815742 – "realloc(): invalid pointer" whilst loading cert9.db in NSS_InitContext inside curl

Bug 815742 - "realloc(): invalid pointer" whilst loading cert9.db in NSS_InitContext inside curl

Summary: "realloc(): invalid pointer" whilst loading cert9.db in NSS_InitContext insid...

Keywords:
Status:	CLOSED DUPLICATE of bug 801981
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sqlite
Sub Component:
Version:	17
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Panu Matilainen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:d7b76134a58f5eb566d8e18186d...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-04-24 12:18 UTC by Masami Ichikawa
Modified:	2012-04-26 07:35 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-04-25 16:36:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: core_backtrace (4.67 KB, text/plain) 2012-04-24 12:18 UTC, Masami Ichikawa	no flags	Details
File: backtrace (71.61 KB, text/plain) 2012-04-24 12:18 UTC, Masami Ichikawa	no flags	Details
File: maps (46.72 KB, text/plain) 2012-04-24 12:18 UTC, Masami Ichikawa	no flags	Details
File: dso_list (10.10 KB, text/plain) 2012-04-24 12:18 UTC, Masami Ichikawa	no flags	Details
valgrind log file (1.47 MB, text/plain) 2012-04-24 23:06 UTC, Masami Ichikawa	no flags	Details
View All

Description Masami Ichikawa 2012-04-24 12:18:08 UTC

libreport version: 2.0.10
abrt_version:   2.0.10
backtrace_rating: 4
cmdline:        /usr/bin/python /bin/fedora-easy-karma
crash_function: __GI_raise
executable:     /usr/bin/python2.7
kernel:         3.3.2-8.fc17.x86_64
pid:            3381
pwd:            /home/masami
remote_result:  NOTFOUND
time:           Tue 24 Apr 2012 09:07:55 PM JST
uid:            1000
username:       masami

backtrace:      Text file, 73326 bytes
core_backtrace: Text file, 4782 bytes
dso_list:       Text file, 10340 bytes
maps:           Text file, 47845 bytes

cgroup:
:9:perf_event:/
:8:blkio:/
:7:net_cls:/
:6:freezer:/
:5:devices:/
:4:memory:/
:3:cpuacct,cpu:/
:2:cpuset:/
:1:name=systemd:/user/masami/1

comment:
:I got core dump when run fedora-easy-karma from command line.
:
:[masami@rune:~]$ fedora-easy-karma --debug
:DEBUG: fedora_cert_error - timedelta: 0:00:00.000042
:DEBUG: fas_username NameError - timedelta: 0:00:00.000049
:Getting list of installed packages...
:DEBUG: starting yum query - timedelta: 0:00:00.016881
:Getting list of packages in updates-testing...
:DEBUG: starting bodhi query - timedelta: 0:00:00.362777
:zsh: abort (core dumped)  fedora-easy-karma --debug
:

environ:
:BOOT_IMAGE=/vmlinuz-3.3.2-8.fc17.x86_64
:CCACHE_HASHDIR=
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-XwwQVEwSEt,guid=f45f89f284234f861c82cf8c0000002a
:DESKTOP_SESSION=LXDE
:DISPLAY=:0
:GNOME_KEYRING_CONTROL=/home/masami/.cache/keyring-bVwGZM
:GNOME_KEYRING_PID=955
:GTK_IM_MODULE=ibus
:HISTCONTROL=ignoredups
:HISTSIZE=10000
:HOME=/home/masami
:HOSTNAME=rune
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:IMSETTINGS_MODULE=IBus
:KEYTABLE=us
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:LOGNAME=masami
:MAIL=/var/spool/mail/masami
:PATH=/usr/lib64/ccache:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/masami/bin:/home/masami/bin:/home/masami/bin
:PREFERRED=/usr/bin/startlxde
:PWD=/home/masami
:QT_IM_MODULE=xim
:SAL_USE_VCLPLUGIN=gtk
:SHELL=/bin/zsh
:SHLVL=1
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:SYSFONT=True
:TERM=screen
:TMUX=/tmp//tmux-1000/default,1395,0
:TMUX_PANE=%0
:USER=masami
:XAUTHORITY=/home/masami/.Xauthority
:XDG_CONFIG_HOME=/home/masami/.config
:XDG_CURRENT_DESKTOP=LXDE
:XDG_MENU_PREFIX=lxde-
:XDG_RUNTIME_DIR=/run/user/masami
:XDG_SEAT=seat0
:XDG_SESSION_ID=1
:XDG_VTNR=1
:XMODIFIERS=@im=ibus
:_LXSESSION_PID=1022
:OLDPWD=/home/masami/Downloads
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:CONCURRENCY_LEVEL=8
:EDITOR=vim
:GIT_EDITOR=vim
:MALLOC_CHECK_=2
:MALLOC_PERTURB_=56
:KERN_PREBUILT=prebuilt
:vcs_info_msg_0_=
:vcs_info_msg_1_=
:LANG=en_US.UTF-8
:_=/bin/fedora-easy-karma

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            8388608              unlimited            bytes     
:Max core file size        unlimited            unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             1024                 63326                processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       63326                63326                signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

open_fds:
:0:/dev/pts/1
:pos:	0
:flags:	0102002
:1:/dev/pts/1
:pos:	0
:flags:	0102002
:2:/dev/pts/1
:pos:	0
:flags:	0102002
:3:socket:[48127]
:pos:	0
:flags:	02
:4:/var/lib/rpm/Packages
:pos:	0
:flags:	02100000
:5:/var/lib/rpm/Name
:pos:	0
:flags:	02100000
:6:socket:[50404]
:pos:	0
:flags:	04002
:7:/home/masami/.pki/nssdb/cert9.db
:pos:	6144
:flags:	02100002

smolt_data:
:
:
:General
:=================================
:UUID: c361d77f-a819-4c96-8873-45d7c4c0143d
:OS: Fedora release 17 (Beefy Miracle)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: x86_64
:BogoMIPS: 3990.95
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
:CPU Stepping: 7
:CPU Family: 6
:CPU Model Num: 42
:Number of CPUs: 8
:CPU Speed: 2001
:System Memory: 7935
:System Swap: 9983
:Vendor: Mouse Computer Co.,Ltd.
:System: TWH 04
:Form factor: Notebook
:Kernel: 3.3.2-8.fc17.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(4332:33138:4332:33138) pci, rtl8192se, NETWORK, RTL8191SEvB Wireless LAN Controller
:(32902:7241:5421:2163) pci, None, PCI/ISA, HM65 Express Chipset Family LPC Controller
:(32902:278:5421:2163) pci, i915, VIDEO, 2nd Generation Core Processor Family Integrated Graphics Controller
:(32902:7171:5421:2163) pci, ahci, STORAGE, 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller
:(32902:7184:5421:2163) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1
:(32902:7186:5421:2163) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2
:(32902:7200:5421:2163) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller
:(32902:7202:5421:2163) pci, None, SERIAL, 6 Series/C200 Series Chipset Family SMBus Controller
:(6505:4227:5421:2163) pci, atl1c, ETHERNET, AR8151 v2.0 Gigabit Ethernet
:(4318:3572:5421:2163) pci, nouveau, VIDEO, GF106 [GeForce GT 555M SDDR3]
:(32902:7213:5421:2163) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
:(32902:7206:5421:2163) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
:(32902:260:5421:2163) pci, agpgart-intel, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller
:(32902:7226:5421:2163) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1
:(32902:257:5421:2163) pci, pcieport, PCI/PCI, Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/sda4 / ext4 4096 4096 26593502 22165932 21899770 6660096 6428236 6428236
:/dev/sda2 /boot ext4 1024 1024 508745 376709 351109 128016 127711 127711
:/dev/sdc1 WITHHELD vfat 32768 32768 956732 461109 461109 0 0 0
:/dev/sdb1 WITHHELD ext4 4096 4096 7865286 7307387 6913173 1974272 1974251 1974251
:

var_log_messages:
:Apr 24 20:37:55 rune dbus-daemon[616]: File "/usr/lib64/python2.7/site-packages/setroubleshoot/server.py", line 46, in <module>
:Apr 24 20:37:55 rune dbus-daemon[616]: File "/usr/lib64/python2.7/site-packages/setroubleshoot/analyze.py", line 37, in <module>
:Apr 24 20:37:55 rune dbus-daemon[616]: File "/usr/lib64/python2.7/site-packages/setroubleshoot/avc_audit.py", line 38, in <module>
:Apr 24 20:37:55 rune dbus-daemon[616]: File "/usr/lib64/python2.7/site-packages/setroubleshoot/util.py", line 283, in <module>
:Apr 24 20:37:55 rune dbus-daemon[616]: File "/usr/lib64/python2.7/site-packages/setools/__init__.py", line 49, in seinfo
:Apr 24 20:58:33 rune abrt[2820]: Saved core dump of pid 2818 (/usr/bin/python2.7) to /var/spool/abrt/ccpp-2012-04-24-20:58:32-2818 (38264832 bytes)
:Apr 24 20:59:28 rune abrt[2864]: Saved core dump of pid 2862 (/usr/bin/python2.7) to /var/spool/abrt/ccpp-2012-04-24-20:59:27-2862 (38268928 bytes)
:Apr 24 21:05:07 rune abrt[3246]: Saved core dump of pid 3244 (/usr/bin/python2.7) to /var/spool/abrt/ccpp-2012-04-24-21:05:07-3244 (38264832 bytes)
:Apr 24 21:05:38 rune abrt[3301]: Saved core dump of pid 3293 (/usr/bin/python2.7) to /var/spool/abrt/ccpp-2012-04-24-21:05:37-3293 (38264832 bytes)
:Apr 24 21:07:56 rune abrt[3383]: Saved core dump of pid 3381 (/usr/bin/python2.7) to /var/spool/abrt/ccpp-2012-04-24-21:07:55-3381 (38264832 bytes)

Comment 1 Masami Ichikawa 2012-04-24 12:18:16 UTC

Created attachment 579837 [details]
File: core_backtrace

Comment 2 Masami Ichikawa 2012-04-24 12:18:19 UTC

Created attachment 579838 [details]
File: backtrace

Comment 3 Masami Ichikawa 2012-04-24 12:18:22 UTC

Created attachment 579839 [details]
File: maps

Comment 4 Masami Ichikawa 2012-04-24 12:18:25 UTC

Created attachment 579840 [details]
File: dso_list

Comment 5 Masami Ichikawa 2012-04-24 12:29:14 UTC

I have installed these package that related to fedora-easy-karma.

fedora-cert-0.5.9.6-2.fc17.noarch
python-fedora-0.3.28-1.fc17.noarch
fedora-easy-karma-0-0.16.20110825git36efb338.fc17.noarch

Comment 6 Dave Malcolm 2012-04-24 15:38:43 UTC

Thanks for filing this bug report.

How reproducible is this problem?

Are you able to try running the program under valgrind?

Looking at the backtrace in attachment 579838 [details], reading it backwards I see:
from frame 57 upwards: python code
frame 56: /usr/lib/python2.7/site-packages/fedora/client/proxyclient.py, line 400, in send_request (self=<BodhiClient
frames 54-55: call to "perform" method of a pycurl.Curl instance
frames 54-44: within curl, about to set up an https connection
frame 43: nss_init
frame 41: NSS_InitContext, with sql:/etc/pki/nssdb
various frames trying to load /home/masami/.pki/nssdb
frames 23- : sdb_init with dbname="/home/masami/.pki/nssdb/cert9.db
frame 5-: sqlite3Realloc, leading to "realloc(): invalid pointer" inside glibc's malloc implementation

So *something* is going wrong with memory management, and the process' heap is becoming corrupt, but there are several components here, and I'm not sure which one is at fault.

Reassigning component to "curl" for now, but it might be in one of the nss packages etc.  (See attachment 579840 [details] for the list of DSOs and NVRs).

Comment 7 Kamil Dudka 2012-04-24 19:00:51 UTC

NSS just crashes while loading the user database.  This could hardly be a bug of curl.  Is there anything confidential in your /home/masami/.pki/nssdb ?  If not, could you please attach the database?

Comment 8 Masami Ichikawa 2012-04-24 23:06:48 UTC

Created attachment 580025 [details]
valgrind log file

Dave, 
Thanks for quick response. I took valgrind log and attached it. Running fedora-easy-karma with valgring, I didn't get core dump so I sent Ctrl-D to stop it.

btw, how to reproduce is just run fedora-easy-karma without any arguments.

BR,

Comment 9 Masami Ichikawa 2012-04-24 23:20:55 UTC

Kamil
Thank you for checking. Sorry, I have some data in nssdb, so I don't upload it. 
However, if I rename $HOME/.pki/nssdb to $HOME/.pki/nssdb.bk then run fedora-easy-karma, I still got core dump. Hope it'll help.

thanks,

Comment 10 Masami Ichikawa 2012-04-24 23:31:40 UTC

I checked curl 7.24.0-1 doesn't crash but 7.24.0-2 does.

Current installed packages is this.
curl.x86_64 0:7.24.0-2.fc17 
libcurl.x86_64 0:7.24.0-2.fc17

Old packages that don't crash.
curl.x86_64 0:7.24.0-1.fc17 
libcurl.x86_64 0:7.24.0-1.fc17

Comment 11 Kamil Dudka 2012-04-25 16:09:47 UTC

(In reply to comment #8)
> btw, how to reproduce is just run fedora-easy-karma without any arguments.

This works just fine on my rawhide box:

$ rpm -q curl libcurl
curl-7.25.0-2.fc18.x86_64
libcurl-7.25.0-2.fc18.x86_64

$ fedora-easy-karma
Getting list of installed packages...
Getting list of packages in updates-testing...

(In reply to comment #10)
> I checked curl 7.24.0-1 doesn't crash but 7.24.0-2 does.

The difference is that curl-7.24.0-1 does not use NSS_InitContext().

Comment 12 Kamil Dudka 2012-04-25 16:36:18 UTC

Please update to sqlite-3.7.11-2.fc17 and check whether it solves the problem.

*** This bug has been marked as a duplicate of bug 801981 ***

Comment 13 Masami Ichikawa 2012-04-25 22:56:33 UTC

> Please update to sqlite-3.7.11-2.fc17 and check whether it solves the problem.
Thanks ! It solves the problem.

Comment 14 Kamil Dudka 2012-04-26 07:35:20 UTC

Thanks for testing it!

Note You need to log in before you can comment on or make changes to this bug.