Curl 7.64.1 crash on MacOS.

Thu, 27 Jan 2022 10:35:03 -0800 

Hello,


We’re experiencing an issue with a QT (single threaded) application when
using curl 7.64.1 (x86_64-apple-darwin20.0) - packaged on MacOS.

——-

curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport)
LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0

Release-Date: 2019-03-27

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp smb smbs smtp smtps telnet tftp

Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz
MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets

——-


Our program is sending ~800 requests per minute, and experiencing crashes
every ~5 minutes. We verified that every CurlEasy handle is
allocated/deallocated properly (no nullptr after allocation, no double
frees happening). When encountering the crash while running in a debugger,
we found a nullptr in a linked list - we assume this is CurlMulti’s linked
list of CurlEasy handles. As we checked that no curl handles were null when
allocated, it seems like there’s memory corruption for that to show up in
one of the linked lists. Since installing and building with curl 7.80.1,
we’re experiencing no issues - the program is no longer crashing. Our issue
was resolved, but we would like to know why this was happening - is this a
known bug? We were unable to find anyone experiencing the issue, but given
that this is the default version on macOS Big Sur currently, it may be
affecting other people as well.

———

curl 7.81.0 (x86_64-apple-darwin20.6.0) libcurl/7.81.0 (SecureTransport)
OpenSSL/1.1.1m zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.2
libssh2/1.10.0 nghttp2/1.46.0 librtmp/2.3 OpenLDAP/2.6.0

Release-Date: 2022-01-05

Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap
ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp

Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6
Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL TLS-SRP
UnixSockets zstd

——-

We’re using these settings:

curl.set(CURLOPT_URL, url);

curl.set(CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

curl.set(CURLOPT_POST, 1L);



Two of the stack traces we’ve seen multiple times listed below:

———————————————————————————————

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)

Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000000016a0

Exception Note:        EXC_CORPSE_NOTIFY


Termination Signal:    Segmentation fault: 11

Termination Reason:    Namespace SIGNAL, Code 0xb

Terminating Process:   exc handler [3483]


VM Regions Near 0x16a0:

-->

    __TEXT                      106672000-1067a6000    [ 1232K] r-x/r-x
SM=COW  /Applications/OurApp.app/Contents/MacOS/backend


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0   libcurl.4.dylib               0x00007fff32e978c7 multi_socket + 188

1   libcurl.4.dylib               0x00007fff32e97ac9
curl_multi_socket_action + 38

2   backend                       0x000000010676182d
CurlMulti::curlSocketAction(int, int) + 45 (CurlMulti.cpp:156)

3   backend                       0x00000001067617a0
CurlMulti::socketReadyWrite(int) + 32 (CurlMulti.cpp:148)

4   backend                       0x0000000106763732
QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<QSocketDescriptor>, void, void
(CurlMulti::*)(int)>::call(void (CurlMulti::*)(int), CurlMulti*, void**) +
146 (qobjectdefs_impl.h:152)

5   backend                       0x000000010676368d void
QtPrivate::FunctionPointer<void
(CurlMulti::*)(int)>::call<QtPrivate::List<QSocketDescriptor>, void>(void
(CurlMulti::*)(int), CurlMulti*, void**) + 77 (qobjectdefs_impl.h:185)

6   backend                       0x00000001067635e2
QtPrivate::QSlotObject<void (CurlMulti::*)(int),
QtPrivate::List<QSocketDescriptor>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 146
(qobjectdefs_impl.h:418)

7   org.qt-project.QtCore         0x00000001078d2374 0x1076bc000 + 2188148

8   org.qt-project.QtCore         0x00000001078da9cb
QSocketNotifier::event(QEvent*) + 491

9   org.qt-project.QtCore         0x00000001078a1e18
QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) + 88

10  org.qt-project.QtCore         0x00000001078a1ac7
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 167

11  org.qt-project.QtCore         0x0000000107900683
QEventDispatcherUNIXPrivate::activateSocketNotifiers() + 99

12  org.qt-project.QtCore         0x000000010790112d
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 925

13  org.qt-project.QtCore         0x000000010789e0c7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

14  org.qt-project.QtCore         0x00000001078a2062
QCoreApplication::exec() + 130

15  backend                       0x0000000106674b15 main + 949
(main.cpp:81)

16  libdyld.dylib                 0x00007fff20378f3d start + 1


Thread 1:

0   libsystem_pthread.dylib       0x00007fff20359420 start_wqthread + 0


Thread 2:: Qt bearer thread

0   libsystem_kernel.dylib        0x00007fff2032e9ca poll + 10

1   org.qt-project.QtCore         0x00000001078ff8ee qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 222

2   org.qt-project.QtCore         0x00000001079010bc
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 812

3   org.qt-project.QtCore         0x000000010789e0c7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4   org.qt-project.QtCore         0x00000001076ddc2c QThread::exec() + 140

5   org.qt-project.QtCore         0x00000001076deb3a 0x1076bc000 + 142138

6   libsystem_pthread.dylib       0x00007fff2035d8fc _pthread_start + 224

7   libsystem_pthread.dylib       0x00007fff20359443 thread_start + 15


Thread 0 crashed with X86 Thread State (64-bit):

  rax: 0x0000000000000000  rbx: 0x00007fb8db80c848  rcx: 0xc78a6768c259008a
rdx: 0x0000000000000000

  rdi: 0x00007fb8db82e2ac  rsi: 0x00007ffee958d4b0  rbp: 0x00007ffee958d590
rsp: 0x00007ffee958d530

   r8: 0x0000000000000004   r9: 0x00007fb8db82e200  r10: 0x0000000000000400
r11: 0xffffffb9f22a0dfc

  r12: 0x00000000000c0be0  r13: 0x00007fb8d9819630  r14: 0x0000000000000000
r15: 0x0000000000000000

  rip: 0x00007fff32e978c7  rfl: 0x0000000000010206  cr2: 0x00000000000016a0



Logical CPU:     1

Error Code:      0x00000004 (no mapping for user data read)

Trap Number:     14

———————————————————————————————

Crashed Thread:        0  Dispatch queue: com.apple.main-thread


Exception Type:        EXC_BAD_ACCESS (SIGSEGV)

Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000008

Exception Note:        EXC_CORPSE_NOTIFY


Termination Signal:    Segmentation fault: 11

Termination Reason:    Namespace SIGNAL, Code 0xb

Terminating Process:   exc handler [5603]


VM Regions Near 0x8:

-->

    __TEXT                      103de9000-103f5d000    [ 1488K] r-x/r-x
SM=COW  /Applications/OurApp.app/Contents/MacOS/backend


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0   libcurl.4.dylib               0x00007fff32e93dd3 Curl_llist_insert_next
+ 88

1   libcurl.4.dylib               0x00007fff32e951f3 singlesocket + 498

2   libcurl.4.dylib               0x00007fff32e97a2d multi_socket + 546

3   libcurl.4.dylib               0x00007fff32e97ac9
curl_multi_socket_action + 38

4   backend                       0x0000000103f1262d
CurlMulti::curlSocketAction(int, int) + 45

5   backend                       0x0000000103f125a0
CurlMulti::socketReadyWrite(int) + 32

6   backend                       0x0000000103f14efe
QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<QSocketDescriptor>, void, void
(CurlMulti::*)(int)>::call(void (CurlMulti::*)(int), CurlMulti*, void**) +
158

7   backend                       0x0000000103f14e58 void
QtPrivate::FunctionPointer<void
(CurlMulti::*)(int)>::call<QtPrivate::List<QSocketDescriptor>, void>(void
(CurlMulti::*)(int), CurlMulti*, void**) + 88

8   backend                       0x0000000103f14d95
QtPrivate::QSlotObject<void (CurlMulti::*)(int),
QtPrivate::List<QSocketDescriptor>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 165

9   org.qt-project.QtCore         0x0000000105062042 0x104e4b000 + 2191426

10  org.qt-project.QtCore         0x000000010506a48a
QSocketNotifier::event(QEvent*) + 602

11  org.qt-project.QtCore         0x0000000105031608
QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) + 88

12  org.qt-project.QtCore         0x00000001050312b6
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 166

13  org.qt-project.QtCore         0x00000001050901e3
QEventDispatcherUNIXPrivate::activateSocketNotifiers() + 99

14  org.qt-project.QtCore         0x0000000105090c6b
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 907

15  org.qt-project.QtCore         0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

16  org.qt-project.QtCore         0x0000000105031852
QCoreApplication::exec() + 130

17  backend                       0x0000000103dee7ba main + 938

18  libdyld.dylib                 0x00007fff20378f3d start + 1


Thread 1:: Qt bearer thread

0   libsystem_kernel.dylib        0x00007fff2032e9ca poll + 10

1   org.qt-project.QtCore         0x000000010508f45c qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 220

2   org.qt-project.QtCore         0x0000000105090bf6
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 790

3   org.qt-project.QtCore         0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4   org.qt-project.QtCore         0x0000000104e6b993 QThread::exec() + 131

5   org.qt-project.QtCore         0x0000000104e6c8a9 0x104e4b000 + 137385

6   libsystem_pthread.dylib       0x00007fff2035d8fc _pthread_start + 224

7   libsystem_pthread.dylib       0x00007fff20359443 thread_start + 15


Thread 2:: QNetworkAccessManager thread

0   libsystem_kernel.dylib        0x00007fff2032e9ca poll + 10

1   org.qt-project.QtCore         0x000000010508f3de qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 94

2   org.qt-project.QtCore         0x0000000105090bf6
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 790

3   org.qt-project.QtCore         0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4   org.qt-project.QtCore         0x0000000104e6b993 QThread::exec() + 131

5   org.qt-project.QtCore         0x0000000104e6c8a9 0x104e4b000 + 137385

6   libsystem_pthread.dylib       0x00007fff2035d8fc _pthread_start + 224

7   libsystem_pthread.dylib       0x00007fff20359443 thread_start + 15


Thread 3:

0   libsystem_pthread.dylib       0x00007fff20359420 start_wqthread + 0


Thread 0 crashed with X86 Thread State (64-bit):

  rax: 0x0000000000000003  rbx: 0x0000000000000001  rcx: 0x00007fca83054848
rdx: 0x0000000000000000

  rdi: 0x00007fca81f25ef0  rsi: 0x0000000000000000  rbp: 0x00007ffeebe163b0
rsp: 0x00007ffeebe163b0

   r8: 0x0000000000000010   r9: 0x00007fca83054800  r10: 0x0000000000000400
r11: 0x0000000000000206

  r12: 0x0000000000000000  r13: 0x0000000000000027  r14: 0x00007fca80f0bc20
r15: 0x00007fca81f25ef0

  rip: 0x00007fff32e93dd3  rfl: 0x0000000000010246  cr2: 0x0000000000000008



Logical CPU:     2

Error Code:      0x00000006 (no mapping for user data write)

Trap Number:     14


Thanks,

Frank

-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to