guessed wrong at the Component field, sorry.

Firefox 3.0.3 is highly unstable for me after upgrading to Ubuntu Intrepid, which provides samba 3.2.3. It will now frequently crash with SIGABRT while loading complex pages. I don't have a reliable repro case, although I have difficulty keeping the browser running for more than 10-15 mins without this occurring.

Here is a stacktrace from a typical crash. As you can see, libnss_wins is servicing a getaddrinfo() call. The Firefox team is of the opinion that this is a bug in libnss_wins.

I would like to help get this fixed. I realize the backtrace doesn't have libnss symbols. If you could let me know how to collect additional information I could provide I would be happy to do so.

See also these Ubuntu bugs:


See also this Firefox bug:


Stacktrace from SIGABRT crash:

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xa6ffcb90 (LWP 3755)]
0xb800e430 in __kernel_vsyscall ()
(gdb) bt full
#0  0xb800e430 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7d6b880 in raise () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb7d6d248 in abort () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb3a935dd in talloc_free () from /usr/lib/libtalloc.so.1
No symbol table info available.
#4  0xb0b05289 in ?? () from /lib/libnss_wins.so.2
No symbol table info available.
#5  0xb3a93621 in talloc_free () from /usr/lib/libtalloc.so.1
No symbol table info available.
#6  0xb0b30758 in alloc_sub_basic () from /lib/libnss_wins.so.2
No symbol table info available.
#7  0xb0b30d3f in talloc_sub_basic () from /lib/libnss_wins.so.2
No symbol table info available.
#8  0xb0a70281 in ?? () from /lib/libnss_wins.so.2
No symbol table info available.
#9  0xb0a713f2 in lp_lockdir () from /lib/libnss_wins.so.2
No symbol table info available.
#10 0xb0b2aa75 in lock_path () from /lib/libnss_wins.so.2
No symbol table info available.
#11 0xb0ac9767 in receive_unexpected () from /lib/libnss_wins.so.2
No symbol table info available.
#12 0xb0acc375 in receive_nmb_packet () from /lib/libnss_wins.so.2
No symbol table info available.
#13 0xb0acee4d in name_query () from /lib/libnss_wins.so.2
No symbol table info available.
#14 0xb0a6c555 in _nss_wins_gethostbyname_r () from /lib/libnss_wins.so.2
No symbol table info available.
#15 0xb0a6c853 in _nss_wins_gethostbyname2_r () from /lib/libnss_wins.so.2
No symbol table info available.
#16 0xb7e05666 in gaih_inet () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#17 0xb7e07039 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#18 0xb7c7d6b9 in PR_GetAddrInfoByName (
    hostname=0x86b3664 "stats.wordpress.com", af=0, flags=32800)
    at prnetdb.c:2042
    res = <value optimized out>
    hints = {ai_flags = 0, ai_family = 0, ai_socktype = 1, 
  ai_protocol = 0, ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, 
  ai_next = 0x0}
    rv = <value optimized out>
#19 0xb725f454 in nsHostResolver::ThreadFunc (arg=0x836a600)
    at nsHostResolver.cpp:697
    flags = 32800
    status = <value optimized out>
    rec = (nsHostRecord *) 0x86b3630
    ai = (PRAddrInfo *) 0x1
Comment 1 Mark Aiken 2008-11-15 12:56:46 UTC
Created attachment 3738 [details]
gdb full backtraces from crash

Here is a more complete set of backtraces for all threads from a typical SIGABRT crash.
Comment 2 Volker Lendecke 2008-11-16 05:57:39 UTC
Hmmmm. I wonder how this can ever have worked in a threaded app ...

Either we need to strip down this module to *just* make winbind calls or go through and make that module thread-safe.

Comment 3 Mark Aiken 2008-11-16 16:24:42 UTC
Thanks for taking a look at this. As I mentioned, the out-of-the-box Ubuntu Intrepid distro exhibits this bug, which is bound to affect a great many people. Is there a temporary workaround, or perhaps a repackaging of Firefox you would suggest while we wait for a more comprehensive solution?
Comment 4 Jeremy Allison 2008-11-17 19:27:04 UTC
Ok, I think we have to just mutex all the calls in this module. I'll take a look...
Comment 5 Jeremy Allison 2008-11-17 19:40:11 UTC
Created attachment 3745 [details]
Quick patch for 3.2.x.

Can you try and see if this fixes the problem ? Thanks,
Comment 6 Mark Aiken 2008-11-18 19:13:12 UTC
Sorry for the delay; I need to wait until I can take some downtime to pull out the Ubuntu samba package and put in a fresh one from source. Should be this week sometime.

If it helps confirm, I've worked around this for now by disabling wins name resolution for hostnames.
Comment 7 Jeremy Allison 2008-11-19 13:20:55 UTC
Created attachment 3749 [details]
Replacement patch

Correctly mutex's only _nss_wins_gethostbyname_r, not _nss_wins_gethostbyname2_r.
Comment 8 Bryon Keck 2008-12-05 11:54:29 UTC
Any additional comments on this?  I tried to apply the patch; but I'm somewhat new to all this attempting to build your own source in Ubuntu, and got most of they way..
As far as applying the patch to the source in Ubuntu Intrepid -- but I have no clue how to build it and make it work...  I did ./configure, sudo make, sudo make install, and I couldn't get the daemon running...  Like the Samba options in the Ubuntu menu, and whatnot(couldn't even find it in init.d).  Switched back to Synaptic build; but Firefox maintains its crashing feature on most media rich sites...  Which is often for me.
Comment 9 Grayden 2008-12-11 15:03:10 UTC
Could I get some help?

How do we use the patches on this page?

Thanks a lot.

Comment 10 Bryon Keck 2008-12-12 18:02:42 UTC
Ehh -- as we wait I did a little work around.
bryon@ICEMAN:~$ sudo vim /etc/nsswitch.conf

I duplicated the hosts line, one with wins in it -- one without.  When I shutdown, I comment the line that doesn't have wins.  Once I'm started up again (since my drives are automounted using fstab), I edit the file, comment out the line with wins, then 
bryon@ICEMAN:~$ sudo service samba restart

No firefox crash ;p
Comment 11 Ivan Kelly 2008-12-16 16:06:45 UTC
Im also getting the same error on numerous machines, running debian testing with samba 3.2.5 on some, and ubuntu intrepid ibex on others. Seems to hit more on the slower machines (intel atom based), than on faster processor machines. Have patched samba with the attached patch and will let you know how I get on. What's the underlying problem with this whole thing? 

Also, i've attached the crash I get and a copy of the deb I built with the patch. Built on debian as follows:

$ sudo apt-get source samba
$ sudo apt-get build-dep samba
$ cd samba-3.2.5
$ cat ../replacement.patch | patch -p1
$ fakeroot debian/rules binary

I assume it's the same for ubuntu.
Comment 12 Ivan Kelly 2008-12-16 16:07:53 UTC
Created attachment 3813 [details]
another similar trace of same issue
Comment 13 Ivan Kelly 2008-12-16 16:18:48 UTC
Compiled debs with patch available at http://baal.bleurgh.com/samba/
Comment 14 Ivan Kelly 2009-01-03 18:35:02 UTC
Have been using this fix for a number of weeks now, and the crash has disappeared. 
Comment 15 Karolin Seeger 2009-05-13 04:25:13 UTC
Patch is upstream.
Closing out bug report.