runtime error: attempt to yield across a C-call boundary
manuelm opened this issue · 11 comments
Hi,
I'm getting the following Lua error: [ALERT] 245/231628 (31884) : Lua function 'auth-request': runtime error: attempt to yield across a C-call boundary from [C] field 'request', /.../auth-request.lua:95 C function line 56..
Does your script require HAProxy compiled with LuaJIT?
I'm running HAProxy 1.8.12 (from https://ius.io community) with Lua 5.3 and lua-socket library v3.0.0.17.rc1 (from EPEL, recompiled against Lua 5.3) on CentOS 7.
There is someone on the haproxy mailing list that reported the same error on Sunday: https://www.mail-archive.com/haproxy@formilux.org/msg31147.html You might want to monitor that thread (especially for responses by Thierry).
Does your script require HAProxy compiled with LuaJIT?
I honestly don't know, but I don't think so. I developed that script on Ubuntu 16.04 and I am successfully running it on Ubuntu 18.04. I don't think haproxy is using LuaJIT on Ubuntu, my haproxy -vv says this:
HA-Proxy version 1.8.8-1ubuntu0.1 2018/05/29
Copyright 2000-2018 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-VmwZ9X/haproxy-1.8.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
Running on OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
Any help debugging this issue would be appreciated, I'm not a Lua expert by any means.
My HAProxy says:
HA-Proxy version 1.8.12-8a200c7 2018/06/27
Copyright 2000-2018 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label
OPTIONS = USE_LINUX_TPROXY=1 USE_CRYPT_H=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
I can't spot a difference apart from some different library versions.
I even tried downgrading HAProxy to 1.8.4. However only the error message is less detailed.
I'm not a Lua expert by any means.
Although I did some bindings for Lua this issue is also new to me. I also spend some hours yesterday trying out some search results. Obviously without much success.
Can you try this inside the haproxy and haproxy:alpine Docker images and see if it works there?
Small status update:
haproxy:alpineworks- Using the same
lua-socketversion (+ same patches) from Alpine on CentOS works too.
So it's lua-socket related
So it looks like the lua-socket in EPEL (and current Fedora) is actually quite old. At least 2015 or even older. The release number is very misleading. Installing a newer version (I used current master) fixes the issue.
Thank you for your help.
I just bisected LuaSocket and documented the commit that is required for this script to work: aecf60f...21f499d
Thanks.
You might want to list Fedora as not-working as well.
You might want to list Fedora as not-working as well.
I am a Debian guy. Does EPEL not apply to Fedora? Do you have a suggestion for a wording that is understood by Fedora users (or maybe even create a PR 😄)?
I hope I do get this right :-)
Fedora is a distribution like Debian. EPEL is an extra repository for Red Hat enterprise linux and its compatible clones. EPEL packages are fed from and maintained by Fedora. Basically list both in one line as they are both from the same source.
I found this: https://pkgs.org/download/lua-socket
“lua-socket from Fedora 28 does not work” would be correct then, right?
Yep. All Fedora versions up to rawhide do not work. So does EPEL.