lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hello all,

Using the AFL fuzzer ( http://lcamtuf.coredump.cx/afl/ ) I found a few
segfaults (and a failed assertion, id:000019) in luac when inputting
files from stdin. All files are run with lua 5.2.3 and the patch from
http://www.lua.org/bugs.html by executing "luac - < inputfile".

Directly passing the input files instead of passing them through stdin
does not cause the segmentation faults. Some of the crashes only happen
sporadically (id:000001, id:000007). I'm on Linux x86_64 and haven't
tested if this affects any other platforms. All input files as well as
the accompanying gdb outputs are attached.

Dennis Felsing
function f(n)
  local x = q
  for i = 2,n do x = x * i
  end
  return x
end
funcMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMrint(a[###############################################################1].y)
Program received signal SIGSEGV, Segmentation fault.
0x000000000042d290 in traversestack (th=0x69dbf0, g=0x69c0e0) at lgc.c:509
509	    for (ci = &th->base_ci; ci != th->ci; ci = ci->next)
(gdb) bt
#0  0x000000000042d290 in traversestack (th=0x69dbf0, g=0x69c0e0) at lgc.c:509
#1  propagatemark (g=g@entry=0x69c0e0) at lgc.c:551
#2  0x000000000042f6f4 in singlestep (L=L@entry=0x69c010) at lgc.c:1054
#3  0x0000000000434118 in incstep (L=0x69c010) at lgc.c:1148
#4  luaC_forcestep (L=0x69c010) at lgc.c:1167
#5  0x000000000048f980 in luaX_newstring (l=<optimized out>, str=<optimized out>, ls=0x7fffffffb340) at llex.c:134
#6  llex (ls=ls@entry=0x7fffffffb390, seminfo=seminfo@entry=0x7fffffffb3a8) at llex.c:494
#7  0x0000000000491a71 in luaX_next (ls=0x7fffffffb390) at llex.c:521
#8  0x000000000044693f in fieldsel (v=0x7fffffffb150, ls=0x7fffffffb390) at lparser.c:621
#9  suffixedexp (ls=ls@entry=0x7fffffffb390, v=v@entry=0x7fffffffb150) at lparser.c:908
#10 0x0000000000444253 in simpleexp (v=0x7fffffffb150, ls=0x7fffffffb390) at lparser.c:979
#11 subexpr (ls=ls@entry=0x7fffffffb390, v=v@entry=0x7fffffffb150, limit=limit@entry=0) at lparser.c:1048
#12 0x0000000000446075 in expr (v=0x7fffffffb150, ls=0x7fffffffb390) at lparser.c:1068
#13 explist (v=0x7fffffffb150, ls=0x7fffffffb390) at lparser.c:813
#14 funcargs (ls=ls@entry=0x7fffffffb390, f=f@entry=0x7fffffffb278, line=line@entry=7) at lparser.c:833
#15 0x00000000004469e9 in suffixedexp (ls=ls@entry=0x7fffffffb390, v=v@entry=0x7fffffffb278) at lparser.c:928
#16 0x000000000043c7ed in exprstat (ls=0x7fffffffb390) at lparser.c:1484
#17 statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1587
#18 0x0000000000447d60 in statlist (ls=0x7fffffffb390) at lparser.c:611
#19 mainfunc (fs=0x7fffffffb340, ls=0x7fffffffb390) at lparser.c:1612
#20 luaY_parser (L=<optimized out>, z=0x7fffffffb630, buff=<optimized out>, dyd=<optimized out>, name=<optimized out>, firstchar=102) at lparser.c:1632
#21 0x000000000041a46a in f_parser (L=0x69c010, ud=0x7fffffffb590) at ldo.c:651
#22 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x41a260 <f_parser>, ud=0x7fffffffb590) at ldo.c:131
#23 0x0000000000423b13 in luaD_pcall (ef=0, old_top=80, u=0x7fffffffb590, func=0x41a260 <f_parser>, L=0x69c010) at ldo.c:603
#24 luaD_protectedparser (L=0x69c010, z=<optimized out>, name=<optimized out>, mode=<optimized out>) at ldo.c:672
#25 0x0000000000412c41 in lua_load (L=0x69c010, reader=<optimized out>, data=<optimized out>, chunkname=<optimized out>, mode=0x0) at lapi.c:980
#26 0x0000000000471795 in luaL_loadfilex (L=0x69c010, filename=0x0, mode=0x0) at lauxlib.c:654
#27 0x00000000004053b2 in pmain (L=0x69c010) at luac.c:172
#28 0x000000000041e205 in luaD_precall (L=L@entry=0x69c010, func=<optimized out>, nresults=<optimized out>) at ldo.c:319
#29 0x0000000000422a35 in luaD_call (L=0x69c010, func=<optimized out>, nResults=<optimized out>, allowyield=0) at ldo.c:401
#30 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x406b60 <f_call>, ud=0x7fffffffd900) at ldo.c:131
#31 0x0000000000423669 in luaD_pcall (L=0x69c010, func=<optimized out>, u=<optimized out>, old_top=16, ef=<optimized out>) at ldo.c:603
#32 0x00000000004127fe in lua_pcallk (L=0x69c010, nargs=<optimized out>, nresults=0, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>)
    at lapi.c:949
#33 0x0000000000401f3c in main (argc=1, argv=0x7fffffffda50) at luac.c:200
#34 0x00007ffff7757dc5 in __libc_start_main () from /lib64/libc.so.6
#35 0x000000000040284d in _start ()
function f(n)
  local x = 1
  for i = 2,n do x = x * i
  end
  return x
end
funFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF_FF{{{{{{{{{{{{{{k{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{r{{{{{{{{{{{FFFFFFFFFFFFFFFFF.FFFFFFFFFFFFFction P(x
Sporadically segfaults

Program received signal SIGSEGV, Segmentation fault.
0x0000000000452768 in luaH_newkey (L=L@entry=0x69c010, t=t@entry=0x69d1b0, key=key@entry=0x7fffffff7d10)
    at ltable.c:423
423	      while (gnext(othern) != mp) othern = gnext(othern);  /* find previous */
(gdb) bt
#0  0x0000000000452768 in luaH_newkey (L=L@entry=0x69c010, t=t@entry=0x69d1b0, 
    key=key@entry=0x7fffffff7d10) at ltable.c:423
#1  0x00000000004543ce in luaH_set (L=0x69c010, t=0x69d1b0, key=0x7fffffff7d10) at ltable.c:514
#2  0x000000000047b575 in addk (v=0x7fffffff7d10, key=0x7fffffff7d10, fs=0x7fffffffb330) at lcode.c:293
#3  luaK_stringK (fs=0x7fffffffb330, s=<optimized out>) at lcode.c:322
#4  0x000000000043c3f8 in codestring (ls=0x7fffffffb380, s=<optimized out>, e=0x7fffffff7d70)
    at lparser.c:156
#5  singlevar (ls=ls@entry=0x7fffffffb380, var=var@entry=0x7fffffff7e90) at lparser.c:304
#6  0x0000000000446535 in primaryexp (v=0x7fffffff7e90, ls=0x7fffffffb380) at lparser.c:889
#7  suffixedexp (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff7e90) at lparser.c:904
#8  0x0000000000444253 in simpleexp (v=0x7fffffff7e90, ls=0x7fffffffb380) at lparser.c:979
#9  subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff7e90, limit=limit@entry=0) at lparser.c:1048
#10 0x000000000044567d in expr (v=0x7fffffff7e90, ls=0x7fffffffb380) at lparser.c:1068
#11 listfield (cc=0x7fffffff7e90, ls=0x7fffffffb380) at lparser.c:701
#12 field (cc=0x7fffffff7e90, ls=<optimized out>) at lparser.c:723
#13 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff7f60) at lparser.c:747
#14 0x000000000044491b in simpleexp (v=0x7fffffff7f60, ls=0x7fffffffb380) at lparser.c:970
#15 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff7f60, limit=limit@entry=0) at lparser.c:1048
#16 0x000000000044567d in expr (v=0x7fffffff7f60, ls=0x7fffffffb380) at lparser.c:1068
#17 listfield (cc=0x7fffffff7f60, ls=0x7fffffffb380) at lparser.c:701
#18 field (cc=0x7fffffff7f60, ls=<optimized out>) at lparser.c:723
#19 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8030) at lparser.c:747
#20 0x000000000044491b in simpleexp (v=0x7fffffff8030, ls=0x7fffffffb380) at lparser.c:970
#21 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8030, limit=limit@entry=0) at lparser.c:1048
#22 0x000000000044567d in expr (v=0x7fffffff8030, ls=0x7fffffffb380) at lparser.c:1068
#23 listfield (cc=0x7fffffff8030, ls=0x7fffffffb380) at lparser.c:701
#24 field (cc=0x7fffffff8030, ls=<optimized out>) at lparser.c:723
#25 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8100) at lparser.c:747
#26 0x000000000044491b in simpleexp (v=0x7fffffff8100, ls=0x7fffffffb380) at lparser.c:970
#27 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8100, limit=limit@entry=0) at lparser.c:1048
#28 0x000000000044567d in expr (v=0x7fffffff8100, ls=0x7fffffffb380) at lparser.c:1068
#29 listfield (cc=0x7fffffff8100, ls=0x7fffffffb380) at lparser.c:701
#30 field (cc=0x7fffffff8100, ls=<optimized out>) at lparser.c:723
#31 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff81d0) at lparser.c:747
#32 0x000000000044491b in simpleexp (v=0x7fffffff81d0, ls=0x7fffffffb380) at lparser.c:970
#33 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff81d0, limit=limit@entry=0) at lparser.c:1048
#34 0x000000000044567d in expr (v=0x7fffffff81d0, ls=0x7fffffffb380) at lparser.c:1068
#35 listfield (cc=0x7fffffff81d0, ls=0x7fffffffb380) at lparser.c:701
#36 field (cc=0x7fffffff81d0, ls=<optimized out>) at lparser.c:723
#37 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff82a0) at lparser.c:747
#38 0x000000000044491b in simpleexp (v=0x7fffffff82a0, ls=0x7fffffffb380) at lparser.c:970
#39 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff82a0, limit=limit@entry=0) at lparser.c:1048
#40 0x000000000044567d in expr (v=0x7fffffff82a0, ls=0x7fffffffb380) at lparser.c:1068
#41 listfield (cc=0x7fffffff82a0, ls=0x7fffffffb380) at lparser.c:701
#42 field (cc=0x7fffffff82a0, ls=<optimized out>) at lparser.c:723
#43 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8370) at lparser.c:747
#44 0x000000000044491b in simpleexp (v=0x7fffffff8370, ls=0x7fffffffb380) at lparser.c:970
#45 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8370, limit=limit@entry=0) at lparser.c:1048
#46 0x000000000044567d in expr (v=0x7fffffff8370, ls=0x7fffffffb380) at lparser.c:1068
#47 listfield (cc=0x7fffffff8370, ls=0x7fffffffb380) at lparser.c:701
#48 field (cc=0x7fffffff8370, ls=<optimized out>) at lparser.c:723
#49 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8440) at lparser.c:747
#50 0x000000000044491b in simpleexp (v=0x7fffffff8440, ls=0x7fffffffb380) at lparser.c:970
#51 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8440, limit=limit@entry=0) at lparser.c:1048
#52 0x000000000044567d in expr (v=0x7fffffff8440, ls=0x7fffffffb380) at lparser.c:1068
#53 listfield (cc=0x7fffffff8440, ls=0x7fffffffb380) at lparser.c:701
#54 field (cc=0x7fffffff8440, ls=<optimized out>) at lparser.c:723
#55 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8510) at lparser.c:747
#56 0x000000000044491b in simpleexp (v=0x7fffffff8510, ls=0x7fffffffb380) at lparser.c:970
#57 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8510, limit=limit@entry=0) at lparser.c:1048
#58 0x000000000044567d in expr (v=0x7fffffff8510, ls=0x7fffffffb380) at lparser.c:1068
#59 listfield (cc=0x7fffffff8510, ls=0x7fffffffb380) at lparser.c:701
#60 field (cc=0x7fffffff8510, ls=<optimized out>) at lparser.c:723
#61 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff85e0) at lparser.c:747
#62 0x000000000044491b in simpleexp (v=0x7fffffff85e0, ls=0x7fffffffb380) at lparser.c:970
#63 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff85e0, limit=limit@entry=0) at lparser.c:1048
#64 0x000000000044567d in expr (v=0x7fffffff85e0, ls=0x7fffffffb380) at lparser.c:1068
#65 listfield (cc=0x7fffffff85e0, ls=0x7fffffffb380) at lparser.c:701
#66 field (cc=0x7fffffff85e0, ls=<optimized out>) at lparser.c:723
#67 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff86b0) at lparser.c:747
#68 0x000000000044491b in simpleexp (v=0x7fffffff86b0, ls=0x7fffffffb380) at lparser.c:970
#69 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff86b0, limit=limit@entry=0) at lparser.c:1048
#70 0x000000000044567d in expr (v=0x7fffffff86b0, ls=0x7fffffffb380) at lparser.c:1068
#71 listfield (cc=0x7fffffff86b0, ls=0x7fffffffb380) at lparser.c:701
#72 field (cc=0x7fffffff86b0, ls=<optimized out>) at lparser.c:723
#73 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8780) at lparser.c:747
#74 0x000000000044491b in simpleexp (v=0x7fffffff8780, ls=0x7fffffffb380) at lparser.c:970
#75 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8780, limit=limit@entry=0) at lparser.c:1048
#76 0x000000000044567d in expr (v=0x7fffffff8780, ls=0x7fffffffb380) at lparser.c:1068
#77 listfield (cc=0x7fffffff8780, ls=0x7fffffffb380) at lparser.c:701
#78 field (cc=0x7fffffff8780, ls=<optimized out>) at lparser.c:723
#79 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8850) at lparser.c:747
#80 0x000000000044491b in simpleexp (v=0x7fffffff8850, ls=0x7fffffffb380) at lparser.c:970
#81 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8850, limit=limit@entry=0) at lparser.c:1048
---Type <return> to continue, or q <return> to quit---
#82 0x000000000044567d in expr (v=0x7fffffff8850, ls=0x7fffffffb380) at lparser.c:1068
#83 listfield (cc=0x7fffffff8850, ls=0x7fffffffb380) at lparser.c:701
#84 field (cc=0x7fffffff8850, ls=<optimized out>) at lparser.c:723
#85 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8920) at lparser.c:747
#86 0x000000000044491b in simpleexp (v=0x7fffffff8920, ls=0x7fffffffb380) at lparser.c:970
#87 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8920, limit=limit@entry=0) at lparser.c:1048
#88 0x000000000044567d in expr (v=0x7fffffff8920, ls=0x7fffffffb380) at lparser.c:1068
#89 listfield (cc=0x7fffffff8920, ls=0x7fffffffb380) at lparser.c:701
#90 field (cc=0x7fffffff8920, ls=<optimized out>) at lparser.c:723
#91 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff89f0) at lparser.c:747
#92 0x000000000044491b in simpleexp (v=0x7fffffff89f0, ls=0x7fffffffb380) at lparser.c:970
#93 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff89f0, limit=limit@entry=0) at lparser.c:1048
#94 0x000000000044567d in expr (v=0x7fffffff89f0, ls=0x7fffffffb380) at lparser.c:1068
#95 listfield (cc=0x7fffffff89f0, ls=0x7fffffffb380) at lparser.c:701
#96 field (cc=0x7fffffff89f0, ls=<optimized out>) at lparser.c:723
#97 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8ac0) at lparser.c:747
#98 0x000000000044491b in simpleexp (v=0x7fffffff8ac0, ls=0x7fffffffb380) at lparser.c:970
#99 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8ac0, limit=limit@entry=0) at lparser.c:1048
#100 0x000000000044567d in expr (v=0x7fffffff8ac0, ls=0x7fffffffb380) at lparser.c:1068
#101 listfield (cc=0x7fffffff8ac0, ls=0x7fffffffb380) at lparser.c:701
#102 field (cc=0x7fffffff8ac0, ls=<optimized out>) at lparser.c:723
#103 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8b90) at lparser.c:747
#104 0x000000000044491b in simpleexp (v=0x7fffffff8b90, ls=0x7fffffffb380) at lparser.c:970
#105 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8b90, limit=limit@entry=0)
    at lparser.c:1048
#106 0x000000000044567d in expr (v=0x7fffffff8b90, ls=0x7fffffffb380) at lparser.c:1068
#107 listfield (cc=0x7fffffff8b90, ls=0x7fffffffb380) at lparser.c:701
#108 field (cc=0x7fffffff8b90, ls=<optimized out>) at lparser.c:723
#109 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8c60) at lparser.c:747
#110 0x000000000044491b in simpleexp (v=0x7fffffff8c60, ls=0x7fffffffb380) at lparser.c:970
#111 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8c60, limit=limit@entry=0)
    at lparser.c:1048
#112 0x000000000044567d in expr (v=0x7fffffff8c60, ls=0x7fffffffb380) at lparser.c:1068
#113 listfield (cc=0x7fffffff8c60, ls=0x7fffffffb380) at lparser.c:701
#114 field (cc=0x7fffffff8c60, ls=<optimized out>) at lparser.c:723
#115 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8d30) at lparser.c:747
#116 0x000000000044491b in simpleexp (v=0x7fffffff8d30, ls=0x7fffffffb380) at lparser.c:970
#117 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8d30, limit=limit@entry=0)
    at lparser.c:1048
#118 0x000000000044567d in expr (v=0x7fffffff8d30, ls=0x7fffffffb380) at lparser.c:1068
#119 listfield (cc=0x7fffffff8d30, ls=0x7fffffffb380) at lparser.c:701
#120 field (cc=0x7fffffff8d30, ls=<optimized out>) at lparser.c:723
#121 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8e00) at lparser.c:747
#122 0x000000000044491b in simpleexp (v=0x7fffffff8e00, ls=0x7fffffffb380) at lparser.c:970
#123 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8e00, limit=limit@entry=0)
    at lparser.c:1048
#124 0x000000000044567d in expr (v=0x7fffffff8e00, ls=0x7fffffffb380) at lparser.c:1068
#125 listfield (cc=0x7fffffff8e00, ls=0x7fffffffb380) at lparser.c:701
#126 field (cc=0x7fffffff8e00, ls=<optimized out>) at lparser.c:723
#127 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8ed0) at lparser.c:747
#128 0x000000000044491b in simpleexp (v=0x7fffffff8ed0, ls=0x7fffffffb380) at lparser.c:970
#129 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8ed0, limit=limit@entry=0)
    at lparser.c:1048
#130 0x000000000044567d in expr (v=0x7fffffff8ed0, ls=0x7fffffffb380) at lparser.c:1068
#131 listfield (cc=0x7fffffff8ed0, ls=0x7fffffffb380) at lparser.c:701
#132 field (cc=0x7fffffff8ed0, ls=<optimized out>) at lparser.c:723
#133 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff8fa0) at lparser.c:747
#134 0x000000000044491b in simpleexp (v=0x7fffffff8fa0, ls=0x7fffffffb380) at lparser.c:970
#135 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff8fa0, limit=limit@entry=0)
    at lparser.c:1048
#136 0x000000000044567d in expr (v=0x7fffffff8fa0, ls=0x7fffffffb380) at lparser.c:1068
#137 listfield (cc=0x7fffffff8fa0, ls=0x7fffffffb380) at lparser.c:701
#138 field (cc=0x7fffffff8fa0, ls=<optimized out>) at lparser.c:723
#139 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9070) at lparser.c:747
#140 0x000000000044491b in simpleexp (v=0x7fffffff9070, ls=0x7fffffffb380) at lparser.c:970
#141 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9070, limit=limit@entry=0)
    at lparser.c:1048
#142 0x000000000044567d in expr (v=0x7fffffff9070, ls=0x7fffffffb380) at lparser.c:1068
#143 listfield (cc=0x7fffffff9070, ls=0x7fffffffb380) at lparser.c:701
#144 field (cc=0x7fffffff9070, ls=<optimized out>) at lparser.c:723
#145 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9140) at lparser.c:747
#146 0x000000000044491b in simpleexp (v=0x7fffffff9140, ls=0x7fffffffb380) at lparser.c:970
#147 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9140, limit=limit@entry=0)
    at lparser.c:1048
#148 0x000000000044567d in expr (v=0x7fffffff9140, ls=0x7fffffffb380) at lparser.c:1068
#149 listfield (cc=0x7fffffff9140, ls=0x7fffffffb380) at lparser.c:701
#150 field (cc=0x7fffffff9140, ls=<optimized out>) at lparser.c:723
#151 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9210) at lparser.c:747
#152 0x000000000044491b in simpleexp (v=0x7fffffff9210, ls=0x7fffffffb380) at lparser.c:970
#153 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9210, limit=limit@entry=0)
    at lparser.c:1048
#154 0x000000000044567d in expr (v=0x7fffffff9210, ls=0x7fffffffb380) at lparser.c:1068
#155 listfield (cc=0x7fffffff9210, ls=0x7fffffffb380) at lparser.c:701
#156 field (cc=0x7fffffff9210, ls=<optimized out>) at lparser.c:723
---Type <return> to continue, or q <return> to quit---
#157 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff92e0) at lparser.c:747
#158 0x000000000044491b in simpleexp (v=0x7fffffff92e0, ls=0x7fffffffb380) at lparser.c:970
#159 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff92e0, limit=limit@entry=0)
    at lparser.c:1048
#160 0x000000000044567d in expr (v=0x7fffffff92e0, ls=0x7fffffffb380) at lparser.c:1068
#161 listfield (cc=0x7fffffff92e0, ls=0x7fffffffb380) at lparser.c:701
#162 field (cc=0x7fffffff92e0, ls=<optimized out>) at lparser.c:723
#163 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff93b0) at lparser.c:747
#164 0x000000000044491b in simpleexp (v=0x7fffffff93b0, ls=0x7fffffffb380) at lparser.c:970
#165 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff93b0, limit=limit@entry=0)
    at lparser.c:1048
#166 0x000000000044567d in expr (v=0x7fffffff93b0, ls=0x7fffffffb380) at lparser.c:1068
#167 listfield (cc=0x7fffffff93b0, ls=0x7fffffffb380) at lparser.c:701
#168 field (cc=0x7fffffff93b0, ls=<optimized out>) at lparser.c:723
#169 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9480) at lparser.c:747
#170 0x000000000044491b in simpleexp (v=0x7fffffff9480, ls=0x7fffffffb380) at lparser.c:970
#171 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9480, limit=limit@entry=0)
    at lparser.c:1048
#172 0x000000000044567d in expr (v=0x7fffffff9480, ls=0x7fffffffb380) at lparser.c:1068
#173 listfield (cc=0x7fffffff9480, ls=0x7fffffffb380) at lparser.c:701
#174 field (cc=0x7fffffff9480, ls=<optimized out>) at lparser.c:723
#175 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9550) at lparser.c:747
#176 0x000000000044491b in simpleexp (v=0x7fffffff9550, ls=0x7fffffffb380) at lparser.c:970
#177 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9550, limit=limit@entry=0)
    at lparser.c:1048
#178 0x000000000044567d in expr (v=0x7fffffff9550, ls=0x7fffffffb380) at lparser.c:1068
#179 listfield (cc=0x7fffffff9550, ls=0x7fffffffb380) at lparser.c:701
#180 field (cc=0x7fffffff9550, ls=<optimized out>) at lparser.c:723
#181 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9620) at lparser.c:747
#182 0x000000000044491b in simpleexp (v=0x7fffffff9620, ls=0x7fffffffb380) at lparser.c:970
#183 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9620, limit=limit@entry=0)
    at lparser.c:1048
#184 0x000000000044567d in expr (v=0x7fffffff9620, ls=0x7fffffffb380) at lparser.c:1068
#185 listfield (cc=0x7fffffff9620, ls=0x7fffffffb380) at lparser.c:701
#186 field (cc=0x7fffffff9620, ls=<optimized out>) at lparser.c:723
#187 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff96f0) at lparser.c:747
#188 0x000000000044491b in simpleexp (v=0x7fffffff96f0, ls=0x7fffffffb380) at lparser.c:970
#189 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff96f0, limit=limit@entry=0)
    at lparser.c:1048
#190 0x000000000044567d in expr (v=0x7fffffff96f0, ls=0x7fffffffb380) at lparser.c:1068
#191 listfield (cc=0x7fffffff96f0, ls=0x7fffffffb380) at lparser.c:701
#192 field (cc=0x7fffffff96f0, ls=<optimized out>) at lparser.c:723
#193 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff97c0) at lparser.c:747
#194 0x000000000044491b in simpleexp (v=0x7fffffff97c0, ls=0x7fffffffb380) at lparser.c:970
#195 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff97c0, limit=limit@entry=0)
    at lparser.c:1048
#196 0x000000000044567d in expr (v=0x7fffffff97c0, ls=0x7fffffffb380) at lparser.c:1068
#197 listfield (cc=0x7fffffff97c0, ls=0x7fffffffb380) at lparser.c:701
#198 field (cc=0x7fffffff97c0, ls=<optimized out>) at lparser.c:723
#199 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9890) at lparser.c:747
#200 0x000000000044491b in simpleexp (v=0x7fffffff9890, ls=0x7fffffffb380) at lparser.c:970
#201 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9890, limit=limit@entry=0)
    at lparser.c:1048
#202 0x000000000044567d in expr (v=0x7fffffff9890, ls=0x7fffffffb380) at lparser.c:1068
#203 listfield (cc=0x7fffffff9890, ls=0x7fffffffb380) at lparser.c:701
#204 field (cc=0x7fffffff9890, ls=<optimized out>) at lparser.c:723
#205 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9960) at lparser.c:747
#206 0x000000000044491b in simpleexp (v=0x7fffffff9960, ls=0x7fffffffb380) at lparser.c:970
#207 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9960, limit=limit@entry=0)
    at lparser.c:1048
#208 0x000000000044567d in expr (v=0x7fffffff9960, ls=0x7fffffffb380) at lparser.c:1068
#209 listfield (cc=0x7fffffff9960, ls=0x7fffffffb380) at lparser.c:701
#210 field (cc=0x7fffffff9960, ls=<optimized out>) at lparser.c:723
#211 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9a30) at lparser.c:747
#212 0x000000000044491b in simpleexp (v=0x7fffffff9a30, ls=0x7fffffffb380) at lparser.c:970
#213 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9a30, limit=limit@entry=0)
    at lparser.c:1048
#214 0x000000000044567d in expr (v=0x7fffffff9a30, ls=0x7fffffffb380) at lparser.c:1068
#215 listfield (cc=0x7fffffff9a30, ls=0x7fffffffb380) at lparser.c:701
#216 field (cc=0x7fffffff9a30, ls=<optimized out>) at lparser.c:723
#217 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9b00) at lparser.c:747
#218 0x000000000044491b in simpleexp (v=0x7fffffff9b00, ls=0x7fffffffb380) at lparser.c:970
#219 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9b00, limit=limit@entry=0)
    at lparser.c:1048
#220 0x000000000044567d in expr (v=0x7fffffff9b00, ls=0x7fffffffb380) at lparser.c:1068
#221 listfield (cc=0x7fffffff9b00, ls=0x7fffffffb380) at lparser.c:701
#222 field (cc=0x7fffffff9b00, ls=<optimized out>) at lparser.c:723
#223 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9bd0) at lparser.c:747
#224 0x000000000044491b in simpleexp (v=0x7fffffff9bd0, ls=0x7fffffffb380) at lparser.c:970
#225 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9bd0, limit=limit@entry=0)
    at lparser.c:1048
#226 0x000000000044567d in expr (v=0x7fffffff9bd0, ls=0x7fffffffb380) at lparser.c:1068
#227 listfield (cc=0x7fffffff9bd0, ls=0x7fffffffb380) at lparser.c:701
#228 field (cc=0x7fffffff9bd0, ls=<optimized out>) at lparser.c:723
---Type <return> to continue, or q <return> to quit---
#229 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9ca0) at lparser.c:747
#230 0x000000000044491b in simpleexp (v=0x7fffffff9ca0, ls=0x7fffffffb380) at lparser.c:970
#231 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9ca0, limit=limit@entry=0)
    at lparser.c:1048
#232 0x000000000044567d in expr (v=0x7fffffff9ca0, ls=0x7fffffffb380) at lparser.c:1068
#233 listfield (cc=0x7fffffff9ca0, ls=0x7fffffffb380) at lparser.c:701
#234 field (cc=0x7fffffff9ca0, ls=<optimized out>) at lparser.c:723
#235 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9d70) at lparser.c:747
#236 0x000000000044491b in simpleexp (v=0x7fffffff9d70, ls=0x7fffffffb380) at lparser.c:970
#237 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9d70, limit=limit@entry=0)
    at lparser.c:1048
#238 0x000000000044567d in expr (v=0x7fffffff9d70, ls=0x7fffffffb380) at lparser.c:1068
#239 listfield (cc=0x7fffffff9d70, ls=0x7fffffffb380) at lparser.c:701
#240 field (cc=0x7fffffff9d70, ls=<optimized out>) at lparser.c:723
#241 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9e40) at lparser.c:747
#242 0x000000000044491b in simpleexp (v=0x7fffffff9e40, ls=0x7fffffffb380) at lparser.c:970
#243 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9e40, limit=limit@entry=0)
    at lparser.c:1048
#244 0x000000000044567d in expr (v=0x7fffffff9e40, ls=0x7fffffffb380) at lparser.c:1068
#245 listfield (cc=0x7fffffff9e40, ls=0x7fffffffb380) at lparser.c:701
#246 field (cc=0x7fffffff9e40, ls=<optimized out>) at lparser.c:723
#247 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9f10) at lparser.c:747
#248 0x000000000044491b in simpleexp (v=0x7fffffff9f10, ls=0x7fffffffb380) at lparser.c:970
#249 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9f10, limit=limit@entry=0)
    at lparser.c:1048
#250 0x000000000044567d in expr (v=0x7fffffff9f10, ls=0x7fffffffb380) at lparser.c:1068
#251 listfield (cc=0x7fffffff9f10, ls=0x7fffffffb380) at lparser.c:701
#252 field (cc=0x7fffffff9f10, ls=<optimized out>) at lparser.c:723
#253 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffff9fe0) at lparser.c:747
#254 0x000000000044491b in simpleexp (v=0x7fffffff9fe0, ls=0x7fffffffb380) at lparser.c:970
#255 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffff9fe0, limit=limit@entry=0)
    at lparser.c:1048
#256 0x000000000044567d in expr (v=0x7fffffff9fe0, ls=0x7fffffffb380) at lparser.c:1068
#257 listfield (cc=0x7fffffff9fe0, ls=0x7fffffffb380) at lparser.c:701
#258 field (cc=0x7fffffff9fe0, ls=<optimized out>) at lparser.c:723
#259 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa0b0) at lparser.c:747
#260 0x000000000044491b in simpleexp (v=0x7fffffffa0b0, ls=0x7fffffffb380) at lparser.c:970
#261 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa0b0, limit=limit@entry=0)
    at lparser.c:1048
#262 0x000000000044567d in expr (v=0x7fffffffa0b0, ls=0x7fffffffb380) at lparser.c:1068
#263 listfield (cc=0x7fffffffa0b0, ls=0x7fffffffb380) at lparser.c:701
#264 field (cc=0x7fffffffa0b0, ls=<optimized out>) at lparser.c:723
#265 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa180) at lparser.c:747
#266 0x000000000044491b in simpleexp (v=0x7fffffffa180, ls=0x7fffffffb380) at lparser.c:970
#267 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa180, limit=limit@entry=0)
    at lparser.c:1048
#268 0x000000000044567d in expr (v=0x7fffffffa180, ls=0x7fffffffb380) at lparser.c:1068
#269 listfield (cc=0x7fffffffa180, ls=0x7fffffffb380) at lparser.c:701
#270 field (cc=0x7fffffffa180, ls=<optimized out>) at lparser.c:723
#271 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa250) at lparser.c:747
#272 0x000000000044491b in simpleexp (v=0x7fffffffa250, ls=0x7fffffffb380) at lparser.c:970
#273 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa250, limit=limit@entry=0)
    at lparser.c:1048
#274 0x000000000044567d in expr (v=0x7fffffffa250, ls=0x7fffffffb380) at lparser.c:1068
#275 listfield (cc=0x7fffffffa250, ls=0x7fffffffb380) at lparser.c:701
#276 field (cc=0x7fffffffa250, ls=<optimized out>) at lparser.c:723
#277 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa320) at lparser.c:747
#278 0x000000000044491b in simpleexp (v=0x7fffffffa320, ls=0x7fffffffb380) at lparser.c:970
#279 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa320, limit=limit@entry=0)
    at lparser.c:1048
#280 0x000000000044567d in expr (v=0x7fffffffa320, ls=0x7fffffffb380) at lparser.c:1068
#281 listfield (cc=0x7fffffffa320, ls=0x7fffffffb380) at lparser.c:701
#282 field (cc=0x7fffffffa320, ls=<optimized out>) at lparser.c:723
#283 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa3f0) at lparser.c:747
#284 0x000000000044491b in simpleexp (v=0x7fffffffa3f0, ls=0x7fffffffb380) at lparser.c:970
#285 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa3f0, limit=limit@entry=0)
    at lparser.c:1048
#286 0x000000000044567d in expr (v=0x7fffffffa3f0, ls=0x7fffffffb380) at lparser.c:1068
#287 listfield (cc=0x7fffffffa3f0, ls=0x7fffffffb380) at lparser.c:701
#288 field (cc=0x7fffffffa3f0, ls=<optimized out>) at lparser.c:723
#289 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa4c0) at lparser.c:747
#290 0x000000000044491b in simpleexp (v=0x7fffffffa4c0, ls=0x7fffffffb380) at lparser.c:970
#291 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa4c0, limit=limit@entry=0)
    at lparser.c:1048
#292 0x000000000044567d in expr (v=0x7fffffffa4c0, ls=0x7fffffffb380) at lparser.c:1068
#293 listfield (cc=0x7fffffffa4c0, ls=0x7fffffffb380) at lparser.c:701
#294 field (cc=0x7fffffffa4c0, ls=<optimized out>) at lparser.c:723
#295 constructor (ls=0x7fffffffb380, t=t@entry=0x7fffffffa530) at lparser.c:747
#296 0x00000000004463a0 in funcargs (ls=ls@entry=0x7fffffffb380, f=f@entry=0x7fffffffa640, 
    line=line@entry=7) at lparser.c:840
#297 0x00000000004469e9 in suffixedexp (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa640)
    at lparser.c:928
#298 0x0000000000444253 in simpleexp (v=0x7fffffffa640, ls=0x7fffffffb380) at lparser.c:979
#299 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa640, limit=limit@entry=0)
---Type <return> to continue, or q <return> to quit---
    at lparser.c:1048
#300 0x000000000044567d in expr (v=0x7fffffffa640, ls=0x7fffffffb380) at lparser.c:1068
#301 listfield (cc=0x7fffffffa640, ls=0x7fffffffb380) at lparser.c:701
#302 field (cc=0x7fffffffa640, ls=<optimized out>) at lparser.c:723
#303 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa710) at lparser.c:747
#304 0x000000000044491b in simpleexp (v=0x7fffffffa710, ls=0x7fffffffb380) at lparser.c:970
#305 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa710, limit=limit@entry=0)
    at lparser.c:1048
#306 0x000000000044567d in expr (v=0x7fffffffa710, ls=0x7fffffffb380) at lparser.c:1068
#307 listfield (cc=0x7fffffffa710, ls=0x7fffffffb380) at lparser.c:701
#308 field (cc=0x7fffffffa710, ls=<optimized out>) at lparser.c:723
#309 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa7e0) at lparser.c:747
#310 0x000000000044491b in simpleexp (v=0x7fffffffa7e0, ls=0x7fffffffb380) at lparser.c:970
#311 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa7e0, limit=limit@entry=0)
    at lparser.c:1048
#312 0x000000000044567d in expr (v=0x7fffffffa7e0, ls=0x7fffffffb380) at lparser.c:1068
#313 listfield (cc=0x7fffffffa7e0, ls=0x7fffffffb380) at lparser.c:701
#314 field (cc=0x7fffffffa7e0, ls=<optimized out>) at lparser.c:723
#315 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa8b0) at lparser.c:747
#316 0x000000000044491b in simpleexp (v=0x7fffffffa8b0, ls=0x7fffffffb380) at lparser.c:970
#317 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa8b0, limit=limit@entry=0)
    at lparser.c:1048
#318 0x000000000044567d in expr (v=0x7fffffffa8b0, ls=0x7fffffffb380) at lparser.c:1068
#319 listfield (cc=0x7fffffffa8b0, ls=0x7fffffffb380) at lparser.c:701
#320 field (cc=0x7fffffffa8b0, ls=<optimized out>) at lparser.c:723
#321 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffa980) at lparser.c:747
#322 0x000000000044491b in simpleexp (v=0x7fffffffa980, ls=0x7fffffffb380) at lparser.c:970
#323 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffa980, limit=limit@entry=0)
    at lparser.c:1048
#324 0x000000000044567d in expr (v=0x7fffffffa980, ls=0x7fffffffb380) at lparser.c:1068
#325 listfield (cc=0x7fffffffa980, ls=0x7fffffffb380) at lparser.c:701
#326 field (cc=0x7fffffffa980, ls=<optimized out>) at lparser.c:723
#327 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffaa50) at lparser.c:747
#328 0x000000000044491b in simpleexp (v=0x7fffffffaa50, ls=0x7fffffffb380) at lparser.c:970
#329 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffaa50, limit=limit@entry=0)
    at lparser.c:1048
#330 0x000000000044567d in expr (v=0x7fffffffaa50, ls=0x7fffffffb380) at lparser.c:1068
#331 listfield (cc=0x7fffffffaa50, ls=0x7fffffffb380) at lparser.c:701
#332 field (cc=0x7fffffffaa50, ls=<optimized out>) at lparser.c:723
#333 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffab20) at lparser.c:747
#334 0x000000000044491b in simpleexp (v=0x7fffffffab20, ls=0x7fffffffb380) at lparser.c:970
#335 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffab20, limit=limit@entry=0)
    at lparser.c:1048
#336 0x000000000044567d in expr (v=0x7fffffffab20, ls=0x7fffffffb380) at lparser.c:1068
#337 listfield (cc=0x7fffffffab20, ls=0x7fffffffb380) at lparser.c:701
#338 field (cc=0x7fffffffab20, ls=<optimized out>) at lparser.c:723
#339 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffabf0) at lparser.c:747
#340 0x000000000044491b in simpleexp (v=0x7fffffffabf0, ls=0x7fffffffb380) at lparser.c:970
#341 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffabf0, limit=limit@entry=0)
    at lparser.c:1048
#342 0x000000000044567d in expr (v=0x7fffffffabf0, ls=0x7fffffffb380) at lparser.c:1068
#343 listfield (cc=0x7fffffffabf0, ls=0x7fffffffb380) at lparser.c:701
#344 field (cc=0x7fffffffabf0, ls=<optimized out>) at lparser.c:723
#345 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffacc0) at lparser.c:747
#346 0x000000000044491b in simpleexp (v=0x7fffffffacc0, ls=0x7fffffffb380) at lparser.c:970
#347 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffacc0, limit=limit@entry=0)
    at lparser.c:1048
#348 0x000000000044567d in expr (v=0x7fffffffacc0, ls=0x7fffffffb380) at lparser.c:1068
#349 listfield (cc=0x7fffffffacc0, ls=0x7fffffffb380) at lparser.c:701
#350 field (cc=0x7fffffffacc0, ls=<optimized out>) at lparser.c:723
#351 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffad90) at lparser.c:747
#352 0x000000000044491b in simpleexp (v=0x7fffffffad90, ls=0x7fffffffb380) at lparser.c:970
#353 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffad90, limit=limit@entry=0)
    at lparser.c:1048
#354 0x000000000044567d in expr (v=0x7fffffffad90, ls=0x7fffffffb380) at lparser.c:1068
#355 listfield (cc=0x7fffffffad90, ls=0x7fffffffb380) at lparser.c:701
#356 field (cc=0x7fffffffad90, ls=<optimized out>) at lparser.c:723
#357 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffae60) at lparser.c:747
#358 0x000000000044491b in simpleexp (v=0x7fffffffae60, ls=0x7fffffffb380) at lparser.c:970
#359 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffae60, limit=limit@entry=0)
    at lparser.c:1048
#360 0x000000000044567d in expr (v=0x7fffffffae60, ls=0x7fffffffb380) at lparser.c:1068
#361 listfield (cc=0x7fffffffae60, ls=0x7fffffffb380) at lparser.c:701
#362 field (cc=0x7fffffffae60, ls=<optimized out>) at lparser.c:723
#363 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffaf30) at lparser.c:747
#364 0x000000000044491b in simpleexp (v=0x7fffffffaf30, ls=0x7fffffffb380) at lparser.c:970
#365 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffaf30, limit=limit@entry=0)
    at lparser.c:1048
#366 0x000000000044567d in expr (v=0x7fffffffaf30, ls=0x7fffffffb380) at lparser.c:1068
#367 listfield (cc=0x7fffffffaf30, ls=0x7fffffffb380) at lparser.c:701
#368 field (cc=0x7fffffffaf30, ls=<optimized out>) at lparser.c:723
#369 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffb000) at lparser.c:747
#370 0x000000000044491b in simpleexp (v=0x7fffffffb000, ls=0x7fffffffb380) at lparser.c:970
#371 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffb000, limit=limit@entry=0)
---Type <return> to continue, or q <return> to quit---
    at lparser.c:1048
#372 0x000000000044567d in expr (v=0x7fffffffb000, ls=0x7fffffffb380) at lparser.c:1068
#373 listfield (cc=0x7fffffffb000, ls=0x7fffffffb380) at lparser.c:701
#374 field (cc=0x7fffffffb000, ls=<optimized out>) at lparser.c:723
#375 constructor (ls=ls@entry=0x7fffffffb380, t=t@entry=0x7fffffffb0d0) at lparser.c:747
#376 0x000000000044491b in simpleexp (v=0x7fffffffb0d0, ls=0x7fffffffb380) at lparser.c:970
#377 subexpr (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffb0d0, limit=limit@entry=0)
    at lparser.c:1048
#378 0x000000000044567d in expr (v=0x7fffffffb0d0, ls=0x7fffffffb380) at lparser.c:1068
#379 listfield (cc=0x7fffffffb0d0, ls=0x7fffffffb380) at lparser.c:701
#380 field (cc=0x7fffffffb0d0, ls=<optimized out>) at lparser.c:723
#381 constructor (ls=0x7fffffffb380, t=t@entry=0x7fffffffb140) at lparser.c:747
#382 0x00000000004463a0 in funcargs (ls=ls@entry=0x7fffffffb380, f=f@entry=0x7fffffffb268, 
    line=line@entry=7) at lparser.c:840
#383 0x00000000004469e9 in suffixedexp (ls=ls@entry=0x7fffffffb380, v=v@entry=0x7fffffffb268)
    at lparser.c:928
#384 0x000000000043c7ed in exprstat (ls=0x7fffffffb380) at lparser.c:1484
#385 statement (ls=ls@entry=0x7fffffffb380) at lparser.c:1587
#386 0x0000000000447d60 in statlist (ls=0x7fffffffb380) at lparser.c:611
#387 mainfunc (fs=0x7fffffffb330, ls=0x7fffffffb380) at lparser.c:1612
#388 luaY_parser (L=<optimized out>, z=0x7fffffffb620, buff=<optimized out>, dyd=<optimized out>, 
    name=<optimized out>, firstchar=102) at lparser.c:1632
#389 0x000000000041a46a in f_parser (L=0x69c010, ud=0x7fffffffb580) at ldo.c:651
#390 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x41a260 <f_parser>, ud=0x7fffffffb580)
    at ldo.c:131
#391 0x0000000000423b13 in luaD_pcall (ef=0, old_top=80, u=0x7fffffffb580, func=0x41a260 <f_parser>, 
    L=0x69c010) at ldo.c:603
#392 luaD_protectedparser (L=0x69c010, z=<optimized out>, name=<optimized out>, mode=<optimized out>)
    at ldo.c:672
#393 0x0000000000412c41 in lua_load (L=0x69c010, reader=<optimized out>, data=<optimized out>, 
    chunkname=<optimized out>, mode=0x0) at lapi.c:980
#394 0x0000000000471795 in luaL_loadfilex (L=0x69c010, filename=0x0, mode=0x0) at lauxlib.c:654
#395 0x00000000004053b2 in pmain (L=0x69c010) at luac.c:172
#396 0x000000000041e205 in luaD_precall (L=L@entry=0x69c010, func=<optimized out>, 
    nresults=<optimized out>) at ldo.c:319
#397 0x0000000000422a35 in luaD_call (L=0x69c010, func=<optimized out>, nResults=<optimized out>, 
    allowyield=0) at ldo.c:401
#398 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x406b60 <f_call>, ud=0x7fffffffd8f0)
    at ldo.c:131
#399 0x0000000000423669 in luaD_pcall (L=0x69c010, func=<optimized out>, u=<optimized out>, old_top=16, 
    ef=<optimized out>) at ldo.c:603
#400 0x00000000004127fe in lua_pcallk (L=0x69c010, nargs=<optimized out>, nresults=0, 
    errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>) at lapi.c:949
#401 0x0000000000401f3c in main (argc=1, argv=0x7fffffffda48) at luac.c:200
#402 0x00007ffff7757dc5 in __libc_start_main () from /lib64/libc.so.6
#403 0x000000000040284d in _start ()
function f(n)
  local
function P(X, y)
  return { x = x, }
end
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyya = { P(10, 20), P(30, 40) } x = 1
  for i = 2,n do x = x * i
  end
  return x
end
function D(X, y)
  return { x = x, }
end
a = { P(10, 20), P(30, 40) }
t()
  local
function P(X, y)
  return { x = x, }
end
a = {P(10, 20), P(30, 40) } x = 1
  for i = 2,n do x = x * i
  end
  return x
enda[
Very rarely segfaults

Program received signal SIGSEGV, Segmentation fault.
0x00000000004528d8 in luaH_newkey (L=L@entry=0x69c010, t=t@entry=0x69d1b0, 
    key=key@entry=0x69c360) at ltable.c:423
423	      while (gnext(othern) != mp) othern = gnext(othern);  /* find previous */
(gdb) bt
#0  0x00000000004528d8 in luaH_newkey (L=L@entry=0x69c010, 
    t=t@entry=0x69d1b0, key=key@entry=0x69c360) at ltable.c:423
#1  0x000000000045453e in luaH_set (L=0x69c010, t=0x69d1b0, key=0x69c360)
    at ltable.c:514
#2  0x0000000000491973 in luaX_newstring (ls=0x7fffffffb380, 
    str=<optimized out>, l=<optimized out>) at llex.c:129
#3  0x000000000043a8cc in anchor_token (ls=0x7fffffffb380) at lparser.c:65
#4  close_func (ls=0x7fffffffb380) at lparser.c:576
#5  0x00000000004436b9 in body (ls=0x7fffffffb380, e=0x7fffffffb260, 
    ismethod=<optimized out>, line=11) at lparser.c:806
#6  0x000000000043cdd4 in funcstat (line=11, ls=0x7fffffffb380)
    at lparser.c:1474
#7  statement (ls=ls@entry=0x7fffffffb380) at lparser.c:1560
#8  0x0000000000447ed0 in statlist (ls=0x7fffffffb380) at lparser.c:611
#9  mainfunc (fs=0x7fffffffb330, ls=0x7fffffffb380) at lparser.c:1612
#10 luaY_parser (L=<optimized out>, z=0x7fffffffb620, buff=<optimized out>, 
    dyd=<optimized out>, name=<optimized out>, firstchar=102)
    at lparser.c:1632
#11 0x000000000041a46a in f_parser (L=0x69c010, ud=0x7fffffffb580)
    at ldo.c:651
#12 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, 
    f=0x41a260 <f_parser>, ud=0x7fffffffb580) at ldo.c:131
#13 0x0000000000423b13 in luaD_pcall (ef=0, old_top=80, u=0x7fffffffb580, 
    func=0x41a260 <f_parser>, L=0x69c010) at ldo.c:603
#14 luaD_protectedparser (L=0x69c010, z=<optimized out>, 
    name=<optimized out>, mode=<optimized out>) at ldo.c:672
#15 0x0000000000412c41 in lua_load (L=0x69c010, reader=<optimized out>, 
    data=<optimized out>, chunkname=<optimized out>, mode=0x0) at lapi.c:980
#16 0x0000000000471905 in luaL_loadfilex (L=0x69c010, filename=0x0, mode=0x0)
    at lauxlib.c:654
#17 0x00000000004053b2 in pmain (L=0x69c010) at luac.c:172
#18 0x000000000041e205 in luaD_precall (L=L@entry=0x69c010, 
    func=<optimized out>, nresults=<optimized out>) at ldo.c:319
#19 0x0000000000422a35 in luaD_call (L=0x69c010, func=<optimized out>, 
    nResults=<optimized out>, allowyield=0) at ldo.c:401
#20 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, 
    f=0x406b60 <f_call>, ud=0x7fffffffd8f0) at ldo.c:131
#21 0x0000000000423669 in luaD_pcall (L=0x69c010, func=<optimized out>, 
    u=<optimized out>, old_top=16, ef=<optimized out>) at ldo.c:603
#22 0x00000000004127fe in lua_pcallk (L=0x69c010, nargs=<optimized out>, 
    nresults=0, errfunc=<optimized out>, ctx=<optimized out>, 
    k=<optimized out>) at lapi.c:949
#23 0x0000000000401f3c in main (argc=1, argv=0x7fffffffda48) at luac.c:200
#24 0x00007ffff7757dc5 in __libc_start_main () from /lib64/libc.so.6
#25 0x000000000040284d in _start ()
function f(n)
  loca, x = 1
  for i = 2,n do x = x * i
  end
  return x
end
functZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZca, x = 1
  for i = 2,n do x = ion P(x, 9)function f(n)
  loca, x = 1
  for i = 2,n do x = x * i
  end
  return x
end
function P(x, y)
  return { x = x, y = y }
end
a = { P(10, 20), P(30, 40) }
t(a[1].y)

  Peturn { x = x, y = y }
end
a = { P(10, 20), P(30, 40) }
t(a[1].y)
luac: malloc.c:2839: mremap_chunk: Assertion `((size + offset) & (_rtld_global_ro._dl_pagesize - 1)) == 0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff776b5e7 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff776b5e7 in raise () from /lib64/libc.so.6
#1  0x00007ffff776c9c8 in abort () from /lib64/libc.so.6
#2  0x00007ffff77af10d in __malloc_assert () from /lib64/libc.so.6
#3  0x00007ffff77af3cb in mremap_chunk () from /lib64/libc.so.6
#4  0x00007ffff77b386b in realloc () from /lib64/libc.so.6
#5  0x00000000004354c5 in luaM_realloc_ (L=0x69c010, block=0x69d8f0, osize=64, nsize=32) at lmem.c:84
#6  0x000000000043a7a7 in close_func (ls=0x7fffffffb390) at lparser.c:571
#7  0x00000000004436b9 in body (ls=0x7fffffffb390, e=0x7fffffffb170, ismethod=<optimized out>, line=8)
    at lparser.c:806
#8  0x000000000043cdd4 in funcstat (line=8, ls=0x7fffffffb390) at lparser.c:1474
#9  statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1560
#10 0x000000000043fc58 in statlist (ls=0x7fffffffb390) at lparser.c:611
#11 block (ls=0x7fffffffb390) at lparser.c:1087
#12 forbody (nvars=1, isnum=1, line=8, base=0, ls=0x7fffffffb390) at lparser.c:1294
#13 fornum (line=8, varname=<optimized out>, ls=0x7fffffffb390) at lparser.c:1327
#14 forstat (line=8, ls=0x7fffffffb390) at lparser.c:1365
#15 statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1552
#16 0x0000000000447ed0 in statlist (ls=0x7fffffffb390) at lparser.c:611
#17 mainfunc (fs=0x7fffffffb340, ls=0x7fffffffb390) at lparser.c:1612
#18 luaY_parser (L=<optimized out>, z=0x7fffffffb630, buff=<optimized out>, dyd=<optimized out>, 
    name=<optimized out>, firstchar=102) at lparser.c:1632
#19 0x000000000041a46a in f_parser (L=0x69c010, ud=0x7fffffffb590) at ldo.c:651
#20 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x41a260 <f_parser>, ud=0x7fffffffb590) at ldo.c:131
#21 0x0000000000423b13 in luaD_pcall (ef=0, old_top=80, u=0x7fffffffb590, func=0x41a260 <f_parser>, L=0x69c010)
    at ldo.c:603
#22 luaD_protectedparser (L=0x69c010, z=<optimized out>, name=<optimized out>, mode=<optimized out>) at ldo.c:672
#23 0x0000000000412c41 in lua_load (L=0x69c010, reader=<optimized out>, data=<optimized out>, 
    chunkname=<optimized out>, mode=0x0) at lapi.c:980
#24 0x0000000000471905 in luaL_loadfilex (L=0x69c010, filename=0x0, mode=0x0) at lauxlib.c:654
#25 0x00000000004053b2 in pmain (L=0x69c010) at luac.c:172
#26 0x000000000041e205 in luaD_precall (L=L@entry=0x69c010, func=<optimized out>, nresults=<optimized out>)
    at ldo.c:319
#27 0x0000000000422a35 in luaD_call (L=0x69c010, func=<optimized out>, nResults=<optimized out>, allowyield=0)
    at ldo.c:401
#28 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x406b60 <f_call>, ud=0x7fffffffd900) at ldo.c:131
#29 0x0000000000423669 in luaD_pcall (L=0x69c010, func=<optimized out>, u=<optimized out>, old_top=16, 
    ef=<optimized out>) at ldo.c:603
#30 0x00000000004127fe in lua_pcallk (L=0x69c010, nargs=<optimized out>, nresults=0, errfunc=<optimized out>, 
    ctx=<optimized out>, k=<optimized out>) at lapi.c:949
#31 0x0000000000401f3c in main (argc=1, argv=0x7fffffffda50) at luac.c:200
#32 0x00007ffff7757dc5 in __libc_start_main () from /lib64/libc.so.6
#33 0x000000000040284d in _start ()
function f(n)
  loca, x = 1
  for i = 2,n do x = x * i
  end
  return x
end
functZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZca, x = 1
  for i = 2,n do x = ion P(x, y)function f( )
  loca, x = 1
  for i = 2,n do x = x * i
  end
  return x
end
function P(x, y)
  return { x = x, y = y }
end
a = { P(10, 20), P(30, 40) }
t(a[1].y)

  Peturn { x = x, y = y }
end
a = { P(10, 20), P(30, 40) }
t(a[1].y)
Program received signal SIGSEGV, Segmentation fault.
luaS_eqstr (a=0x5a5a5a5a5a5a5a5a, b=0x69d470) at lstring.c:46
46	  return (a->tsv.tt == b->tsv.tt) &&
(gdb) bt
#0  luaS_eqstr (a=0x5a5a5a5a5a5a5a5a, b=0x69d470) at lstring.c:46
#1  0x000000000043acf4 in searchupvalue (fs=<optimized out>, fs=<optimized out>, name=0x69d470) at lparser.c:225
#2  singlevaraux (fs=fs@entry=0x7fffffffb070, n=n@entry=0x69d470, var=var@entry=0x7fffffffaef8, base=1)
    at lparser.c:283
#3  0x000000000043bdfe in singlevaraux (base=1, var=0x7fffffffaef8, n=0x69d470, fs=0x7fffffffb070) at lparser.c:248
#4  singlevar (ls=ls@entry=0x7fffffffb390, var=var@entry=0x7fffffffaef8) at lparser.c:300
#5  0x00000000004466a5 in primaryexp (v=0x7fffffffaef8, ls=0x7fffffffb390) at lparser.c:889
#6  suffixedexp (ls=ls@entry=0x7fffffffb390, v=v@entry=0x7fffffffaef8) at lparser.c:904
#7  0x000000000044724b in assignment (ls=ls@entry=0x7fffffffb390, lh=lh@entry=0x7fffffffafc0, nvars=nvars@entry=1)
    at lparser.c:1142
#8  0x000000000043fdeb in exprstat (ls=0x7fffffffb390) at lparser.c:1487
#9  statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1587
#10 0x0000000000443430 in statlist (ls=0x7fffffffb390) at lparser.c:611
#11 body (ls=0x7fffffffb390, e=0x7fffffffb170, ismethod=<optimized out>, line=8) at lparser.c:802
#12 0x000000000043cdd4 in funcstat (line=8, ls=0x7fffffffb390) at lparser.c:1474
#13 statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1560
#14 0x000000000043fc58 in statlist (ls=0x7fffffffb390) at lparser.c:611
#15 block (ls=0x7fffffffb390) at lparser.c:1087
#16 forbody (nvars=1, isnum=1, line=8, base=0, ls=0x7fffffffb390) at lparser.c:1294
#17 fornum (line=8, varname=<optimized out>, ls=0x7fffffffb390) at lparser.c:1327
#18 forstat (line=8, ls=0x7fffffffb390) at lparser.c:1365
#19 statement (ls=ls@entry=0x7fffffffb390) at lparser.c:1552
#20 0x0000000000447ed0 in statlist (ls=0x7fffffffb390) at lparser.c:611
#21 mainfunc (fs=0x7fffffffb340, ls=0x7fffffffb390) at lparser.c:1612
#22 luaY_parser (L=<optimized out>, z=0x7fffffffb630, buff=<optimized out>, dyd=<optimized out>, 
    name=<optimized out>, firstchar=102) at lparser.c:1632
#23 0x000000000041a46a in f_parser (L=0x69c010, ud=0x7fffffffb590) at ldo.c:651
#24 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x41a260 <f_parser>, ud=0x7fffffffb590) at ldo.c:131
#25 0x0000000000423b13 in luaD_pcall (ef=0, old_top=80, u=0x7fffffffb590, func=0x41a260 <f_parser>, L=0x69c010)
    at ldo.c:603
#26 luaD_protectedparser (L=0x69c010, z=<optimized out>, name=<optimized out>, mode=<optimized out>) at ldo.c:672
#27 0x0000000000412c41 in lua_load (L=0x69c010, reader=<optimized out>, data=<optimized out>, 
    chunkname=<optimized out>, mode=0x0) at lapi.c:980
#28 0x0000000000471905 in luaL_loadfilex (L=0x69c010, filename=0x0, mode=0x0) at lauxlib.c:654
#29 0x00000000004053b2 in pmain (L=0x69c010) at luac.c:172
#30 0x000000000041e205 in luaD_precall (L=L@entry=0x69c010, func=<optimized out>, nresults=<optimized out>)
    at ldo.c:319
#31 0x0000000000422a35 in luaD_call (L=0x69c010, func=<optimized out>, nResults=<optimized out>, allowyield=0)
    at ldo.c:401
#32 0x000000000041a9b1 in luaD_rawrunprotected (L=0x69c010, f=0x406b60 <f_call>, ud=0x7fffffffd900) at ldo.c:131
#33 0x0000000000423669 in luaD_pcall (L=0x69c010, func=<optimized out>, u=<optimized out>, old_top=16, 
    ef=<optimized out>) at ldo.c:603
#34 0x00000000004127fe in lua_pcallk (L=0x69c010, nargs=<optimized out>, nresults=0, errfunc=<optimized out>, 
    ctx=<optimized out>, k=<optimized out>) at lapi.c:949
#35 0x0000000000401f3c in main (argc=1, argv=0x7fffffffda50) at luac.c:200
#36 0x00007ffff7757dc5 in __libc_start_main () from /lib64/libc.so.6
#37 0x000000000040284d in _start ()