firefox 3.0.3 crashes (no SIG) on most pages w/ images when using nss_wins: 8.10beta AMD64

Bug #286119 reported by TrReardon on 2008-10-19
118
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Liferea
Invalid
Undecided
Unassigned
samba
Fix Released
Unknown
firefox-3.0 (Ubuntu)
Undecided
Unassigned
Declined for Karmic by Chuck Short
Intrepid
Undecided
Unassigned
Jaunty
Undecided
Unassigned
samba (Debian)
Fix Released
Unknown
samba (Ubuntu)
High
Chuck Short
Declined for Karmic by Chuck Short
Intrepid
High
Unassigned
Jaunty
High
Chuck Short

Bug Description

Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)

*** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f2a1c268938]
/lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
/usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
/lib/libnss_wins.so.2[0x7f2a0b2d8f48]
/usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
/lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
/lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
/lib/libnss_wins.so.2[0x7f2a0b250be9]
/lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
/lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
/lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
/lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
/lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
/lib/libc.so.6[0x7f2a1c2bcf73]
/lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
/usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
/usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
/usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
/lib/libpthread.so.0[0x7f2a1cf163ea]
/lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
======= Memory map: ========
00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
01be5000-03560000 rw-p 01be5000 00:00 0 [heap]
40da5000-40da6000 ---p 40da5000 00:00 0
40da6000-415a6000 rw-p 40da6000 00:00 0
41745000-41746000 ---p 41745000 00:00 0
41746000-41f46000 rw-p 41746000 00:00 0
41f46000-41f47000 ---p 41f46000 00:00 0
41f47000-42747000 rw-p 41f47000 00:00 0
42747000-42748000 ---p 42747000 00:00 0
42748000-42f48000 rw-p 42748000 00:00 0
42f48000-42f49000 ---p 42f48000 00:00 0
42f49000-43749000 rw-p 42f49000 00:00 0
43749000-4374a000 ---p 43749000 00:00 0
4374a000-43f4a000 rw-p 4374a000 00:00 0
43f4a000-43f4b000 ---p 43f4a000 00:00 0
43f4b000-4474b000 rw-p 43f4b000 00:00 0
4474b000-4474c000 ---p 4474b000 00:00 0
4474c000-44f4c000 rw-p 4474c000 00:00 0
44f4c000-44f4d000 ---p 44f4c000 00:00 0
44f4d000-4574d000 rw-p 44f4d000 00:00 0
4574d000-4574e000 ---p 4574d000 00:00 0
4574e000-45f4e000 rw-p 4574e000 00:00 0
45f4e000-45f4f000 ---p 45f4e000 00:00 0
45f4f000-4674f000 rw-p 45f4f000 00:00 0
4674f000-46750000 ---p 4674f000 00:00 0
46750000-46f50000 rw-p 46750000 00:00 0
46f50000-46f51000 ---p 46f50000 00:00 0
46f51000-47751000 rw-p 46f51000 00:00 0
47751000-47752000 ---p 47751000 00:00 0
47752000-47f52000 rw-p 47752000 00:00 0
7f2a04000000-7f2a04487000 rw-p 7f2a04000000 00:00 0
7f2a04487000-7f2a08000000 ---p 7f2a04487000 00:00 0
7f2a0939b000-7f2a093f2000 r--p 00000000 08:06 327801 /home/reardon/.fonts/tahomabd.ttf
7f2a093f2000-7f2a09450000 r--p 00000000 08:06 327803 /home/reardon/.fonts/tahoma.ttf
7f2a09450000-7f2a09454000 r-xp 00000000 08:02 1687642 /lib/libnss_dns-2.8.90.so
7f2a09454000-7f2a09654000 ---p 00004000 08:02 1687642 /lib/libnss_dns-2.8.90.so
7f2a09654000-7f2a09655000 r--p 00004000 08:02 1687642 /lib/libnss_dns-2.8.90.so
7f2a09655000-7f2a09656000 rw-p 00005000 08:02 1687642 /lib/libnss_dns-2.8.90.so
7f2a09656000-7f2a09658000 r-xp 00000000 08:02 1687646 /lib/libnss_mdns4_minimal.so.2
7f2a09658000-7f2a09857000 ---p 00002000 08:02 1687646 /lib/libnss_mdns4_minimal.so.2
7f2a09857000-7f2a09858000 rw-p 00001000 08:02 1687646 /lib/libnss_mdns4_minimal.so.2
7f2a09858000-7f2a0985a000 r-xp 00000000 08:02 2064518 /usr/lib/gconv/IBM850.so
7f2a0985a000-7f2a09a59000 ---p 00002000 08:02 2064518 /usr/lib/gconv/IBM850.so
7f2a09a59000-7f2a09a5a000 r--p 00001000 08:02 2064518 /usr/lib/gconv/IBM850.so
7f2a09a5a000-7f2a09a5b000 rw-p 00002000 08:02 2064518 /usr/lib/gconv/IBM850.so
7f2a09a5b000-7f2a09a5d000 r-xp 00000000 08:02 1687598 /lib/libkeyutils-1.2.so
7f2a09a5d000-7f2a09c5c000 ---p 00002000 08:02 1687598 /lib/libkeyutils-1.2.so
7f2a09c5c000-7f2a09c5e000 rw-p 00001000 08:02 1687598 /lib/libkeyutils-1.2.so
7f2a09c5e000-7f2a09c65000 r-xp 00000000 08:02 240521 /usr/lib/libkrb5support.so.0.1
7f2a09c65000-7f2a09e64000 ---p 00007000 08:02 240521 /usr/lib/libkrb5support.so.0.1
7f2a09e64000-7f2a09e65000 r--p 00006000 08:02 240521 /usr/lib/libkrb5support.so.0.1
7f2a09e65000-7f2a09e66000 rw-p 00007000 08:02 240521 /usr/lib/libkrb5support.so.0.1
7f2a09e66000-7f2a09e7f000 r-xp 00000000 08:02 240544 /usr/lib/libsasl2.so.2.0.22
7f2a09e7f000-7f2a0a07e000 ---p 00019000 08:02 240544 /usr/lib/libsasl2.so.2.0.22
7f2a0a07e000-7f2a0a07f000 r--p 00018000 08:02 240544 /usr/lib/libsasl2.so.2.0.22
7f2a0a07f000-7f2a0a080000 rw-p 00019000 08:02 240544 /usr/lib/libsasl2.so.2.0.22
7f2a0a080000-7f2a0a088000 r-xp 00000000 08:02 239347 /usr/lib/libtalloc.so.1.2.0
7f2a0a088000-7f2a0a287000 ---p 00008000 08:02 239347 /usr/lib/libtalloc.so.1.2.0
7f2a0a287000-7f2a0a288000 r--p 00007000 08:02 239347 /usr/lib/libtalloc.so.1.2.0
7f2a0a288000-7f2a0a289000 rw-p 00008000 08:02 239347 /usr/lib/libtalloc.so.1.2.0
7f2a0a289000-7f2a0a292000 r-xp 00000000 08:02 1687627 /lib/libcrypt-2.8.90.so
7f2a0a292000-7f2a0a491000 ---p 00009000 08:02 1687627 /lib/libcrypt-2.8.90.so
7f2a0a491000-7f2a0a492000 r--p 00008000 08:02 1687627 /lib/libcrypt-2.8.90.so
7f2a0a492000-7f2a0a493000 rw-p 00009000 08:02 1687627 /lib/libcrypt-2.8.90.so
7f2a0a493000-7f2a0a4c1000 rw-p 7f2a0a493000 00:00 0
7f2a0a4c1000-7f2a0a4c4000 r-xp 00000000 08:02 1687678 /lib/libcom_err.so.2.1
7f2a0a4c4000-7f2a0a6c3000 ---p 00003000 08:02 1687678 /lib/libcom_err.so.2.1
7f2a0a6c3000-7f2a0a6c4000 r--p 00002000 08:02 1687678 /lib/libcom_err.so.2.1
7f2a0a6c4000-7f2a0a6c5000 rw-p 00003000 08:02 1687678 /lib/libcom_err.so.2.1
7f2a0a6c5000-7f2a0a6e8000 r-xp 00000000 08:02 240517 /usr/lib/libk5crypto.so.3.1
7f2a0a6e8000-7f2a0a8e7000 ---p 00023000 08:02 240517 /usr/lib/libk5crypto.so.3.1
7f2a0a8e7000-7f2a0a8e9000 r--p 00022000 08:02 240517 /usr/lib/libk5crypto.so.3.1
7f2a0a8e9000-7f2a0a8ea000 rw-p 00024000 08:02 240517 /usr/lib/libk5crypto.so.3.1
7f2a0a8ea000-7f2a0a982000 r-xp 00000000 08:02 240520 /usr/lib/libkrb5.so.3.3
7f2a0a982000-7f2a0ab81000 ---p 00098000 08:02 240520 /usr/lib/libkrb5.so.3.3
7f2a0ab81000-7f2a0ab84000 r--p 00097000 08:02 240520 /usr/lib/libkrb5.so.3.3
7f2a0ab84000-7f2a0ab85000 rw-p 0009a000 08:02 240520 /usr/lib/libkrb5.so.3.3
7f2a0ab85000-7f2a0abb0000 r-xp 00000000 08:02 240513 /usr/lib/libgssapi_krb5.so.2.2
7f2a0abb0000-7f2a0adaf000 ---p 0002b000 08:02 240513 /usr/lib/libgssapi_krb5.so.2.2
7f2a0adaf000-7f2a0adb0000 r--p 0002a000 08:02 240513 /usr/lib/libgssapi_krb5.so.2.2
7f2a0adb0000-7f2a0adb1000 rw-p 0002b000 08:02 240513 /usr/lib/libgssapi_krb5.so.2.2
7f2a0adb1000-7f2a0adbf000 r-xp 00000000 08:02 239622 /usr/lib/liblber-2.4.so.2.1.0
7f2a0adbf000-7f2a0afbe000 ---p 0000e000 08:02 239622 /usr/lib/liblber-2.4.so.2.1.0
7f2a0afbe000-7f2a0afbf000 r--p 0000d000 08:02 239622 /usr/lib/liblber-2.4.so.2.1.0
7f2a0afbf000-7f2a0afc0000 rw-p 0000e000 08:02 239622 /usr/lib/liblber-2.4.so.2.1.0
7f2a0afc0000-7f2a0b003000 r-xp 00000000 08:02 240580 /usr/lib/libldap_r-2.4.so.2.1.0
7f2a0b003000-7f2a0b202000 ---p 00043000 08:02 240580 /usr/lib/libldap_r-2.4.so.2.1.0Aborted (core dumped)

dpkg -l | grep firefox
ii firefox 3.0.3+nobinonly-0ubuntu1 meta package for the popular mozilla web bro
ii firefox-3.0 3.0.3+nobinonly-0ubuntu1 safe and easy web browser from Mozilla
ii firefox-3.0-branding 3.0.3+nobinonly-0ubuntu1 Package that ships the firefox branding
ii firefox-3.0-gnome-support 3.0.3+nobinonly-0ubuntu1 Support for Gnome in Mozilla Firefox
ii firefox-gnome-support 3.0.3+nobinonly-0ubuntu1 meta package pointing to the latest gnome-su
 dpkg -l | grep ubufox
ii ubufox 0.6~pre+bzr141-0ubuntu1 Ubuntu Firefox specific configuration defaul

Related branches

On Sun, Oct 19, 2008 at 09:12:43PM -0000, TrReardon wrote:
> Public bug reported:
>
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have
> tried w Flash installed and removed). Not usable, using Firefox under
> Wine as workaround (ick!)

Can you please install the -dbgsym packages as described on the wiki:

 https://wiki.ubuntu.com/MozillaTeam/Bugs#Crashes

and get a new backtrace (it needs symbols/line numbers)

Thanks

 status incomplete
 subscribe me

 - Alexander

No, instruction don't work. There are multiple problems: the instructions are for Hardy, not Intrepid. there is a basic problem with the debug output filename (you ouput to /tmp but then ask user to upload from ~/tmp) and most importantly, even thought I got the -dbgsym packages to install, when I run gdb it says

This GDB was configured as "x86_64-linux-gnu"...
(no debugging symbols found)

So, update your wiki and I'll be happy to report a better bug. In the meantime, why doesn't apport do this automatically? Are you telling me the single most important app on Ubuntu does have any bug autofile mechanism?

+Reardon

TrReardon (tr-reardon) wrote :

FWIW (on my system):

# dpkg -l | grep dbgsym
ii firefox-3.0-dbgsym 3.0.3+nobinonly-0ubuntu2 debug symbols for package firefox-3.0
ii libnss3-1d-dbgsym 3.12.0.3-0ubuntu5 debug symbols for package libnss3-1d
ii xulrunner-1.9-dbgsym 1.9.0.3+nobinonly-0ubuntu1 debug symbols for package xulrunner-1.9

TrReardon (tr-reardon) wrote :

Here's the gdb output, regardless of missing symbols. I am using the firefox update on Intrepid from today (oct 20)

This seems to repro best on pages that have images pull from multiple websites (ie different dns)

TrReardon (tr-reardon) wrote :

And note that it does NOT repro on 32-bit Firefox (it does report on 64-bit 3.1beta so it is broader than 3.0.3)

Alexander Sack (asac) wrote :

we need a step by step instruction how to reproduce this in the bug summary. and a symbolized backtrace. Without those elements its not really likely that we can process your crash.

BTW, the instructions should be easy to apply for intrepid.

Download full text (10.5 KiB)

This appears to be a race condition...repro's on exactly the same pages but only 30% of time. It's always difficult to give repro steps for race conditions.

Could you dig anything out of the traces? I can see that ff is doing some kind of name resolve, but I can't see what functions it ultimately crashes on. Any sense of what symbol files I am missing?

+Reardon

-----Original Message-----
From: Alexander Sack <email address hidden>

Date: Thu, 23 Oct 2008 08:44:23
To: <email address hidden>
Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w
 images: 8.10beta AMD64

we need a step by step instruction how to reproduce this in the bug
summary. and a symbolized backtrace. Without those elements its not
really likely that we can process your crash.

BTW, the instructions should be easy to apply for intrepid.

--
firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
https://bugs.launchpad.net/bugs/286119
You received this bug notification because you are a direct subscriber
of the bug.

Status in “firefox-3.0” source package in Ubuntu: Incomplete

Bug description:
Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)

*** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f2a1c268938]
/lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
/usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
/lib/libnss_wins.so.2[0x7f2a0b2d8f48]
/usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
/lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
/lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
/lib/libnss_wins.so.2[0x7f2a0b250be9]
/lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
/lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
/lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
/lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
/lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
/lib/libc.so.6[0x7f2a1c2bcf73]
/lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
/usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
/usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
/usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
/lib/libpthread.so.0[0x7f2a1cf163ea]
/lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
======= Memory map: ========
00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
01be5000-03560000 rw-p 01be5000 00:00 0 [heap]
40da5000-40da6000 ---p 40da5000 00:00 0
40da6000-415a6000 rw-p 40da6000 00:00 0
41745000-41746000 ---p 41745000 00:00 0
41746...

On Thu, Oct 23, 2008 at 12:06:05PM -0000, TrReardon wrote:
> This appears to be a race condition...repro's on exactly the same pages
> but only 30% of time. It's always difficult to give repro steps for
> race conditions.
>
> Could you dig anything out of the traces? I can see that ff is doing
> some kind of name resolve, but I can't see what functions it ultimately
> crashes on. Any sense of what symbol files I am missing?
>

Please install the -dbgsym packages so we get symbols in the
backtrace.

(Look at https://wiki.ubuntu.com/MozillaTeam/Bugs#Crashes to get an
idea where to get those from)

Thanks,

 - Alexander

... also look into disabling your extensions too (if you havent tried that yet)

Download full text (11.3 KiB)

I tried to make clear below that I am running without extensions. This bug repros on 3.0.3 or 3.1beta of Firefox.

I also tried to make clear that I DID follow the instructions for getting symbols, but (1) those instructions are for Hardy, not Intrepid (I edited this to make it work) and (2) those instructions do not work for different versions of FF. It should be made clear that certain elements of the instructions need to by entered differently for different versions (I'm an ex-dev and figured out, but even for me it wasn't obvious).

So, the backtrace that I uploaded was created using all the symbol files there were available to me. Can you get anything from that backtrace?

+Reardon

> From: <email address hidden>
> To: <email address hidden>
> Date: Thu, 23 Oct 2008 12:22:25 +0000
> Subject: Re: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages wimages: 8.10beta AMD64
>
> On Thu, Oct 23, 2008 at 12:06:05PM -0000, TrReardon wrote:
> > This appears to be a race condition...repro's on exactly the same pages
> > but only 30% of time. It's always difficult to give repro steps for
> > race conditions.
> >
> > Could you dig anything out of the traces? I can see that ff is doing
> > some kind of name resolve, but I can't see what functions it ultimately
> > crashes on. Any sense of what symbol files I am missing?
> >
>
> Please install the -dbgsym packages so we get symbols in the
> backtrace.
>
> (Look at https://wiki.ubuntu.com/MozillaTeam/Bugs#Crashes to get an
> idea where to get those from)
>
> Thanks,
>
> - Alexander
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “firefox-3.0” source package in Ubuntu: Incomplete
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
> /lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
> /lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
> /lib/libnss_wins.so.2[0x7f2a0b250be9]
> /lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
> /lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
> /lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
> /lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
> /lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
> /lib/libc.so.6[0x7f2a1c2bcf73]
> /lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
> /usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916...

Download full text (10.1 KiB)

Were you able to look at the backtrace I uploaded?

+Reardon

> From: <email address hidden>
> To: <email address hidden>
> Date: Thu, 23 Oct 2008 12:29:08 +0000
> Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
>
> ... also look into disabling your extensions too (if you havent tried
> that yet)
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “firefox-3.0” source package in Ubuntu: Incomplete
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
> /lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
> /lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
> /lib/libnss_wins.so.2[0x7f2a0b250be9]
> /lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
> /lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
> /lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
> /lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
> /lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
> /lib/libc.so.6[0x7f2a1c2bcf73]
> /lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
> /usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
> /usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
> /usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
> /lib/libpthread.so.0[0x7f2a1cf163ea]
> /lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
> ======= Memory map: ========
> 00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 01be5000-03560000 rw-p 01be5000 00:00 0 [heap]
> 40da5000-40da6000 ---p 40da5000 00:00 0
> 40da6000-415a6000 rw-p 40da6000 00:00 0
> 41745000-41746000 ---p 41745000 00:00 0
> 41746000-41f46000 rw-p 41746000 00:00 0
> 41f46000-41f47000 ---p 41f46000 00:00 0
> 41f47000-42747000 rw-p 41f47000 00:00 0
> 42747000-42748000 ---p 42747000 00:00 0
> 42748000-42f48000 rw-p 42748000 00:00 0
> 42f48000-42f49000 ---p 42f48000 00:00 0
> 42f49000-43749000 rw-p 42f49000 00:00 0
> 43749000-4374a000 ---p 43749000 00:00 0
> 4374a000-43f4a000 rw-p 4374a000 00:00 0
> 43f4a000-43f4b000 ---p 43f4a000 00:00 0
> 43f4b000-4474b000 rw-p 43f4b000 00:00 0
> 4474b000...

Download full text (10.7 KiB)

Do you understand that I DID install all the symbols. Is there something else I am doing wrong?

+Reardon

> From: <email address hidden>
> To: <email address hidden>
> Date: Thu, 23 Oct 2008 12:22:25 +0000
> Subject: Re: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages wimages: 8.10beta AMD64
>
> On Thu, Oct 23, 2008 at 12:06:05PM -0000, TrReardon wrote:
> > This appears to be a race condition...repro's on exactly the same pages
> > but only 30% of time. It's always difficult to give repro steps for
> > race conditions.
> >
> > Could you dig anything out of the traces? I can see that ff is doing
> > some kind of name resolve, but I can't see what functions it ultimately
> > crashes on. Any sense of what symbol files I am missing?
> >
>
> Please install the -dbgsym packages so we get symbols in the
> backtrace.
>
> (Look at https://wiki.ubuntu.com/MozillaTeam/Bugs#Crashes to get an
> idea where to get those from)
>
> Thanks,
>
> - Alexander
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “firefox-3.0” source package in Ubuntu: Incomplete
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
> /lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
> /lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
> /lib/libnss_wins.so.2[0x7f2a0b250be9]
> /lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
> /lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
> /lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
> /lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
> /lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
> /lib/libc.so.6[0x7f2a1c2bcf73]
> /lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
> /usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
> /usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
> /usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
> /lib/libpthread.so.0[0x7f2a1cf163ea]
> /lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
> ======= Memory map: ========
> 00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 01be5000-03560000 rw-p 01be5000 00:00 0 ...

Download full text (10.5 KiB)

just try any pages like www.drudgereport.com. clear your diskcache and reload the page. FF3 crashes about every 3rd time I try to page.

I am sorry but while this bug is pretty bad I do not have a 100% repro. I am sure you are aware that most timing-related bugs simply do not repro 100%.

Again, per my other posts, I HAVE LOADED SYMBOLS using the instructions you sent. However, gdb seems to only load some symbols and not others. Have you looked at the backtrace I uploaded?
+Reardon

> From: <email address hidden>
> To: <email address hidden>
> Date: Thu, 23 Oct 2008 12:29:08 +0000
> Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
>
> ... also look into disabling your extensions too (if you havent tried
> that yet)
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “firefox-3.0” source package in Ubuntu: Incomplete
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
> /lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
> /lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
> /lib/libnss_wins.so.2[0x7f2a0b250be9]
> /lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
> /lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
> /lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
> /lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
> /lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
> /lib/libc.so.6[0x7f2a1c2bcf73]
> /lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
> /usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
> /usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
> /usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
> /lib/libpthread.so.0[0x7f2a1cf163ea]
> /lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
> ======= Memory map: ========
> 00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
> 01be5000-03560000 rw-p 01be5000 00:00 0 [heap]
> 40da5000-40da6000 ---p 40da5000 00:00 0
> 40da6000-415a6000 rw-p 40da6000 00:00 0
> 41745000-41746000 ---p 41745000 00:00 0
> 41746000-41f46000 rw-p 41746000 00:00 0
> 41f4...

TrReardon (tr-reardon) wrote :
Download full text (12.1 KiB)

These are the symbols I have installed:
 dpkg -l | grep dbg
ii firefox-3.0-dbgsym 3.0.3+nobinonly-0ubuntu2 debug symbols for package firefox-3.0
ii firefox-3.0-gnome-support-dbgsym 3.0.3+nobinonly-0ubuntu2 debug symbols for package firefox-3.0-gnome-
ii libc6-dbgsym 2.8~20080505-0ubuntu7 debug symbols for package libc6
ii libcairo2-dbgsym 1.8.0-0ubuntu1 debug symbols for package libcairo2
ii libgtk2.0-0-dbgsym 2.14.4-0ubuntu1 debug symbols for package libgtk2.0-0
ii libnspr4-0d-dbgsym 4.7.1+1.9-0ubuntu4 debug symbols for package libnspr4-0d
ii libnss3-1d-dbgsym 3.12.0.3-0ubuntu5 debug symbols for package libnss3-1d
ii libpango1.0-0-dbgsym 1.22.1-0ubuntu1 debug symbols for package libpango1.0-0
ii xulrunner-1.9-dbgsym 1.9.0.3+nobinonly-0ubuntu1 debug symbols for package xulrunner-1.9
ii xulrunner-1.9-gnome-support-dbgsym 1.9.0.3+nobinonly-0ubuntu1 debug symbols for package xulrunner-1.9-gnom

I have done with the -dbgsym and with the -dbg packages, with the same results.

+Reardon

From: <email address hidden>
To: <email address hidden>; <email address hidden>
Subject: RE: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
Date: Thu, 23 Oct 2008 09:41:52 -0400

just try any pages like www.drudgereport.com. clear your diskcache and reload the page. FF3 crashes about every 3rd time I try to page.

I am sorry but while this bug is pretty bad I do not have a 100% repro. I am sure you are aware that most timing-related bugs simply do not repro 100%.

Again, per my other posts, I HAVE LOADED SYMBOLS using the instructions you sent. However, gdb seems to only load some symbols and not others. Have you looked at the backtrace I uploaded?
+Reardon

> From: <email address hidden>
> To: <email address hidden>
> Date: Thu, 23 Oct 2008 12:29:08 +0000
> Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
>
> ... also look into disabling your extensions too (if you havent tried
> that yet)
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “firefox-3.0” source package in Ubuntu: Incomplete
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(tall...

On Thu, Oct 23, 2008 at 12:44:13PM -0000, TrReardon wrote:
>
> So, the backtrace that I uploaded was created using all the symbol files
> there were available to me. Can you get anything from that backtrace?

Not sure what is going on then with symbols for you. the backtraces
attached definitly are not symoblized.

Anyway,

please try to use a fresh profile (e.g. move $HOME/.mozilla to a safe
backup location before starting).

If that doesnt help do a strace -eopen -f firefox &> /tmp/strace.log.txt and attach
that.

 - Alexander

if its really related to images a different graphics driver could also help.

Chris Unitt (cunitt) wrote :
Download full text (8.5 KiB)

Can I add that I have just started experiencing the same problem since upgrading from 8.04LTS to 8.10. This is incredibly infuriating and we surely can't be the only users experiencing this!

Linux bedroom 2.6.27-7-generic #1 SMP Thu Oct 30 04:12:22 UTC 2008 x86_64 GNU/Linux

*** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007fc88c034c60 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fc8ab2f8938]
/lib/libc.so.6(cfree+0x76)[0x7fc8ab2faf86]
/usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7fc89a02fb88]
/lib/libnss_wins.so.2[0x7fc89b282f48]
/usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7fc89a02fc92]
/lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7fc89b2aacb2]
/lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7fc89b2ab21d]
/lib/libnss_wins.so.2[0x7fc89b1fabe9]
/lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7fc89b1fba93]
/lib/libnss_wins.so.2(lock_path+0x9)[0x7fc89b2a5922]
/lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7fc89b250321]
/lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7fc89b252d2e]
/lib/libnss_wins.so.2(name_query+0x303)[0x7fc89b255530]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7fc89b1f8202]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7fc89b1f8484]
/lib/libc.so.6[0x7fc8ab34cf73]
/lib/libc.so.6(getaddrinfo+0x1de)[0x7fc8ab34e96e]
/usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7fc8aa9a6828]
/usr/lib/xulrunner-1.9.0.3/libxul.so[0x7fc8a9ab250a]
/usr/lib/libnspr4.so.0d[0x7fc8aa9b2dc3]
/lib/libpthread.so.0[0x7fc8abfa63ea]
/lib/libc.so.6(clone+0x6d)[0x7fc8ab365c6d]
======= Memory map: ========
00400000-00408000 r-xp 00000000 08:01 42675 /usr/lib/firefox-3.0.3/firefox
00608000-00609000 r--p 00008000 08:01 42675 /usr/lib/firefox-3.0.3/firefox
00609000-0060a000 rw-p 00009000 08:01 42675 /usr/lib/firefox-3.0.3/firefox
01d56000-0609b000 rw-p 01d56000 00:00 0 [heap]
40881000-40882000 ---p 40881000 00:00 0
40882000-41082000 rw-p 40882000 00:00 0
41150000-41151000 ---p 41150000 00:00 0
41151000-41951000 rw-p 41151000 00:00 0
419d2000-419d3000 ---p 419d2000 00:00 0
419d3000-421d3000 rw-p 419d3000 00:00 0
421d3000-421d4000 ---p 421d3000 00:00 0
421d4000-429d4000 rw-p 421d4000 00:00 0
429d4000-429d5000 ---p 429d4000 00:00 0
429d5000-431d5000 rw-p 429d5000 00:00 0
431d5000-431d6000 ---p 431d5000 00:00 0
431d6000-439d6000 rw-p 431d6000 00:00 0
439d6000-439d7000 ---p 439d6000 00:00 0
439d7000-441d7000 rw-p 439d7000 00:00 0
441d7000-441d8000 ---p 441d7000 00:00 0
441d8000-449d8000 rw-p 441d8000 00:00 0
449d8000-449d9000 ---p 449d8000 00:00 0
449d9000-451d9000 rw-p 449d9000 00:00 0
451d9000-451da000 ---p 451d9000 00:00 0
451da000-459da000 rw-p 451da000 00:00 0
459da000-459db000 ---p 459da000 00:00 0
459db000-461db000 rw-p 459db000 00:00 0
7fc88c000000-7fc88c120000 rw-p 7fc88c000000 00:00 0
7fc88c120000-7fc890000000 ---p 7fc88c120000 00:00 0
7fc893740000-7fc8937c9000 r--p 00000000 08:01 29029 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf
7fc8937c9000-7fc8937cb000 r-xp 00000000 08:01 10343 /us...

Read more...

Chris Unitt (cunitt) wrote :

I think I've managed to find the cause of this: winbind!

This was my nsswitch.conf file:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

I removed all references to winbind from this file and did an 'aptitude remove winbind'

Firefox is now stable, tried re-installing flash and re-activating my plugins, no crashes since!

Someone else with a 64-bit machine should now try to re-create this if possible and then hopefully we will have a definitive way to reproduce this.

Is it a firefox bug or a winbind bug? Should a seperate bug be raised as a winbind issue?

Download full text (11.0 KiB)

Killing winbind resolves the problem, but that is not a usable solution for most of us.

+Reardon

-----Original Message-----
From: Chris Unitt <email address hidden>

Date: Fri, 31 Oct 2008 22:10:00
To: <email address hidden>
Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w
 images: 8.10beta AMD64

I think I've managed to find the cause of this: winbind!

This was my nsswitch.conf file:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

I removed all references to winbind from this file and did an 'aptitude remove winbind'

Firefox is now stable, tried re-installing flash and re-activating my
plugins, no crashes since!

Someone else with a 64-bit machine should now try to re-create this if
possible and then hopefully we will have a definitive way to reproduce
this.

Is it a firefox bug or a winbind bug? Should a seperate bug be raised as
a winbind issue?

--
firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
https://bugs.launchpad.net/bugs/286119
You received this bug notification because you are a direct subscriber
of the bug.

Status in “firefox-3.0” source package in Ubuntu: Incomplete

Bug description:
Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)

*** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f2a1c268938]
/lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
/usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
/lib/libnss_wins.so.2[0x7f2a0b2d8f48]
/usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
/lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
/lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
/lib/libnss_wins.so.2[0x7f2a0b250be9]
/lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
/lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
/lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
/lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
/lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
/lib/libc.so.6[0x7f2a1c2bcf73]
/lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
/usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
/usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
/usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
/lib/libpthread.so.0[0x7f2a1cf163ea]
/lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
======= Memory...

Changed to winbind using samba since its the source package

I can confirm that removing winbind is a fix for this problem. I have been chasing Java and flash for the past two days looking for a solution. Unfortunately as TrReardon stated this is not a viable solution since without winbind I can't reach my network drives. I don't want to have to ultimately have to choose between the two.

AmenophisIII (amenophisiii) wrote :

argl.
this problem haunted me for weeks!
its not only firefox.. opera has the same issues... and basically everything that tried to lookup hostnames... although most apps dont do that as much as browsers.
baaaaaaaah.
thanks so much for this bug report.

i can't confirm that disabling wins in nsswitch.conf solves the issue YET.
but im quite sure. :)

AmenophisIII (amenophisiii) wrote :
Changed in samba:
status: Incomplete → Confirmed
Changed in firefox-3.0:
status: New → Invalid

AmenophisIII wrote:
> argl.
> this problem haunted me for weeks!
> its not only firefox.. opera has the same issues... and basically everything that tried to lookup hostnames... although most apps dont do that as much as browsers.
> baaaaaaaah.
> thanks so much for this bug report.
>
> i can't confirm that disabling wins in nsswitch.conf solves the issue YET.
> but im quite sure. :)
>
>
No worries

Just another note, I have since done an aptitude update/upgrade and
re-enabled wins without any issues.

mh i dont understand that... why could you reenable it, which version?
i have a fully upgraded 8.10 with samba and winbind 2:3.2.3-1ubuntu3.3.

benbennett (benbennett) wrote :

I also have libwbclient0 and winbind 2:3.2.3-1ubuntu3.3.
I reproduced the problem by editing the /etc/nsswitch.conf file.
sudo /etc/init.d/networking restart
sudo /etc/init.d/winbind restart
killall firefox
Point firefox to www.msnbc.com, almost always dies on the first page.

Download full text (10.1 KiB)

Agree, still fails for me on fully-updated (synaptic) ibex
+Reardon

-----Original Message-----
From: AmenophisIII <email address hidden>

Date: Fri, 02 Jan 2009 02:50:42
To: <email address hidden>
Subject: [Bug 286119] Re: firefox 3.0.3 crashes (no SIG) on most pages w
 images: 8.10beta AMD64

mh i dont understand that... why could you reenable it, which version?
i have a fully upgraded 8.10 with samba and winbind 2:3.2.3-1ubuntu3.3.

--
firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
https://bugs.launchpad.net/bugs/286119
You received this bug notification because you are a direct subscriber
of the bug.

Status in “firefox-3.0” source package in Ubuntu: Invalid
Status in “samba” source package in Ubuntu: Confirmed

Bug description:
Basically the same stacktrace on most pages. Is NOT tied to Flash (have tried w Flash installed and removed). Not usable, using Firefox under Wine as workaround (ick!)

*** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or corruption (!prev): 0x00007f2a04430cb0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f2a1c268938]
/lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
/usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
/lib/libnss_wins.so.2[0x7f2a0b2d8f48]
/usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
/lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
/lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
/lib/libnss_wins.so.2[0x7f2a0b250be9]
/lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
/lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
/lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
/lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
/lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
/lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
/lib/libc.so.6[0x7f2a1c2bcf73]
/lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
/usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
/usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
/usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
/lib/libpthread.so.0[0x7f2a1cf163ea]
/lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
======= Memory map: ========
00400000-00408000 r-xp 00000000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00608000-00609000 r--p 00008000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
00609000-0060a000 rw-p 00009000 08:02 534609 /usr/lib/firefox-3.0.3/firefox
01be5000-03560000 rw-p 01be5000 00:00 0 [heap]
40da5000-40da6000 ---p 40da5000 00:00 0
40da6000-415a6000 rw-p 40da6000 00:00 0
41745000-41746000 ---p 41745000 00:00 0
41746000-41f46000 rw-p 41746000 00:00 0
41f46000-41f47000 ---p 41f46000 00:00 0
41f47000-42747000 rw-p 41f47000 00:00 0
42747000-42748000 ---p 42747000 00:00 0
42748000-42f48000 rw-p 42748000 00:00 0
42f48000-42f49000 ---p 42f48000 00:00 0
42f49000-43749000 rw-p 42f49000 00:00 0
43749000-4374a000 ---p 43749000 00:00 0
4374a000-43f4a000 rw-p...

AmenophisIII wrote:
> mh i dont understand that... why could you reenable it, which version?
> i have a fully upgraded 8.10 with samba and winbind 2:3.2.3-1ubuntu3.3.
>
>
Hmm.

Well when I re-enabled it, I only added wins to the 'hosts' part of my
nsswitch.conf file, so now it is as follows:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

Maybe this helps?

On Fri, 02 Jan 2009 18:19:54 -0000
Chris Unitt <email address hidden> wrote:

> AmenophisIII wrote:
> > mh i dont understand that... why could you reenable it, which version?
> > i have a fully upgraded 8.10 with samba and winbind 2:3.2.3-1ubuntu3.3.
> >
> >
> Hmm.
>
> Well when I re-enabled it, I only added wins to the 'hosts' part of my
> nsswitch.conf file, so now it is as follows:
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
>
> Maybe this helps?

it helps, because now gethostbyname() will try DNS before WINS, and so
most concurrent request (mostly those of browsers) will never reach the wins library.
but if they would, for example if the DNS servers are down temporarily,
they would crash.

im not sure how mdns works, but in most cases [NOTFOUND=return] does
not make sense (it would never try dns, mdns4 or wins, if mdns4_minimal
could not find the host. see
http://gnu.huihoo.org/glibc-2.2.3/html_chapter/libc_28.html).

(sorry if this mail, does not work as intended. i used the webinterface
till now)

I have attached the patch from the samba bug(https://bugzilla.samba.org/show_bug.cgi?id=5904) it fixed the problem on my ibex x64 box but I think the upstream bug has the wrong component listed, I think it should be winbind as the component. After building I am pretty sure you just need to install the winbind*.deb package and that is all, it fixed the problem for me. Write back if I am missing anything. I would submit a package but I have no clue how to do it?
To build packages:
sudo apt-get install build-essential fakeroot dpkg-dev
mkdir -p ~/installs/samba/
cd ~/installs/samba
apt-get source samba (Note no sudo here , do want the files to be owned by root)
sudo apt-get build-dep samba
dpkg-source -x samba_3.2.3-1ubuntu3.3.dsc
cd samba-3.2.3
patch -p1 --dry-run < samba_bug5904.patch
(if it says: patching file source/nsswitch/wins.c )
patch -p1 < samba_bug5904.patch
dpkg-buildpackage -rfakeroot -b
sudo dpkg -i ../winbind_3.2.3-1ubuntu3.3_amd64.deb
add the wins section to your /etc/nsswitch.conf
sudo /etc/init.d/winbind restart
sudo /etc/init.d/networking restart

Make sure you restart any programs that would be using dns.

Only problem I see is my browser "seems" to run slower with wins enabled, but I have no quantitative proof only qualitative.

Overall I think they had a threading issue in samba that causes the crash , the patch puts a mutex in and some other things.

benbennett (benbennett) wrote :

Also I think this bug should have a higher importance, this really hurts if people are trying to migrate from windows and want to access windows shares, doing so causes crashes all over the place.

On Sat, 03 Jan 2009 04:11:12 -0000
bongey <email address hidden> wrote:

> Only problem I see is my browser "seems" to run slower with wins
> enabled, but I have no quantitative proof only qualitative.
>

if you put "wins" after "dns", it should only be slower, if there is no dns name.
if you put wins before, it would try to lookup all names with wins imho.
what does your config look like?

im glad, that i powered down my last windows box today :)
i agree, that this should be a higher priority.

crash with upstream patch.

Changed in samba:
importance: Undecided → High
status: Confirmed → Triaged
Changed in firefox-3.0:
status: New → Invalid
Alexander Sack (asac) wrote :

ack nomination as SRU candidate. Once we have confirm that the patch fixes this, we should upload to -proposed too.

Changed in samba:
importance: Undecided → High
milestone: none → intrepid-updates
status: New → Triaged
milestone: none → jaunty-alpha-4

Quoting Alexander Sack (<email address hidden>):
> crash with upstream patch.
>
> ** Also affects: samba via
> https://bugzilla.samba.org/show_bug.cgi?id=5904

Please also record this seems to be Debian bugs #509101 and #510450
(both merged together).

Leaving this to Those Who Know how to do this in LP...

If the patch is isolated, we just discussed with Steve Langasek about
the possibility to add to to Debian's 3.2.5 and have it for lenny.

I suspect this would make it easier to flow in Ubuntu, then (at least
as long as Debian remains upstream for Ubuntu....ahem).

Changed in samba:
status: Unknown → In Progress
Leon (leonbo) wrote :

Removing wins indeed work. But now I have to use nmblookup seperately to get an ip address :)

Download full text (9.3 KiB)

Well, I noticed a performance degrade with FF3, but other than that, I did
not see a problem.
I did not see yet a need for using nmblookup.

On Tue, Jan 6, 2009 at 3:13 PM, Leon <email address hidden> wrote:

> Removing wins indeed work. But now I have to use nmblookup seperately to
> get an ip address :)
>
> --
> firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64
> https://bugs.launchpad.net/bugs/286119
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in Samba: In Progress
> Status in "firefox-3.0" source package in Ubuntu: Invalid
> Status in "samba" source package in Ubuntu: Triaged
> Status in firefox-3.0 in Ubuntu Intrepid: Invalid
> Status in samba in Ubuntu Intrepid: Triaged
> Status in firefox-3.0 in Ubuntu Jaunty: Invalid
> Status in samba in Ubuntu Jaunty: Triaged
> Status in "samba" source package in Debian: Unknown
>
> Bug description:
> Basically the same stacktrace on most pages. Is NOT tied to Flash (have
> tried w Flash installed and removed). Not usable, using Firefox under Wine
> as workaround (ick!)
>
>
>
> *** glibc detected *** /usr/lib/firefox-3.0.3/firefox: double free or
> corruption (!prev): 0x00007f2a04430cb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f2a1c268938]
> /lib/libc.so.6(cfree+0x76)[0x7f2a1c26af86]
> /usr/lib/libtalloc.so.1(talloc_free+0x128)[0x7f2a0a085b88]
> /lib/libnss_wins.so.2[0x7f2a0b2d8f48]
> /usr/lib/libtalloc.so.1(talloc_free+0x232)[0x7f2a0a085c92]
> /lib/libnss_wins.so.2(alloc_sub_basic+0x8e9)[0x7f2a0b300cb2]
> /lib/libnss_wins.so.2(talloc_sub_basic+0x24)[0x7f2a0b30121d]
> /lib/libnss_wins.so.2[0x7f2a0b250be9]
> /lib/libnss_wins.so.2(lp_lockdir+0x1e)[0x7f2a0b251a93]
> /lib/libnss_wins.so.2(lock_path+0x9)[0x7f2a0b2fb922]
> /lib/libnss_wins.so.2(receive_unexpected+0x2c)[0x7f2a0b2a6321]
> /lib/libnss_wins.so.2(receive_nmb_packet+0x3b)[0x7f2a0b2a8d2e]
> /lib/libnss_wins.so.2(name_query+0x303)[0x7f2a0b2ab530]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname_r+0x2c8)[0x7f2a0b24e202]
> /lib/libnss_wins.so.2(_nss_wins_gethostbyname2_r+0x2b)[0x7f2a0b24e484]
> /lib/libc.so.6[0x7f2a1c2bcf73]
> /lib/libc.so.6(getaddrinfo+0x1de)[0x7f2a1c2be96e]
> /usr/lib/libnspr4.so.0d(PR_GetAddrInfoByName+0x108)[0x7f2a1b916828]
> /usr/lib/xulrunner-1.9.0.3/libxul.so[0x7f2a1aa2250a]
> /usr/lib/libnspr4.so.0d[0x7f2a1b922dc3]
> /lib/libpthread.so.0[0x7f2a1cf163ea]
> /lib/libc.so.6(clone+0x6d)[0x7f2a1c2d5c6d]
> ======= Memory map: ========
> 00400000-00408000 r-xp 00000000 08:02 534609
> /usr/lib/firefox-3.0.3/firefox
> 00608000-00609000 r--p 00008000 08:02 534609
> /usr/lib/firefox-3.0.3/firefox
> 00609000-0060a000 rw-p 00009000 08:02 534609
> /usr/lib/firefox-3.0.3/firefox
> 01be5000-03560000 rw-p 01be5000 00:00 0
> [heap]
> 40da5000-40da6000 ---p 40da5000 00:00 0
> 40da6000-415a6000 rw-p 40da6000 00:00 0
> 41745000-41746000 ---p 41745000 00:00 0
> 41746000-41f46000 rw-p 41746000 00:00 0
> 41f46000-41f47000 ---p 41f46000 00:00 0
> 41f47000-42747000 rw-p 41f47000 00:00 0
> 42747000-42748000 ---p 42747000 00:00 0
> 42748000-42f48000 rw-p 42748000 00:00 0
> 42f48000-42f49000 ---p 42f48000 00:00 0
> 42f49000-43749000 rw-p 42f49000 00:00 0
> 437...

Read more...

Hi,

Can you try the samba-3.2.3 version in my ppa (http://launchpad.net/~zulcss/+archive) when its available?

Thanks
chuck

On Tue, Jan 06, 2009 at 07:50:48PM -0000, Chuck Short wrote:
> Hi,
>
> Can you try the samba-3.2.3 version in my ppa
> (http://launchpad.net/~zulcss/+archive) when its available?

Anyone could test those please?

 - Alexander

I can test i386 and amd64 but I don't see a version for samba-3.2.3.

Debian I think is moving to the next version of samba , this might get fixed that way?

Martin Pitt (pitti) wrote :

Please fix ASAP in Jaunty. Thanks!

Changed in samba:
assignee: nobody → zulcss
milestone: intrepid-updates → none
status: Triaged → Fix Committed
Martin Pitt (pitti) wrote :

Accepted samba into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Jo Shields (directhex) wrote :

There seems to be no amd64 winbind binaries in intrepid-proposed. Is the buildd backed up again, or is there some arch issue with that repo?

benbennett (benbennett) wrote :

Yep I am having the same problem there is one for the docs package.

Roshan George (roshan-george) wrote :

Is there any chance that this will be backported to the Hardy LTS?

Emilio Pozuelo Monfort (pochu) wrote :

Not a Liferea bug, even less an upstream one.

Changed in liferea:
status: New → Invalid
Steve Langasek (vorlon) wrote :

For jaunty, this bug should be fixable with a trivial merge from Debian.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:3.2.5-4ubuntu1

---------------
samba (2:3.2.5-4ubuntu1) jaunty; urgency=low

  * Merge from Debian unstable, remaining changes:
    + debian/patches/VERSION.patch:
      - setup SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
      - Set 'usershare allow guests', so that usershare admins are
        allowed to create public shares in addition to authenticated
        ones.
      - add map to guest = Bad user, maps bad username to guest access.
    + debian/samba.postinst:
      - When populating the new samabshare group, it is not an error
        if the user simply does not exist; test for this case and let
        the install continue instead of aborting.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/mksambapasswd.awk:
      - Do not add user with UID less than 1000 to smbpasswd.
    + debian/control:
      - Depend on lsb-base >= 3.2-14, which has the status_of_proc()
        function.
      - Make libpam-smbpasswd depend on libpam-runtime to allow
        libpam-smbpasswd for auto-configuration.
      - Make libwbclient0 replace/conflict with hardy's likewise-open.
    + debian/samba.init:
      - Add a 'status' action.
    + debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
      debian/libpam-smbpass.prerm, debian/libpam-smbpass.files,
      debian/rules:
      - Provide a config block for the new PAM framework to auto-configure
        itself
    + debian/rules:
      - enable "native" PIE hardening.
    + Add ufw integration:
      - Created debian/samba.uwf.profile
      - debian/rules, debian/samba.dirs, debian/samba.files: install
        profile
      - debian/control: have samba suggest ufw
    + debian/patches/last-char-truncation.patch:
      - Fix compatibility issue with NAS boxes still using Samba 2.2 and
        earlier.
    + debian/winbind.files:
      - include additional files
    + debian/winbind.init:
      - Add a PID variable and a 'status' action.
  * Dropped changes:
    - don't worry about handling upgrades from feisty or edgy, since
      users should have upgraded to the hardy version first so this
      transition is now finished.
  * Fixes LP: #264943 and LP: #286119.

samba (2:3.2.5-4) unstable; urgency=low

  * Fix segfault whan accessign some NAS devices running old versions of Samba
    Closes: #500129
  * Fix process crush when using gethostbyname_r in several threads
    Closes: #509101, #510450

 -- Steve Langasek <email address hidden> Wed, 28 Jan 2009 02:35:42 +0000

Changed in samba:
status: Triaged → Fix Released

Either this bug is not related to samba or their are multiple unrelated bugs. On my amd64 box with kubuntu (all latest updates applied) firefox reliably crashes on this page:

http://code.google.com/android/reference/adb.html
Click on "Issuing ADB commands" crashes firefox and the following is printed on the console.

$ firefox
QPixmap: Invalid pixmap parameters
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 38913 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
Locking assertion failure. Backtrace:
#0 /usr/lib/libxcb-xlib.so.0 [0x7f0fdb3669fc]
#1 /usr/lib/libxcb-xlib.so.0(xcb_xlib_lock+0x17) [0x7f0fdb366b77]
#2 /usr/lib/libX11.so.6 [0x7f0fddc5b8c0]
#3 /usr/lib/libXrender.so.1(XRenderFreePicture+0x46) [0x7f0fddf1ea26]
#4 /usr/lib/libQtGui.so.4 [0x7f0fd35e8cfb]
#5 /usr/lib/libQtGui.so.4 [0x7f0fd35e9680]
#6 /usr/lib/libQtGui.so.4(_ZN7QPixmap5derefEv+0x53) [0x7f0fd35defa3]
#7 /usr/lib/libQtGui.so.4(_ZN7QPixmapD1Ev+0x24) [0x7f0fd35df2e4]
#8 /usr/lib/libQtGui.so.4 [0x7f0fd36c10bb]
#9 /usr/lib/libQtGui.so.4 [0x7f0fd36b9819]
#10 /usr/lib/libQtGui.so.4 [0x7f0fd35e8c58]
#11 /usr/lib/libQtGui.so.4 [0x7f0fd35e9680]
#12 /usr/lib/libQtGui.so.4(_ZN7QPixmap5derefEv+0x53) [0x7f0fd35defa3]
#13 /usr/lib/libQtGui.so.4(_ZN7QPixmapD2Ev+0x24) [0x7f0fd35df334]
#14 /usr/lib/libQtGui.so.4 [0x7f0fd35e4193]
#15 /usr/lib/libQtGui.so.4 [0x7f0fd35e479f]
#16 /usr/lib/libQtGui.so.4 [0x7f0fd35e3e85]
#17 /lib/libc.so.6(exit+0x9d) [0x7f0fe232066d]
#18 /usr/lib/libgdk-x11-2.0.so.0 [0x7f0fdcfacc81]
#19 /usr/lib/libX11.so.6(_XError+0xf4) [0x7f0fddc54784]

As you can see it crashes in Qt/X11. And it seems to me there is an issue with the widget theme you are using in kde4? I am trying to find a widget set that works. but so far I am unable to verify if my conjecture is correct.

Addendum: I am using firefox 3.0.5.

Steve Langasek (vorlon) wrote :

Kunjan,

Yes, your bug is unrelated. Please file a new bug report.

Steve Langasek schrieb:
> Yes, your bug is unrelated. Please file a new bug report.

For what it is worth, the bug that landed me on this list
is totally unrelated to this bug, too.

- Florian.

On Fri, Feb 06, 2009 at 06:38:55AM -0000, Kunjan Shah wrote:
> Either this bug is not related to samba or their are multiple unrelated
> bugs. On my amd64 box with kubuntu (all latest updates applied) firefox
> reliably crashes on this page:
>
> http://code.google.com/android/reference/adb.html
> Click on "Issuing ADB commands" crashes firefox and the following is printed on the console.
>
> $ firefox
> QPixmap: Invalid pixmap parameters
> The program 'firefox' received an X Window System error.
> This probably reflects a bug in the program.
> The error was 'BadAlloc (insufficient resources for operation)'.
> (Details: serial 38913 error_code 11 request_code 53 minor_code 0)
> (Note to programmers: normally, X errors are reported asynchronously;
> that is, you will receive the error a while after causing it.
> To debug your program, run it with the --sync command line
> option to change this behavior. You can then get a meaningful
> backtrace from your debugger if you break on the gdk_x_error() function.)
> Locking assertion failure. Backtrace:
> #0 /usr/lib/libxcb-xlib.so.0 [0x7f0fdb3669fc]
> #1 /usr/lib/libxcb-xlib.so.0(xcb_xlib_lock+0x17) [0x7f0fdb366b77]
> #2 /usr/lib/libX11.so.6 [0x7f0fddc5b8c0]
> #3 /usr/lib/libXrender.so.1(XRenderFreePicture+0x46) [0x7f0fddf1ea26]
> #4 /usr/lib/libQtGui.so.4 [0x7f0fd35e8cfb]
> #5 /usr/lib/libQtGui.so.4 [0x7f0fd35e9680]
> #6 /usr/lib/libQtGui.so.4(_ZN7QPixmap5derefEv+0x53) [0x7f0fd35defa3]
> #7 /usr/lib/libQtGui.so.4(_ZN7QPixmapD1Ev+0x24) [0x7f0fd35df2e4]

try to uninstall the gtk-qt-engine. Most likely this fixes the
crash. Let us know if thats the case and give us instructions how to
reproduce so we can reassign this to the appropriate package.

Thanks!

 - Alexander

Martin Pitt (pitti) wrote :

Did anyone test the current samba in intrepid-proposed? Does it fix this issue? Does it introduce any regression for you?

Changed in samba:
status: Unknown → Fix Released
Martin Pitt (pitti) wrote :

Any testing done here?

Jo Shields (directhex) wrote :

Seems fixed at first glance (thedailyshow.com used to be a guaranteed trigger for me, but is working okay)

Michael (m-gruys) wrote :

Why is the status Invalid?
According to sir Emilio Pozuelo Monfort is Bug #369274 a duplicate of this bug.
If this bug is marked as Invalid, it is thus not a duplicate of it.
Can someone elaborate please?

Michael (m-gruys) wrote :

Why is the status marked Invalid for the liferea package?

Emilio Pozuelo Monfort (pochu) wrote :

That is because this is not a bug in Liferea even if Liferea is affected (same as with Firefox).

But maybe I was wrong when marking #214192 and #369274 (which are the same crash) as duplicates of this bug, since those are crashes and this is a double free.

Can a samba guru look at any of those and tell me if they are different bugs?

Thanks

Kai Blin (kai.blin) wrote :

Looks like the same bug. Does the patch from the upstream bugtracker fix it for you?

Michael (m-gruys) wrote :

I want to test it with the upstream bugtracker fix. Can someone please push me in the right direction where to find the upstream bugtracker fix? Sorry I have to ask.

Kai Blin (kai.blin) wrote :

If you scroll up to the top of the page, you see an "affects package samba" that links to the samba bugzilla (link is called samba-bugs). The patch is in there.

Michael (m-gruys) wrote :

Thanks. Hereby I confirm the patch does not crash liferea anymore! Emilio Pozuelo Monfort was right at his first judgment. Please leave Bug #369274 market as duplicated.

Michael (m-gruys) wrote :

Thanks. Hereby I confirm the patch does not crash liferea anymore! Emilio Pozuelo Monfort was right at his first judgment. Please leave Bug #369274 marked as duplicated.

Michael wrote:
> Thanks. Hereby I confirm the patch does not crash liferea anymore!

Thanks for checking.

So was this applied in Jaunty? The duplicate bug report was a crash in Jaunty

Michael (m-gruys) wrote :

Yes, correct. This was also in Jaunty, just like my dupl. report.
--Michael

Emilio Pozuelo Monfort (pochu) wrote :

Michael wrote:
> Yes, correct. This was also in Jaunty, just like my dupl. report.

I mean, you have the crash because the patch is not applied in the Jaunty
package (you applied it yourself for testing purposes, but the patch is not in
the official packages). Right?

Michael (m-gruys) wrote :

Correct

Michael (m-gruys) wrote :

Addition:
And I wonder when the patch will be applied in the official package?
I have manually fixed something without Synaptic. I works and i am very pleased with that.
But... I hope it will be someday implemented in the official Jaunty packages?
Thx. in adv.

Emilio Pozuelo Monfort (pochu) wrote :

@Chuck: can you confirm that this is not applied to the Jaunty package? If that's the case, why is the Jaunty task closed?

Martin Pitt (pitti) wrote :

Michael, when you confirmed the fix in comment 68, were you using intrepid and the intrepid-proposed samba packages, or were you talking about Jaunty? Thanks!

Michael (m-gruys) wrote :

Mr. Pitt,
I am constantly talking about Jaunty. I have no intrepid environment (anymore).
Regards,

Thierry Carrez (ttx) wrote :

The 5904 patch was always present in 3.3 branch though, so it is present in Jaunty's samba version (3.3.2).

Michael (m-gruys) wrote :

Additional info:
https://bugzilla.samba.org/show_bug.cgi?id=5904

Using this patch: https://bugzilla.samba.org/attachment.cgi?id=3749

sudo apt-get remove samba
For the test I created a testfolder
in this testfolder:
apt-get source samba
cd samba-3.3.2/source/
./configure
patch -p2 </home/michael/testdir/look.diff
make -j2
su
make install
After that liferea did not crash anymore

Michael (m-gruys) wrote :

Mr. Carrez,
In that case is very strange the crash of liferea occurs in an up-to-date Jaunty environment :-(
Maybe it is a local problem on my machine.
In that case my apologizes for reporing this issue here.

Thierry Carrez (ttx) wrote :

@Michael:
if I follow what you did in the previous comment, I get:
...
patching file nsswitch/wins.c
Reversed (or previously applied) patch detected! Assume -R? [n]
...
You should get that as well (this shows that the patch is already applied). What exactly did you do at that point ? Reverse the patch (answer "y") ? or ignore it (answer "n") ?

Michael (m-gruys) wrote :

@Thierry Carrez:
I answered with yes. Hmm, that indicates the patch was indeed already applied.
Strange that it had positive effect on the liferea bug...
And more strange: why did liferea WITH the patch still produces the crash???
The puzzle become more cloudy.
Maybe the segmentation fault has to do with another thing? Again, I attached the gdb backtrace of the liferea crash in Jaunty...

Michael (m-gruys) wrote :

More Info:
After remove the package winbind, liferea does not crash anymore.
Does that indicate that something is wrong in the winbind package instead of the samba package?

Michael (m-gruys) wrote :

Please do not attend much time on this issue (liferea on Jaunty). More and more I am convinced it is a local problem. You are all doing great work. Don't be distracted of my local problem. Liferea works great now. Let it rest (in my opinion).

Changed in samba:
status: In Progress → Fix Released
Nizar Kerkeni (nizarus) wrote :

I got this bug with liferea on 2 PC with Jaunty 64bits where I installed winbind. When I remove winbind, liferea don't crash any more, but I need winbind to access to other PC on my network :/

Nizar Kerkeni (nizarus) wrote :

Forgot to say that, I have the same issue with liferea on karmic alpha1 64bits.

Thierry Carrez (ttx) wrote :

@Nizar: Are you sure it's the same bug ? This one *was* about a double-free corruption, not SIGSEGV. Do you have any stack trace that you could open a bug (in samba) so that we can check that it is indeed a duplicate...

Thanks in advance

Nizar Kerkeni (nizarus) wrote :

@Thierry : my problem is with liferea and it's similar to this Bug #369274
As the Bug #369274 is marked as a duplicate of this i reported my problem here.

Thierry Carrez (ttx) wrote :

I deduplicated it, since it's not the same crash at all.
Michael and Nizar: please follow up on bug 369274.

Martin Pitt (pitti) wrote :

Anyone who could test the current package in intrepid-proposed?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:3.2.3-1ubuntu3.5

---------------
samba (2:3.2.3-1ubuntu3.5) intrepid-proposed; urgency=low

  * debian/patches/fix-libnss-sigabrt.patch: Fix sigabort when using
    wins client. Taken from upstream. (LP: #286119)
  * debian/patches/ Fix sigsev when using old NAS devices. Taken
    from upstream. Thanks to Thierry Carrez for tracking this down.
    (LP: #264943)

 -- Chuck Short <email address hidden> Mon, 12 Jan 2009 13:40:17 -0500

Changed in samba (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Changed in samba:
importance: Unknown → Critical
Changed in samba:
importance: Critical → Unknown
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.