curl-library
Re: multi_runsingle referencing freed connection
Date: Fri, 23 Feb 2007 12:05:00 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 20, 2007, at 4:25 PM, Daniel Stenberg wrote:
> On Tue, 20 Feb 2007, Daniel Johnson wrote:
>
>>> Thanks for your heads up. I'll see what I can do. Unfortunately I
>>> have no Mac OS X machine to work on so it might be a bit tricky
>>> for me to track this down...
>>
>> When I force curl to use poll instead of select, 531 passes but
>> 530 still fails. I'll be glad to help track it down if you have
>> any suggestions of what to look at.
>
> Test 531 seems to fail since there are some strange left-overs from
> the 530 failure. That looks like a test system bug.
>
> The test 530 failure is related to the change I did that marks HTTP
> connections as re-usable directly after connect and then made the
> ConnectionExists() function check that bit only - previously it
> checked if it was not for reuse AND part of a pipeline to make it
> get skipped.
>
> My guess is that the connections don't connect immediately on Mac
> OS X so that lib530.c fires them off too rapidly and thus they are
> all stilled marked as not reusable when attempted for re-use (since
> the HTTP-specific connect part that marks them as re-usable hasn't
> be run yet).
>
> Alas, I believe the libcurl code is fine but the test code doesn't
> quite test exactly what we (I) want and we probably need to figure
> out a way to make the first connection connect properly first
> before the following connections should be allowed to be "let
> through".
I've got some more information about this. Test 530 usually fails,
but occasionally it does pass, such as during my Feb 22 autobuild. I
then reran the tests and it failed again. I even had it crash once.
This is the stack trace from the crash log:
- ---------
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
0 libcurl.4.dylib 0x00232a40 Curl_hash_clean + 35 (hash.c:244)
1 libcurl.4.dylib 0x00232b47 Curl_hash_destroy + 29 (hash.c:282)
2 libcurl.4.dylib 0x0021a1c5 Curl_close + 599 (url.c:307)
3 libcurl.4.dylib 0x0022f869 curl_easy_cleanup + 29 (easy.c:506)
4 lib530 0x00002ba5 test + 1463 (lib530.c:156)
5 lib530 0x00002d23 main + 281 (first.c:74)
6 lib530 0x000025d2 _start + 216
7 lib530 0x000024f9 start + 41
Thread 0 crashed with X86 Thread State (32-bit):
eax: 0x00000000 ebx: 0x00232a29 ecx: 0x00000001 edx: 0x00000000
edi: 0x00047f64 esi: 0x45de6f74 ebp: 0xbfffeaf8 esp: 0xbfffead0
ss: 0x0000001f efl: 0x00010246 eip: 0x00232a40 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
- ---------
EXC_BAD_ACCESS/KERN_PROTECTION_FAILURE indicates that an attempt was
made to write to read-only memory. According to Apple's docs:
- ---------
If eip is equal to the exception address, the exception was caused by
fetching instructions. Typically this means:
* you've called a bogus function pointer (or, equivalently,
called a method on a bogus object)
* you've returned to a bad address which, in turn, means that
you've corrupted the stack
- ---------
Number 2 seems more applicable here, which indicates a stack problem.
I also ran a torture test on 530:
- ---------
$ perl -I${srcdir} ${srcdir}/runtests.pl -t109 -v 530
********* System characteristics ********
* curl 7.16.2-CVS (i386-apple-darwin8.9.1)
* libcurl/7.16.2-CVS OpenSSL/0.9.7l zlib/1.2.3 libssh2/0.14
* Features: Debug IPv6 Largefile NTLM SSL libz
* Host: mentalis.local
* System: Darwin mentalis.local 8.9.1 Darwin Kernel Version 8.9.1:
Sat Feb 3 20:28:02 PST 2007; root:xnu-792.18.13~1/RELEASE_I386 i386
i386
* Server SSL: ON
* libcurl SSL: ON
* libcurl debug: ON
* valgrind: OFF
* HTTP IPv6 ON
* FTP IPv6 ON
* HTTP port: 8990
* FTP port: 8992
* FTP port 2: 8995
* HTTPS port: 8991
* HTTP IPv6 port: 8994
* FTP IPv6 port: 8996
* TFTP port: 8997
* SSL library: OpenSSL
* Libtool lib: ON
*****************************************
startnew: perl -I.././curl/tests .././curl/tests/httpserver.pl -
p .http.pid -d ".././curl/tests" 8990
CMD; ../src/curl -m13 -o log/verifiedserver -ksvg "http://
127.0.0.1:8990/verifiedserver" 2>log/verifyhttp
RUN: HTTP server is now running PID 11724
* pid http => 11724 11724
test 530...[HTTP GET using pipelining]
./libtest/lib530 http://127.0.0.1:8990/path/530 >>log/stdout530
2>>log/stderr530
CMD: ./libtest/lib530 http://127.0.0.1:8990/path/530 >>log/stdout530
2>>log/stderr530
209 allocations to make fail
** MEMORY FAILURE9
Leak detected: memory still allocated: 1956 bytes
At 5081a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508c84, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5087e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5086a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508cc4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508984, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508bc4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508344, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508884, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5082a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508c04, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5087a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508aa4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5083a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508684, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508784, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508644, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5085c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508144, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508924, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5081c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508284, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5085e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508844, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508804, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508564, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508304, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 507f54, there's 16 bytes.
allocated by .././curl/lib/hash.c:96
At 5088e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508a04, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508864, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508724, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5089a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5083c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508384, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5084c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508b84, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5084a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5088c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508204, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508524, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508c64, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508b24, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508904, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508504, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508a24, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508244, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5084e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5082c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508944, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5087c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508a44, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508664, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508c44, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508ae4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5086c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508184, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5082e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508a84, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5089e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508264, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508444, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508324, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508b44, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5085a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508824, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508584, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508ce4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508604, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508424, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508124, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508b64, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5089c4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508484, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508404, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5081e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508ac4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508ca4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508224, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508164, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508104, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508964, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508544, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508a64, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508364, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508704, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5086e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508d04, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508ba4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508be4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5088a4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508764, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 507f74, there's 388 bytes.
allocated by .././curl/lib/hash.c:74
At 508c24, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508464, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508b04, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508624, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 508744, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
At 5083e4, there's 16 bytes.
allocated by .././curl/lib/llist.c:49
LIMIT .././curl/lib/url.c:395 calloc reached memlimit
Failed on alloc number 109 in test.
invoke with -t109 to repeat this single case.
* kill pid for http => 11724
RUN: Test server pid 11724 signalled to die
- ---------
The "LIMIT .././curl/lib/url.c:395 calloc reached memlimit" seems
interesting in light of the crash log that indicates that the stack
is being corrupted. There also seems to be a lot of leaking memory.
But my experience with debugging these sorts of problems is limited,
so I'm kind of "winging it." :)
Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: http://homepage.mac.com/danielj7/publickey.txt
iD8DBQFF3x694sDFGYouOqARAmjHAJ95rZXub67ROdn2COL9bjq87cDEogCaAsqz
Lh0vfdFfQVLGJpOOOEbnOeY=
=JhF5
-----END PGP SIGNATURE-----
Received on 2007-02-23