search

starwing / lua-protobuf

A Lua module to work with Google protobuf
MIT License
1.74k stars 387 forks source link

pb.so causes nginx to segfault #249

Closed ms2008 closed 1 year ago

ms2008 commented 1 year ago

No stable reproduction steps yet.

version: 0.3.3 nginx version: openresty/1.19.9.1 os version: Ubuntu 22.04.3

nginx[18869]: segfault at 10 ip 00007f4fcefcb1de sp 00007ffccdf07880 error 4 in pb.so[7f4fcefc7000+c000]
Code: 89 fd 53 48 8d 5f 18 48 89 df 48 83 ec 10 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 89 e6 e8 b6 cd ff ff 85 c0 74 0a <48> 8b 04 25 10 00 00 00 0f 0b 48 8b 7d 28 4c 8d 65 30 e8 4b c3 ff
nginx[18880]: segfault at 10 ip 00007f4fcefcb1de sp 00007ffccdf07630 error 4 in pb.so[7f4fcefc7000+c000]
Code: 89 fd 53 48 8d 5f 18 48 89 df 48 83 ec 10 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 89 e6 e8 b6 cd ff ff 85 c0 74 0a <48> 8b 04 25 10 00 00 00 0f 0b 48 8b 7d 28 4c 8d 65 30 e8 4b c3 ff
nginx[18878]: segfault at 10 ip 00007f4fcefcb1de sp 00007ffccdf07740 error 4 in pb.so[7f4fcefc7000+c000]
Code: 89 fd 53 48 8d 5f 18 48 89 df 48 83 ec 10 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 89 e6 e8 b6 cd ff ff 85 c0 74 0a <48> 8b 04 25 10 00 00 00 0f 0b 48 8b 7d 28 4c 8d 65 30 e8 4b c3 ff
starwing commented 1 year ago

is there any stack information about the crash?

ms2008 commented 1 year ago

Sure thing, here it is

Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/2616' in core file too small.
#0  0x00007f5c1523b1de in pb_free.part () from /usr/local/lib/lua/5.1/pb.so
(gdb) bt
#0  0x00007f5c1523b1de in pb_free.part () from /usr/local/lib/lua/5.1/pb.so
#1  0x00007f5c1523bded in Lpb_delete () from /usr/local/lib/lua/5.1/pb.so
#2  0x00007f5c2c3adbc2 in lj_BC_FUNCC () from /usr/local/openresty/luajit/lib/libluajit-5.1.so.2
#3  0x00007f5c2c3b03ef in gc_call_finalizer (g=0x55d153a45270, L=L@entry=0x55d153a45200, mo=<optimized out>, o=0x55d153c13df0) at lj_gc.c:511
#4  0x00007f5c2c3b06d8 in gc_finalize (L=L@entry=0x55d153a45200) at lj_gc.c:558
#5  0x00007f5c2c3b1e08 in lj_gc_finalize_udata (L=L@entry=0x55d153a45200) at lj_gc.c:565
#6  0x00007f5c2c3bdb9e in cpfinalize (L=0x55d153a45200, dummy=<optimized out>, ud=<optimized out>) at lj_state.c:272
#7  0x00007f5c2c3adfb8 in lj_vm_cpcall () from /usr/local/openresty/luajit/lib/libluajit-5.1.so.2
#8  0x00007f5c2c3bdf88 in lua_close (L=0x55d153a45200) at lj_state.c:298
#9  0x000055d1509e5f27 in ngx_http_lua_cleanup_vm ()
#10 0x000055d1508fbea6 in ngx_destroy_pool ()
#11 0x000055d150925a0d in ngx_daemon ()
#12 0x000055d1508f9804 in main ()
(gdb)
starwing commented 1 year ago

Do you use the latest version of the module? I mean the HEAD of master branch. In the past there were indeed a crash bug in pb_free, you could try the latest version again.

ms2008 commented 1 year ago

After upgrading to 0.5.0, I don't see a segfault yet.