Hello, Recently I observe my program crashing (sometimes) during system startup. (During system startup internet connection is down so a few first https/HTTP2 requests fail with CURLE_COULDNT_RESOLVE_HOST. Then internet connection goes up.) Then the program is restarted by supervisor and works fine. The program is cross-compiled for i686 and linked against libcurl 8.6.0, openssl 3.2.1, nghttp2 1.60.0, uClibc-ng 1.0.46. I don't have a full-blown debugging environment in this toolchain but managed to capture a backtrace: 0xb7b7f07f 0xb7f00c2d http2_data_done.isra.0+0x4D 0xb7f017d3 cf_h2_cntrl+0x199 0xb7ef063f Curl_conn_cf_cntrl+0x41 0xb7ef0685 cf_cntrl_all.constprop.0+0x2D 0xb7f07b3d Curl_detach_connection+0x2D 0xb7f1487e extract_if_dead+0x142 0xb7f148b4 call_extract_if_dead+0x11 0xb7ef1116 Curl_conncache_foreach+0x89 0xb7f16c31 Curl_connect+0x1948 0xb7f094a8 multi_runsingle+0x1E5 0xb7f0a398 curl_multi_perform+0xBB 0x804bd6f main+0x26F 0xb7ba6e83 __uClibc_main+0x15E 0x804be33 _start+0x21 (half of which looks similar to #12951)
Using objdump -d -S libcurl.so I found this: 1ec2a: 52 push %edx 1ec2b: 6a 00 push $0x0 -> 1ec2d: ff 36 push (%esi) 1ec2f: 50 push %eax 1ec30: e8 2b 84 fe ff call 7060 <nghttp2_session_set_stream_user_data@plt> ... what most probably matches accessing stream->id in lib/http2.c:288: > (void)nghttp2_session_set_stream_user_data(ctx->h2, stream->id, NULL); meaning that stream must have been not NULL but held an invalid pointer. Are you aware of a scenario in which a stale pointer to Curl_easy.req.p.http is kept in connection cache and then reused? Do you think https://github.com/curl/curl/pull/13096 may be related to this issue? -- Aleksander Mazur -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
