[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Heap overflow in luaH_get
- From: Dibyendu Majumdar <mobile@...>
- Date: Thu, 9 Jul 2020 14:01:20 +0100
On Thu, 9 Jul 2020 at 05:58, Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
>
> >>>>> "Yongheng" == Yongheng Chen <changochen1@gmail.com> writes:
>
> Yongheng> READ of size 8 at 0x6060000020d8 thread T0
> Yongheng> #0 0x431a76 in luaH_get (/home/yongheng/lua_asan/lua+0x431a76)
>
> OK. I think I see some of what's going on with this one.
>
> The generational GC code seems to be assuming that a G_OLD1 object must
> be somewhere between g->survival and g->reallyold, or between g->finobj
> and g->finobjrold.
>
> But what happens in this case is that some table with an age of OLD1 has
> a metatable with a __gc metamethod, and when GCTM is being called for
> it, it gets moved back to the allgc list _at the front_, while remaining
> G_OLD1 (this is in udata2finalize).
>
> But since the table is not between g->survival and g->reallyold, and
> nevertheless is only OLD1 (and its metatable is at this point only
> SURVIVAL and white), it's not being processed by markold. Also, at some
> point in correctgraylist, the table was changed from grey to black while
> its metatable remained white. This results in the metatable being freed
> before the object that references it, hence the later crash.
I don't know if below is relevant at all but I thought it worth
mentioning it anyway.
While testing in Ravi I saw the ASAN error in a version of Ravi code
where I had missed protecting base after a call to LuaF_close() - in
OP_RETURN in my case.
But I can't generate the error in the latest Ravi version which has a
fix for this.
Now Lua 5.4 has a different way of doing things so this might not be
what is happening but the stack trace of the ASAN error looks the
same.
Anyway, I attach below the full trace:
=================================================================
==1768==ERROR: AddressSanitizer: heap-use-after-free on address
0x6080000119b8 at pc 0x7f6c6671228c bp 0x7fff36cad3a0 sp
0x7fff36cad390
READ of size 1 at 0x6080000119b8 thread T0
#0 0x7f6c6671228b in lua_getmetatable /home/d/github/ravi/src/lapi.c:945
#1 0x7f6c666e39dc in luaL_getmetafield /home/d/github/ravi/src/lauxlib.c:773
#2 0x7f6c666e5e18 in pairsmeta /home/d/github/ravi/src/lbaselib.c:248
#3 0x7f6c666e5f3a in luaB_pairs /home/d/github/ravi/src/lbaselib.c:275
#4 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#5 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#6 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#7 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#8 0x7f6c66752afc in dothecall /home/d/github/ravi/src/lgc.c:951
#9 0x7f6c6673b274 in luaD_rawrunprotected /home/d/github/ravi/src/ldo.c:148
#10 0x7f6c6674321c in luaD_pcall /home/d/github/ravi/src/ldo.c:830
#11 0x7f6c667536ad in GCTM /home/d/github/ravi/src/lgc.c:971
#12 0x7f6c667539ab in callallpendingfinalizers
/home/d/github/ravi/src/lgc.c:1001
#13 0x7f6c66755153 in finishgencycle /home/d/github/ravi/src/lgc.c:1248
#14 0x7f6c66755626 in youngcollection /home/d/github/ravi/src/lgc.c:1284
#15 0x7f6c6675631d in genstep /home/d/github/ravi/src/lgc.c:1452
#16 0x7f6c66757e5a in luaC_step /home/d/github/ravi/src/lgc.c:1690
#17 0x7f6c667209b8 in lua_concat /home/d/github/ravi/src/lapi.c:1520
#18 0x7f6c666e11f1 in luaL_error /home/d/github/ravi/src/lauxlib.c:229
#19 0x7f6c666fec6c in findloader /home/d/github/ravi/src/loadlib.c:581
#20 0x7f6c666fee43 in ll_require /home/d/github/ravi/src/loadlib.c:606
#21 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#22 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#23 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#24 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#25 0x7f6c6671cdeb in f_call /home/d/github/ravi/src/lapi.c:1284
#26 0x7f6c6673b274 in luaD_rawrunprotected /home/d/github/ravi/src/ldo.c:148
#27 0x7f6c6674321c in luaD_pcall /home/d/github/ravi/src/ldo.c:830
#28 0x7f6c6671d463 in lua_pcallk /home/d/github/ravi/src/lapi.c:1310
#29 0x7f6c666e6805 in luaB_pcall /home/d/github/ravi/src/lbaselib.c:460
#30 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#31 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#32 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#33 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#34 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#35 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#36 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#37 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#38 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#39 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#40 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#41 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#42 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#43 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#44 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#45 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#46 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#47 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#48 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#49 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#50 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#51 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#52 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#53 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#54 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#55 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#56 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#57 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#58 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#59 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#60 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#61 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#62 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#63 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#64 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#65 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#66 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#67 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#68 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#69 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#70 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#71 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#72 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#73 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#74 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#75 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#76 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#77 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#78 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#79 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#80 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#81 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#82 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#83 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#84 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#85 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#86 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#87 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#88 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#89 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#90 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#91 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#92 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#93 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#94 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#95 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#96 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#97 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#98 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#99 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#100 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#101 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#102 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#103 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#104 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#105 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#106 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#107 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#108 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#109 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#110 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#111 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#112 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#113 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#114 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#115 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#116 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#117 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#118 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#119 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#120 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#121 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#122 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#123 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#124 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#125 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#126 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#127 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#128 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#129 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#130 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#131 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#132 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#133 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#134 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#135 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#136 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#137 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#138 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#139 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#140 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#141 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#142 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#143 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#144 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#145 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#146 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#147 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#148 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#149 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#150 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#151 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#152 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#153 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#154 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#155 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#156 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#157 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#158 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#159 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#160 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#161 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#162 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#163 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#164 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#165 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#166 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#167 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#168 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#169 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#170 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#171 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#172 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#173 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#174 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#175 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#176 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#177 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#178 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#179 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#180 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#181 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#182 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#183 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#184 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#185 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#186 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#187 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#188 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#189 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#190 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#191 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#192 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#193 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#194 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#195 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#196 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#197 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#198 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#199 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#200 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#201 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#202 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#203 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#204 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#205 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#206 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#207 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#208 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#209 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#210 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#211 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#212 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#213 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#214 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#215 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#216 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#217 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#218 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#219 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#220 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#221 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#222 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#223 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#224 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#225 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#226 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#227 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#228 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#229 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#230 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#231 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#232 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#233 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#234 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#235 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#236 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#237 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#238 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#239 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#240 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#241 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#242 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#243 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#244 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#245 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#246 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#247 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#248 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#249 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#250 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
0x6080000119b8 is located 24 bytes inside of 96-byte region
[0x6080000119a0,0x608000011a00)
freed by thread T0 here:
#0 0x7f6c669a27cf in __interceptor_free
(/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x7f6c667ea2cd in freeblock /home/d/github/ravi/src/ltests.c:121
#2 0x7f6c667ea4df in debug_realloc /home/d/github/ravi/src/ltests.c:146
#3 0x7f6c6675fb16 in luaM_realloc_ /home/d/github/ravi/src/lmem.c:86
#4 0x7f6c6678972a in luaH_free /home/d/github/ravi/src/ltable.c:535
#5 0x7f6c66751ff2 in freeobj /home/d/github/ravi/src/lgc.c:841
#6 0x7f6c667545a0 in sweepgen /home/d/github/ravi/src/lgc.c:1135
#7 0x7f6c6675535f in youngcollection /home/d/github/ravi/src/lgc.c:1269
#8 0x7f6c6675631d in genstep /home/d/github/ravi/src/lgc.c:1452
#9 0x7f6c66757e5a in luaC_step /home/d/github/ravi/src/lgc.c:1690
#10 0x7f6c667209b8 in lua_concat /home/d/github/ravi/src/lapi.c:1520
#11 0x7f6c666e11f1 in luaL_error /home/d/github/ravi/src/lauxlib.c:229
#12 0x7f6c666fec6c in findloader /home/d/github/ravi/src/loadlib.c:581
#13 0x7f6c666fee43 in ll_require /home/d/github/ravi/src/loadlib.c:606
#14 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#15 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#16 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#17 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#18 0x7f6c6671cdeb in f_call /home/d/github/ravi/src/lapi.c:1284
#19 0x7f6c6673b274 in luaD_rawrunprotected /home/d/github/ravi/src/ldo.c:148
#20 0x7f6c6674321c in luaD_pcall /home/d/github/ravi/src/ldo.c:830
#21 0x7f6c6671d463 in lua_pcallk /home/d/github/ravi/src/lapi.c:1310
#22 0x7f6c666e6805 in luaB_pcall /home/d/github/ravi/src/lbaselib.c:460
#23 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#24 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#25 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#26 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#27 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#28 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#29 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
previously allocated by thread T0 here:
#0 0x7f6c669a2bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x7f6c667ea63c in debug_realloc /home/d/github/ravi/src/ltests.c:162
#2 0x7f6c6675fb16 in luaM_realloc_ /home/d/github/ravi/src/lmem.c:86
#3 0x7f6c667499f5 in luaC_newobj /home/d/github/ravi/src/lgc.c:335
#4 0x7f6c66788fcc in luaH_new /home/d/github/ravi/src/ltable.c:496
#5 0x7f6c667b173a in luaV_execute /home/d/github/ravi/src/lvm.c:1407
#6 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#7 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#8 0x7f6c6671cdeb in f_call /home/d/github/ravi/src/lapi.c:1284
#9 0x7f6c6673b274 in luaD_rawrunprotected /home/d/github/ravi/src/ldo.c:148
#10 0x7f6c6674321c in luaD_pcall /home/d/github/ravi/src/ldo.c:830
#11 0x7f6c6671d463 in lua_pcallk /home/d/github/ravi/src/lapi.c:1310
#12 0x7f6c666e6805 in luaB_pcall /home/d/github/ravi/src/lbaselib.c:460
#13 0x7f6c6673f0ba in luaD_precall /home/d/github/ravi/src/ldo.c:444
#14 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#15 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#16 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#17 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#18 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#19 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#20 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#21 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
#22 0x7f6c667bde0e in luaV_execute /home/d/github/ravi/src/lvm.c:1697
#23 0x7f6c6674098a in luaD_call /home/d/github/ravi/src/ldo.c:595
#24 0x7f6c66740a64 in luaD_callnoyield /home/d/github/ravi/src/ldo.c:606
#25 0x7f6c6673918f in luaG_errormsg /home/d/github/ravi/src/ldebug.c:686
#26 0x7f6c66739605 in luaG_runerror /home/d/github/ravi/src/ldebug.c:702
#27 0x7f6c667384d5 in luaG_typeerror /home/d/github/ravi/src/ldebug.c:628
#28 0x7f6c6673d04a in tryfuncTM /home/d/github/ravi/src/ldo.c:326
#29 0x7f6c66740787 in luaD_precall /home/d/github/ravi/src/ldo.c:562
