MEM1_alloc crashing

[V10lator]

I'm using MEM1_alloc for a I/O queue and libWHBs crash handler catched this while running overnight:

0x01049438    0x90830000    stw        r4,0(r3)
0x0104943c    0x2c0c0000    cmpwi      cr0,r12,0x0
0x01049440    0x9184000c    stw        r12,12(r4)
0x01049444    0x4182ffe8    b          2,12,0x104942c
0x01049448    0x908c0008    stw        r4,8(r12)
0x0104944c    0x7c832378    or         r3,r4,r4
0x01049450    0x4e800020    bclr       20,0
0x01049454    0x81830000    lwz        r12,0(r3)
0x01049458    0x38000000    addi       r0,r0,0

Address:      Back Chain    LR Save
0x1097e7bc:   0x1097e7ec    0x1ad1b540 <unknown>+0x0
0x1097e7ec:   0x1097e7fc    0x0104975c coreinit.rpl|CoreInitDefaultHeap+0x91c
0x1097e7fc:   0x1097e81c    0x0104a0e0 coreinit.rpl|MEMAllocFromExpHeapEx+0xe0
0x1097e81c:   0x1097e834    0x0d017d18 homebrew_launcher|MEM1_alloc+0x4c
0x1097e834:   0x1097e85c    0x0d00e12c homebrew_launcher|getFastestEntry+0x30
0x1097e85c:   0x1097e88c    0x0d00e70c homebrew_launcher|addToIOQueue+0x40
0x1097e88c:   0x1097e8ac    0x0d137a08 nlibcurl|curl_getdate+0x2344
0x1097e8ac:   0x1097e8fc    0x0d13b9cc nlibcurl|curl_share_strerror+0x10b4
0x1097e8fc:   0x1097e964    0x0d13bf60 nlibcurl|curl_share_strerror+0x1648
0x1097e964:   0x1097e994    0x0d13c804 nlibcurl|curl_share_strerror+0x1eec
0x1097e994:   0x1097e9c4    0x0d13d6a0 nlibcurl|curl_share_strerror+0x2d88
0x1097e9c4:   0x1097e9dc    0x0d13d920 nlibcurl|curl_share_strerror+0x3008
0x1097e9dc:   0x1097e9ec    0x0d122f80 nlibcurl|curl_easy_perform+0xa8
0x1097e9ec:   0x1097f2ec    0x0d0125d4 homebrew_launcher|downloadFile+0x4e8
0x1097f2ec:   0x10980674    0x0d013b64 homebrew_launcher|downloadTitle+0x10c8
0x10980674:   0x10980af4    0x0d00cb14 homebrew_launcher|downloadMenu+0x640

Note that it seemed to run fine for hours before crashing and the I/O queue is allocating and freeing a lot (codes here: https://pastebin.com/4yzvA9gz ).

[V10lator]

And a new one. Weird that it always seems to be caused by libCURL:

0x01049438    0x90830000    stw        r4,0(r3)
0x0104943c    0x2c0c0000    cmpwi      cr0,r12,0x0
0x01049440    0x9184000c    stw        r12,12(r4)
0x01049444    0x4182ffe8    b          2,12,0x104942c
0x01049448    0x908c0008    stw        r4,8(r12)
0x0104944c    0x7c832378    or         r3,r4,r4
0x01049450    0x4e800020    bclr       20,0
0x01049454    0x81830000    lwz        r12,0(r3)
0x01049458    0x38000000    addi       r0,r0,0

Address:      Back Chain    LR Save
0x1077f4d4:   0x1077f504    0x00000000
0x1077f504:   0x1077f514    0x0104975c coreinit.rpl|CoreInitDefaultHeap+0x91c
0x1077f514:   0x1077f534    0x0104a0e0 coreinit.rpl|MEMAllocFromExpHeapEx+0xe0
0x1077f534:   0x1077f54c    0x0d013b90 homebrew_launcher|MEM1_alloc+0x4c
0x1077f54c:   0x1077f57c    0x0d00bab0 homebrew_launcher|addToIOQueue+0x4c
0x1077f57c:   0x1077f59c    0x0d127208 nlibcurl|curl_getdate+0x2344
0x1077f59c:   0x1077f5ec    0x0d12b1cc nlibcurl|curl_share_strerror+0x10b4
0x1077f5ec:   0x1077f654    0x0d12b760 nlibcurl|curl_share_strerror+0x1648
0x1077f654:   0x1077f684    0x0d12c004 nlibcurl|curl_share_strerror+0x1eec
0x1077f684:   0x1077f6b4    0x0d12cea0 nlibcurl|curl_share_strerror+0x2d88
0x1077f6b4:   0x1077f6cc    0x0d12d120 nlibcurl|curl_share_strerror+0x3008
0x1077f6cc:   0x1077f6dc    0x0d112780 nlibcurl|curl_easy_perform+0xa8
0x1077f6dc:   0x1077fc5c    0x0d00f918 homebrew_launcher|downloadFile+0x520
0x1077fc5c:   0x107810ac    0x0d011034 homebrew_launcher|downloadTitle+0x11c8
0x107810ac:   0x10781534    0x0d00a344 homebrew_launcher|downloadMenu+0x61c
0x10781534:   0x10781554    0x0d00af88 homebrew_launcher|mainMenu+0x80

[V10lator]

In case it's needed here's the addToIOQueue function:

size_t addToIOQueue(const void *buf, size_t size, size_t n, FILE *file)
{
    WriteQueueEntry *toAdd;
    void *newBuf;
    bool fast;

    if(buf != NULL)
    {
        size *= n;
        newBuf = MEM1_alloc(size, 4);
        fast = newBuf != NULL;
        if(fast)
        {
            toAdd = MEM1_alloc(sizeof(WriteQueueEntry), 4);
            if(toAdd == NULL)
            {
                MEM1_free(newBuf);
                fast = false;
            }
        }
        if(!fast)
        {
            newBuf = MEMAllocFromDefaultHeap(size);
            if(newBuf == NULL)
                return 0;

            toAdd = MEMAllocFromDefaultHeap(sizeof(WriteQueueEntry));
            if(toAdd == NULL)
            {
                MEMFreeToDefaultHeap(newBuf);
                return 0;
            }
#ifdef NUSSPLI_DEBUG
            if((writeQueueSize + size) >> 20 > maxWriteQueueSize)
            {
                maxWriteQueueSize = (writeQueueSize + size) >> 20;
                debugPrintf("I/O queue size: %d MB", maxWriteQueueSize);
            }
#endif
        }

        OSBlockMove(newBuf, buf, size, false);
    }
    else
    {
        toAdd = MEM1_alloc(sizeof(WriteQueueEntry), 4);
        fast = toAdd != NULL;
        if(!fast)
        {
            toAdd = MEMAllocFromDefaultHeap(sizeof(WriteQueueEntry));
            if(toAdd == NULL)
                return 0;
        }

        newBuf = NULL;
    }

    toAdd->buf = newBuf;
    toAdd->file = file;
    toAdd->size = size;
    toAdd->fast = fast;
    toAdd->next = NULL;

    lockIOQueueAgressive();
    if(newBuf != NULL)
    {
        while(writeQueueSize > MAX_IO_QUEUE_SIZE)
        {
            OSFastMutex_Unlock(writeQueueMutex);
            debugPrintf("Waiting for free slot...");
            OSSleepTicks(256);
            lockIOQueueAgressive();
        }

        writeQueueSize += size;
    }

    if(writeQueue == NULL)
        writeQueue = lastWriteQueueEntry = toAdd;
    else
        lastWriteQueueEntry = lastWriteQueueEntry->next = toAdd;

    OSFastMutex_Unlock(writeQueueMutex);
    return size;
}

It's wired to libCURL like this:

ret |= curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, toRam ? fwrite : addToIOQueue);
ret |= curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);