crash libc (firefox: res_query.c:258: __libc_res_nquery: Assertion `hp != hp2' failed)

RESOLVED INVALID

Status

()

Core
Networking: DNS
--
critical
RESOLVED INVALID
7 years ago
6 years ago

People

(Reporter: Ian Neal, Assigned: sworkman)

Tracking

({crash, stackwanted})

Trunk
x86_64
Linux
crash, stackwanted
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

7 years ago
This bug was filed from the Socorro interface and is 
report bp-3814a716-b2e4-4197-a6dd-d87c92111230 .
============================================================= 
Steps to reproduce:
1/ Either google and click on link for sports direct website or type it directly into location bar.
2/ Watch status saying it is looking up www.sportsdirect.com

Actual result
1/ Crash with "firefox: res_query.c:258: __libc_res_nquery: Assertion `hp != hp2' failed" in console window.

Expected result
1/ No crash
2/ Site is displayed or an error saying site is not available
(Reporter)

Updated

7 years ago
Component: General → Networking: DNS
Product: Firefox → Core
QA Contact: general → networking.dns
(Reporter)

Comment 1

7 years ago
Also happens on self built trunk from:
http://hg.mozilla.org/mozilla-central/rev/2cff3f89e54b
Using gcc version 4.6.2 20111027 (Red Hat 4.6.2-1) (GCC)
Version: 9 Branch → Trunk
(Reporter)

Updated

7 years ago
Keywords: stackwanted
(Reporter)

Comment 2

7 years ago
#0  0x0000003fb4236285 in raise () from /lib64/libc.so.6
#1  0x0000003fb4237b9b in abort () from /lib64/libc.so.6
#2  0x0000003fb422ee9e in __assert_fail_base () from /lib64/libc.so.6
#3  0x0000003fb422ef42 in __assert_fail () from /lib64/libc.so.6
#4  0x0000003fb72094dc in __libc_res_nquery () from /lib64/libresolv.so.2
#5  0x0000003fb7209695 in __libc_res_nquerydomain () from /lib64/libresolv.so.2
#6  0x0000003fb720994e in __libc_res_nsearch () from /lib64/libresolv.so.2
#7  0x00007fffd85fc3ec in _nss_dns_gethostbyname4_r ()
   from /lib64/libnss_dns.so.2
#8  0x0000003fb42d8b99 in gaih_inet () from /lib64/libc.so.6
#9  0x0000003fb42dc1ce in getaddrinfo () from /lib64/libc.so.6
#10 0x00007ffff4e3c8cb in PR_GetAddrInfoByName (hostname=
    0x7fffd834ba80 "www.sportsdirect.com", af=0, flags=32800)
    at /home/gizmo/mozdev/central/comm-central/mozilla/nsprpub/pr/src/misc/prnetdb.c:2079
#11 0x00007ffff5f41eab in nsHostResolver::ThreadFunc (arg=0x7ffff391bd90)
    at /home/gizmo/mozdev/central/comm-central/mozilla/netwerk/dns/nsHostResolver.cpp:913
#12 0x00007ffff4e4cc63 in _pt_root (arg=0x7fffd2ade370)
    at /home/gizmo/mozdev/central/comm-central/mozilla/nsprpub/pr/src/pthreads/ptthread.c:187
#13 0x0000003fb4a07d90 in start_thread () from /lib64/libpthread.so.0
#14 0x0000003fb42ef3dd in clone () from /lib64/libc.so.6
(Reporter)

Comment 3

7 years ago
SeaMonkey build with debug-symbols:
seamonkey-bin: res_query.c:258: __libc_res_nquery: Assertion `hp != hp2' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd2eff700 (LWP 526)]
0x0000003fb4236285 in __GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x0000003fb4236285 in __GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003fb4237b9b in __GI_abort () at abort.c:91
#2  0x0000003fb422ee9e in __assert_fail_base (fmt=<optimized out>, assertion=
    0x3fb72149f8 "hp != hp2", file=0x3fb72149e2 "res_query.c", 
    line=<optimized out>, function=<optimized out>) at assert.c:94
#3  0x0000003fb422ef42 in __GI___assert_fail (assertion=
    0x3fb72149f8 "hp != hp2", file=0x3fb72149e2 "res_query.c", line=258, 
    function=0x3fb7214a50 "__libc_res_nquery") at assert.c:103
#4  0x0000003fb72094dc in __libc_res_nquery (statp=0x7fffd2effdb8, name=
    0x7fffd2efd120 "www.sportsdirect.com.", class=1, type=62321, 
    answer=<optimized out>, anslen=2048, answerp=0x7fffd2efe2b0, answerp2=
    0x7fffd2efe2c0, nanswerp2=0x7fffd2efe31c, resplen2=0x7fffd2efe300)
    at res_query.c:258
#5  0x0000003fb7209695 in __libc_res_nquerydomain (statp=0x7fffd2effdb8, name=
    0x7fffdd4fa9f0 "www.sportsdirect.com", domain=<optimized out>, class=1, 
    type=62321, answer=0x7fffd2efda70 "1_\201\200", anslen=2048, answerp=
    0x7fffd2efe2b0, answerp2=0x7fffd2efe2c0, nanswerp2=0x7fffd2efe31c, 
    resplen2=0x7fffd2efe300) at res_query.c:578
#6  0x0000003fb720994e in __libc_res_nsearch (statp=0x7fffd2effdb8, name=
    0x7fffdd4fa9f0 "www.sportsdirect.com", class=1, type=62321, answer=
    0x7fffd2efda70 "1_\201\200", anslen=2048, answerp=0x7fffd2efe2b0, answerp2=
    0x7fffd2efe2c0, nanswerp2=0x7fffd2efe31c, resplen2=0x7fffd2efe300)
    at res_query.c:416
#7  0x00007fffd9efc3ec in _nss_dns_gethostbyname4_r (name=
    0x7fffdd4fa9f0 "www.sportsdirect.com", pat=0x7fffd2efe8d0, buffer=
    0x7fffd2efe380 "\300\250\001\006", buflen=1024, errnop=0x7fffd2efe900, 
    herrnop=0x7fffd2efe910, ttlp=0x0) at nss_dns/dns-host.c:314
#8  0x0000003fb42d8b99 in gaih_inet (name=
    0x7fffdd4fa9f0 "www.sportsdirect.com", service=<optimized out>, req=
    0x7fffd2efeb70, pai=<optimized out>, naddrs=0x7fffd2efeb00)
    at ../sysdeps/posix/getaddrinfo.c:842
#9  0x0000003fb42dc1ce in __GI_getaddrinfo (name=
    0x7fffdd4fa9f0 "www.sportsdirect.com", service=<optimized out>, hints=
    0x7fffd2efeb70, pai=0x7fffd2efeba0) at ../sysdeps/posix/getaddrinfo.c:2356
#10 0x00007ffff4e3c8cb in PR_GetAddrInfoByName (hostname=
    0x7fffdd4fa9f0 "www.sportsdirect.com", af=0, flags=32800)
    at /home/gizmo/mozdev/central/comm-central/mozilla/nsprpub/pr/src/misc/prnetdb.c:2079
#11 0x00007ffff5f41eab in nsHostResolver::ThreadFunc (arg=0x7ffff391bd90)
    at /home/gizmo/mozdev/central/comm-central/mozilla/netwerk/dns/nsHostResolver.cpp:913
#12 0x00007ffff4e4cc63 in _pt_root (arg=0x7fffdbf8fdf0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/nsprpub/pr/src/pthreads/ptthread.c:187
#13 0x0000003fb4a07d90 in start_thread (arg=0x7fffd2eff700)
    at pthread_create.c:309
#14 0x0000003fb42ef3dd in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(Reporter)

Comment 4

7 years ago
Looking at the crash reports this does seem to be x86_64 problem only.
Hardware: All → x86_64
(Assignee)

Updated

7 years ago
Assignee: nobody → sworkman
(Assignee)

Comment 5

7 years ago
Ian, I looked at the Socorro report and this seems to be a libc error rather than a Firefox one.  It also looks to affect more sites than just sportsdirect.com.  I'll take a look next week to see if I can confirm if it's libc or not.
(Reporter)

Comment 6

7 years ago
(In reply to Steve Workman [:sworkman] from comment #5)
> Ian, I looked at the Socorro report and this seems to be a libc error rather
> than a Firefox one.  It also looks to affect more sites than just
> sportsdirect.com.  I'll take a look next week to see if I can confirm if
> it's libc or not.

Also crashes in konqueror but not seen it in Google Chrome
konqueror: res_query.c:258: __libc_res_nquery: Assertion `hp != hp2' failed
(Assignee)

Comment 7

7 years ago
Ian, thanks for comment 6. I've looked through several similar bugs from Debian, Archlinux and RedHat - it looks like this is an ongoing issue with libc.

https://bugs.archlinux.org/task/24615
Assigned to Allan McRae:  He suggests that previous fixes were not perfect and it is more likely to be caused by bad DNS servers.

Versions affected:
2.14-1
2.14-3 - This is where the SIGABRT seems to be seen
2.14-6

This bug was CLOSED


http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632252
Assigned to Modestas Vainus

Affected:
2.13-9

This one was also CLOSED.

https://bugzilla.redhat.com/show_bug.cgi?id=730856
Assigned to Jeff Law

This bug seems to be a tricky one, that also seems to be to do with errors from DNS servers that are unusual. It seems to be hard to reproduce, so finding the root cause is not easy, but they're working on it.

This bug is still OPEN.


So, in summary, it definitely seems like it's a libc issue and not Firefox.
Status: NEW → ASSIGNED
(Assignee)

Comment 8

7 years ago
Changing status to INVALID, not because the crash isn't happening, but it's not a Firefox/Gecko issue.

The problem seems to be very deep in libc's getaddrinfo callgraph, and seems to deal with error messages from not-so-well-behaved DNS servers ... so, a workaround isn't really possible.

Except, of course, having our own DNS resolver. But that is a whole other discussion...
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.