cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-3093811 ] random segfault

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Mon, 25 Oct 2010 14:24:54 +0000

Bugs item #3093811, was opened at 2010-10-23 19:42
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3093811&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: crash
>Status: Closed
>Resolution: Invalid
Priority: 5
Private: No
Submitted By: waker (waker)
Assigned to: Daniel Stenberg (bagder)
Summary: random segfault

Initial Comment:
curl/libcurl version 7.21.2
OS version: arch linux (latest)

random crash started to happen after upgrade to 7.21.2

there's seems to be a regression, downgrading to 7.21.1 fixes the problem

bracktrace reported by a user of my app (below)
there is only one thread running which uses libcurl.

#4-#6 seem weird, because my mutex_unlock function shouldn't call Curl_resolv_timeout

http_curl_control function is a callback for CURLOPT_PROGRESSFUNCTION

it only calls curl_easy_getinfo

if you need more info - please let me know.

Program received signal SIGSEGV, Segmentation fault.
0xb764602b in addbyter () from /usr/lib/libcurl.so.4
(gdb) bt
#0 0xb764602b in addbyter () from /usr/lib/libcurl.so.4
#1 0xb764528f in dprintf_formatf () from /usr/lib/libcurl.so.4
#2 0xb764609e in curl_mvsnprintf () from /usr/lib/libcurl.so.4
#3 0xb762f927 in Curl_failf () from /usr/lib/libcurl.so.4
#4 0xb7623e2f in Curl_resolv_timeout () from /usr/lib/libcurl.so.4
#5 0x08058271 in mutex_unlock (_mtx=136059256) at threading_pthread.c:152
#6 0xb557cbb9 in http_curl_control (stream=0xbb8, dltotal=5.0893833312885161e-270, dlnow=1.9354898159419373e-317,
    ultotal=-1.0003725070461691e-51, ulnow=0) at vfs_curl.c:470
#7 0xb557bce7 in http_curl_write_wrapper (fp=0x833e800, ptr=0x838a2e0, size=15361) at vfs_curl.c:129
#8 0xb557c499 in http_curl_write (ptr=0x8388108, size=1, nmemb=16384, stream=0x833e800) at vfs_curl.c:295
#9 0xb762ff61 in Curl_client_write () from /usr/lib/libcurl.so.4
#10 0xb764a611 in readwrite_data () from /usr/lib/libcurl.so.4
#11 0xb764adf5 in Curl_readwrite () from /usr/lib/libcurl.so.4
#12 0xb764b89d in Transfer () from /usr/lib/libcurl.so.4
#13 0xb764c653 in Curl_do_perform () from /usr/lib/libcurl.so.4
#14 0xb764c8db in Curl_perform () from /usr/lib/libcurl.so.4
#15 0xb764d10e in curl_easy_perform () from /usr/lib/libcurl.so.4
#16 0xb557d0cf in http_thread_func (ctx=0x833e800) at vfs_curl.c:556
#17 0xb7e12e60 in start_thread () from /lib/libpthread.so.0
#18 0xb7d8ffbe in clone () from /lib/libc.so.6

----------------------------------------------------------------------

Comment By: waker (waker)
Date: 2010-10-24 10:51

Message:
added CURLOPT_NOSIGNAL=1, and it doesn't crash anymore. thanks for
assistance. bug can be closed as invalid.

i am using each handle from one thread only, unless progress callback is
being called from another thread.

----------------------------------------------------------------------

Comment By: Dan Fandrich (dfandrich)
Date: 2010-10-24 02:06

Message:
This is clearly a multiethreaded application. Are you taking the necessary
steps for libcurl to work properly? Like setting CURLOPT_NOSIGNAL and using
each handle in only a single thread? Which resolver are you using?

----------------------------------------------------------------------

Comment By: waker (waker)
Date: 2010-10-23 23:05

Message:
i don't set mutex callbacks at all. and i don't use SSL in my app. but i
will try to find out more details.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-10-23 21:00

Message:
We really need something more concrete to grab at. Please consider starting
to try a stand-alone example recipe that can repeat this problem. Just
getting these dumps really doesn't help much.

The original stack trace problem you showed is what we've seen many times
in the past when the app author have failed to set/use the correct SSL
library mutext callbacks.

----------------------------------------------------------------------

Comment By: waker (waker)
Date: 2010-10-23 20:15

Message:
i asked the user to run it through valgrind, and here's what we get
please notice invalid reads and writes caused by libcurl. usually that
means memtrash bugs.

==29393== Memcheck, a memory error detector
==29393== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==29393== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright
info
==29393== Command: deadbeef
==29393==
starting deadbeef devel
plug: mutex_create
loading plugins from /usr/lib/deadbeef
loading plugin aac.so
loading plugin adplug.so
loading plugin alsa.so
loading plugin ao.so
loading plugin artwork.so
loading plugin cdda.so
loading plugin dca.so
loading plugin dumb.so
loading plugin ffap.so
loading plugin ffmpeg.so
loading plugin flac.so
loading plugin gme.so
loading plugin gtkui.so
loading plugin hotkeys.so
loading plugin lastfm.so
loading plugin mms.so
loading plugin mpgmad.so
loading plugin musepack.so
loading plugin notify.so
loading plugin nullout.so
loading plugin oss.so
loading plugin shellexec.so
loading plugin shn.so
loading plugin sid.so
loading plugin sndfile.so
loading plugin supereq.so
loading plugin tta.so
dlopen error: /usr/lib/deadbeef/tta.so: undefined symbol: hybrid_filter
loading plugin vfs_curl.so
loading plugin vorbis.so
loading plugin vtx.so
loading plugin wavpack.so
loading plugin wildmidi.so
dlopen error: /usr/lib/deadbeef/wildmidi.so: undefined symbol: WM_Lock
loading plugins from /home/thesame/.local/lib/deadbeef
Gtk-Message: Failed to load module "globalmenu-gnome":
libglobalmenu-gnome.so: cannot open shared object file: No such file or
directory
hotkeys: Unknown command <open> while parsing hotkeys.key8 Ctrl Alt o:
open
==29393== Thread 3:
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F70AF: pango_layout_set_width (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x635F3D7: draw_text (gdkdrawing.c:165)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AD9A71: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AEC0A4: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AF4A8A: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AF4EB1: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x65E28E5: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x64ADA10: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393==
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F4E93: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69F8C83: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FA56E: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FBAD0: pango_layout_get_iter (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x6A0180B: pango_renderer_draw_layout (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x67692E7: gdk_draw_layout_with_colors (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x6769550: gdk_draw_layout (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x635F46D: draw_text (gdkdrawing.c:168)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393==
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69FA63E: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FBAD0: pango_layout_get_iter (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x6A0180B: pango_renderer_draw_layout (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x67692E7: gdk_draw_layout_with_colors (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x6769550: gdk_draw_layout (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x635F46D: draw_text (gdkdrawing.c:168)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AD9A71: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AEC0A4: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393==
selected output plugin: ALSA output plugin
INFO: loading playlist New Playlist
INFO: from file /home/thesame/.config/deadbeef/playlists/0.dbpl
INFO: loading playlist Radio
INFO: from file /home/thesame/.config/deadbeef/playlists/1.dbpl
INFO: loading playlist temp
INFO: from file /home/thesame/.config/deadbeef/playlists/2.dbpl
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F70AF: pango_layout_set_width (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x635F3D7: draw_text (gdkdrawing.c:165)
==29393== by 0x635B7CE: ddb_listview_header_render
(ddblistview.c:2150)
==29393== by 0x635DC9E: ddb_listview_clear_sort (ddblistview.c:2962)
==29393== by 0x633CC05: playlistswitch_cb (gtkui.c:522)
==29393== by 0x6B52A80: ??? (in /usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B56B71: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B5734F: ??? (in /usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B57A1A: g_main_loop_run (in
/usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x64AC408: gtk_main (in
/usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x633E549: gtkui_thread (gtkui.c:997)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393==
server_start
==29393== Thread 7:
==29393== Syscall param ioctl(arg) contains uninitialised byte(s)
==29393== at 0x42C3E89: ioctl (in /lib/libc-2.12.1.so)
==29393== by 0x4B6BF60: snd_pcm_prepare (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x4B815B4: ??? (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6BF60: snd_pcm_prepare (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6C00C: snd_pcm_hw_params (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x40383E9: palsa_set_hw_params (alsa.c:200)
==29393== by 0x403856A: palsa_init (alsa.c:239)
==29393== by 0x4038A26: palsa_play (alsa.c:381)
==29393== by 0x8055711: streamer_start_new_song (streamer.c:814)
==29393== by 0x805587E: streamer_thread (streamer.c:850)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393== by 0x42CBFBD: clone (in /lib/libc-2.12.1.so)
==29393==
alsa avail_min: 1024 frames
==29393== Syscall param ioctl(arg) contains uninitialised byte(s)
==29393== at 0x42C3E89: ioctl (in /lib/libc-2.12.1.so)
==29393== by 0x4B6C120: snd_pcm_start (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B81714: ??? (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6C120: snd_pcm_start (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4038ABE: palsa_play (alsa.c:401)
==29393== by 0x8055711: streamer_start_new_song (streamer.c:814)
==29393== by 0x805587E: streamer_thread (streamer.c:850)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393== by 0x42CBFBD: clone (in /lib/libc-2.12.1.so)
==29393==
==29393== Thread 1:
==29393== Invalid write of size 4
==29393== at 0x4D7BE20: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd54 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D7BE24: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdea8 is on thread 1's stack
==29393==
==29393== Invalid write of size 4
==29393== at 0x4D7BE27: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87903: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87910: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd54 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87927: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D8792A: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdfdc is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87934: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87945: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D8794E: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87951: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdfdc is on thread 1's stack
==29393==
==29393== Invalid write of size 1
==29393== at 0x4D9E02B: addbyter (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0x21c is not stack'd, malloc'd or (recently) free'd
==29393==
Segmentation Fault
==29393== Invalid read of size 4
==29393== at 0x42DF867: backtrace (in /lib/libc-2.12.1.so)
==29393== by 0x804AE42: sigsegv_handler (main.c:461)
==29393== by 0x4227E87: ??? (in /lib/libc-2.12.1.so)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdecc is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x42DF86A: backtrace (in /lib/libc-2.12.1.so)
==29393== by 0x804AE42: sigsegv_handler (main.c:461)
==29393== by 0x4227E87: ??? (in /lib/libc-2.12.1.so)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdec8 is on thread 1's stack
==29393==
atexit_handler
handling atexit.
==29393==
==29393== HEAP SUMMARY:
==29393== in use at exit: 3,406,850 bytes in 24,186 blocks
==29393== total heap usage: 90,620 allocs, 66,434 frees, 10,791,403
bytes allocated
==29393==
==29393== LEAK SUMMARY:
==29393== definitely lost: 4,756 bytes in 24 blocks
==29393== indirectly lost: 6,400 bytes in 317 blocks
==29393== possibly lost: 1,442,604 bytes in 11,291 blocks
==29393== still reachable: 1,953,090 bytes in 12,554 blocks
==29393== suppressed: 0 bytes in 0 blocks
==29393== Rerun with --leak-check=full to see details of leaked memory
==29393==
==29393== For counts of detected and suppressed errors, rerun with: -v
==29393== Use --track-origins=yes to see where uninitialised values come
from
==29393== ERROR SUMMARY: 93 errors from 20 contexts (suppressed: 570 from
14)

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3093811&group_id=976
Received on 2010-10-25

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET