search

tokers / lua-io-nginx-module

"Non-Blocking" Lua Disk I/O APIs for OpenResty - Powered by Nginx's Thread Pool
BSD 2-Clause "Simplified" License
73 stars 15 forks source link

Memory usage after free #6

Open splitice opened 2 years ago

splitice commented 2 years ago

We upgraded to a newer openresty and begun to see segfaults.

Valgrind output:

==32455== Invalid read of size 8
==32455==    at 0x20C72D: ngx_thread_pool_handler (ngx_thread_pool.c:387)
==32455==    by 0x20A923: ngx_epoll_notify_handler (ngx_epoll_module.c:456)
==32455==    by 0x20B47B: ngx_epoll_process_events (ngx_epoll_module.c:901)
==32455==    by 0x1FACE4: ngx_process_events_and_timers (ngx_event.c:247)
==32455==    by 0x208F79: ngx_worker_process_cycle (ngx_process_cycle.c:750)
==32455==    by 0x205988: ngx_spawn_process (ngx_process.c:199)
==32455==    by 0x207FC4: ngx_start_worker_processes (ngx_process_cycle.c:359)
==32455==    by 0x207692: ngx_master_process_cycle (ngx_process_cycle.c:131)
==32455==    by 0x1C6789: main (nginx.c:382)
==32455==  Address 0x88cb6c0 is 0 bytes inside a block of size 192 free'd
==32455==    at 0x48369AB: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32455==    by 0x1CA22F: ngx_destroy_pool (ngx_palloc.c:85)
==32455==    by 0x39FC7C: ngx_http_lua_close_fake_connection (ngx_http_lua_util.c:3812)
==32455==    by 0x39FA77: ngx_http_lua_close_fake_request (ngx_http_lua_util.c:3733)
==32455==    by 0x39F960: ngx_http_lua_finalize_fake_request (ngx_http_lua_util.c:3693)
==32455==    by 0x3C56AD: ngx_http_lua_ssl_cert_aborted (ngx_http_lua_ssl_certby.c:422)
==32455==    by 0x1CA1F1: ngx_destroy_pool (ngx_palloc.c:57)
==32455==    by 0x23172B: ngx_http_close_connection (ngx_http_request.c:3731)
==32455==    by 0x22BF36: ngx_http_ssl_handshake_handler (ngx_http_request.c:879)
==32455==    by 0x22BCE0: ngx_http_ssl_handshake (ngx_http_request.c:789)
==32455==    by 0x22AE56: ngx_http_init_connection (ngx_http_request.c:384)
==32455==    by 0x1FDC9F: ngx_event_accept (ngx_event_accept.c:308)
==32455==  Block was alloc'd at
==32455==    at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32455==    by 0x201E4F: ngx_alloc (ngx_alloc.c:22)
==32455==    by 0x1CA58A: ngx_palloc_large (ngx_palloc.c:220)
==32455==    by 0x1CA375: ngx_palloc (ngx_palloc.c:131)
==32455==    by 0x1CA78E: ngx_pcalloc (ngx_palloc.c:302)
==32455==    by 0x20C272: ngx_thread_task_alloc (ngx_thread_pool.c:219)
==32455==    by 0x412779: ngx_http_lua_io_thread_post_read_task (ngx_http_lua_io.c:248)
==32455==    by 0x411D05: ngx_http_lua_io_file_read_helper (ngx_http_lua_io_module.c:1750)
==32455==    by 0x40F98B: ngx_http_lua_io_file_read (ngx_http_lua_io_module.c:748)
==32455==    by 0x4D01AD5: lj_BC_FUNCC (in /usr/local/lib/libluajit-5.1.so.2.1.0)
==32455==    by 0x39B129: ngx_http_lua_run_thread (ngx_http_lua_util.c:1090)
==32455==    by 0x3C5A20: ngx_http_lua_ssl_cert_by_chunk (ngx_http_lua_ssl_certby.c:533)

After working down the changes the cause appears to be the new luajit2

It appears to be early free'ing of memory, perhaps thread pool memory allocated from the request pool?

splitice commented 2 years ago

Issue went away when i fixed the underlying issue causing the ssl certificate bloock to abort.

Most likely this crash occurs only if the block is aborted. I can't see however how you could fix this.