Skip to content

Instantly share code, notes, and snippets.

@agentzh
Last active February 28, 2019 04:46
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save agentzh/534aabb3a5bc75ff62b8fd25e3d371e0 to your computer and use it in GitHub Desktop.
Mozilla rr debugging session for a bug in LuaJIT's GC: https://github.com/openresty/luajit2/issues/42#issuecomment-468092267
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 return ret;
(rr) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f2e1be7a5b9 in __GI_abort () at abort.c:79
#2 0x00007f2e1be7a491 in __assert_fail_base (fmt=0x7f2e1bfdd048 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x7f2e1cb2be68 "!((((o1)->it) - ((~4u)+1)) > ((~13u) - ((~4u)+1))) || ((~((o1)->it) == (((GCobj *)(uintptr_t)((o1)->gcr).gcptr32))->gch.gct) && !(((((GCobj *)(uintptr_t)((o1)->gcr).gcptr32)))->gch.marked & ((((global"...,
file=0x7f2e1cb2be5a "lj_obj.h", line=926, function=<optimized out>) at assert.c:92
#3 0x00007f2e1be88612 in __GI___assert_fail (
assertion=0x7f2e1cb2be68 "!((((o1)->it) - ((~4u)+1)) > ((~13u) - ((~4u)+1))) || ((~((o1)->it) == (((GCobj *)(uintptr_t)((o1)->gcr).gcptr32))->gch.gct) && !(((((GCobj *)(uintptr_t)((o1)->gcr).gcptr32)))->gch.marked & ((((global"...,
file=0x7f2e1cb2be5a "lj_obj.h", line=926, function=0x7f2e1cb2c6c7 <__PRETTY_FUNCTION__.4258> "copyTV") at assert.c:101
#4 0x00007f2e1cb09c55 in copyTV (o2=0x40dc74e0, o1=0x40d807b8, L=0x40d802c8) at lj_obj.h:926
#5 lj_cf_ffi_clib___index (L=0x40d802c8) at lib_ffi.c:389
#6 0x00007f2e1ca3e01b in lj_BC_FUNCC () from /home/agentzh/git/luajit-bug-report/luajit/lib/libluajit-5.1.so.2
#7 0x00007f2e1ca64543 in lua_resume (L=0x40d802c8, nargs=0) at lj_api.c:1221
#8 0x000000000049ce20 in ngx_http_lua_run_thread (L=L@entry=0x40db6378, r=r@entry=0x14a8af0, ctx=ctx@entry=0x14a9718, nrets=<optimized out>, nrets@entry=0)
at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_util.c:1084
#9 0x000000000049f0bb in ngx_http_lua_content_by_chunk (L=L@entry=0x40db6378, r=r@entry=0x14a8af0) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:122
#10 0x000000000049f257 in ngx_http_lua_content_handler_inline (r=0x14a8af0) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:312
#11 0x000000000049eb37 in ngx_http_lua_content_handler (r=0x14a8af0) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:224
#12 0x0000000000441543 in ngx_http_core_content_phase (r=0x14a8af0, ph=<optimized out>) at src/http/ngx_http_core_module.c:1169
#13 0x000000000043c2fd in ngx_http_core_run_phases (r=r@entry=0x14a8af0) at src/http/ngx_http_core_module.c:858
#14 0x000000000043c3a0 in ngx_http_handler (r=r@entry=0x14a8af0) at src/http/ngx_http_core_module.c:841
#15 0x0000000000443fd7 in ngx_http_process_request (r=r@entry=0x14a8af0) at src/http/ngx_http_request.c:1952
#16 0x0000000000446200 in ngx_http_process_request_headers (rev=rev@entry=0x7f2e1d668370) at src/http/ngx_http_request.c:1379
#17 0x00000000004464f4 in ngx_http_process_request_line (rev=rev@entry=0x7f2e1d668370) at src/http/ngx_http_request.c:1052
#18 0x0000000000446d78 in ngx_http_keepalive_handler (rev=0x7f2e1d668370) at src/http/ngx_http_request.c:3238
#19 0x000000000043903c in ngx_epoll_process_events (cycle=<optimized out>, timer=<optimized out>, flags=<optimized out>) at src/event/modules/ngx_epoll_module.c:902
#20 0x0000000000430965 in ngx_process_events_and_timers (cycle=cycle@entry=0x14a0de0) at src/event/ngx_event.c:242
#21 0x000000000043845a in ngx_single_process_cycle (cycle=cycle@entry=0x14a0de0) at src/os/unix/ngx_process_cycle.c:310
#22 0x0000000000412b74 in main (argc=5, argv=<optimized out>) at src/core/nginx.c:379
(rr) fr 4
#4 0x00007f2e1cb09c55 in copyTV (o2=0x40dc74e0, o1=0x40d807b8, L=0x40d802c8) at lj_obj.h:926
926 *o1 = *o2; tvchecklive(L, o1);
(rr) ltvlive L o1
is dead
tv is white
gco is white
(rr) ltvlive L o2
is dead
tv is white
gco is white
(rr) lval o1
type cdata
cdata object: (GCcdata*)0x40d7b338
cdata value pointer: (void*)0x40d7b340
ctype object: (CType*)0x40d72aa0
ctype size: 1 byte(s)
ctype type: func
ctype element name: free
(rr) lbt
builtin#187
@/home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:333
@/home/agentzh/git/luajit-bug-report//lua/test.lua:15
=content_by_lua(nginx.conf:43):5
# /home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:333:
C.free(str_value_buf[0])
(rr) lfunc shdict.lua 281
Found Lua function (GCfunc*)0x40dd46d8 at @/home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:281
(rr) luv (GCfunc*)0x40dd46d8
Found 17 upvalues.
upvalue "check_zone": value=(TValue*)0x40dcf548 value_type=function closed=1
upvalue "type": value=(TValue*)0x40dca958 value_type=function closed=1
upvalue "tostring": value=(TValue*)0x40db9920 value_type=function closed=1
upvalue "get_string_buf_size": value=(TValue*)0x40dc9b90 value_type=function closed=1
upvalue "get_string_buf": value=(TValue*)0x40dc9bb0 value_type=function closed=1
upvalue "str_value_buf": value=(TValue*)0x40dcfe10 value_type=cdata closed=1
upvalue "get_size_ptr": value=(TValue*)0x40dcf598 value_type=function closed=1
upvalue "ngx_lua_ffi_shdict_get": value=(TValue*)0x40dca180 value_type=cdata closed=1
upvalue "value_type": value=(TValue*)0x40dc9f60 value_type=cdata closed=1
upvalue "num_value": value=(TValue*)0x40dcb2b0 value_type=cdata closed=1
upvalue "user_flags": value=(TValue*)0x40db7970 value_type=cdata closed=1
upvalue "is_stale": value=(TValue*)0x40db7990 value_type=cdata closed=1
upvalue "errmsg": value=(TValue*)0x40dcf610 value_type=cdata closed=1
upvalue "ffi_str": value=(TValue*)0x40dc9a70 value_type=function closed=1
upvalue "error": value=(TValue*)0x40dc5e40 value_type=function closed=1
upvalue "tonumber": value=(TValue*)0x40dcee10 value_type=function closed=1
upvalue "C": value=(TValue*)0x40dd45f8 value_type=userdata closed=1
(rr) lval (TValue*)0x40dd45f8
udata type: ffi clib
payload len: 16
payload ptr: 0x40dc8ed8
CLibrary handle: (void*)0x0
CLibrary cache: (GCtab*)0x40dc8e98
(rr) lgcolive L (GCtab*)0x40dc8e98
gco is black
(rr) ltabgets (GCtab*)0x40dc8e98 free
(TValue*)0x40dc74e0
type cdata
cdata object: (GCcdata*)0x40d7b338
cdata value pointer: (void*)0x40d7b340
ctype object: (CType*)0x40d72aa0
ctype size: 1 byte(s)
ctype type: func
ctype element name: free
(rr) fr 4
#4 0x00007f2e1cb09c55 in copyTV (o2=0x40dc74e0, o1=0x40d807b8, L=0x40d802c8) at lj_obj.h:926
926 *o1 = *o2; tvchecklive(L, o1);
(rr) lval o1
type cdata
cdata object: (GCcdata*)0x40d7b338
cdata value pointer: (void*)0x40d7b340
ctype object: (CType*)0x40d72aa0
ctype size: 1 byte(s)
ctype type: func
ctype element name: free
(rr) p ((GCobj*)0x40d7b338)->gch.marked
$5 = 2 '\002'
(rr) watch -l ((GCobj*)0x40d7b338)->gch.marked
Hardware watchpoint 2: -location ((GCobj*)0x40d7b338)->gch.marked
(rr) reverse-cont
Continuing.
Hardware watchpoint 2: -location ((GCobj*)0x40d7b338)->gch.marked
Old value = 2 '\002'
New value = 0 '\000'
0x00007f2e1ca43fbc in lj_mem_newgco (L=0x40dcb4d8, size=16) at lj_gc.c:838
838 newwhite(g, o);
(rr) bt
#0 0x00007f2e1ca43fbc in lj_mem_newgco (L=0x40dcb4d8, size=16) at lj_gc.c:838
#1 0x00007f2e1cae4015 in lj_cdata_new (sz=8, id=169, cts=0x40dc68c0) at lj_cdata.h:45
#2 lj_clib_index (L=0x40dcb4d8, cl=0x40dc8ed8, name=0x40dc8e50) at lj_clib.c:384
#3 0x00007f2e1cb097dc in ffi_clib_index (L=0x40dcb4d8) at lib_ffi.c:370
#4 0x00007f2e1cb097fa in lj_cf_ffi_clib___index (L=0x40dcb4d8) at lib_ffi.c:375
#5 0x00007f2e1ca3e01b in lj_BC_FUNCC () from /home/agentzh/git/luajit-bug-report/luajit/lib/libluajit-5.1.so.2
#6 0x00007f2e1ca64543 in lua_resume (L=0x40dcb4d8, nargs=0) at lj_api.c:1221
#7 0x000000000049ce20 in ngx_http_lua_run_thread (L=L@entry=0x40db6378, r=r@entry=0x14a6600, ctx=ctx@entry=0x14a7228, nrets=<optimized out>, nrets@entry=0)
at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_util.c:1084
#8 0x000000000049f0bb in ngx_http_lua_content_by_chunk (L=L@entry=0x40db6378, r=r@entry=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:122
#9 0x000000000049f257 in ngx_http_lua_content_handler_inline (r=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:312
#10 0x000000000049eb37 in ngx_http_lua_content_handler (r=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:224
#11 0x0000000000441543 in ngx_http_core_content_phase (r=0x14a6600, ph=<optimized out>) at src/http/ngx_http_core_module.c:1169
#12 0x000000000043c2fd in ngx_http_core_run_phases (r=r@entry=0x14a6600) at src/http/ngx_http_core_module.c:858
#13 0x000000000043c3a0 in ngx_http_handler (r=r@entry=0x14a6600) at src/http/ngx_http_core_module.c:841
#14 0x0000000000443fd7 in ngx_http_process_request (r=r@entry=0x14a6600) at src/http/ngx_http_request.c:1952
#15 0x0000000000446200 in ngx_http_process_request_headers (rev=rev@entry=0x7f2e1d6680d0) at src/http/ngx_http_request.c:1379
#16 0x00000000004464f4 in ngx_http_process_request_line (rev=rev@entry=0x7f2e1d6680d0) at src/http/ngx_http_request.c:1052
#17 0x00000000004469d4 in ngx_http_wait_request_handler (rev=0x7f2e1d6680d0) at src/http/ngx_http_request.c:510
#18 0x000000000043903c in ngx_epoll_process_events (cycle=<optimized out>, timer=<optimized out>, flags=<optimized out>) at src/event/modules/ngx_epoll_module.c:902
#19 0x0000000000430965 in ngx_process_events_and_timers (cycle=cycle@entry=0x14a0de0) at src/event/ngx_event.c:242
#20 0x000000000043845a in ngx_single_process_cycle (cycle=cycle@entry=0x14a0de0) at src/os/unix/ngx_process_cycle.c:310
#21 0x0000000000412b74 in main (argc=5, argv=<optimized out>) at src/core/nginx.c:379
(rr) fr 4
#4 0x00007f2e1cb097fa in lj_cf_ffi_clib___index (L=0x40dcb4d8) at lib_ffi.c:375
375 TValue *tv = ffi_clib_index(L);
(rr) tb +1
Temporary breakpoint 3 at 0x7f2e1cb09802: file lib_ffi.c, line 376.
(rr) c
Continuing.
Temporary breakpoint 3, lj_cf_ffi_clib___index (L=0x40dcb4d8) at lib_ffi.c:376
376 if (tviscdata(tv)) {
(rr) ltvlive L tv
tv is white
gco is white
(rr) bt
#0 lj_cf_ffi_clib___index (L=0x40dcb4d8) at lib_ffi.c:376
#1 0x00007f2e1ca3e01b in lj_BC_FUNCC () from /home/agentzh/git/luajit-bug-report/luajit/lib/libluajit-5.1.so.2
#2 0x00007f2e1ca64543 in lua_resume (L=0x40dcb4d8, nargs=0) at lj_api.c:1221
#3 0x000000000049ce20 in ngx_http_lua_run_thread (L=L@entry=0x40db6378, r=r@entry=0x14a6600, ctx=ctx@entry=0x14a7228, nrets=<optimized out>, nrets@entry=0)
at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_util.c:1084
#4 0x000000000049f0bb in ngx_http_lua_content_by_chunk (L=L@entry=0x40db6378, r=r@entry=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:122
#5 0x000000000049f257 in ngx_http_lua_content_handler_inline (r=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:312
#6 0x000000000049eb37 in ngx_http_lua_content_handler (r=0x14a6600) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_contentby.c:224
#7 0x0000000000441543 in ngx_http_core_content_phase (r=0x14a6600, ph=<optimized out>) at src/http/ngx_http_core_module.c:1169
#8 0x000000000043c2fd in ngx_http_core_run_phases (r=r@entry=0x14a6600) at src/http/ngx_http_core_module.c:858
#9 0x000000000043c3a0 in ngx_http_handler (r=r@entry=0x14a6600) at src/http/ngx_http_core_module.c:841
#10 0x0000000000443fd7 in ngx_http_process_request (r=r@entry=0x14a6600) at src/http/ngx_http_request.c:1952
#11 0x0000000000446200 in ngx_http_process_request_headers (rev=rev@entry=0x7f2e1d6680d0) at src/http/ngx_http_request.c:1379
#12 0x00000000004464f4 in ngx_http_process_request_line (rev=rev@entry=0x7f2e1d6680d0) at src/http/ngx_http_request.c:1052
#13 0x00000000004469d4 in ngx_http_wait_request_handler (rev=0x7f2e1d6680d0) at src/http/ngx_http_request.c:510
#14 0x000000000043903c in ngx_epoll_process_events (cycle=<optimized out>, timer=<optimized out>, flags=<optimized out>) at src/event/modules/ngx_epoll_module.c:902
#15 0x0000000000430965 in ngx_process_events_and_timers (cycle=cycle@entry=0x14a0de0) at src/event/ngx_event.c:242
#16 0x000000000043845a in ngx_single_process_cycle (cycle=cycle@entry=0x14a0de0) at src/os/unix/ngx_process_cycle.c:310
#17 0x0000000000412b74 in main (argc=5, argv=<optimized out>) at src/core/nginx.c:379
(rr) lfunc shdict.lua 281
Found Lua function (GCfunc*)0x40dd46d8 at @/home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:281
(rr) luv (GCfunc*)0x40dd46d8
Found 17 upvalues.
upvalue "check_zone": value=(TValue*)0x40dcf548 value_type=function closed=1
upvalue "type": value=(TValue*)0x40dca958 value_type=function closed=1
upvalue "tostring": value=(TValue*)0x40db9920 value_type=function closed=1
upvalue "get_string_buf_size": value=(TValue*)0x40dc9b90 value_type=function closed=1
upvalue "get_string_buf": value=(TValue*)0x40dc9bb0 value_type=function closed=1
upvalue "str_value_buf": value=(TValue*)0x40dcfe10 value_type=cdata closed=1
upvalue "get_size_ptr": value=(TValue*)0x40dcf598 value_type=function closed=1
upvalue "ngx_lua_ffi_shdict_get": value=(TValue*)0x40dca180 value_type=cdata closed=1
upvalue "value_type": value=(TValue*)0x40dc9f60 value_type=cdata closed=1
upvalue "num_value": value=(TValue*)0x40dcb2b0 value_type=cdata closed=1
upvalue "user_flags": value=(TValue*)0x40db7970 value_type=cdata closed=1
upvalue "is_stale": value=(TValue*)0x40db7990 value_type=cdata closed=1
upvalue "errmsg": value=(TValue*)0x40dcf610 value_type=cdata closed=1
upvalue "ffi_str": value=(TValue*)0x40dc9a70 value_type=function closed=1
upvalue "error": value=(TValue*)0x40dc5e40 value_type=function closed=1
upvalue "tonumber": value=(TValue*)0x40dcee10 value_type=function closed=1
upvalue "C": value=(TValue*)0x40dd45f8 value_type=userdata closed=1
(rr) lval (TValue*)0x40dd45f8
udata type: ffi clib
payload len: 16
payload ptr: 0x40dc8ed8
CLibrary handle: (void*)0x0
CLibrary cache: (GCtab*)0x40dc8e98
(rr) lgcolive L (GCtab*)0x40dc8e98
gco is black
(rr) del
Delete all breakpoints? (y or n) y
(rr) watch -l n->key
Hardware watchpoint 9: -location n->key
(rr) reverse-cont
Continuing.
warning: Corrupted shared library list: 0x14a85d0 != 0x7f2e1d7cbfa0
Hardware watchpoint 9: -location n->key
Old value =
{u64 = 18446744053322911312, n = -nan(0xffffb40dc8e50), {{gcr = {gcptr32 = 1088196176}, i = 1088196176}, it = 4294967291}, fr = {func = {gcptr32 = 1088196176}, tp = {ftsz = -5, pcr = {ptr32 = 4294967291}}}, u32 = {lo = 1088196176, hi = 4294967291}}
New value = {u64 = 18446744069414584436, n = -nan(0xfffff00000074), {{gcr = {gcptr32 = 116}, i = 116}, it = 4294967295}, fr = {func = {gcptr32 = 116}, tp = {ftsz = -1, pcr = {ptr32 = 4294967295}}}, u32 = {lo = 116, hi = 4294967295}}
0x00007f2e1ca4aad8 in lj_tab_newkey (L=0x40db6378, t=0x40dc8e98, key=0x7ffe92bc4038) at lj_tab.c:529
529 n->key.u64 = key->u64;
(rr) bt
#0 0x00007f2e1ca4aad8 in lj_tab_newkey (L=0x40db6378, t=0x40dc8e98, key=0x7ffe92bc4038) at lj_tab.c:529
#1 0x00007f2e1ca4af70 in lj_tab_setstr (L=0x40db6378, t=0x40dc8e98, key=0x40dc8e50) at lj_tab.c:559
#2 0x00007f2e1cae3a67 in lj_clib_index (L=0x40db6378, cl=0x40dc8ed8, name=0x40dc8e50) at lj_clib.c:343
#3 0x00007f2e1cb097dc in ffi_clib_index (L=0x40db6378) at lib_ffi.c:370
#4 0x00007f2e1cb097fa in lj_cf_ffi_clib___index (L=0x40db6378) at lib_ffi.c:375
#5 0x00007f2e1ca3e01b in lj_BC_FUNCC () from /home/agentzh/git/luajit-bug-report/luajit/lib/libluajit-5.1.so.2
#6 0x00007f2e1ca63c6c in lua_call (L=0x40db6378, nargs=1, nresults=1) at lj_api.c:1111
#7 0x00007f2e1cb01e88 in lj_cf_package_require (L=0x40db6378) at lib_package.c:459
#8 0x00007f2e1ca3e01b in lj_BC_FUNCC () from /home/agentzh/git/luajit-bug-report/luajit/lib/libluajit-5.1.so.2
#9 0x00007f2e1ca63e13 in lua_pcall (L=0x40db6378, nargs=0, nresults=0, errfunc=9) at lj_api.c:1129
#10 0x000000000049e4f8 in ngx_http_lua_do_call (log=log@entry=0x14a0df8, L=L@entry=0x40db6378) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_util.c:4108
#11 0x00000000004aee45 in ngx_http_lua_init_by_inline (log=0x14a0df8, lmcf=<optimized out>, L=0x40db6378) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_initby.c:26
#12 0x00000000004ac3b4 in ngx_http_lua_shared_memory_init (shm_zone=<optimized out>, data=<optimized out>) at /home/agentzh/git/luajit-bug-report/lua-nginx-module-0.10.14/src/ngx_http_lua_api.c:203
#13 0x0000000000423e4e in ngx_init_cycle (old_cycle=old_cycle@entry=0x7ffe92bc4770) at src/core/ngx_cycle.c:484
#14 0x00000000004128e0 in main (argc=5, argv=<optimized out>) at src/core/nginx.c:291
(rr) lbt
builtin#187
@/home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:142
builtin#20
@/home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:142
C:lj_cf_package_require
=init_by_lua:3
# /home/agentzh/git/luajit-bug-report//lua/resty/core/shdict.lua:142:
if not pcall(function () return C.free end) then
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment