lua-io-nginx-module icon indicating copy to clipboard operation
lua-io-nginx-module copied to clipboard

Published 20 hours ago verified publisher icon tokers

Memory usage after free

Open splitice opened this issue 3 years ago • 1 comments

We upgraded to a newer openresty and begun to see segfaults.

Valgrind output:

==32455== Invalid read of size 8
==32455==    at 0x20C72D: ngx_thread_pool_handler (ngx_thread_pool.c:387)
==32455==    by 0x20A923: ngx_epoll_notify_handler (ngx_epoll_module.c:456)
==32455==    by 0x20B47B: ngx_epoll_process_events (ngx_epoll_module.c:901)
==32455==    by 0x1FACE4: ngx_process_events_and_timers (ngx_event.c:247)
==32455==    by 0x208F79: ngx_worker_process_cycle (ngx_process_cycle.c:750)
==32455==    by 0x205988: ngx_spawn_process (ngx_process.c:199)
==32455==    by 0x207FC4: ngx_start_worker_processes (ngx_process_cycle.c:359)
==32455==    by 0x207692: ngx_master_process_cycle (ngx_process_cycle.c:131)
==32455==    by 0x1C6789: main (nginx.c:382)
==32455==  Address 0x88cb6c0 is 0 bytes inside a block of size 192 free'd
==32455==    at 0x48369AB: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32455==    by 0x1CA22F: ngx_destroy_pool (ngx_palloc.c:85)
==32455==    by 0x39FC7C: ngx_http_lua_close_fake_connection (ngx_http_lua_util.c:3812)
==32455==    by 0x39FA77: ngx_http_lua_close_fake_request (ngx_http_lua_util.c:3733)
==32455==    by 0x39F960: ngx_http_lua_finalize_fake_request (ngx_http_lua_util.c:3693)
==32455==    by 0x3C56AD: ngx_http_lua_ssl_cert_aborted (ngx_http_lua_ssl_certby.c:422)
==32455==    by 0x1CA1F1: ngx_destroy_pool (ngx_palloc.c:57)
==32455==    by 0x23172B: ngx_http_close_connection (ngx_http_request.c:3731)
==32455==    by 0x22BF36: ngx_http_ssl_handshake_handler (ngx_http_request.c:879)
==32455==    by 0x22BCE0: ngx_http_ssl_handshake (ngx_http_request.c:789)
==32455==    by 0x22AE56: ngx_http_init_connection (ngx_http_request.c:384)
==32455==    by 0x1FDC9F: ngx_event_accept (ngx_event_accept.c:308)
==32455==  Block was alloc'd at
==32455==    at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32455==    by 0x201E4F: ngx_alloc (ngx_alloc.c:22)
==32455==    by 0x1CA58A: ngx_palloc_large (ngx_palloc.c:220)
==32455==    by 0x1CA375: ngx_palloc (ngx_palloc.c:131)
==32455==    by 0x1CA78E: ngx_pcalloc (ngx_palloc.c:302)
==32455==    by 0x20C272: ngx_thread_task_alloc (ngx_thread_pool.c:219)
==32455==    by 0x412779: ngx_http_lua_io_thread_post_read_task (ngx_http_lua_io.c:248)
==32455==    by 0x411D05: ngx_http_lua_io_file_read_helper (ngx_http_lua_io_module.c:1750)
==32455==    by 0x40F98B: ngx_http_lua_io_file_read (ngx_http_lua_io_module.c:748)
==32455==    by 0x4D01AD5: lj_BC_FUNCC (in /usr/local/lib/libluajit-5.1.so.2.1.0)
==32455==    by 0x39B129: ngx_http_lua_run_thread (ngx_http_lua_util.c:1090)
==32455==    by 0x3C5A20: ngx_http_lua_ssl_cert_by_chunk (ngx_http_lua_ssl_certby.c:533)

After working down the changes the cause appears to be the new luajit2

It appears to be early free'ing of memory, perhaps thread pool memory allocated from the request pool?

splitice avatar Apr 03 '22 06:04 splitice

Issue went away when i fixed the underlying issue causing the ssl certificate bloock to abort.

Most likely this crash occurs only if the block is aborted. I can't see however how you could fix this.

splitice avatar Apr 03 '22 08:04 splitice