Bug 164877

Summary: Curl program dies sometimes
Product: [Fedora] Fedora Reporter: Nigel Horne <njh>
Component: curlAssignee: Ivana Varekova <varekova>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: daniel
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-09 12:47:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Source code of the program to demonstrate the curl-devel crash
none
How to reproduce the problem none

Description Nigel Horne 2005-08-02 08:59:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Description of problem:
The attached program crashes about 20% of the time, pointing to a multi-threading problem within curl. Is curl thread safe?

Version-Release number of selected component (if applicable):
curl-devel-7.12.3-3-fc3

How reproducible:
Sometimes

Steps to Reproduce:
1. cc -g `curl-config --libs` foo.c
2. run a.out a few times
3.
  

Actual Results:  seg fault (huge 50MB core file for such a small program) every few runs.

Expected Results:  The 5 files should appear in /tmp.

Additional info:

The machine is running squid.

Comment 1 Nigel Horne 2005-08-02 09:00:54 UTC
Created attachment 117357 [details]
Source code of the program to demonstrate the curl-devel crash

Comment 2 Nigel Horne 2005-08-02 09:08:03 UTC
I forgot to include the backtrace:

(gdb) thread apply all bt
 
Thread 4 (process 9882):
#0  0x00000246 in ?? ()
Cannot access memory at address 0x0
#0  0x0087324b in curl_free () from /usr/lib/libcurl.so.3
(gdb) 

Comment 3 Nigel Horne 2005-08-02 09:23:29 UTC
I reran it under gdb and got a better stack trace:

[njh@bandsman tmp]$ gdb a.out
GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
 
(gdb) run
Starting program: /home/njh/tmp/a.out
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0x53a000
[Thread debugging using libthread_db enabled]
[New Thread -1208178464 (LWP 10452)]
[New Thread -1208181840 (LWP 10477)]
[New Thread -1218671696 (LWP 10478)]
[New Thread -1229161552 (LWP 10481)]
[New Thread -1239651408 (LWP 10484)]
[New Thread -1250141264 (LWP 10487)]
checkURLs: waiting for 5 thread(s) to finish
[Thread -1250141264 (LWP 10487) exited]
[Thread -1239651408 (LWP 10484) exited]
[Thread -1229161552 (LWP 10481) exited]
[Thread -1218671696 (LWP 10478) exited]
[Thread -1208181840 (LWP 10477) exited]
 
Program exited normally.
(gdb) run
warning: cannot close "shared object read from target memory": File in
wrong format
Starting program: /home/njh/tmp/a.out
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0x3d1000
[Thread debugging using libthread_db enabled]
[New Thread -1208534816 (LWP 10492)]
[New Thread -1208538192 (LWP 10515)]
[New Thread -1219028048 (LWP 10516)]
[New Thread -1229517904 (LWP 10519)]
[New Thread -1240007760 (LWP 10522)]
[New Thread -1250497616 (LWP 10525)]
checkURLs: waiting for 5 thread(s) to finish
[Thread -1219028048 (LWP 10516) exited]
[Thread -1208538192 (LWP 10515) exited]
 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208534816 (LWP 10492)]
0x008c124b in curl_free () from /usr/lib/libcurl.so.3
(gdb) thread apply all bt
 
Thread 6 (Thread -1250497616 (LWP 10525)):
#0  0x003d1402 in __kernel_vsyscall ()
#1  0x004b5404 in poll () from /lib/tls/libc.so.6
#2  0x008cddb1 in Curl_select () from /usr/lib/libcurl.so.3
#3  0x008c79e3 in Curl_perform () from /usr/lib/libcurl.so.3
#4  0x008c7f72 in curl_easy_perform () from /usr/lib/libcurl.so.3
#5  0x00002715 in ?? ()
#6  0x08048f26 in _IO_stdin_used ()
#7  0x008c7f44 in curl_easy_perform () from /usr/lib/libcurl.so.3
#8  0x00000000 in ?? ()
 
Thread 5 (Thread -1240007760 (LWP 10522)):
#0  0x003d1402 in __kernel_vsyscall ()
#1  0x004b5404 in poll () from /lib/tls/libc.so.6
#2  0x008cddb1 in Curl_select () from /usr/lib/libcurl.so.3
#3  0x008c79e3 in Curl_perform () from /usr/lib/libcurl.so.3
#4  0x008c7f72 in curl_easy_perform () from /usr/lib/libcurl.so.3
#5  0x00002715 in ?? ()
#6  0x08048f26 in _IO_stdin_used ()
#7  0x008c7f44 in curl_easy_perform () from /usr/lib/libcurl.so.3
#8  0x00000000 in ?? ()
 
Thread 4 (Thread -1229517904 (LWP 10519)):
#0  0x003d1402 in __kernel_vsyscall ()
#1  0x004b5404 in poll () from /lib/tls/libc.so.6
#2  0x008cddb1 in Curl_select () from /usr/lib/libcurl.so.3
#3  0x008c79e3 in Curl_perform () from /usr/lib/libcurl.so.3
---Type <return> to continue, or q <return> to quit---
#4  0x008c7f72 in curl_easy_perform () from /usr/lib/libcurl.so.3
#5  0x00002715 in ?? ()
#6  0x08048f26 in _IO_stdin_used ()
#7  0x008c7f44 in curl_easy_perform () from /usr/lib/libcurl.so.3
#8  0x00000000 in ?? ()
 
Thread 3 (Thread -1219028048 (LWP 10516)):
#0  0x008c124b in curl_free () from /usr/lib/libcurl.so.3
#1  0x008c13fb in curl_msnprintf () from /usr/lib/libcurl.so.3
#2  0x008c2880 in curl_mvsnprintf () from /usr/lib/libcurl.so.3
#3  0x008b4ca2 in Curl_failf () from /usr/lib/libcurl.so.3
#4  0x008adbf7 in Curl_resolv () from /usr/lib/libcurl.so.3
#5  0x008bbcb8 in Curl_connect () from /usr/lib/libcurl.so.3
#6  0x09bebb90 in ?? ()
#7  0x09beb1b8 in ?? ()
#8  0xb576d7d0 in ?? ()
#9  0xb576d7d7 in ?? ()
#10 0x00000000 in ?? ()
 
Thread 2 (Thread -1208538192 (LWP 10515)):
#0  0x008c124b in curl_free () from /usr/lib/libcurl.so.3
#1  0x008c13fb in curl_msnprintf () from /usr/lib/libcurl.so.3
#2  0x008c2880 in curl_mvsnprintf () from /usr/lib/libcurl.so.3
#3  0x008b4ca2 in Curl_failf () from /usr/lib/libcurl.so.3
#4  0x008adbf7 in Curl_resolv () from /usr/lib/libcurl.so.3
#5  0x008bbcb8 in Curl_connect () from /usr/lib/libcurl.so.3
#6  0x09bebb90 in ?? ()
#7  0x09beb1b8 in ?? ()
---Type <return> to continue, or q <return> to quit---
#8  0xb576d7d0 in ?? ()
#9  0xb576d7d7 in ?? ()
#10 0x00000000 in ?? ()
 
Thread 1 (Thread -1208534816 (LWP 10492)):
#0  0x008c124b in curl_free () from /usr/lib/libcurl.so.3
#1  0x008c13fb in curl_msnprintf () from /usr/lib/libcurl.so.3
#2  0x008c2880 in curl_mvsnprintf () from /usr/lib/libcurl.so.3
#3  0x008b4ca2 in Curl_failf () from /usr/lib/libcurl.so.3
#4  0x008adbf7 in Curl_resolv () from /usr/lib/libcurl.so.3
#5  0x008bbcb8 in Curl_connect () from /usr/lib/libcurl.so.3
#6  0x09bebb90 in ?? ()
#7  0x09beb1b8 in ?? ()
#8  0xb576d7d0 in ?? ()
#9  0xb576d7d7 in ?? ()
#10 0x00000000 in ?? ()
(gdb)

Comment 4 Nigel Horne 2005-08-03 21:18:06 UTC
Created attachment 117421 [details]
How to reproduce the problem

Better version of test code, without a misleading #ifdef and curl_easy_cleanup
in the right place. This still demonstrates the problem

Comment 5 Ivana Varekova 2005-08-04 10:01:34 UTC
Could you reproduce this bug with the last curl version (curl-7.14.0-1). I try
to reproduce this bug with this curl version, but I was not succesfull (I tried
it a few times).
Ivana Varekova

Comment 6 Nigel Horne 2005-08-04 11:01:11 UTC
I am already using the latest version according to "yum". How do I update? "yum
update/upgrade" doesn't find a newer version.

Comment 7 Ivana Varekova 2005-08-04 13:30:52 UTC
It is devel version:
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/


Comment 8 Nigel Horne 2005-08-05 07:01:41 UTC
That fails:

[root@bandsman yum.repos.d]# rpm -Uvh
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/curl-7.14.0-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/curl-devel-7.14.0-1.i386.rpm
Retrieving
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/curl-7.14.0-1.i386.rpm
Retrieving
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/curl-devel-7.14.0-1.i386.rpm
error: Failed dependencies:
        libcrypto.so.5 is needed by curl-7.14.0-1.i386
        libgssapi_krb5.so.2(gssapi_krb5_2_MIT) is needed by curl-7.14.0-1.i386
        libkrb5support.so.0 is needed by curl-7.14.0-1.i386
        libssl.so.5 is needed by curl-7.14.0-1.i386
[root@bandsman yum.repos.d]#



Comment 9 Ivana Varekova 2005-08-08 08:58:15 UTC
Hello, 
the last version 7.14.0 which you can use on your system without updating the
other packages is: 
http://people.redhat.com/varekova/curl-7.14.0-1.test.i386.rpm  
http://people.redhat.com/varekova/curl-devel-7.14.0-1.test.i386.rpm  
Could you please test this version.
Thank you.


Comment 11 Ivana Varekova 2005-08-11 06:55:31 UTC
I tried to install these packages using command from comment 10, but it works
right. So could you please try to install these packages again and could you use
command rpm -Uvvh and attach output of this command here.

Comment 12 Nigel Horne 2005-08-11 20:02:32 UTC
rpm -Uvvh seems to have fixed the installation, thanks.

I will soak test with the new curl and report back here.

Comment 13 Nigel Horne 2005-08-13 10:49:09 UTC
So far so good, thanks. When will this be released into the main tree?

Comment 14 Nigel Horne 2005-08-13 12:58:06 UTC
Bad news, it isn't fixed. 
 
I have found that another program I have still crashes curl even with the 
latest version you sent me. I haven't yet been able to nail it down to a small 
test program that will reproduce it, however I do have this valgrind stack 
trace: 
 
==5589== 
==5589== Invalid write of size 4 
==5589==    at 0x1B928508: Curl_resolv (in /usr/lib/libcurl.so.3.0.0) 
==5589==  Address 0x1D2AC874 is on thread 1's stack 
==5589== 
==5589== Invalid read of size 4 
==5589==    at 0x1B92850C: Curl_resolv (in /usr/lib/libcurl.so.3.0.0) 
==5589==  Address 0x1D2AC88C is on thread 1's stack 
==5589== 
==5589== Invalid write of size 4 
==5589==    at 0x1B92850F: Curl_resolv (in /usr/lib/libcurl.so.3.0.0) 
==5589==  Address 0x1D2AC870 is on thread 1's stack 
==5589== 
==5589== Invalid read of size 4 
==5589==    at 0x1B92F970: Curl_failf (in /usr/lib/libcurl.so.3.0.0) 
==5589==  Address 0x1D2AC870 is on thread 1's stack 
==5589== 
==5589== Invalid read of size 4 
==5589==    at 0x1B92F977: Curl_failf (in /usr/lib/libcurl.so.3.0.0) 
==5589==  Address 0x1D2AC874 is on thread 1's stack 
==5589== 
==5589== Process terminating with default action of signal 11 (SIGSEGV) 
==5589==  Bad permissions for mapped region at address 0x1B927DDD 
==5589==    at 0x1B93D0CB: (within /usr/lib/libcurl.so.3.0.0) 
==5589== 
 

Comment 15 Daniel Stenberg 2005-08-13 20:51:12 UTC
This problem is unknown upstream.

Comment 16 Ivana Varekova 2005-08-24 13:32:33 UTC
Could you please describe your problem more preciesly (attach some test case). 
Thank you.

Comment 17 Nigel Horne 2005-08-24 13:39:01 UTC
foo()
{
static bool initialised = false;
                                                                               
                                             
                if(!initialised) {
                        if(curl_global_init(CURL_GLOBAL_NOTHING) != 0)
                                break;
                        initialised = true;
                }
                CURL *curl = curl_easy_init();
                if(curl == NULL)
                        continue;
                                                                               
                                             
                (void)curl_easy_setopt(curl, CURLOPT_USERAGENT, "njh");
                                                                               
                                             
                if(curl_easy_setopt(curl, CURLOPT_URL, url.data()) != 0)
                        continue;
                                                                               
                                             
                curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
                curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
                                                                               
                                             
                // use squid if available
                struct curl_slist *headers = curl_slist_append(NULL, "Pragma:");
                curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
                                                                               
                                             
                // these 3 values should be configurable
                curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30);
                curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10);
                curl_easy_setopt(curl, CURLOPT_MAXFILESIZE, 50*1024);
                                                                               
                                             
                char errorbuffer[257];  
                                     curl_easy_setopt(curl, CURLOPT_ERRORBUFFER,
errorbuffer);
                                                                               
                                             
                if(curl_easy_perform(curl) != CURLE_OK)
                        syslog(LOG_INFO, "Failed to download URL %s (%s)",
url.data(), errorbuffer);
                                                                               
                                             
                curl_easy_cleanup(curl);
                curl_slist_free_all(headers);
        }
                                         
/* curl write data callback */
static size_t
write_data(void *buffer, size_t size, size_t nmemb, void *userp)
{
       
        const char *data = (const char *)buffer;
        int n = (int)nmemb;
                                                                               
                                             
        while(--n >= 0) {);
                write(1, data, size);
                data += size;
        }
        return size * nmemb;
}

Comment 18 Ivana Varekova 2005-08-31 14:54:21 UTC
Hello, I tried to reproduce your problem (I use your example - comment 17), but
I was not successful. I use curl-7.14.0-1.test. In this example there was no
problem. Could you please describe your problem more preciesly or could you
attach just that example which reproduce this bug.

Comment 19 Ivana Varekova 2006-01-09 12:47:26 UTC
I can't reproduce this problem. Becouse there is no response from reporter I'm
closing this bug.