Re: "Invalid free()" with C extension on OS X

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: "Invalid free()" with C extension on OS X
From: Peter Odding <peter@...>
Date: Tue, 15 Feb 2011 20:24:14 +0100

Hi Josh,

I'm writing the Lua/APR binding which currently includes a very naivemulti threading module. To improve the situation I'm trying to make itpossible to share (a selection of userdata) objects between Lua states.While working on this functionality I've been getting segmentationfaults with either of two stack traces, one originating from theoriginal thread, the other originating from the newly spawned thread.Here is one of those stack traces:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7fe6b70 (LWP 8556)]
0x003571ae in ?? () from /lib/libgcc_s.so.1
(gdb) thread 1

[Switching to thread 1 (Thread 0xb7fe76c0 (LWP 8554))]#0 0x00255ec0 in*__GI___libc_free (mem=0x806f9e0) at malloc.c:3736

(gdb) bt
#0  0x00255ec0 in *__GI___libc_free (mem=0x806f9e0) at malloc.c:3736

#1 0x0805a288 in l_alloc (ud=0x0, ptr=0x806f9d8, osize=32, nsize=0) atlauxlib.c:631#2 0x08052783 in luaM_realloc_ (L=0x806d008, block=0x806f9e0, osize=32,nsize=0) at lmem.c:79

#3  0x080566cc in luaH_free (L=0x806d008, t=0x806f9e0) at ltable.c:378

#4 0x08051f7f in freeobj (L=<value optimized out>, p=0x806d094,count=4294966552) at lgc.c:383#5 sweeplist (L=<value optimized out>, p=0x806d094, count=4294966552)at lgc.c:424

#6  0x08052032 in luaC_freeall (L=0x806d008) at lgc.c:487
#7  0x08055c74 in close_state (L=0x806d008) at lstate.c:108
#8  0x0804b81f in main (argc=4, argv=0xbffff544) at lua.c:621

It's not exactly the same as the stack trace you're getting but it doesseem very similar:

==79057== Invalid free() / delete / delete[]
==79057==    at 0x10005846F: free (vg_replace_malloc.c:366)
==79057==    by 0x10001BA7B: l_alloc (lauxlib.c:631)
==79057==    by 0x10000EF4B: luaM_realloc_ (lmem.c:79)
==79057==    by 0x100014D71: luaH_free (ltable.c:376)
==79057==    by 0x10000C28C: freeobj (lgc.c:383)
==79057==    by 0x10000C3C8: sweeplist (lgc.c:424)
==79057==    by 0x10000C715: luaC_freeall (lgc.c:487)
==79057==    by 0x100013570: close_state (lstate.c:108)
==79057==    by 0x100013A43: lua_close (lstate.c:212)
==79057==    by 0x100001FC0: main (lua.c:389)
==79057==  Address 0x100760d00 is not stack'd, malloc'd or (recently) free'd

Anyway, to get to my point: I'm thinking my problem is related toallocating memory in one thread and then trying to deallocate the memoryin another thread (either that or a race condition between the memoryallocators of both threads). Might this be your problem as well? I'vetried looking throughhttps://github.com/haberman/upb/blob/master/lang_ext/lua/upb.c and don'tsee any threading code but that might live in another part of yourproject and I don't have time to look through all of it.


I hope you manage to pinpoint the cause of your crash, good luck!

 - Peter Odding

PS. Despite tools like Valgrind and GDB I hate having to debug thesekinds of issues. I'll be glad when my binding works and I can retreat tothe safe sandbox that is Lua :-)

Follow-Ups:
- Re: "Invalid free()" with C extension on OS X, Luiz Henrique de Figueiredo
- Re: "Invalid free()" with C extension on OS X, Josh Haberman

References:
- "Invalid free()" with C extension on OS X, Josh Haberman

Prev by Date: Re: Propsoal: a lua dialect without nil
Next by Date: Re: lpeg
Previous by thread: "Invalid free()" with C extension on OS X
Next by thread: Re: "Invalid free()" with C extension on OS X
Index(es):
- Date
- Thread