I'm not sure who owns libnss_wins, exactly, so if you guys aren't the owners, please point me in the right direction. I've also almost certainly guessed wrong at the Component field, sorry. Firefox 3.0.3 is highly unstable for me after upgrading to Ubuntu Intrepid, which provides samba 3.2.3. It will now frequently crash with SIGABRT while loading complex pages. I don't have a reliable repro case, although I have difficulty keeping the browser running for more than 10-15 mins without this occurring. Here is a stacktrace from a typical crash. As you can see, libnss_wins is servicing a getaddrinfo() call. The Firefox team is of the opinion that this is a bug in libnss_wins. I would like to help get this fixed. I realize the backtrace doesn't have libnss symbols. If you could let me know how to collect additional information I could provide I would be happy to do so. See also these Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/282287 https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/294344 See also this Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=463101 Stacktrace from SIGABRT crash: Program received signal SIGABRT, Aborted. [Switching to Thread 0xa6ffcb90 (LWP 3755)] 0xb800e430 in __kernel_vsyscall () (gdb) bt full #0 0xb800e430 in __kernel_vsyscall () No symbol table info available. #1 0xb7d6b880 in raise () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #2 0xb7d6d248 in abort () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #3 0xb3a935dd in talloc_free () from /usr/lib/libtalloc.so.1 No symbol table info available. #4 0xb0b05289 in ?? () from /lib/libnss_wins.so.2 No symbol table info available. #5 0xb3a93621 in talloc_free () from /usr/lib/libtalloc.so.1 No symbol table info available. #6 0xb0b30758 in alloc_sub_basic () from /lib/libnss_wins.so.2 No symbol table info available. #7 0xb0b30d3f in talloc_sub_basic () from /lib/libnss_wins.so.2 No symbol table info available. #8 0xb0a70281 in ?? () from /lib/libnss_wins.so.2 No symbol table info available. #9 0xb0a713f2 in lp_lockdir () from /lib/libnss_wins.so.2 No symbol table info available. #10 0xb0b2aa75 in lock_path () from /lib/libnss_wins.so.2 No symbol table info available. #11 0xb0ac9767 in receive_unexpected () from /lib/libnss_wins.so.2 No symbol table info available. #12 0xb0acc375 in receive_nmb_packet () from /lib/libnss_wins.so.2 No symbol table info available. #13 0xb0acee4d in name_query () from /lib/libnss_wins.so.2 No symbol table info available. #14 0xb0a6c555 in _nss_wins_gethostbyname_r () from /lib/libnss_wins.so.2 No symbol table info available. #15 0xb0a6c853 in _nss_wins_gethostbyname2_r () from /lib/libnss_wins.so.2 No symbol table info available. #16 0xb7e05666 in gaih_inet () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #17 0xb7e07039 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #18 0xb7c7d6b9 in PR_GetAddrInfoByName ( hostname=0x86b3664 "stats.wordpress.com", af=0, flags=32800) at prnetdb.c:2042 res = <value optimized out> hints = {ai_flags = 0, ai_family = 0, ai_socktype = 1, ai_protocol = 0, ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0} rv = <value optimized out> #19 0xb725f454 in nsHostResolver::ThreadFunc (arg=0x836a600) at nsHostResolver.cpp:697 flags = 32800 status = <value optimized out> rec = (nsHostRecord *) 0x86b3630 ai = (PRAddrInfo *) 0x1
Created attachment 3738 [details] gdb full backtraces from crash Here is a more complete set of backtraces for all threads from a typical SIGABRT crash.
Hmmmm. I wonder how this can ever have worked in a threaded app ... Either we need to strip down this module to *just* make winbind calls or go through and make that module thread-safe. Volker
Thanks for taking a look at this. As I mentioned, the out-of-the-box Ubuntu Intrepid distro exhibits this bug, which is bound to affect a great many people. Is there a temporary workaround, or perhaps a repackaging of Firefox you would suggest while we wait for a more comprehensive solution?
Ok, I think we have to just mutex all the calls in this module. I'll take a look... Jeremy.
Created attachment 3745 [details] Quick patch for 3.2.x. Can you try and see if this fixes the problem ? Thanks, Jeremy.
Sorry for the delay; I need to wait until I can take some downtime to pull out the Ubuntu samba package and put in a fresh one from source. Should be this week sometime. If it helps confirm, I've worked around this for now by disabling wins name resolution for hostnames.
Created attachment 3749 [details] Replacement patch Correctly mutex's only _nss_wins_gethostbyname_r, not _nss_wins_gethostbyname2_r. Jeremy.
Any additional comments on this? I tried to apply the patch; but I'm somewhat new to all this attempting to build your own source in Ubuntu, and got most of they way.. As far as applying the patch to the source in Ubuntu Intrepid -- but I have no clue how to build it and make it work... I did ./configure, sudo make, sudo make install, and I couldn't get the daemon running... Like the Samba options in the Ubuntu menu, and whatnot(couldn't even find it in init.d). Switched back to Synaptic build; but Firefox maintains its crashing feature on most media rich sites... Which is often for me. Thanks
Could I get some help? How do we use the patches on this page? Thanks a lot. G
Ehh -- as we wait I did a little work around. With bryon@ICEMAN:~$ sudo vim /etc/nsswitch.conf I duplicated the hosts line, one with wins in it -- one without. When I shutdown, I comment the line that doesn't have wins. Once I'm started up again (since my drives are automounted using fstab), I edit the file, comment out the line with wins, then bryon@ICEMAN:~$ sudo service samba restart No firefox crash ;p
Im also getting the same error on numerous machines, running debian testing with samba 3.2.5 on some, and ubuntu intrepid ibex on others. Seems to hit more on the slower machines (intel atom based), than on faster processor machines. Have patched samba with the attached patch and will let you know how I get on. What's the underlying problem with this whole thing? Also, i've attached the crash I get and a copy of the deb I built with the patch. Built on debian as follows: $ sudo apt-get source samba $ sudo apt-get build-dep samba $ cd samba-3.2.5 $ cat ../replacement.patch | patch -p1 $ fakeroot debian/rules binary I assume it's the same for ubuntu.
Created attachment 3813 [details] another similar trace of same issue
Compiled debs with patch available at http://baal.bleurgh.com/samba/
Have been using this fix for a number of weeks now, and the crash has disappeared.
Patch is upstream. Closing out bug report.