Bug 261160

Summary: lot of kio_http processes using 100% CPU
Product: [Unmaintained] kio Reporter: Martin Koller <kollix>
Component: httpAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED UPSTREAM    
Severity: normal CC: adawit, ahartmetz
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Martin Koller 2010-12-24 15:43:54 UTC
Version:           unspecified (using KDE 4.5.90) 
OS:                Linux

I upgraded today to 4.6 RC1 and now I often get a lot kio_http processes running in parallel eating up both cores of my CPU with 100% CPU.
The number of kio_http tasks can be 4-20 or sometimes more.

This is a regression to 4.5.4 I ran previously.

As I'm pretty sure that loading an HTML page is limited by my bandwith (ADSL) I see no reason why the kio_http would need the CPU that much.

Reproducible: Always




openSuse 11.3
Comment 1 Martin Koller 2010-12-25 21:26:18 UTC
I caught a kio_http process with strace and found astonishing things ;-)

For an unknown reason, I had a symlink /usr/local/ssl -> /usr and found that kio_http did HUNDRED-THOUSANDS of stat64() calls on all files it eventually found below /usr

I removed now the symlink and it seems the CPU usage is gone.

However, some questions still remain:

1.) why are there so many kio_http processes started ?
2.) why does kio_http stat64() all files at all ? What does it look for ?
Can this be avoided ?
3.) Why did this not happen with KDE 4.5, as the symlink was there even before 4.6RC1 ?
Comment 2 Andreas Hartmetz 2010-12-25 22:28:28 UTC
Calm down.

1. One for each (simultaneous) HTTP connection
2. It probably has somethig to do with recent SSL changes, either in KDE or in Qt or both.
3. Because the code changed, I mean what else could be the answer?

It would be helpful to know where the kio_http processes are spending the CPU time: attach gdb, hit Ctrl-C to pause execution and get a backtrace using "bt". Do this a couple of times, usually the backtraces are the same or almost the same every time. Knowing that stat() is called a lot only helps a little, it just tells me that whatever spends a lot of CPU time also looks at files.
Comment 3 Martin Koller 2010-12-25 23:01:31 UTC
Here are my findings:

It is due to Qt's SSL changes (since 4.7 AFAIK) now trying to load the system CA certificates.

In Qt's code I find the culprit:
QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
...
    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball

(snippet from bt)
#6  0xb6ebb70d in QDirIterator::next (this=0xbfdb03a4) at io/qdiriterator.cpp:463
#7  0xb5f36db8 in QSslCertificate::fromPath (path=..., format=QSsl::Pem, syntax=QRegExp::Wildcard) at ssl/qsslcertificate.cpp:573
#8  0xb5f444ab in QSslSocketPrivate::systemCaCertificates () at ssl/qsslsocket_openssl.cpp:782
#9  0xb5f44671 in QSslSocketPrivate::ensureCiphersAndCertsLoaded () at ssl/qsslsocket_openssl.cpp:523
#10 0xb5f36462 in QSslCertificatePrivate (this=0x813d750, data=..., format=QSsl::Pem) at ssl/qsslcertificate_p.h:73
#11 QSslCertificate::QSslCertificate (this=0x813d750, data=..., format=QSsl::Pem) at ssl/qsslcertificate.cpp:153
#12 0xb5f3f126 in QSslConfigurationPrivate (this=0x813d608) at ssl/qsslconfiguration_p.h:85
#13 QSslSocketPrivate::QSslSocketPrivate (this=0x813d608) at ssl/qsslsocket.cpp:1806
#14 0xb5f447d2 in QSslSocketBackendPrivate::QSslSocketBackendPrivate (this=0x813d608) at ssl/qsslsocket_openssl.cpp:173
#15 0xb5f41d94 in QSslSocket::QSslSocket (this=0x814d3a0, parent=0x0) at ssl/qsslsocket.cpp:336
#16 0xb722ee48 in KTcpSocketPrivate (this=0x813e0b0, parent=0x0) at /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:248
#17 KTcpSocket::KTcpSocket (this=0x813e0b0, parent=0x0) at /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:377
#18 0xb582da86 in TcpSlaveBasePrivate (this=0xbfdb071c, protocol=..., poolSocket=..., appSocket=..., autoSSL=false)
    at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:107
#19 KIO::TCPSlaveBase::TCPSlaveBase (this=0xbfdb071c, protocol=..., poolSocket=..., appSocket=..., autoSSL=false)
    at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:208
#20 0xb27214eb in HTTPProtocol::HTTPProtocol (this=0xbfdb0714, protocol=..., pool=..., app=...)
    at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:344
#21 0xb272f2f0 in kdemain (argc=4, argv=0x80ac918) at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:121

But it seems to me that this is done even when I open a non-SSL page, e.g.
http://www.x.org
Comment 4 Dawit Alemayehu 2011-01-17 02:37:35 UTC
(In reply to comment #3)
> Here are my findings:
> 
> It is due to Qt's SSL changes (since 4.7 AFAIK) now trying to load the system
> CA certificates.
> 
> In Qt's code I find the culprit:
> QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
> ...
>    
> systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"),
> QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball
> 
> (snippet from bt)
> #6  0xb6ebb70d in QDirIterator::next (this=0xbfdb03a4) at
> io/qdiriterator.cpp:463
> #7  0xb5f36db8 in QSslCertificate::fromPath (path=..., format=QSsl::Pem,
> syntax=QRegExp::Wildcard) at ssl/qsslcertificate.cpp:573
> #8  0xb5f444ab in QSslSocketPrivate::systemCaCertificates () at
> ssl/qsslsocket_openssl.cpp:782
> #9  0xb5f44671 in QSslSocketPrivate::ensureCiphersAndCertsLoaded () at
> ssl/qsslsocket_openssl.cpp:523
> #10 0xb5f36462 in QSslCertificatePrivate (this=0x813d750, data=...,
> format=QSsl::Pem) at ssl/qsslcertificate_p.h:73
> #11 QSslCertificate::QSslCertificate (this=0x813d750, data=...,
> format=QSsl::Pem) at ssl/qsslcertificate.cpp:153
> #12 0xb5f3f126 in QSslConfigurationPrivate (this=0x813d608) at
> ssl/qsslconfiguration_p.h:85
> #13 QSslSocketPrivate::QSslSocketPrivate (this=0x813d608) at
> ssl/qsslsocket.cpp:1806
> #14 0xb5f447d2 in QSslSocketBackendPrivate::QSslSocketBackendPrivate
> (this=0x813d608) at ssl/qsslsocket_openssl.cpp:173
> #15 0xb5f41d94 in QSslSocket::QSslSocket (this=0x814d3a0, parent=0x0) at
> ssl/qsslsocket.cpp:336
> #16 0xb722ee48 in KTcpSocketPrivate (this=0x813e0b0, parent=0x0) at
> /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:248
> #17 KTcpSocket::KTcpSocket (this=0x813e0b0, parent=0x0) at
> /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:377
> #18 0xb582da86 in TcpSlaveBasePrivate (this=0xbfdb071c, protocol=...,
> poolSocket=..., appSocket=..., autoSSL=false)
>     at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:107
> #19 KIO::TCPSlaveBase::TCPSlaveBase (this=0xbfdb071c, protocol=...,
> poolSocket=..., appSocket=..., autoSSL=false)
>     at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:208
> #20 0xb27214eb in HTTPProtocol::HTTPProtocol (this=0xbfdb0714, protocol=...,
> pool=..., app=...)
>     at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:344
> #21 0xb272f2f0 in kdemain (argc=4, argv=0x80ac918) at
> /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:121
> 
> But it seems to me that this is done even when I open a non-SSL page, e.g.
> http://www.x.org

That is because the socket class kio_http relies on always uses QSslSocket and depending on whether the current connection is encrypted or not calls the appropriate connectToHost function...
Comment 5 Dawit Alemayehu 2011-02-28 07:43:59 UTC
http://bugreports.qt.nokia.com/browse/QTBUG-14016