Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Videos Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users IRC / chat Mailing lists Everything curl [book] Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Curl 7.64.1 crash on MacOS.

From: Frank Spano via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 27 Jan 2022 12:45:24 -0500

Hello,


We’re experiencing an issue with a QT (single threaded) application when
using curl 7.64.1 (x86_64-apple-darwin20.0) - packaged on MacOS.

——-

curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport)
LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0

Release-Date: 2019-03-27

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp smb smbs smtp smtps telnet tftp

Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz
MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets

——-


Our program is sending ~800 requests per minute, and experiencing crashes
every ~5 minutes. We verified that every CurlEasy handle is
allocated/deallocated properly (no nullptr after allocation, no double
frees happening). When encountering the crash while running in a debugger,
we found a nullptr in a linked list - we assume this is CurlMulti’s linked
list of CurlEasy handles. As we checked that no curl handles were null when
allocated, it seems like there’s memory corruption for that to show up in
one of the linked lists. Since installing and building with curl 7.80.1,
we’re experiencing no issues - the program is no longer crashing. Our issue
was resolved, but we would like to know why this was happening - is this a
known bug? We were unable to find anyone experiencing the issue, but given
that this is the default version on macOS Big Sur currently, it may be
affecting other people as well.

———

curl 7.81.0 (x86_64-apple-darwin20.6.0) libcurl/7.81.0 (SecureTransport)
OpenSSL/1.1.1m zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.2
libssh2/1.10.0 nghttp2/1.46.0 librtmp/2.3 OpenLDAP/2.6.0

Release-Date: 2022-01-05

Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap
ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp

Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6
Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL TLS-SRP
UnixSockets zstd

——-

We’re using these settings:

curl.set(CURLOPT_URL, url);

curl.set(CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

curl.set(CURLOPT_POST, 1L);



Two of the stack traces we’ve seen multiple times listed below:

———————————————————————————————

Exception Type: EXC_BAD_ACCESS (SIGSEGV)

Exception Codes: KERN_INVALID_ADDRESS at 0x00000000000016a0

Exception Note: EXC_CORPSE_NOTIFY


Termination Signal: Segmentation fault: 11

Termination Reason: Namespace SIGNAL, Code 0xb

Terminating Process: exc handler [3483]


VM Regions Near 0x16a0:

-->

    __TEXT 106672000-1067a6000 [ 1232K] r-x/r-x
SM=COW /Applications/OurApp.app/Contents/MacOS/backend


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0 libcurl.4.dylib 0x00007fff32e978c7 multi_socket + 188

1 libcurl.4.dylib 0x00007fff32e97ac9
curl_multi_socket_action + 38

2 backend 0x000000010676182d
CurlMulti::curlSocketAction(int, int) + 45 (CurlMulti.cpp:156)

3 backend 0x00000001067617a0
CurlMulti::socketReadyWrite(int) + 32 (CurlMulti.cpp:148)

4 backend 0x0000000106763732
QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<QSocketDescriptor>, void, void
(CurlMulti::*)(int)>::call(void (CurlMulti::*)(int), CurlMulti*, void**) +
146 (qobjectdefs_impl.h:152)

5 backend 0x000000010676368d void
QtPrivate::FunctionPointer<void
(CurlMulti::*)(int)>::call<QtPrivate::List<QSocketDescriptor>, void>(void
(CurlMulti::*)(int), CurlMulti*, void**) + 77 (qobjectdefs_impl.h:185)

6 backend 0x00000001067635e2
QtPrivate::QSlotObject<void (CurlMulti::*)(int),
QtPrivate::List<QSocketDescriptor>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 146
(qobjectdefs_impl.h:418)

7 org.qt-project.QtCore 0x00000001078d2374 0x1076bc000 + 2188148

8 org.qt-project.QtCore 0x00000001078da9cb
QSocketNotifier::event(QEvent*) + 491

9 org.qt-project.QtCore 0x00000001078a1e18
QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) + 88

10 org.qt-project.QtCore 0x00000001078a1ac7
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 167

11 org.qt-project.QtCore 0x0000000107900683
QEventDispatcherUNIXPrivate::activateSocketNotifiers() + 99

12 org.qt-project.QtCore 0x000000010790112d
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 925

13 org.qt-project.QtCore 0x000000010789e0c7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

14 org.qt-project.QtCore 0x00000001078a2062
QCoreApplication::exec() + 130

15 backend 0x0000000106674b15 main + 949
(main.cpp:81)

16 libdyld.dylib 0x00007fff20378f3d start + 1


Thread 1:

0 libsystem_pthread.dylib 0x00007fff20359420 start_wqthread + 0


Thread 2:: Qt bearer thread

0 libsystem_kernel.dylib 0x00007fff2032e9ca poll + 10

1 org.qt-project.QtCore 0x00000001078ff8ee qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 222

2 org.qt-project.QtCore 0x00000001079010bc
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 812

3 org.qt-project.QtCore 0x000000010789e0c7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4 org.qt-project.QtCore 0x00000001076ddc2c QThread::exec() + 140

5 org.qt-project.QtCore 0x00000001076deb3a 0x1076bc000 + 142138

6 libsystem_pthread.dylib 0x00007fff2035d8fc _pthread_start + 224

7 libsystem_pthread.dylib 0x00007fff20359443 thread_start + 15


Thread 0 crashed with X86 Thread State (64-bit):

  rax: 0x0000000000000000 rbx: 0x00007fb8db80c848 rcx: 0xc78a6768c259008a
rdx: 0x0000000000000000

  rdi: 0x00007fb8db82e2ac rsi: 0x00007ffee958d4b0 rbp: 0x00007ffee958d590
rsp: 0x00007ffee958d530

   r8: 0x0000000000000004 r9: 0x00007fb8db82e200 r10: 0x0000000000000400
r11: 0xffffffb9f22a0dfc

  r12: 0x00000000000c0be0 r13: 0x00007fb8d9819630 r14: 0x0000000000000000
r15: 0x0000000000000000

  rip: 0x00007fff32e978c7 rfl: 0x0000000000010206 cr2: 0x00000000000016a0



Logical CPU: 1

Error Code: 0x00000004 (no mapping for user data read)

Trap Number: 14

———————————————————————————————

Crashed Thread: 0 Dispatch queue: com.apple.main-thread


Exception Type: EXC_BAD_ACCESS (SIGSEGV)

Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000008

Exception Note: EXC_CORPSE_NOTIFY


Termination Signal: Segmentation fault: 11

Termination Reason: Namespace SIGNAL, Code 0xb

Terminating Process: exc handler [5603]


VM Regions Near 0x8:

-->

    __TEXT 103de9000-103f5d000 [ 1488K] r-x/r-x
SM=COW /Applications/OurApp.app/Contents/MacOS/backend


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0 libcurl.4.dylib 0x00007fff32e93dd3 Curl_llist_insert_next
+ 88

1 libcurl.4.dylib 0x00007fff32e951f3 singlesocket + 498

2 libcurl.4.dylib 0x00007fff32e97a2d multi_socket + 546

3 libcurl.4.dylib 0x00007fff32e97ac9
curl_multi_socket_action + 38

4 backend 0x0000000103f1262d
CurlMulti::curlSocketAction(int, int) + 45

5 backend 0x0000000103f125a0
CurlMulti::socketReadyWrite(int) + 32

6 backend 0x0000000103f14efe
QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<QSocketDescriptor>, void, void
(CurlMulti::*)(int)>::call(void (CurlMulti::*)(int), CurlMulti*, void**) +
158

7 backend 0x0000000103f14e58 void
QtPrivate::FunctionPointer<void
(CurlMulti::*)(int)>::call<QtPrivate::List<QSocketDescriptor>, void>(void
(CurlMulti::*)(int), CurlMulti*, void**) + 88

8 backend 0x0000000103f14d95
QtPrivate::QSlotObject<void (CurlMulti::*)(int),
QtPrivate::List<QSocketDescriptor>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 165

9 org.qt-project.QtCore 0x0000000105062042 0x104e4b000 + 2191426

10 org.qt-project.QtCore 0x000000010506a48a
QSocketNotifier::event(QEvent*) + 602

11 org.qt-project.QtCore 0x0000000105031608
QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) + 88

12 org.qt-project.QtCore 0x00000001050312b6
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 166

13 org.qt-project.QtCore 0x00000001050901e3
QEventDispatcherUNIXPrivate::activateSocketNotifiers() + 99

14 org.qt-project.QtCore 0x0000000105090c6b
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 907

15 org.qt-project.QtCore 0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

16 org.qt-project.QtCore 0x0000000105031852
QCoreApplication::exec() + 130

17 backend 0x0000000103dee7ba main + 938

18 libdyld.dylib 0x00007fff20378f3d start + 1


Thread 1:: Qt bearer thread

0 libsystem_kernel.dylib 0x00007fff2032e9ca poll + 10

1 org.qt-project.QtCore 0x000000010508f45c qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 220

2 org.qt-project.QtCore 0x0000000105090bf6
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 790

3 org.qt-project.QtCore 0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4 org.qt-project.QtCore 0x0000000104e6b993 QThread::exec() + 131

5 org.qt-project.QtCore 0x0000000104e6c8a9 0x104e4b000 + 137385

6 libsystem_pthread.dylib 0x00007fff2035d8fc _pthread_start + 224

7 libsystem_pthread.dylib 0x00007fff20359443 thread_start + 15


Thread 2:: QNetworkAccessManager thread

0 libsystem_kernel.dylib 0x00007fff2032e9ca poll + 10

1 org.qt-project.QtCore 0x000000010508f3de qt_safe_poll(pollfd*,
unsigned int, timespec const*) + 94

2 org.qt-project.QtCore 0x0000000105090bf6
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 790

3 org.qt-project.QtCore 0x000000010502d6b7
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471

4 org.qt-project.QtCore 0x0000000104e6b993 QThread::exec() + 131

5 org.qt-project.QtCore 0x0000000104e6c8a9 0x104e4b000 + 137385

6 libsystem_pthread.dylib 0x00007fff2035d8fc _pthread_start + 224

7 libsystem_pthread.dylib 0x00007fff20359443 thread_start + 15


Thread 3:

0 libsystem_pthread.dylib 0x00007fff20359420 start_wqthread + 0


Thread 0 crashed with X86 Thread State (64-bit):

  rax: 0x0000000000000003 rbx: 0x0000000000000001 rcx: 0x00007fca83054848
rdx: 0x0000000000000000

  rdi: 0x00007fca81f25ef0 rsi: 0x0000000000000000 rbp: 0x00007ffeebe163b0
rsp: 0x00007ffeebe163b0

   r8: 0x0000000000000010 r9: 0x00007fca83054800 r10: 0x0000000000000400
r11: 0x0000000000000206

  r12: 0x0000000000000000 r13: 0x0000000000000027 r14: 0x00007fca80f0bc20
r15: 0x00007fca81f25ef0

  rip: 0x00007fff32e93dd3 rfl: 0x0000000000010246 cr2: 0x0000000000000008



Logical CPU: 2

Error Code: 0x00000006 (no mapping for user data write)

Trap Number: 14


Thanks,

Frank 


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-01-27