One of my programs that uses FFI somtimes (rarely) segfaults
in LuaJIT, even with -joff. I have recompiled luajit with debug
symbols and -O0 and obtained a core dump which I could analyse
in GCC. Here is the error:
#0 0x00000000004672ca in lj_cconv_ct_ct (cts=0x41d8e4a0,
d=0x41d95ba0,
s=0x41d95b20, dp=0x4199f480 "",
sp=0x4095b000 <Address 0x4095b000 out of bounds>, flags=0)
at lj_cconv.c:241
241 else i = *(uint8_t *)sp;
And the backtrace:
#0 0x00000000004672ca in lj_cconv_ct_ct (cts=0x41d8e4a0,
d=0x41d95ba0,
s=0x41d95b20, dp=0x4199f480 "",
sp=0x4095b000 <Address 0x4095b000 out of bounds>, flags=0)
at lj_cconv.c:241
#1 0x0000000000467c51 in lj_cconv_tv_ct (cts=0x41d8e4a0,
s=0x41d95b20, sid=6,
o=0x4199f480, sp=0x4095b000 <Address 0x4095b000 out of bounds>)
at lj_cconv.c:388
#2 0x0000000000466560 in lj_cdata_get (cts=0x41d8e4a0,
s=0x41d95b20,
o=0x4199f480, sp=0x4095b000 <Address 0x4095b000 out of bounds>)
at lj_cdata.c:237
#3 0x000000000042a6fe in lj_cf_ffi_meta___index (L=0x41e09378)
at lib_ffi.c:150
#4 0x000000000042fb33 in lj_BC_FUNCC ()
#5 0x0000000000410acb in lua_pcall (L=0x41e09378, nargs=2,
nresults=-1,
errfunc=2) at lj_api.c:1034
#6 0x00000000004039cd in docall (L=0x41e09378, narg=2, clear=0)
at luajit.c:126
#7 0x0000000000404392 in handle_script (L=0x41e09378,
argv=0x7fffe2c26df8,
n=4) at luajit.c:290
#8 0x0000000000404f60 in pmain (L=0x41e09378) at luajit.c:525
#9 0x000000000042fb33 in lj_BC_FUNCC ()
#10 0x0000000000410c95 in lua_cpcall (L=0x41e09378, func=0x404dd3
<pmain>,
ud=0x7fffe2c26cf0) at lj_api.c:1056
Can anybody help me understand what is going on there? I am
probably doing something wrong with the FFI somewhere but I
cannot pinpoint exactly where in the program, and it looks
like the segfault doesn't always happen at the same stage
so I suspect it happens on deallocation by the GC...