#27 pycurl invalid free on multi interface

v1.0_(example)
closed
nobody
None
5
2013-05-30
2011-12-14
Anonymous
No

I'm using the pycurl multi interface do download hundreds of pages simultaneously, which works fine. Sometimes when the multi_handle is freed, however, I get the following:

*** glibc detected *** /home/ec2-user/Python-2.6.7/python: free(): invalid pointer: 0x000000000098b9a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75386)[0x7ffff7239386]
/usr/lib64/python2.6/site-packages/pycurl.so(+0x5f33)[0x7fffee542f33]
/home/ec2-user/Python-2.6.7/python[0x43dde3]
/home/ec2-user/Python-2.6.7/python[0x420e14]
/home/ec2-user/Python-2.6.7/python[0x4d3ac2]
/home/ec2-user/Python-2.6.7/python(PyEval_EvalFrameEx+0x6263)[0x485513]
/home/ec2-user/Python-2.6.7/python(PyEval_EvalCodeEx+0x909)[0x4861b9]
/home/ec2-user/Python-2.6.7/python(PyEval_EvalCode+0x32)[0x4862a2]
/home/ec2-user/Python-2.6.7/python[0x4a03ac]
/home/ec2-user/Python-2.6.7/python(PyRun_FileExFlags+0x90)[0x4a0480]
/home/ec2-user/Python-2.6.7/python(PyRun_SimpleFileExFlags+0xd4)[0x4a1854]
/home/ec2-user/Python-2.6.7/python(Py_Main+0x9e8)[0x413f28]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff71e2c1d]
/home/ec2-user/Python-2.6.7/python[0x413159]
======= Memory map: ========
00400000-0053f000 r-xp 00000000 ca:01 47381 /home/ec2-user/Python-2.6.7/python
0073f000-00778000 rw-p 0013f000 ca:01 47381 /home/ec2-user/Python-2.6.7/python
00778000-084c7000 rw-p 00000000 00:00 0 [heap]
7fffeab9a000-7fffeabdb000 rw-p 00000000 00:00 0
7fffeac1c000-7fffeac5d000 rw-p 00000000 00:00 0
7fffeac9e000-7fffeae65000 rw-p 00000000 00:00 0
7fffeaee7000-7fffeaf28000 rw-p 00000000 00:00 0
7fffeaf69000-7fffeafaa000 rw-p 00000000 00:00 0
7fffeb603000-7fffeb608000 r-xp 00000000 ca:01 8103 /lib64/libnss_dns-2.12.so
7fffeb608000-7fffeb807000 ---p 00005000 ca:01 8103 /lib64/libnss_dns-2.12.so
7fffeb807000-7fffeb808000 r--p 00004000 ca:01 8103 /lib64/libnss_dns-2.12.so
7fffeb808000-7fffeb809000 rw-p 00005000 ca:01 8103 /lib64/libnss_dns-2.12.so
7fffeb809000-7fffeb815000 r-xp 00000000 ca:01 8105 /lib64/libnss_files-2.12.so
7fffeb815000-7fffeba14000 ---p 0000c000 ca:01 8105 /lib64/libnss_files-2.12.so
7fffeba14000-7fffeba15000 r--p 0000b000 ca:01 8105 /lib64/libnss_files-2.12.so
7fffeba15000-7fffeba16000 rw-p 0000c000 ca:01 8105 /lib64/libnss_files-2.12.so
7fffeba16000-7fffeba2c000 r-xp 00000000 ca:01 428 /lib64/libgcc_s-4.4.4-20100726.so.1
7fffeba2c000-7fffebc2b000 ---p 00016000 ca:01 428 /lib64/libgcc_s-4.4.4-20100726.so.1
7fffebc2b000-7fffebc2c000 rw-p 00015000 ca:01 428 /lib64/libgcc_s-4.4.4-20100726.so.1
7fffebc2c000-7fffebc2d000 ---p 00000000 00:00 0
7fffebc2d000-7fffec42d000 rw-p 00000000 00:00 0
7fffec42d000-7fffec42e000 r-xp 00000000 ca:01 22787 /usr/lib64/python2.6/lib-dynload/_weakref.so
7fffec42e000-7fffec62e000 ---p 00001000 ca:01 22787 /usr/lib64/python2.6/lib-dynload/_weakref.so
7fffec62e000-7fffec62f000 rw-p 00001000 ca:01 22787 /usr/lib64/python2.6/lib-dynload/_weakref.so
7fffec62f000-7fffec670000 rw-p 00000000 00:00 0
7fffec670000-7fffec672000 r-xp 00000000 ca:01 22762 /usr/lib64/python2.6/lib-dynload/_functoolsmodule.so
7fffec672000-7fffec872000 ---p 00002000 ca:01 22762 /usr/lib64/python2.6/lib-dynload/_functoolsmodule.so
7fffec872000-7fffec873000 rw-p 00002000 ca:01 22762 /usr/lib64/python2.6/lib-dynload/_functoolsmodule.so
7fffec873000-7fffec8b4000 rw-p 00000000 00:00 0
7fffec8b4000-7fffec8c4000 r-xp 00000000 ca:01 22801 /usr/lib64/python2.6/lib-dynload/datetime.so
7fffec8c4000-7fffecac4000 ---p 00010000 ca:01 22801 /usr/lib64/python2.6/lib-dynload/datetime.so
7fffecac4000-7fffecac8000 rw-p 00010000 ca:01 22801 /usr/lib64/python2.6/lib-dynload/datetime.so
7fffecac8000-7fffecacd000 r-xp 00000000 ca:01 22812 /usr/lib64/python2.6/lib-dynload/mathmodule.so
7fffecacd000-7fffecccd000 ---p 00005000 ca:01 22812 /usr/lib64/python2.6/lib-dynload/mathmodule.so
7fffecccd000-7fffecccf000 rw-p 00005000 ca:01 22812 /usr/lib64/python2.6/lib-dynload/mathmodule.so
7fffecccf000-7fffecd27000 r-xp 00000000 ca:01 8999 /lib64/libfreebl3.so
7fffecd27000-7fffecf26000 ---p 00058000 ca:01 8999 /lib64/libfreebl3.so
7fffecf26000-7fffecf28000 rw-p 00057000 ca:01 8999 /lib64/libfreebl3.so
7fffecf28000-7fffecf2c000 rw-p 00000000 00:00 0
7fffecf2c000-7fffecf42000 r-xp 00000000 ca:01 8099 /lib64/libnsl-2.12.so
7fffecf42000-7fffed141000 ---p 00016000 ca:01 8099 /lib64/libnsl-2.12.so
7fffed141000-7fffed142000 r--p 00015000 ca:01 8099 /lib64/libnsl-2.12.so
7fffed142000-7fffed143000 rw-p 00016000 ca:01 8099 /lib64/libnsl-2.12.so
7fffed143000-7fffed145000 rw-p 00000000 00:00 0
7fffed145000-7fffed14c000 r-xp 00000000 ca:01 8093 /lib64/libcrypt-2.12.so
7fffed14c000-7fffed34c000 ---p 00007000 ca:01 8093 /lib64/libcrypt-2.12.so
7fffed34c000-7fffed34d000 r--p 00007000 ca:01 8093 /lib64/libcrypt-2.12.so
7fffed34d000-7fffed34e000 rw-p 00008000 ca:01 8093 /lib64/libcrypt-2.12.so
7fffed34e000-7fffed37c000 rw-p 00000000 00:00 0
7fffed37c000-7fffed4b4000 r-xp 00000000 ca:01 270012 /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fffed4b4000-7fffed6b3000 ---p 00138000 ca:01 270012 /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fffed6b3000-7fffed700000 rw-p 00137000 ca:01 270012 /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fffed700000-7fffed701000 rw-p 00000000 00:00 0
7fffed701000-7fffed70b000 r-xp 00000000 ca:01 139627 /usr/lib/python2.6/site-packages/MySQL_python-1.2.3-py2.6-linux-x86_64.egg/_mysql.so
7fffed70b000-7fffed90a000 ---p 0000a000 ca:01 139627 /usr/lib/python2.6/site-packages/MySQL_python-1.2.3-py2.6-linux-x86_64.egg/_mysql.so
7fffed90a000-7fffed90f000 rw-p 00009000 ca:01 139627 /usr/lib/python2.6/site-packages/MySQL_python-1.2.3-py2.6-linux-x86_64.egg/_mysql.so
7fffed90f000-7fffed914000 r-xp 00000000 ca:01 22830 /usr/lib64/python2.6/lib-dynload/zlibmodule.so
7fffed914000-7fffedb13000 ---p 00005000 ca:01 22830 /usr/lib64/python2.6/lib-dynload/zlibmodule.so
7fffedb13000-7fffedb15000 rw-p 00004000 ca:01 22830 /usr/lib64/python2.6/lib-dynload/zlibmodule.so
Program received signal SIGABRT, Aborted.

I ran this through gdb, and this is the backtrace:

#0 0x00007ffff71f66b5 in raise () from /lib64/libc.so.6
#1 0x00007ffff71f7e95 in abort () from /lib64/libc.so.6
#2 0x00007ffff7233a6b in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff7239386 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007fffee542f33 in do_multi_dealloc (self=0x98b9c0) at src/pycurl.c:2354
#5 0x000000000043dde3 in dict_dealloc (mp=0x98b580) at Objects/dictobject.c:911
#6 0x0000000000420e14 in instance_dealloc (inst=0x7fffeae0d098) at Objects/classobject.c:668
#7 0x00000000004d3ac2 in frame_dealloc (f=0x82b8f0) at Objects/frameobject.c:420
#8 0x0000000000485513 in fast_function (f=<value optimized out>, throwflag=<value optimized out>) at Python/ceval.c:3838
#9 call_function (f=<value optimized out>, throwflag=<value optimized out>) at Python/ceval.c:3771
#10 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at Python/ceval.c:2412
#11 0x00000000004861b9 in PyEval_EvalCodeEx (co=0x7ffff7ec7120, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=0, kws=<value optimized out>, kwcount=0, defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:3000
#12 0x00000000004862a2 in PyEval_EvalCode (co=<value optimized out>, globals=<value optimized out>, locals=<value optimized out>) at Python/ceval.c:541
#13 0x00000000004a03ac in run_mod (mod=<value optimized out>, filename=<value optimized out>, globals=0x7c1520, locals=0x7c1520, flags=<value optimized out>, arena=<value optimized out>) at Python/pythonrun.c:1351
#14 0x00000000004a0480 in PyRun_FileExFlags (fp=0x83c8b0, filename=0x7fffffffe646 "/home/ec2-user/scripts/crashSHIT.py", start=<value optimized out>, globals=0x7c1520, locals=0x7c1520, closeit=1, flags=0x7fffffffe280) at Python/pythonrun.c:1337
#15 0x00000000004a1854 in PyRun_SimpleFileExFlags (fp=0x83c8b0, filename=0x7fffffffe646 "/home/ec2-user/scripts/crashSHIT.py", closeit=1, flags=0x7fffffffe280) at Python/pythonrun.c:941
#16 0x0000000000413f28 in Py_Main (argc=<value optimized out>, argv=<value optimized out>) at Modules/main.c:577
#17 0x00007ffff71e2c1d in __libc_start_main () from /lib64/libc.so.6
#18 0x0000000000413159 in _start ()

the relevant part pycurl.c is here:
static void
do_multi_dealloc(CurlMultiObject *self)
{
PyObject_GC_UnTrack(self);
Py_TRASHCAN_SAFE_BEGIN(self)

ZAP(self->dict);
util_multi_close(self);

PyObject_GC_Del(self); //////////This is the last line before going into libc
Py_TRASHCAN_SAFE_END(self)
}

Here's my version info:
libcurl/7.21.7 OpenSSL/1.0.0 zlib/1.2.3 c-ares/1.7.4

Has anyone seen this before or have an idea what the problem is? Right now the code still depends on random parts of my app, but I'm working on getting a standalone piece I can post. Any thoughts in the meantime?

Discussion

  • Oleg Pudeyev

    Oleg Pudeyev - 2013-05-30
    • status: open --> closed
    • Group: --> v1.0_(example)